--- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: "{{ .Release.Name }}-ngx" spec: chart: spec: sourceRef: kind: GitRepository name: "wrenix-helm-charts" namespace: "flux-system" chart: "./paperless-ngx" reconcileStrategy: "Revision" install: {{- toYaml .Values.commons.helm.release.install | nindent 4 }} test: {{- toYaml .Values.commons.helm.release.test | nindent 4 }} upgrade: {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} driftDetection: {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }} interval: 10m valuesFrom: - name: {{ .Release.Name }} kind: Secret valuesKey: "DB_PASS" targetPath: "config.database.pass" - name: {{ .Release.Name }} kind: Secret valuesKey: "ADMIN_PASS" targetPath: "env.PAPERLESS_ADMIN_PASSWORD" - name: {{ .Release.Name }} kind: Secret valuesKey: "EMAIL_PASS" targetPath: "env.PAPERLESS_EMAIL_HOST_PASSWORD" optional: true - name: {{ .Release.Name }} kind: Secret valuesKey: "oidc" values: {{- $host := .Values.ingress.host | default (printf "paperless.%s" .Values.commons.ingress.domain) }} config: redis: prefix: {{ .Release.Name }} database: engine: postgres host: {{ .Values.database.host | quote }} name: {{ .Values.database.name | quote }} user: {{ .Values.database.username | quote }} apps: allauth.socialaccount.providers.openid_connect oidcProviders: openid_connect: OAUTH_PKCE_ENABLED: true env: PAPERLESS_APP_TITLE: {{ .Values.commons.theme.title }} PAPERLESS_ADMIN_USER: admin PAPERLESS_EMAIL_HOST: {{ .Values.mail.host | default .Values.commons.mail.host | quote }} PAPERLESS_EMAIL_PORT: 587 PAPERLESS_EMAIL_HOST_USER: {{ .Values.commons.mail.username | quote }} PAPERLESS_EMAIL_FROM: {{ .Values.mail.from | default (printf "\"[%s] %s\" <%s>" .Values.commons.theme.title "paperless" .Values.commons.mail.from) | quote }} PAPERLESS_EMAIL_USE_TLS: true {{- with .Values.env }} {{- toYaml . | nindent 6 }} {{- end }} podLabels: "{{ .Release.Name }}-ngx-redis-client": "true" postgresql: enabled: false redis: metrics: enabled: true serviceMonitor: enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} additionalLabels: {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 12 }} prometheusRule: # empty rules enabled: false # {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }} additionalLabels: {{- toYaml .Values.commons.prometheus.rules.labels | nindent 12 }} rules: [] networkPolicy: allowExternal: false allowExternalEgress: false metrics: allowExternal: false {{- with .Values.commons.networkpolicies.from.metrics }} {{- $nsMetrics := first . }} ingressNSMatchLabels: {{- toYaml $nsMetrics.namespaceSelector.matchLabels | nindent 12 }} ingressNSPodMatchLabels: {{- toYaml $nsMetrics.podSelector.matchLabels | nindent 12 }} {{- end }} networkPolicy: enabled: true ingress: http: {{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 12 }} metrics: {{- toYaml .Values.commons.networkpolicies.from.metrics | nindent 12 }} egress: enabled: true dns: {{- toYaml .Values.commons.networkpolicies.to.dns | nindent 10 }} database: - ports: - port: 6379 protocol: TCP to: - podSelector: matchLabels: app.kubernetes.io/instance: "{{ .Release.Name }}-ngx" app.kubernetes.io/name: redis app.kubernetes.io/component: master {{- with .Values.commons.networkpolicies.to.database }} {{- toYaml . | nindent 10 }} {{- end }} extra: - ports: - port: 443 protocol: TCP to: {{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 14 }} {{- with .Values.commons.networkpolicies.to.smtp }} {{- toYaml . | nindent 10 }} {{- end }} ingress: enabled: true annotations: {{- with .Values.commons.ingress.annotations }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 8 }} {{- end }} hosts: - host: "{{ $host }}" paths: - path: / pathType: Prefix {{- if .Values.commons.ingress.tls.enabled }} tls: {{- with .Values.commons.ingress.tls.override }} {{- toYaml . | nindent 8 }} {{- else }} - secretName: "mycloud-paperless-cert" hosts: - "{{ $host }}" {{- end }} {{- end }} persistence: enabled: true size: {{ .Values.persistence.size }} {{- with .Values.persistence.storageClass | default .Values.commons.persistence.storageClass }} storageClass: {{ . }} {{- end }} {{- if .Values.commons.persistence.hostPath.enabled }} hostPath: "{{ .Values.commons.persistence.hostPath.prefix }}/paperless" {{- end }} prometheus: servicemonitor: enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} labels: {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }} rules: enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }} additionalLabels: {{- toYaml .Values.commons.prometheus.rules.labels | nindent 10 }} grafana: dashboards: enabled: true labels: {{- toYaml .Values.commons.grafana.dashboards.labels | nindent 10 }} annotations: {{- toYaml .Values.commons.grafana.dashboards.annotations | nindent 10 }}