{{- if .Values.ingress.elementCall.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
  name: {{.Release.Name }}-livekit 
data:
  secret: {{ .Values.ingress.elementCall.livekitJWT.livekit.secret | default .Values.livekit.secret | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix" "livekit_secret") | b64enc }}
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: "{{.Release.Name }}-element-call"
spec:
  chart:
    spec:
      sourceRef:
        kind: GitRepository
        name: "wrenix-helm-charts"
        namespace: "flux-system"
      chart: "element-call"
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
  driftDetection:
    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  valuesFrom:
    - kind: Secret
      name: {{.Release.Name }}-livekit
      valuesKey: secret
      targetPath: service.lkJWT.config.secret
  values:
    ingress:
      enabled: true
      annotations:
        {{- with mergeOverwrite (dict) .Values.commons.ingress.annotations .Values.ingress.elementCall.annotations }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
      {{- if .Values.commons.ingress.tls.enabled }}
      tls:
        {{- with .Values.commons.ingress.tls.override }}
        {{- toYaml . | nindent 8 }}
        {{- else }}
        - secretName: "mycloud-matrix-element-call-cert"
          hosts:
            - {{ .Values.ingress.elementCall.host | default (printf "call.%s" .Values.commons.ingress.domain) }}
        {{- end }}
      {{- end }}
    service:
      call:
        ingress:
          host: {{ .Values.ingress.elementCall.host | default (printf "call.%s" .Values.commons.ingress.domain) }}
        {{- if .Values.commons.networkpolicies.enabled }}
        networkPolicy:
          enabled: true
          ingress:
            http:
              {{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 14 }}
          egress:
            enabled: true
        {{- end }}
        config:
          {{- with .Values.commons.tracing }}
          {{- if .enabled }}
          opentelemetry:
            {{- if .grpc.enabled }}
            url: grpc://{{ .http.endpoint }}
            {{- else }}
            url: {{ .http.endpoint }}
            {{- end }}
          {{- end }}
          {{- end }}
          default_server_config:
            "m.homeserver":
              base_url: "https://{{ include "mycloud-matrix.host.server" . }}/"
              server_name: {{ include "mycloud-matrix.domain" . | quote }}
          livekit:
            livekit_service_url: "https://{{ .Values.ingress.elementCall.livekitJWT.host | default .Values.ingress.elementCall.host | default (printf "call.%s" .Values.commons.ingress.domain) }}"
      lkJWT:
        ingress:
          host: {{ .Values.ingress.elementCall.livekitJWT.host | default .Values.ingress.elementCall.host | default (printf "call.%s" .Values.commons.ingress.domain) }}
        {{- if .Values.commons.networkpolicies.enabled }}
        networkPolicy:
          enabled: true
          ingress:
            http:
              {{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 14 }}
          egress:
            enabled: true
            extra:
              - ports:
                  - port: 53
                    protocol: UDP
                to:
                  {{- toYaml .Values.commons.networkpolicies.to.dns | nindent 18 }}
              {{- with .Values.commons.networkpolicies.to.matrix }}
              {{- toYaml . | nindent 14 }}
              {{- end }}
        {{- end }}
        config:
          key: {{ .Values.ingress.elementCall.livekitJWT.livekit.key | default .Values.livekit.key }}
          url: "wss://{{ .Values.ingress.livekit.host | default (printf "sfu.call.%s" .Values.commons.ingress.domain) }}"
{{- end }}