---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: "{{ .Release.Name }}-hr"
spec:
  chart:
    spec:
      sourceRef:
        kind: HelmRepository
        name: "{{ .Release.Name }}-repo"
      chart: "firefly-iii"
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
  driftDetection:
    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  valuesFrom:
    - name: {{ .Release.Name }}
      kind: Secret
      valuesKey: "APP_KEY"
      targetPath: "secrets.appKey"
  values:
    podAnnotations:
      config-hash: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
    config:
      existingSecret: {{ .Release.Name }}
      env:
        DB_CONNECTION: pgsql
        DB_HOST: {{ .Values.database.host | quote }}
        DB_PORT: "5432"
        DB_USERNAME: {{ .Values.database.username | quote }}
        DB_DATABASE: {{ .Values.database.name | quote }}

        AUTHENTICATION_GUARD: "remote_user_guard"
        AUTHENTICATION_GUARD_HEADER: HTTP_X_AUTHENTIK_UID
        AUTHENTICATION_GUARD_EMAIL: HTTP_X_AUTHENTIK_EMAIL

        MAIL_MAILER: smtp
        MAIL_HOST: {{ .Values.mail.host | default .Values.commons.mail.host | quote }}
        MAIL_PORT: "587"
        MAIL_FROM: {{ .Values.mail.from | default (printf "[%s] %s <%s>" .Values.commons.theme.title "firefly-iii" .Values.commons.mail.from) | quote }}
        MAIL_USERNAME: {{ .Values.commons.mail.username | quote }}
        MAIL_ENCRYPTION: tls

    cronjob:
      enabled: true
      auth:
        existingSecret: {{ .Release.Name }}
        secretKey: "STATIC_CRON_TOKEN"

    {{- if .Values.commons.persistence.hostPath.enabled }}
    persistence:
      enabled: false
    extraVolumes:
      - name: upload
        hostPath:
          type: Directory
          path: "{{ .Values.commons.persistence.hostPath.prefix }}/firefly/upload"
    extraVolumeMounts:
      - name: upload
        mountPath: "/var/www/html/storage/upload"
    {{- else }}
    persistence:
      enabled: true
      {{- with .Values.persistence.storageClass | default .Values.commons.persistence.storageClass }}
      storageClassName: {{ . }}
      {{- end }}
      storage: {{ .Values.persistence.size }}
    {{- end }}

    {{- $host := .Values.ingress.host | default (printf "money.%s" .Values.commons.ingress.domain) }}
    ingress:
      enabled: true
      annotations:
        {{- $annotations := mergeOverwrite (dict) .Values.commons.ingress.annotations .Values.ingress.annotations }}
        {{- $currentMiddleware := get $annotations "traefik.ingress.kubernetes.io/router.middlewares" }}
        {{- if $currentMiddleware }}
        {{- $_ := set $annotations "traefik.ingress.kubernetes.io/router.middlewares" (printf "%s,%s-mycloud-authentik-outpost@kubernetescrd" $currentMiddleware .Release.Namespace) }}
        {{- else }}
        {{- $_ := set $annotations "traefik.ingress.kubernetes.io/router.middlewares" (printf "%s-mycloud-authentik-outpost@kubernetescrd" .Release.Namespace) }}
        {{- end }}
        {{- toYaml $annotations | nindent 8 }}
      hosts:
        - {{ $host | quote }}
      {{- if .Values.commons.ingress.tls.enabled }}
      tls:
        {{- with .Values.commons.ingress.tls.override }}
        {{- toYaml . | nindent 8 }}
        {{- else }}
        - secretName: "{{ .Release.Name }}-cert"
          hosts:
            - "{{ $host }}"
        {{- end }}
      {{- end }}