---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: "{{ .Release.Name }}-hr"
spec:
  chart:
    spec:
      sourceRef:
        kind: HelmRepository
        name: "{{ .Release.Name }}"
      chart: "coder"
      reconcileStrategy: "Revision"
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
  driftDetection:
    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    {{- $host := .Values.ingress.host | default (printf "coder.%s" .Values.commons.ingress.domain) }}
    {{- $wildcardHost := .Values.ingress.wildcardhost | default (printf "*-ide.%s" .Values.commons.ingress.domain) }}
    coder:
      env:
        - name: CODER_ACCESS_URL
          value: "https://{{ $host }}"
        - name: CODER_WILDCARDACCESS_URL
          value: "{{ $wildcardHost }}"
      envFrom:
        - secretRef:
            name: 
      applicationName: {{ .Values.commons.theme.title | quote }}
      database:
        type: postgres
        address: {{ .Values.database.host | quote }}
        username: {{ .Values.database.username | quote }}
        password: {{ .Values.database.password | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "database_password" | b64enc) | quote }}
        database: {{ .Values.database.name | quote }}
      oidc:
        enabled: true
        idpName: {{ .Values.commons.theme.title | quote }}
        issuer: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}/application/o/mycloud-gotosocial/"
        clientID: {{ .Values.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientID") | quote }}
        clientSecret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientSecret") | quote }}
        adminGroups:
          - "authentik Admins"

    service:
      type: ClusterIP

    ingress:
      enabled: true
      annotations:
        {{- with .Values.commons.ingress.annotations }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
        {{- with .Values.ingress.annotations }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
      host: {{ $host | quote }}
      wildcardHost: {{ $wildcardHost | quote }}
      {{- if .Values.commons.ingress.tls.enabled }}
      tls:
        enabled: true
        secretName: "mycloud-coder-cert"
        wildcardSecretName: "mycloud-coder-cert"
      {{- end }}