---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: "{{ .Release.Name }}-hr"
spec:
  chart:
    spec:
      sourceRef:
        kind: GitRepository
        name: "wrenix-helm-charts"
        namespace: "flux-system"
      chart: "./gotosocial"
      reconcileStrategy: "Revision"
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
  driftDetection:
    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    {{- $host := .Values.ingress.host | default (printf "social.%s" .Values.commons.ingress.domain) }}
    gotosocial:
      applicationName: {{ .Values.commons.theme.title | quote }}
      host: "{{ $host }}"
      accountDomain: "{{ .Values.commons.ingress.domain }}"
      database:
        type: postgres
        address: {{ .Values.database.host | quote }}
        username: {{ .Values.database.username | quote }}
        password: {{ .Values.database.password | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "database_password" | b64enc) | quote }}
        database: {{ .Values.database.name | quote }}
      accounts:
        registrationOpen: false
        approvalRequired: false
      oidc:
        enabled: true
        idpName: {{ .Values.commons.theme.title | quote }}
        issuer: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}/application/o/mycloud-gotosocial/"
        clientID: {{ .Values.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientID") | quote }}
        clientSecret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientSecret") | quote }}
        adminGroups:
          - "authentik Admins"
      smtp:
        host: {{ .Values.mail.host | default .Values.commons.mail.host | quote }}
        port: 587
        username: {{ .Values.commons.mail.username | quote }}
        password: {{ .Values.commons.mail.password | quote }}
        from: {{ .Values.mail.from | default (printf "[%s] %s <%s>" .Values.commons.theme.title "gotosocial" .Values.commons.mail.from) | quote }}

      metrics:
        enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
        auth:
          enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
          username: {{ derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "metrics.username" | quote }}
          password: {{ derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "metrics.password" | quote }}
      {{- if .Values.commons.tracing.enabled }}
      tracing:
        enabled: true
        {{- if .Values.commons.tracing.grpc.enabled }}
        transport: "grpc"
        endpoint: {{ .Values.commons.tracing.grpc.endpoint }}
        insecureTransport: {{ .Values.commons.tracing.grpc.insecure }}
        {{- else }}
        transport: "http"
        {{ $endpoint := mustRegexSplit "://" .Values.commons.tracing.http.endpoint 2 }}
        endpoint: {{ $endpoint | last }}
        insecureTransport: {{ $endpoint | first | ne "https" }}
        {{- end }}
      
      {{- end }}

    prometheus:
      servicemonitor:
        enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
        labels:
          {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }}

    ingress:
      enabled: true
      annotations:
        {{- with .Values.commons.ingress.annotations }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
        {{- with .Values.ingress.annotations }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
      hosts:
        - host: "{{ .Values.commons.ingress.domain }}"
          paths:
            - path: /.well-known/webfinger
              pathType: Prefix
            - path: /.well-known/host-meta
              pathType: Prefix
            - path: /.well-known/nodeinfo
              pathType: Prefix
        - host: "{{ $host }}"
          paths:
            - path: /
              pathType: Prefix
      {{- if .Values.commons.ingress.tls.enabled }}
      tls:
        {{- with .Values.commons.ingress.tls.override }}
        {{- toYaml . | nindent 8 }}
        {{- else }}
        - secretName: "mycloud-gotosocial-cert"
          hosts:
            - "{{ .Values.commons.ingress.domain }}"
            - "{{ $host }}"
        {{- end }}
      {{- end }}

    persistence:
      enabled: true
      size: {{ .Values.persistence.size }}
      {{- with .Values.persistence.storageClass | default .Values.commons.persistence.storageClass }}
      storageClass: {{ . }}
      {{- end }}
      {{- if .Values.commons.persistence.hostPath.enabled }}
      hostPath: "{{ .Values.commons.persistence.hostPath.prefix }}/gotosocial"
      {{- end }}