helm-charts/paperless-ngx/templates/secrets.yaml

---
{{- $fullname := include "paperless-ngx.fullname" . }}
{{- $secret := (lookup "v1" "Secret" .Release.Namespace $fullname) }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ $fullname }}
  labels:
    {{- include "paperless-ngx.labels" . | nindent 4 }}
  annotations:
    "checksum/config": {{ toYaml .Values.config | sha256sum }}
    "checksum/env": {{ toYaml .Values.env | sha256sum }}

data:
  {{- with .Values.config.url }}
  PAPERLESS_URL: {{ toYaml . | b64enc }}
  {{- else }}
  {{- $ingressTLS := ne ( len .Values.ingress.tls ) 0 }}
  PAPERLESS_URL: {{ printf "%s://%s" (ternary "https" "http" $ingressTLS) (first .Values.ingress.hosts).host | b64enc }}
  {{- end }}
  {{- with .Values.config.redis }}
  {{- with .url }}
  PAPERLESS_REDIS: {{ toYaml . | b64enc }}
  {{- else }}
  {{- if $.Values.redis.auth.enabled }}
  {{- if $.Values.redis.auth.existingSecret }}
  PAPERLESS_REDIS: {{ printf "redis://:$(REDIS_PASSWORD)@%s-redis-master" (include "paperless-ngx.fullname" $)| b64enc }}
  {{- else }}
  PAPERLESS_REDIS: {{ printf "redis://:%s@%s-redis-master" $.Values.redis.auth.password (include "paperless-ngx.fullname" $)| b64enc }}
  {{- end }}
  {{- else }}
  PAPERLESS_REDIS: {{ printf "redis://%s-redis-master" (include "paperless-ngx.fullname" $)| b64enc }}
  {{- end }}
  {{- end }}
  {{- with .prefix }}
  PAPERLESS_REDIS_PREFIX: {{ toYaml . | b64enc }}
  {{- end }}
  {{- end }}

  {{- with .Values.config.database }}
  {{- with .engine }}
  PAPERLESS_DBENGINE: {{ toYaml . | b64enc }}
  {{- end }}
  {{- with .host }}
  PAPERLESS_DBHOST: {{ toYaml . | b64enc }}
  {{- else }}
  PAPERLESS_DBHOST: {{ printf "%s-postgresql" (include "paperless-ngx.fullname" $) | b64enc }}
  {{- end }}
  {{- with .port }}
  PAPERLESS_DBPORT: {{ toYaml . | b64enc }}
  {{- end }}
  {{- with .name }}
  PAPERLESS_DBNAME: {{ toYaml . | b64enc }}
  {{- end }}
  {{- with .user }}
  PAPERLESS_DBUSER: {{ toYaml . | b64enc }}
  {{- end }}
  {{- with .pass }}
  PAPERLESS_DBPASS: {{ toYaml . | b64enc }}
  {{- end }}
  {{- with .sslmode }}
  PAPERLESS_DBSSLMODE: {{ toYaml . | b64enc }}
  {{- end }}
  {{- end }}{{/* end-with .config.database */}}

  {{- with .Values.config.apps }}
  PAPERLESS_APPS: {{ toYaml . | b64enc }}
  {{- end }}
  {{- with .Values.config.oidcProviders }}
  PAPERLESS_SOCIALACCOUNT_PROVIDERS: {{ toJson . | b64enc }}
  {{- end }}

  PAPERLESS_SECRET_KEY: {{ .Values.env.PAPERLESS_SECRET_KEY
    | default (dig "data" "PAPERLESS_SECRET_KEY" "" $secret | b64dec)
    | default (randAlphaNum 64)
    | b64enc
  }}

  {{- range $name, $value := .Values.env }}
  {{ $name }}: {{ toString $value | b64enc }}
  {{- end }}
feat(paperless-ngx): add paperless-ngx 2025-02-23 13:11:44 +01:00			`---`
			`{{- $fullname := include "paperless-ngx.fullname" . }}`
			`{{- $secret := (lookup "v1" "Secret" .Release.Namespace $fullname) }}`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: {{ $fullname }}`
			`labels:`
			`{{- include "paperless-ngx.labels" . \| nindent 4 }}`
			`annotations:`
			`"checksum/config": {{ toYaml .Values.config \| sha256sum }}`
			`"checksum/env": {{ toYaml .Values.env \| sha256sum }}`

			`data:`
			`{{- with .Values.config.url }}`
			`PAPERLESS_URL: {{ toYaml . \| b64enc }}`
			`{{- else }}`
			`{{- $ingressTLS := ne ( len .Values.ingress.tls ) 0 }}`
			`PAPERLESS_URL: {{ printf "%s://%s" (ternary "https" "http" $ingressTLS) (first .Values.ingress.hosts).host \| b64enc }}`
			`{{- end }}`
			`{{- with .Values.config.redis }}`
			`{{- with .url }}`
			`PAPERLESS_REDIS: {{ toYaml . \| b64enc }}`
			`{{- else }}`
			`{{- if $.Values.redis.auth.enabled }}`
			`{{- if $.Values.redis.auth.existingSecret }}`
			`PAPERLESS_REDIS: {{ printf "redis://:$(REDIS_PASSWORD)@%s-redis-master" (include "paperless-ngx.fullname" $)\| b64enc }}`
			`{{- else }}`
			`PAPERLESS_REDIS: {{ printf "redis://:%s@%s-redis-master" $.Values.redis.auth.password (include "paperless-ngx.fullname" $)\| b64enc }}`
			`{{- end }}`
			`{{- else }}`
			`PAPERLESS_REDIS: {{ printf "redis://%s-redis-master" (include "paperless-ngx.fullname" $)\| b64enc }}`
			`{{- end }}`
			`{{- end }}`
			`{{- with .prefix }}`
			`PAPERLESS_REDIS_PREFIX: {{ toYaml . \| b64enc }}`
			`{{- end }}`
			`{{- end }}`

			`{{- with .Values.config.database }}`
			`{{- with .engine }}`
			`PAPERLESS_DBENGINE: {{ toYaml . \| b64enc }}`
			`{{- end }}`
			`{{- with .host }}`
			`PAPERLESS_DBHOST: {{ toYaml . \| b64enc }}`
			`{{- else }}`
			`PAPERLESS_DBHOST: {{ printf "%s-postgresql" (include "paperless-ngx.fullname" $) \| b64enc }}`
			`{{- end }}`
			`{{- with .port }}`
			`PAPERLESS_DBPORT: {{ toYaml . \| b64enc }}`
			`{{- end }}`
			`{{- with .name }}`
			`PAPERLESS_DBNAME: {{ toYaml . \| b64enc }}`
			`{{- end }}`
			`{{- with .user }}`
			`PAPERLESS_DBUSER: {{ toYaml . \| b64enc }}`
			`{{- end }}`
			`{{- with .pass }}`
			`PAPERLESS_DBPASS: {{ toYaml . \| b64enc }}`
			`{{- end }}`
			`{{- with .sslmode }}`
			`PAPERLESS_DBSSLMODE: {{ toYaml . \| b64enc }}`
			`{{- end }}`
			`{{- end }}{{/* end-with .config.database */}}`

			`{{- with .Values.config.apps }}`
			`PAPERLESS_APPS: {{ toYaml . \| b64enc }}`
			`{{- end }}`
			`{{- with .Values.config.oidcProviders }}`
			`PAPERLESS_SOCIALACCOUNT_PROVIDERS: {{ toJson . \| b64enc }}`
			`{{- end }}`

			`PAPERLESS_SECRET_KEY: {{ .Values.env.PAPERLESS_SECRET_KEY`
			`\| default (dig "data" "PAPERLESS_SECRET_KEY" "" $secret \| b64dec)`
			`\| default (randAlphaNum 64)`
			`\| b64enc`
			`}}`

			`{{- range $name, $value := .Values.env }}`
			`{{ $name }}: {{ toString $value \| b64enc }}`
			`{{- end }}`