---
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "gotosocial.fullname" . }}
  annotations:
    "confighash": {{ toYaml .Values.gotosocial | sha256sum | trunc 32 }}
  labels:
    {{- include "gotosocial.labels" . | nindent 4 }}
data:
  {{- with .Values.gotosocial }}
  TZ: {{ .tz | b64enc }}

  GTS_APPLICATION_NAME: {{ .applicationName | b64enc }}
  {{- with .landingPageUser }}
  GTS_LANDING_PAGE_USER: {{ . | b64enc }}
  {{- end }}
  GTS_HOST: {{ .host | b64enc }}
  GTS_ACCOUNT_DOMAIN: {{ .accountDomain | b64enc }}

  GTS_DB_TYPE: {{ .database.type | b64enc }}
  {{- if (eq .database.type "sqlite") }}
  {{- if (eq .storage.backend "local") }}
  GTS_DB_ADDRESS: {{ "/gotosocial/storage/sqlite.db" | b64enc }}
  GTS_DB_SQLITE_JOURNAL_MODE: {{ "WAL" | b64enc }}
  GTS_DB_SQLITE_SYNCHRONOUS: {{ "NORMAL" | b64enc }}
  GTS_DB_SQLITE_CACHE_SIZE: {{ "8MiB" | b64enc }}
  GTS_DB_SQLITE_BUSY_TIMEOUT: {{ "30m" | b64enc }}
  {{- else }}
  {{- fail "sqlite needs storage-backend is local" }}
  {{- end }}{{/* end-else-if local */}}
  {{- else }}{{/* else-if sqlite */}}
  {{- with .database }}
  GTS_DB_ADDRESS: {{ .address | b64enc }}
  GTS_DB_PORT: {{ toYaml .port | b64enc }}
  GTS_DB_USER: {{ .username | b64enc }}
  GTS_DB_PASSWORD: {{ .password | b64enc }}
  GTS_DB_DATABASE: {{ .database | b64enc }}
  GTS_DB_TLS_MODE: {{ .tlsMode | b64enc }}
  {{- with .tlsCACert }}
  GTS_DB_TLS_CA_CERT: {{ . | b64enc }}
  {{- end }}
  GTS_DB_MAX_OPEN_CONNS_MULTIPLIER: {{ "8" | b64enc }}
  {{- end }}{{/* end-with .database */}}
  {{- end }}{{/* end-else-if sqlite */}}

  {{- with .instance }}
  {{- with .languages }}
  GTS_INSTANCE_LANGUAGES: {{ . | join "," | b64enc }}
  {{- end }}
  {{- with .federation }}
  GTS_INSTANCE_FEDERATION_MODE: {{ .mode | b64enc }}
  GTS_INSTANCE_FEDERATION_SPAM_FILTER: {{ toYaml .spamFilter | b64enc }}
  {{- end }}{{/* end-with federation */}}
  {{- with .expose }}
  GTS_INSTANCE_EXPOSE_PEERS: {{ toYaml .peers | b64enc }}
  GTS_INSTANCE_EXPOSE_SUSPENDED: {{ toYaml .suspended | b64enc }}
  GTS_INSTANCE_EXPOSE_SUSPENDED_WEB: {{ toYaml .suspendedWeb | b64enc }}
  GTS_INSTANCE_EXPOSE_PUBLIC_TIMELINE: {{ toYaml .publicTimeline | b64enc }}
  {{- end }}{{/* end-with expose */}}
  GTS_INSTANCE_DELIVER_TO_SHARED_INBOXES: {{ toYaml .deliverToSharedInboxes | b64enc }}
  GTS_INSTANCE_INJECT_MASTODON_VERSION: {{ toYaml .injectMastodonVersion | b64enc }}
  {{- end }}{{/* end-with instance */}}

  {{- with .accounts }}
  GTS_ACCOUNTS_REGISTRATION_OPEN: {{ toYaml .registrationOpen | b64enc }}
  GTS_ACCOUNTS_APPROVAL_REQUIRED: {{ toYaml .approvalRequired | b64enc }}
  GTS_ACCOUNTS_REASON_REQUIRED: {{ toYaml .reasonRequired | b64enc }}
  GTS_ACCOUNTS_ALLOW_CUSTOM_CSS: {{ toYaml .allowCustomCSS | b64enc }}
  GTS_ACCOUNTS_CUSTOM_CSS_LENGTH: {{ toYaml .customCSSLength | b64enc }}
  {{- end }}{{/* end-with accounts */}}

  GTS_STORAGE_BACKEND: {{ .storage.backend | b64enc }}
  {{- if (eq .storage.backend "local") }}
  GTS_STORAGE_LOCAL_BASE_PATH: {{ "/gotosocial/storage" | b64enc }}
  {{- end }}
  {{- if (eq .storage.backend "s3") }}
  {{- with .storage.s3 }}
  {{- with .endpoint }}
  GTS_STORAGE_S3_ENDPOINT: {{ toYaml . | b64enc }}
  {{- end }}
  {{- with .proxy }}
  GTS_STORAGE_S3_PROXY: {{ toYaml . | b64enc }}
  {{- end }}
  {{- with .useSSL }}
  GTS_STORAGE_S3_USE_SSL: {{ toYaml . | b64enc }}
  {{- end }}
  {{- with .bucket }}
  GTS_STORAGE_S3_BUCKET: {{ toYaml . | b64enc }}
  {{- end }}
  {{- with .accessKey }}
  GTS_STORAGE_S3_ACCESS_KEY: {{ toYaml . | b64enc }}
  {{- end }}
  {{- with .secretKey }}
  GTS_STORAGE_S3_SECRET_KEY: {{ toYaml . | b64enc }}
  {{- end }}
  {{- end }}{{/* end-with .storage.s3 */}}
  {{- end }}{{/* end-if .storage.backed == s3 */}}

  {{- with .oidc }}
  GTS_OIDC_ENABLED: {{ toYaml .enabled | b64enc }}
  GTS_OIDC_IDP_NAME: {{ .idpName | b64enc }}
  GTS_OIDC_SKIP_VERIFICATION: {{ toYaml .skipVerification | b64enc }}
  GTS_OIDC_ISSUER: {{ .issuer | b64enc }}
  GTS_OIDC_CLIENT_ID: {{ .clientID | b64enc }}
  GTS_OIDC_CLIENT_SECRET: {{ .clientSecret | b64enc }}
  GTS_OIDC_SCOPES: {{ .scopes | join "," | b64enc }}
  GTS_OIDC_LINK_EXISTING: {{ toYaml .linkExisting | b64enc }}
  GTS_OIDC_ADMIN_GROUPS: {{ .adminGroups | join "," | b64enc }}
  {{- end }}{{/* end-with oidc */}}

  {{- with .smtp }}
  {{- with .host }}
  GTS_SMTP_HOST: {{ . | b64enc }}
  {{- end }}
  GTS_SMTP_PORT: {{ toYaml .port | b64enc }}
  {{- with .username }}
  GTS_SMTP_USERNAME: {{ . | b64enc }}
  {{- end }}
  {{- with .password }}
  GTS_SMTP_PASSWORD: {{ . | b64enc }}
  {{- end }}
  {{- with .from }}
  GTS_SMTP_FROM: {{ . | b64enc }}
  {{- end }}
  GTS_SMTP_DISCLOSE_RECIPIENTS: {{ toYaml .discloseRecipients | b64enc }}
  {{- end }}{{/* end-with smtp */}}

  GTS_METRICS_ENABLED: {{ toYaml .metrics.enabled | b64enc }}

  # https://www.w3.org/TR/trace-context/#traceparent-header
  GTS_REQUEST_ID_HEADER: {{ "Traceparent" | b64enc }}
  {{- with .tracing }}
  {{- if .enabled }}
  GTS_TRACING_ENABLED: {{ "true" | b64enc}}
  GTS_TRACING_TRANSPORT: {{ .transport | b64enc }}
  GTS_TRACING_ENDPOINT: {{ .endpoint | b64enc }}
  GTS_TRACING_INSECURE_TRANSPORT: {{ toYaml .insecureTransport | b64enc }}
  {{- end }}{{/* end-if .tracing.enabled */}}
  {{- end }}{{/* end-with .tracing */}}

  {{- end }}{{/* end-with .gotosocial */}}