apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: davical-postgres-pvc
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  storageClassName: longhorn

---
{{- $_ := set $ "homey_davical_postgres_pass" (include "homey.lookuporgensecret" (merge (dict "secretname" "davical-postgres-pass") $))}}
{{ include "homey.randomsecret" (merge (dict "secretname" "davical-postgres-pass" "secretval" .homey_davical_postgres_pass) $) }}
---
# apiVersion: extensions/v1beta1
apiVersion: v1
kind: ConfigMap
metadata:
  name: davical-postgres-config
  labels:
    app: davical-postgres
data:
  POSTGRES_DB: postgres
  POSTGRES_USER: postgres
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: davical-postgres
  labels:
    app: davical-postgres
spec:
  replicas: 1
  selector:
    matchLabels:
      app: davical-postgres
  template:
    metadata:
      labels:
        app: davical-postgres
        name: davical-postgres
    spec:
      containers:
      - name: davical-postgres
        image: postgres
        imagePullPolicy: "IfNotPresent"
        ports:
        - containerPort: 5432
        envFrom:
        - configMapRef:
            name: davical-postgres-config
        env:
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: davical-postgres-pass
              key: password
        volumeMounts:
        - mountPath: /var/lib/postgresql/data
          subPath: data
          name: davical-postgredb
      volumes:
      - name: davical-postgredb
        persistentVolumeClaim:
          claimName: davical-postgres-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: davical-postgres
  labels:
    app: davical-postgres
spec:
  ports:
   - port: 5432
  selector:
    app: davical-postgres
---
{{- $_ := set $ "homey_davical_admin_pass" (include "homey.lookuporgensecret" (merge (dict "secretname" "davical-admin-pass") $))}}
{{ include "homey.randomsecret" (merge (dict "secretname" "davical-admin-pass" "secretval" .homey_davical_admin_pass) $) }}
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: davical-conf
data:
  config.php: |-
{{ tpl (.Files.Get "files/davical-config.php" | indent 4) . }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: davical
  labels:
    app: davical
spec:
  replicas: 1
  selector:
    matchLabels:
      app: davical
  template:
    metadata:
      labels:
        app: davical
    spec:
      containers:
      - name: davical
        image: anerisgreat/davical-multiarch-docker:latest
        imagePullPolicy: "Always"
        ports:
        - containerPort: 80
          name: dav
        env:
        - name: PGHOST
          value: "davical-postgres"
        - name: PGUSER
          value: "postgres"
        - name: PGPASSWORD
          valueFrom:
            secretKeyRef:
              name: davical-postgres-pass
              key: password
        - name: PGDATABASE
          value: "davical"
        - name: PGPORT
          value: "5432"
        - name: HOST_NAME
          value:
            "dav.{{ .Values.homey.url }}"
        - name: DAVICAL_ADMIN_PASS
          valueFrom:
            secretKeyRef:
              name: davical-admin-pass
              key: password
        - name: ROOT_PGUSER
          value: "postgres"
        - name: ROOT_PGPASSWORD
          valueFrom:
            secretKeyRef:
              name: davical-postgres-pass
              key: password
        - name: RUN_MIGRATIONS_AT_STARTUP
          value: "true"
        volumeMounts:
        - name: davical-conf
          mountPath: /etc/davical/config.php
          subPath: config.php
          readOnly: true
      volumes:
      - name: davical-conf
        configMap:
          name: davical-conf
          items:
          - key: config.php
            path: config.php
---
apiVersion: v1
kind: Service
metadata:
  name: davical
spec:
  selector:
    app: davical
  ports:
  - name: dav
    protocol: TCP
    port: 80
    targetPort: 80
  selector:
    app: davical
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: davical
  annotations:
    kubernetes.io/ingress.allow-http: "false"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/auth-method: GET
    nginx.ingress.kubernetes.io/auth-url: http://authelia.{{ .Release.Namespace }}.svc.cluster.local:9091/api/verify
    nginx.ingress.kubernetes.io/auth-signin: https://auth.{{ .Values.homey.url }}?rm=$request_method
    nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Method $request_method;
      auth_request_set $user $upstream_http_remote_user;
      auth_request_set $groups $upstream_http_remote_groups;
      auth_request_set $name $upstream_http_remote_name;
      auth_request_set $email $upstream_http_remote_email;
      proxy_set_header Remote-User $user;
      proxy_set_header Remote-Fullname $name;
      proxy_set_header Remote-Email $email;
      proxy_set_header Redirect-Remote-User $user;
      proxy_set_header Redirect-Remote-Fullname $name;
      proxy_set_header Redirect-Remote-Email $email;
spec:
  ingressClassName: {{ .Values.homey.ingress_class }}
  tls:
    - hosts:
      - dav.{{ .Values.homey.url }}
      secretName: {{ .Values.homey.certname }}
  rules:
  - host: dav.{{ .Values.homey.url }}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: davical
            port:
              number: 80