---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gitea-pvc
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 5Gi
  storageClassName: longhorn
---
{{- $_ := set $ "homey_gitea_admin_pass" (include "homey.lookuporgensecret" (merge (dict "secretname" "gitea-admin-pass") $))}}
{{ include "homey.randomsecret" (merge (dict "secretname" "gitea-admin-pass" "secretval" .homey_gitea_admin_pass) $) }}
---
{{- $_ := set $ "homey_gitea_lfs_jwt_secret" (include "homey.lookuporgensecret" (merge (dict "secretname" "gitea-lfs-jwt-secret") $))}}
{{ include "homey.randomsecret" (merge (dict "secretname" "gitea-lfs-jwt-secret" "secretval" .homey_gitea_lfs_jwt_secret) $) }}
---
{{- $_ := set $ "homey_gitea_oauth2_jwt_secret" (include "homey.lookuporgensecret" (merge (dict "secretname" "gitea-oauth2-jwt-secret") $))}}
{{ include "homey.randomsecret" (merge (dict "secretname" "gitea-oauth2-jwt-secret" "secretval" .homey_gitea_oauth2_jwt_secret) $) }}

---
apiVersion: v1
kind: Secret
metadata:
  name: gitea-random-internal-token
  annotations:
    "helm.sh/resource-policy": "keep"
type: Opaque
data:
{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "gitea-random-internal-token") | default dict -}}
{{- $secretData := (get $secretObj "data") | default dict -}}
{{- $pass := (get $secretData "password") | default (randAlphaNum 100 | b64enc) -}}
{{- $_ := set $ "homey_gitea_random_internal_token" ($pass | b64dec) }}
  password: {{ $pass | quote }}
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: gitea-conf
data:
  app.ini: |-
{{ tpl (.Files.Get "files/gitea-app.ini" | indent 4) . }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitea
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitea
  template:
    metadata:
      labels:
        app: gitea
    spec:
      containers:
      - name: gitea
        image: gitea/gitea:latest
        ports:
        - containerPort: 3000
          name: http
        volumeMounts:
        - name: gitea-persistent-storage
          mountPath: /data
          subPath: gitea/gitea/data
        - name: gitea-conf
          mountPath: /data/gitea/conf/app.ini
          subPath: app.ini
          readOnly: true
        # startProbe:
        #   httpGet:
        #     path: /
        #     port: 3000
        #   initialDelaySeconds: 15
        # lifecycle:
        #   postStart:
        #     exec:
        #       {{- set $gitea-cmd (printf "gitea admin auth add-ldap --name ldap --security-protocol unencrypted --host ldap --port 389 --user-search-base ou=users,%s --user-filter \\\"(&(objectClass=inetOrgPerson)(|(uid=\%[1]s)(mail=\%[1]s)))\\\" --email-attribute mail --bind-dn=\\\"cn=readonly,%s\\\" --bind-password=\\\"%s\\\"" ( .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim) () (.homey_openldap_ro | replace "\"" ""))}}
        #       command: ["/bin/sh", "-c", "{{cmd}}"]
      volumes:
      - name: gitea-persistent-storage
        persistentVolumeClaim:
          claimName: gitea-pvc
      - name: gitea-conf
        configMap:
          name: gitea-conf
          items:
          - key: app.ini
            path: app.ini
---
apiVersion: v1
kind: Service
metadata:
  name: gitea-svc
spec:
  selector:
    app: gitea
  ports:
  - name: http-port
    protocol: TCP
    port: 3000
    targetPort: http
  selector:
    app: gitea
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gitea-ingress
spec:
  ingressClassName: {{ .Values.homey.ingress_class }}
  tls:
    - hosts:
      - git.{{ .Values.homey.url }}
      secretName: {{ .Values.homey.certname }}
  rules:
  - host: git.{{ .Values.homey.url }}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: gitea-svc
            port:
              number: 3000
---