---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: paperless-pvc
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 50Gi
  storageClassName: longhorn
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: paperless-redis
spec:
  replicas: 1
  selector:
    matchLabels:
      app: paperless-redis
  template:
    metadata:
      labels:
        app: paperless-redis
    spec:
      containers:
      - name: paperless
        image: redis
        imagePullPolicy: "IfNotPresent"
        ports:
        - containerPort: 6379
          name: redis
        volumeMounts:
        - name: paperless-volume
          mountPath: "/data"
          subPath: paperless/redis-data
      volumes:
      - name: paperless-volume
        persistentVolumeClaim:
          claimName: paperless-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: paperless-redis
spec:
  selector:
    app: paperless-redis
  ports:
  - port: 80
    targetPort: 8000
    name: paperless-web

---
{{- $_ := set $ "homey_paperless_postgres_pass" (include "homey.lookuporgensecret" (merge (dict "secretname" "paperless-postgres-pass") $))}}
{{ include "homey.randomsecret" (merge (dict "secretname" "paperless-postgres-pass" "secretval" .homey_paperless_postgres_pass) $) }}
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: paperless-postgres-config
  labels:
    app: paperless-postgres
data:
  POSTGRES_DB: paperless
  POSTGRES_USER: paperless
  POSTGRES_PASSWORD: paperless
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: paperless-postgres
  labels:
    app: paperless-postgres
spec:
  replicas: 1
  selector:
    matchLabels:
      app: paperless-postgres
  template:
    metadata:
      labels:
        app: paperless-postgres
        name: paperless-postgres
    spec:
      containers:
      - name: paperless-postgres
        image: postgres
        imagePullPolicy: "IfNotPresent"
        ports:
        - containerPort: 5432
        envFrom:
        - configMapRef:
            name: paperless-postgres-config
        volumeMounts:
        - mountPath: /var/lib/postgresql/data
          subPath: paperless/db
          name: paperless-volume
      volumes:
      - name: paperless-volume
        persistentVolumeClaim:
          claimName: paperless-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: paperless-postgres
  labels:
    app: paperless-postgres
spec:
  ports:
   - port: 5432
  selector:
    app: paperless-postgres
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: paperless
spec:
  replicas: 1
  selector:
    matchLabels:
      app: paperless
  template:
    metadata:
      labels:
        app: paperless
    spec:
      containers:
      - name: paperless
        image: ghcr.io/paperless-ngx/paperless-ngx:latest
        imagePullPolicy: "IfNotPresent"
        ports:
        - containerPort: 8000
          name: paperless-web
        volumeMounts:
        - name: paperless-volume
          mountPath: "/usr/src/paperless/data"
          subPath: paperless/data
        - name: paperless-volume
          mountPath: "/usr/src/paperless/media"
          subPath: paperless/media
        - name: paperless-volume
          mountPath: "/usr/src/paperless/export"
          subPath: paperless/export
        - name: paperless-volume
          mountPath: "/usr/src/paperless/consume"
          subPath: paperless/consume
        env:
        - name: PAPERLESS_REDIS
          value: redis://paperless-redis:6379
        - name: PAPERLESS_DBHOST
          value: paperless-postgres
        - name: PAPERLESS_DEBUG
          value: "true"
        - name: PAPERLESS_ENABLE_HTTP_REMOTE_USER
          value: "true"
        - name: PAPERLESS_ENABLE_HTTP_REMOTE_USER_API
          value: "true"
        - name: PAPERLESS_DISABLE_REGULAR_LOGIN
          value: "true"
        - name: PAPERLESS_LOGOUT_REDIRECT_URL
          value: "https://auth.{{ .Values.homey.url }}/logout"
        - name: PAPERLESS_URL
          value: "https://paperless.{{ .Values.homey.url }}"
        - name: PAPERLESS_DBPASSWORD
          valueFrom:
            secretKeyRef:
              name: paperless-postgres-pass
              key: password
      volumes:
      - name: paperless-volume
        persistentVolumeClaim:
          claimName: paperless-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: paperless-web
  labels:
    app: paperless-web
spec:
  selector:
    app: paperless
  ports:
  - port: 80
    targetPort: 8000
    name: paperless-web
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: paperless-ingress
  annotations:
    kubernetes.io/ingress.allow-http: "false"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/auth-method: GET
    nginx.ingress.kubernetes.io/auth-url: http://authelia.{{ .Release.Namespace }}.svc.cluster.local:9091/api/verify
    nginx.ingress.kubernetes.io/auth-signin: https://auth.{{ .Values.homey.url }}?rm=$request_method
    nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header X-Forwarded-Method $request_method;
      auth_request_set $user $upstream_http_remote_user;
      auth_request_set $groups $upstream_http_remote_groups;
      auth_request_set $name $upstream_http_remote_name;
      auth_request_set $email $upstream_http_remote_email;
      proxy_set_header REMOTE_USER $remote_user;
      proxy_set_header REMOTE_EMAIL $email;
      proxy_set_header REMOTE_NAME $name;
spec:
  ingressClassName: {{ .Values.homey.ingress_class }}
  tls:
    - hosts:
      - paperless.{{ .Values.homey.url }}
      secretName: {{ .Values.homey.certname }}
  rules:
   - host: paperless.{{ .Values.homey.url }}
     http:
       paths:
       - path: /
         pathType: Prefix
         backend:
           service:
             name: paperless-web
             port:
               number: 80
---