---
apiVersion: v1
kind: Secret
metadata:
  name: photoprism-admin
  annotations:
    "helm.sh/resource-policy": "keep"
type: Opaque
data:
  {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "photoprism-admin") | default dict }}
  {{- $secretData := (get $secretObj "data") | default dict }}
  {{- $pass := (get $secretData "password") | default (randAlphaNum 32 | b64enc) }}
  password: {{ $pass | quote }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: photoprism
spec:
  replicas: 1
  selector:
    matchLabels:
      app: photoprism
  template:
    metadata:
      labels:
        app: photoprism
    spec:
      containers:
      - name: photoprism
        image: photoprism/photoprism
        env:
        - name: PHOTOPRISM_ADMIN_PASSWORD
          valueFrom:
            secretKeyRef:
              key: password
              name: photoprism-admin
        - name: PHOTOPRISM_ORIGINALS_LIMIT
          value: "50000"
        - name: PHOTOPRISM_HTTP_COMPRESSION
          value: "gzip"
        - name: PHOTOPRISM_DEBUG
          value: "false"
        - name: PHOTOPRISM_PUBLIC
          value: "true"
        - name: PHOTOPRISM_READONLY
          value: "false"
        - name: PHOTOPRISM_EXPERIMENTAL
          value: "false"
        - name: PHOTOPRISM_DISABLE_WEBDAV
          value: "false"
        - name: PHOTOPRISM_DISABLE_SETTINGS
          value: "false"
        - name: PHOTOPRISM_DISABLE_TENSORFLOW
          value: "false"
        - name: PHOTOPRISM_DARKTABLE_PRESETS
          value: "false"
        - name: PHOTOPRISM_DETECT_NSFW
          value: "false"
        - name: PHOTOPRISM_UPLOAD_NSFW
          value: "true"
        - name: PHOTOPRISM_DATABASE_DRIVER
          value: "sqlite"
        - name: PHOTOPRISM_SITE_URL
          value: "http://gallery.{{ .Values.homey.url }}"
        - name: PHOTOPRISM_SITE_TITLE
          value: "PhotoPrism"
        - name: PHOTOPRISM_SITE_CAPTION
          value: "Browse Your Life"
        - name: PHOTOPRISM_SITE_DESCRIPTION
          value: ""
        - name: PHOTOPRISM_SITE_AUTHOR
          value: ""
        volumeMounts:
        - name: photoprism-persistent-storage
          mountPath: /photoprism/storage
          subPath: backup/photoprism/photoprism/storage
        - name: photoprism-persistent-storage
          mountPath: /photoprism/originals
          subPath: backup/photoprism/originals
        - name: photoprism-persistent-storage
          mountPath: /var/lib/mysql
          subPath: backup/photoprism/var/lib/mysql
      volumes:
      - name: photoprism-persistent-storage
        persistentVolumeClaim:
          claimName: homey-pvc-nfs
---
apiVersion: v1
kind: Service
metadata:
  name: photoprism-svc
spec:
  ports:
  - name: http
    protocol: TCP
    port: 2342
    targetPort: 2342
  selector:
    app: photoprism
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: photoprism-ingress
  annotations:
    nginx.ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80
    nginx.ingress.kubernetes.io/whitelist-source-range: "10.0.0.0/16"
    nginx.ingress.kubernetes.io/proxy-body-size: 5g
spec:
  ingressClassName: {{ .Values.homey.ingress_class }}
  tls:
    - hosts:
      - album.{{ .Values.homey.url }}
      secretName: {{ .Values.homey.certname }}
  rules:
  - host: album.{{ .Values.homey.url }}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: photoprism-svc
            port:
              number: 2342