---
shortcuts:
  hostname: badhouseplants.net

base:
  workload:
    kind: Deployment
    strategy:
      type: RollingUpdate
    securityContext:
      seccompProfile:
        type: RuntimeDefault
    initContainers:
      01-rclone:
        image:
          registry: registry.hub.docker.com
          repository: rclone/rclone
          tag: 1.67
          pullPolicy: Always
        volumeMounts:
          storage:
            music: 
              path: /data
          files:
            rclone-config:
              path: /app/rclone.conf
              subPath: rclone.conf
        command: 
          - rclone
        args:
          - --config 
          - /app/rclone.conf 
          - sync 
          - --exclude=*.wav 
          - --exclude='/spam/**'
          - -P 
          - music-data:/navidrome/music/allanger_beats 
          - /data
      02-faircamp:
        image:
          registry: gitea.badhouseplants.net
          repository: badhouseplants/faircamp-site
          tag: latest
          pullPolicy: Always
        volumeMounts:
          storage:
            site:
              path: /data/.faircamp_build
            music:
              path: /data/music
          extraVolumes:
            cache:
              path: /data/.faircamp_cache
        securityContext:
          allowPrivilegeEscalation: false
    containers:
      nginx:
        image:
          registry: docker.io
          repository: library/nginx
          tag: latest
          pullPolicy: Always
        ports:
          main: 
            - nginx
        volumeMounts:
          storage:
            site:
              path: /usr/share/nginx/html
        livenessProbe:
          httpGet:
            path: /
            port: 80
            httpHeaders:
          initialDelaySeconds: 3
          periodSeconds: 3
        readinessProbe:
          httpGet:
            path: /
            port: 80
            httpHeaders:
          initialDelaySeconds: 3
          periodSeconds: 3
        securityContext:
          allowPrivilegeEscalation: false

ingress:
  main:
    enabled: true
    class: traefik
    rules:
      - host: '{{ .Values.shortcuts.hostname }}'
        http:
          paths:
            - backend:
                service:
                  name: '{{ .Release.Name }}-main'
                  port:
                    number: 80
              path: /
              pathType: Prefix
    tls:
      - hosts:
          - '{{ .Values.shortcuts.hostname }}'
        secretName: '{{ .Values.shortcuts.hostname }}'
extraVolumes:
  cache: 
    emptyDir: {}

services:
  main:
    enabled: true
    type: ClusterIP
    ports:
      nginx:
        port: 80
        targetPort: 80
        protocol: TCP

storage:
  site:
    enabled: true
    storageClassName: default
    size: 3Gi
    accessModes:
      - ReadWriteOnce
  music:
    enabled: true
    storageClassName: default
    size: 3Gi
    accessModes:
      - ReadWriteOnce

config:
  # -- Please have a look here: https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
  env:
    main:
      enabled: false
      sensitive: false
      remove: []
      data: {}
    secrets:
      enabled: false
      sensitive: true
      remove: []
      data: {}
  files:
    rclone-config:
      enabled: true
      sensitive: false
      remove: []
      entries:
        rclone.conf:
          data: |
            [music-data]
            type = s3
            provider = Minio
            endpoint = s3.company
            location_constraint = us-west-1