# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: ganymede
  namespace: default
spec:
  interval: 5m
  chart:
    spec:
      chart: app-template
      version: 3.5.1
      sourceRef:
        kind: HelmRepository
        name: bjws-charts
        namespace: flux-system
  values:
    controllers:
      main:
        containers:
          api:
            image:
              repository: ghcr.io/zibbp/ganymede
              tag: 3.1.0
            env:
            - name: PUID
              value: 10555
            - name: PGID
              value: 10555
            - name: TZ
              value: "America/New_York" # Set to your timezone
            - name: DB_HOST
              value: "postgres16-rw.database.svc"
            - name: DB_PORT
              value: "5432"
            - name: DB_USER
              value: "ganymede"
            - name: DB_PASS
              secretKeyRef:
                name: ganymede-env
                key: dbPassword
            - name: DB_NAME
              value: "ganymede"
            - name: DB_SSL
              value: "disable"
            - name: JWT_SECRET
              secretKeyRef:
                name: ganymede-env
                key: jwtSecret
            - name: JWT_REFRESH_SECRET
              secretKeyRef:
                name: ganymede-env
                key: jwtRefreshSecret
            - name: TWITCH_CLIENT_ID
              secretKeyRef:
                name: ganymede-env
                key: twitchClientId
            - name: TWITCH_CLIENT_SECRET
              secretKeyRef:
                name: ganymede-env
                key: twitchClientSecret
            - name: FRONTEND_HOST
              value: https://twvods.${SECRET_NEW_DOMAIN}
            - name: OAUTH_PROVIDER_URL
              value: "https://auth.${SECRET_NEW_DOMAIN}/application/o/ganymede/.well-known/openid-configuration"
            - name: OAUTH_CLIENT_ID
              secretKeyRef:
                name: ganymede-env
                key: oauthClientId
            - name: OAUTH_CLIENT_SECRET
              secretKeyRef:
                name: ganymede-env
                key: oauthClientSecret
            - name: OAUTH_REDIRECT_URL
              value: "https://twvods.${SECRET_NEW_DOMAIN}/api/v1/auth/oauth/callback"
            - name: TEMPORAL_URL
              value: "temporal:7233"
            # WORKER
            - name: MAX_CHAT_DOWNLOAD_EXECUTIONS
              value: "5"
            - name: MAX_CHAT_RENDER_EXECUTIONS
              value: "3"
            - name: MAX_VIDEO_DOWNLOAD_EXECUTIONS
              value: "5"
            - name: MAX_VIDEO_CONVERT_EXECUTIONS
              value: "3"

          frontend:
            image:
              repository: ghcr.io/zibbp/ganymede-frontend
              tag: 3.1.0
            env:
            - name: API_URL
              # /api will be added to this
              value: "https://twvods.${SECRET_NEW_DOMAIN}" # Points to the API service
            - name: CDN_URL
              # /vods will be added to this
              value: "https://twvods.${SECRET_NEW_DOMAIN}" # Points to the CDN service
            - name: SHOW_SSO_LOGIN_BUTTON
              value: "true" # show/hide SSO login button on login page
            - name: FORCE_SSO_AUTH
              value: "false" # force SSO auth for all users (bypasses login page and redirects to SSO)
            - name: REQUIRE_LOGIN
              value: "false" # require login to view videos

          nginx:
            image:
              repository: nginxinc/nginx-unprivileged
              tag: 1.27.3-alpine
            securityContext:
              allowPrivilegeEscalation: false
              capabilities: { drop: ["ALL"] }

    service:
      app:
        controller: main
        ports:
          nginx:
            port: 8080
          frontend:
            port: 3000
          api:
            port: 4000

    serviceMonitor:
      app:
        labels:
          release: kube-prometheus-stack
        serviceName: ganymede
        endpoints:
          - port: api
            interval: 1m
            scrapeTimeout: 5s
            path: /metrics
            metricRelabelings:
              - sourceLabels: ["__name__"]
                targetLabel: "__name__"
                regex: "(.*)"
                replacement: "ganymede_$${1}"
                action: replace
          
    ingress:
      main:
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
        hosts:
        - host: twvods.${SECRET_NEW_DOMAIN}
          paths:
          - path: /
            service:
              identifier: app
              port: frontend
          - path: /api
            service:
              identifier: app
              port: api
          - path: /data/videos
            service:
              identifier: app
              port: nginx

    persistence:
      vods:
        type: persistentVolumeClaim
        size: 50Gi
        retain: true
        storageClass: mainpool-hostpath
        accessMode: ReadWriteOnce
        globalMounts:
        - path: /data/videos
      ganymede-data:
        type: persistentVolumeClaim
        size: 5Gi
        retain: true
        storageClass: mainpool-hostpath
        accessMode: ReadWriteOnce
        advancedMounts:
          main: # controller name
            api: # container name
            - path: /data/temp
      ganymede-logs:
        type: persistentVolumeClaim
        size: 5Gi
        retain: true
        storageClass: mainpool-hostpath
        accessMode: ReadWriteOnce
        advancedMounts:
          main: # controller name
            api: # container name
            - path: /data/logs
      nginx-conf:
        name: ganymede-nginx-conf
        type: configMap
        defaultMode: 0664
        advancedMounts:
          main: # controller name
            nginx: # container name
            - path: /etc/nginx/nginx.conf
              subPath: nginx.conf
      ganymede-conf:
        name: ganymede-conf
        type: configMap
        defaultMode: 0777
        advancedMounts:
          main: # controller name
            api: # container name
            - path: /data/config/config.json
              subPath: config.json