---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: &app outline
  namespace: default
spec:
  interval: 30m
  chart:
    spec:
      chart: app-template
      version: 1.5.1
      sourceRef:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-system
  maxHistory: 2
  install:
    createNamespace: true
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      retries: 3
  uninstall:
    keepHistory: false
  values:
    initContainers:
      01-init-db:
        image: ghcr.io/auricom/postgres-init:15.4
        imagePullPolicy: IfNotPresent
        envFrom: &envFrom
          - secretRef:
              name: &secret outline-secret
    controller:
      strategy: RollingUpdate
      annotations:
        reloader.stakater.com/auto: "true"
    image:
      repository: docker.io/outlinewiki/outline
      tag: 0.71.0
    envFrom: *envFrom
    env:
      AWS_REGION: us-east-1
      AWS_S3_ACL: private
      AWS_S3_FORCE_PATH_STYLE: "true"
      AWS_S3_UPLOAD_BUCKET_NAME: outline
      AWS_S3_UPLOAD_BUCKET_URL: "https://truenas.${SECRET_DOMAIN}:51515"
      AWS_S3_UPLOAD_MAX_SIZE: "26214400"
      ENABLE_UPDATES: "false"
      OIDC_AUTH_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization"
      OIDC_CLIENT_ID: outline
      OIDC_CLIENT_SECRET: "${SECRET_OUTLINE_OAUTH_CLIENT_SECRET}"
      OIDC_DISPLAY_NAME: Authelia
      OIDC_SCOPES: "openid profile email offline_access"
      OIDC_TOKEN_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/token"
      OIDC_USERINFO_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/userinfo"
      OIDC_USERNAME_CLAIM: email
      PGSSLMODE: disable
      PORT: 8080
      REDIS_URL: redis://redis-master.default.svc.cluster.local.:6379
      SMTP_HOST: smtp-relay.default.svc.cluster.local.
      SMTP_PORT: 2525
      SMTP_FROM_EMAIL: "outline@${SECRET_DOMAIN}"
      SMTP_SECURE: "false"
      URL: "https://docs.${SECRET_CLUSTER_DOMAIN}"
      WEB_CONCURRENCY: 10
    command:
      [
        "/bin/sh",
        "-c",
        "yarn db:migrate --env=production-ssl-disabled && yarn start --env=production-ssl-disabled",
      ]
    service:
      main:
        ports:
          http:
            port: 8080
    ingress:
      main:
        enabled: true
        ingressClassName: "nginx"
        annotations:
          hajimari.io/icon: mdi:text-box-multiple
        hosts:
          - host: &host "docs.${SECRET_CLUSTER_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
        tls:
          - hosts:
              - *host
    topologySpreadConstraints:
      - maxSkew: 1
        topologyKey: kubernetes.io/hostname
        whenUnsatisfiable: DoNotSchedule
        labelSelector:
          matchLabels:
            app.kubernetes.io/name: *app
    resources:
      requests:
        cpu: 10m
        memory: 250Mi
      limits:
        memory: 750Mi