---
# yaml-language-server: $schema=https://json.schemastore.org/helmfile

# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
kubeVersion: v1.32.3

helmDefaults:
  force: true
  recreatePods: true
  timeout: 600
  wait: true
  waitForJobs: true

repositories:
  - name: postfinance
    url: https://postfinance.github.io/kubelet-csr-approver

releases:
  - name: kube-prometheus-stack-crds
    namespace: observability
    chart: oci://ghcr.io/prometheus-community/charts/prometheus-operator-crds
    version: 19.1.0

  - name: cilium
    namespace: kube-system
    atomic: true
    chart: oci://ghcr.io/home-operations/charts-mirror/cilium
    version: 1.17.3
    values: ["../../apps/kube-system/cilium/app/helm-values.yaml"]
    hooks:
      - # Wait for cilium CRDs to be available
        events: ['postsync']
        command: bash
        args:
          - -c
          - until kubectl get crd ciliumbgppeeringpolicies.cilium.io ciliuml2announcementpolicies.cilium.io ciliumloadbalancerippools.cilium.io &>/dev/null; do sleep 10; done
        showlogs: true
    needs: ["observability/kube-prometheus-stack-crds"]

  - name: coredns
    namespace: kube-system
    atomic: true
    chart: oci://ghcr.io/coredns/charts/coredns
    version: 1.39.2
    values: ["../../apps/kube-system/coredns/app/helm-values.yaml"]
    needs: ["kube-system/cilium"]

  - name: kubelet-csr-approver
    namespace: kube-system
    atomic: true
    chart: postfinance/kubelet-csr-approver
    version: 1.2.7
    values: ["../../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml"]
    needs: ["kube-system/coredns"]

  - name: spegel
    namespace: kube-system
    atomic: true
    chart: oci://ghcr.io/spegel-org/helm-charts/spegel
    version: 0.2.0
    values: ["../../apps/kube-system/spegel/app/helm-values.yaml"]
    needs: ["kube-system/kubelet-csr-approver"]

  - name: cert-manager
    namespace: cert-manager
    atomic: true
    chart: oci://ghcr.io/home-operations/charts-mirror/cert-manager
    version: v1.17.1
    values: ['../../apps/cert-manager/cert-manager/app/helm/values.yaml']
    needs: ['kube-system/spegel']

  - name: external-secrets
    namespace: external-secrets
    atomic: true
    chart: oci://ghcr.io/external-secrets/charts/external-secrets
    version: 0.17.0
    values: ['../../apps/external-secrets/external-secrets/app/helm/values.yaml']
    needs: ['cert-manager/cert-manager']

  - name: onepassword-connect
    namespace: external-secrets
    atomic: true
    chart: oci://ghcr.io/bjw-s/helm/app-template
    version: 3.7.3
    values: ['../../apps/external-secrets/external-secrets/stores/onepassword/helm/values.yaml']
    needs: ['external-secrets/external-secrets']

  - name: flux-operator
    namespace: flux-system
    atomic: true
    chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator
    version: 0.19.0
    values: ['../../apps/flux-system/flux-operator/app/helm/values.yaml']
    needs: ['external-secrets/external-secrets']

  - name: flux-instance
    namespace: flux-system
    atomic: true
    chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-instance
    version: 0.19.0
    values: ['../../apps/flux-system/flux-instance/app/helm/values.yaml']
    needs: ['flux-system/flux-operator']