---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Release.Name }}-buildbot
spec:
  selector:
    matchLabels:
      app: {{ .Release.Name }}-buildbot
  replicas: 1
  template:
    metadata:
      labels:
        app: {{ .Release.Name }}-buildbot
        use-as-service: {{ .Release.Name }}
    spec:
      initContainers:
        # - name: wait-for-cert
        #   image: busybox
        #   command:
        #     - sh
        #     - -c
        #     - until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done
        #   volumeMounts:
        #     - name: etcletsencrypt
        #       mountPath: "/etc/letsencrypt"
      containers:
        # This container will only start *after* the cert has been placed
        # - name: nginx
        #   image: nginx:1.21-alpine
        #   ports:
        #     - containerPort: 443
        #   volumeMounts:
        #     - name: nginx-config
        #       mountPath: "/etc/nginx/conf.d/"
        #     - name: etcletsencrypt
        #       mountPath: "/etc/letsencrypt"
        - name: postgres
          image: postgres:13
          ports:
            - containerPort: 5432
          envFrom:
          - configMapRef:
              name: {{ tpl .Values.identifier . }}-postgres-config
          # Use subpath to avoid lost+found error
          volumeMounts:
            - name: postgres-data
              mountPath: "/var/lib/postgresql/data"
              subPath: postgres
        - name: buildbot
          image: buildbot/buildbot:v{{ .Chart.AppVersion }}
          ports:
            - containerPort: 8010
          env:
            # - name: USER_UID
            #   value: "1000"
            # - name: USER_GID
            #   value: "1000"
            # - name: BUILDBOT__server__DOMAIN
            #   value: "{{ tpl .Values.fqdn . }}"
            # - name: BUILDBOT__server__ROOT_URL
            #   value: "https://{{ tpl .Values.fqdn . }}"
            - name: BUILDBOT_DB_URL
              value: "postgresql+psycopg2://{POSTGRES_USER}:{POSTGRES_PASSWORD}@db/{POSTGRES_DB}"
            - name: BUILDBOT__database__HOST
              value: "localhost"
            - name: POSTGRES_DB
              valueFrom:
                configMapKeyRef:
                  name: {{ tpl .Values.identifier . }}-postgres-config
                  key: POSTGRES_DB
            - name: POSTGRES_USER
              valueFrom:
                configMapKeyRef:
                  name: {{ tpl .Values.identifier . }}-postgres-config
                  key: POSTGRES_USER
            - name: POSTGRES_PASSWORD
              valueFrom:
                configMapKeyRef:
                  name: {{ tpl .Values.identifier . }}-postgres-config
                  key: POSTGRES_PASSWORD
          volumeMounts:
            - name: etcletsencrypt
              mountPath: "/etc/letsencrypt"
            - name: data
              mountPath: "/data"
      volumes:
        - name: etcletsencrypt
          persistentVolumeClaim:
            claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
        - name: data
          persistentVolumeClaim:
            claimName: {{ tpl .Values.identifier . }}-data
        - name: postgres-data
          persistentVolumeClaim:
            claimName: {{ tpl .Values.identifier . }}-postgres-data
        - name: nginx-config
          configMap:
            name: {{ tpl .Values.identifier . }}-nginx-config

---
apiVersion: v1
kind: Service
metadata:
  name: {{ tpl .Values.identifier . }}
  labels:
    app: {{ tpl .Values.identifier . }}
spec:
  type: ClusterIP
  ports:
   # Required for letsencrypt
   - port: 8010
     name: http
   - port: 443
     name: https
  selector:
   use-as-service: {{ .Release.Name }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: {{ tpl .Values.identifier . }}-letsencrypt-certs
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 50Mi
  storageClassName: rook-cephfs
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: {{ tpl .Values.identifier . }}-data
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  storageClassName: rook-cephfs
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: {{ tpl .Values.identifier . }}-postgres-data
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 500Mi
  storageClassName: rook-ceph-block
---
apiVersion: batch/v1
kind: Job
metadata:
  name: {{ tpl .Values.identifier . }}-getcert
spec:
  template:
    metadata:
      labels:
        app: certbot-letsencrypt-getcert
        use-as-service: {{ .Release.Name }}
    spec:
      restartPolicy: Never
      containers:
      - name: certbot
        image: ungleich/ungleich-certbot
        ports:
          - containerPort: 80
        env:
          - name: DOMAIN
            value: "{{ tpl .Values.fqdn . }}"
          - name: EMAIL
            value: "{{ .Values.email }}"
          {{ if eq .Values.letsencryptStaging "no" }}
          - name: STAGING
            value: "no"
          {{ end }}
        volumeMounts:
          - name: etcletsencrypt
            mountPath: "/etc/letsencrypt"
      volumes:
        - name: etcletsencrypt
          persistentVolumeClaim:
            claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
  backoffLimit: 3
#---
# apiVersion: v1
# kind: ConfigMap
# metadata:
#   name: {{ tpl .Values.identifier . }}-nginx-config
# data:
#   default.conf: |
#     server {
#         listen 443 ssl;
#         listen [::]:443 ssl;

#         server_name {{ tpl .Values.fqdn . }};

#         ssl_certificate      /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem;
#         ssl_certificate_key  /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem;

#         client_max_body_size 256m;

#         location / {
#             proxy_pass http://localhost:3000;
#         }
#     }
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ tpl .Values.identifier . }}-postgres-config
data:
  POSTGRES_USER: buildbot
  POSTGRES_PASSWORD: aiJohtoqueeng0oosh8ohfoh1chahPh3
  POSTGRES_DB: buildbot