apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: nextcloud-main-chart
  namespace: {{ .Values.argocd.namespace }}
  annotations:
    argocd.argoproj.io/sync-wave: "0"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: "https://nextcloud.github.io/helm"
    chart: nextcloud
    targetRevision: 6.x
    helm:
      releaseName: nextcloud
      valuesObject:
        image:
          flavor: fpm
        replicaCount: {{ .Values.nextcloud.replicaCount }}
        ingress:
          enabled: true
          className: nginx
          annotations:
            cert-manager.io/cluster-issuer: letsencrypt
            nginx.ingress.kubernetes.io/server-snippet: |-
              server_tokens off;
              proxy_hide_header X-Powered-By;
              rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
              rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
              rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
              rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
              location = /.well-known/carddav {
                return 301 $scheme://$host/remote.php/dav;
              }
              location = /.well-known/caldav {
                return 301 $scheme://$host/remote.php/dav;
              }
              location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
              }
              location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
                deny all;
              }
              location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
                deny all;
              }
            nginx.ingress.kubernetes.io/enable-cors: "true"
            nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
          tls:
          - hosts:
            - {{ .Values.nextcloud.url }}
            secretname: nextcloud-cert
        nextcloud:
          host: {{ .Values.nextcloud.url }}
          existingSecret:
            enabled: true
            secretName: nextcloud-user
            usernameKey: nc-admin-username
            passwordKey: nc-admin-password
          trustedDomains: {{ .Values.nextcloud.trustedDomains }}
          # extraInitContainers - might be useful to make sure the LUKS secret is present
        nginx:
          enabled: true
        redis:
          enabled: true
          auth:
            enabled: false
        cronjob:
          enabled: true
        internalDatabase:
          enabled: false
        externalDatabase:
          enabled: true
          type: postgresql
          host: "nextcloud-db-rw:5432"
          existingSecret:
            enabled: true
            secretName: nextcloud-db-app
            usernameKey: user 
            passwordKey: password
            databaseKey: dbname
        persistence:
          enabled: true
          existingClaim: {{ .Values.nextcloud.configPvc.name }}
          nextcloudData:
            enabled: true
            existingClaim: {{ .Values.dataPvc.name }}
  destination:
    server: https://kubernetes.default.svc  # Targeting the current Kubernetes cluster
    namespace: {{ .Values.mainNamespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true