apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: nextcloud-main-chart
  namespace: {{ .Values.argocd.namespace }}
  annotations:
    argocd.argoproj.io/sync-wave: "0"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: "https://nextcloud.github.io/helm"
    chart: nextcloud
    targetRevision: 6.x
    helm:
      releaseName: nextcloud
      valuesObject:
        image:
          flavor: fpm
        replicaCount: {{ .Values.nextcloud.replicaCount }}
        ingress:
          enabled: true
          className: nginx
          annotations:
            cert-manager.io/cluster-issuer: letsencrypt
            # nginx.ingress.kubernetes.io/server-snippet: |-
            #   server_tokens off;
            #   proxy_hide_header X-Powered-By;
            #   rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
            #   rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
            #   rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
            #   rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
            #   location = /.well-known/carddav {
            #     return 301 $scheme://$host/remote.php/dav;
            #   }
            #   location = /.well-known/caldav {
            #     return 301 $scheme://$host/remote.php/dav;
            #   }
            #   location = /robots.txt {
            #     allow all;
            #     log_not_found off;
            #     access_log off;
            #   }
            #   location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            #     deny all;
            #   }
            #   location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
            #     deny all;
            #   }
            nginx.ingress.kubernetes.io/enable-cors: "true"
            nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
          tls:
          - hosts:
              - {{ .Values.nextcloud.url }}
            secretName: nextcloud-cert
        nextcloud:
          host: {{ .Values.nextcloud.url }}
          existingSecret:
            enabled: true
            secretName: nextcloud-user
            usernameKey: nc-admin-username
            passwordKey: nc-admin-password
          trustedDomains: {{ .Values.nextcloud.trustedDomains }}
          # extraInitContainers - might be useful to make sure the LUKS secret is present
        nginx:
          enabled: true
        redis:
          enabled: true
          auth:
            enabled: false
        cronjob:
          enabled: true
        internalDatabase:
          enabled: false
        externalDatabase:
          enabled: true
          type: postgresql
          host: "nextcloud-db-rw:5432"
          existingSecret:
            enabled: true
            secretName: nextcloud-db-app
            usernameKey: user 
            passwordKey: password
            databaseKey: dbname
        persistence:
          enabled: true
          existingClaim: {{ .Values.nextcloud.configPvc.name }}
          nextcloudData:
            enabled: true
            existingClaim: {{ .Values.dataPvc.name }}
  destination:
    server: {{ .Values.destination.server }}
    namespace: {{ .Values.destination.namespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true