---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: peertube
  namespace: fediverse
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: peertube-secret
    creationPolicy: Owner
    template:
      engineVersion: v2
      data:
        PEERTUBE_WEBSERVER_HOSTNAME: "khazadtube.tv"
        PEERTUBE_SECRET: "{{ .peertube_secret }}"
        PEERTUBE_SMTP_HOSTNAME: "{{ .mailgun_smtp_hostname }}"
        PEERTUBE_SMTP_USERNAME: "{{ .mailgun_smtp_user }}"
        PEERTUBE_SMTP_PASSWORD: "{{ .mailgun_smtp_password }}"
        PEERTUBE_SMTP_PORT: "587"
        PEERTUBE_SMTP_FROM: "noreply@khazadtube.tv"
        PEERTUBE_SMTP_TLS: "false"
        PEERTUBE_SMTP_DISABLE_STARTTLS: "false"
        PEERTUBE_ADMIN_EMAIL: "joe@veri.dev"
        PEERTUBE_REDIS_HOSTNAME: "redis-peertube-master.fediverse.svc.cluster.local"
        PEERTUBE_REDIS_PORT: "6379"
        PEERTUBE_OBJECT_STORAGE_ENABLED: "true"
        PEERTUBE_OBJECT_STORAGE_ENDPOINT: "{{ .minio_s3_host }}"
        PEERTUBE_OBJECT_STORAGE_REGION: "us-east-1"
        PEERTUBE_OBJECT_STORAGE_CREDENTIALS_ACCESS_KEY_ID: "{{ .minio_khazadtube_access_key }}"
        PEERTUBE_OBJECT_STORAGE_CREDENTIALS_SECRET_ACCESS_KEY: "{{ .minio_khazadtube_secret_key }}"
        PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_BUCKET_NAME: "khazadtube-streaming"
        PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_PREFIX: ""
        PEERTUBE_OBJECT_STORAGE_VIDEOS_BUCKET_NAME: "khazadtube-videos"
        PEERTUBE_OBJECT_STORAGE_VIDEOS_PREFIX: ""
        PEERTUBE_DB_SSLMODE: "true"
        PEERTUBE_DB_HOSTNAME: "{{ .crunchy_peertube_hostname }}"
        PEERTUBE_DB_USERNAME: "{{ .crunchy_peertube_username }}"
        PEERTUBE_DB_PASSWORD: "{{ .crunchy_peertube_password }}"

  dataFrom:
    - extract:
        key: minio
      rewrite:
        - regexp:
            source: "(.*)"
            target: "minio_$1"
    - extract:
        key: peertube
      rewrite:
        - regexp:
            source: "(.*)"
            target: "peertube_$1"
    - extract:
        key: crunchybridge
      rewrite:
        - regexp:
            source: "(.*)"
            target: "crunchy_$1"
  data:
    - secretKey: mailgun_smtp_user
      remoteRef:
        key: mailgun
        property: peertube_smtp_user
    - secretKey: mailgun_smtp_password
      remoteRef:
        key: mailgun
        property: peertube_smtp_password
    - secretKey: mailgun_smtp_hostname
      remoteRef:
        key: mailgun
        property: smtp_hostname