---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: mastodon
  namespace: fediverse
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: mastodon-secret
    creationPolicy: Owner
    template:
      engineVersion: v2
      data:
        DB_SSLMODE: "require"
        LOCAL_DOMAIN: "valinor.social"
        SINGLE_USER_MODE: "false"
        SECRET_KEY_BASE: "{{ .mastodon_secret_key_base }}"
        OTP_SECRET: "{{ .mastodon_otp_secret }}"
        VAPID_PRIVATE_KEY: "{{ .mastodon_vapid_private_key }}"
        VAPID_PUBLIC_KEY: "{{ .mastodon_vapid_public_key }}"
        DB_HOST: "{{ .mastodon_db_host }}"
        DB_USER: "{{ .mastodon_db_user }}"
        DB_PORT: "{{ .mastodon_db_port }}"
        DB_PASS: "{{ .mastodon_db_pass }}"
        REDIS_URL: "{{ .mastodon_redis_url }}"
        S3_ENABLED: "true"
        S3_PROTOCOL: "https"
        S3_ENDPOINT: "{{ .s3_valinor_endpoint }}"
        S3_HOSTNAME: "{{ .s3_valinor_hostname }}"
        S3_BUCKET: "{{ .s3_valinor_bucket }}"
        S3_ALIAS_HOST: "{{ .mastodon_s3_alias_host }}"
        S3_PERMISSION: "private"
        AWS_ACCESS_KEY_ID: "{{ .s3_valinor_access_key }}"
        AWS_SECRET_ACCESS_KEY: "{{ .s3_valinor_secret_key }}"
        SMTP_SERVER: "smtp.mailgun.org"
        SMTP_PORT: "587"
        SMTP_LOGIN: "{{ .mailgun_smtp_user }}"
        SMTP_PASSWORD: "{{ .mailgun_smtp_password }}"
        SMTP_AUTH_METHOD: "plain"
        SMTP_OPENSSL_VERIFY_MODE: "peer"
        SMTP_ENABLE_STARTTLS: "auto"
        SMTP_FROM_ADDRESS: "Mastodon <notifications@valinor.social>"
        DB_POOL: "25"
        DEEPL_PLAN: "free"
        DEEPL_API_KEY: "{{ .deepl_api_key }}"
        ES_ENABLED: "{{ .mastodon_es_enabled }}"
        ES_HOST: "{{ .mastodon_es_host }}"
        ES_PORT: "{{ .mastodon_es_port }}"
        STATSD_ADDR: "statsd-exporter.fediverse.svc.cluster.local:9125"
        CP_DB_PORT: "{{ .mastodon_cp_db_port }}"
        CP_SIDEKIQ_LOW_VOLUME: "{{ .mastodon_db_name_cp_sidekiq_low_volume }}"
        CP_SIDEKIQ_HIGH_PRIORITY: "{{ .mastodon_db_name_cp_sidekiq_high_priority }}"
        CP_SIDEKIQ_INGRESS: "{{ .mastodon_db_name_cp_sidekiq_ingress }}"
        CP_SIDEKIQ_PULL: "{{ .mastodon_db_name_cp_sidekiq_pull }}"
        CP_MASTODON_WEB: "{{ .mastodon_db_name_cp_mastodon_web }}"
        CP_MASTODON_STREAMING: "{{ .mastodon_db_name_cp_mastodon_streaming }}"

  dataFrom:
    - extract:
        key: s3
      rewrite:
        - regexp:
            source: "(.*)"
            target: "s3_$1"
    - extract:
        key: mastodon
      rewrite:
        - regexp:
            source: "(.*)"
            target: "mastodon_$1"
  data:
    - secretKey: mailgun_smtp_user
      remoteRef:
        key: mailgun
        property: mastodon_smtp_user
    - secretKey: mailgun_smtp_password
      remoteRef:
        key: mailgun
        property: mastodon_smtp_password
    - secretKey: deepl_api_key
      remoteRef:
        key: deepl
        property: api_key