resource "helm_release" "drone_server" {
  name             = "drone"
  chart            = "drone"
  repository       = "https://charts.drone.io"
  namespace        = kubernetes_namespace.server.metadata.0.name
  create_namespace = false

  values = [
    jsonencode({
      env = {
        DRONE_SERVER_HOST  = local.ingress_domain
        DRONE_SERVER_PROTO = "https"
        DRONE_GITEA_SERVER = "https://${local.gitea_server}/"
      }
    }),
    jsonencode({
      ingress = {
        enabled = true
        annotations = {
          "kubernetes.io/ingress.class"                             = "traefik"
          "traefik.ingress.kubernetes.io/router.entrypoints"        = "websecure"
          "traefik.ingress.kubernetes.io/router.tls"                = "true"
          "traefik.ingress.kubernetes.io/router.tls.certresolver"   = "acme-thomasklein-me"
          "traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain
        }
        hosts = [
          {
            host = local.ingress_domain
            paths = [
              {
                path     = "/"
                pathType = "Prefix"
              }
            ]
          }
        ]
      }
    }),
    jsonencode({
      persistentVolume = {
        enabled       = true
        existingClaim = module.drone_persistance.pvc_name
      }
    })
  ]

  set_sensitive {
    name  = "env.DRONE_RPC_SECRET"
    value = random_password.drone_rpc_secret.result
  }

  set_sensitive {
    name  = "env.DRONE_GITEA_CLIENT_ID"
    value = gitea_oauth2_app.this.client_id
  }
  set_sensitive {
    name  = "env.DRONE_GITEA_CLIENT_SECRET"
    value = gitea_oauth2_app.this.client_secret
  }
}

resource "random_password" "drone_rpc_secret" {
  special = true
  length  = 32
}