resource "kubernetes_namespace" "this" {
  metadata {
    name = "gitea"
  }
}

resource "helm_release" "this" {
  name      = "gitea"
  namespace = kubernetes_namespace.this.metadata.0.name

  repository = "https://dl.gitea.io/charts/"
  chart      = "gitea"
  version    = "5.0.0"

  create_namespace = false

  values = [
    jsonencode({
      ingress = {
        enabled = true
        annotations = {
          "kubernetes.io/ingress.class"                             = "traefik"
          "traefik.ingress.kubernetes.io/router.entrypoints"        = "websecure"
          "traefik.ingress.kubernetes.io/router.tls"                = "true"
          "traefik.ingress.kubernetes.io/router.tls.certresolver"   = "acme-thomasklein-me"
          "traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain
        }
        hosts = [
          {
            host = local.ingress_domain
            paths = [
              {
                path     = "/"
                pathType = "Prefix"
              }
            ]
          }
        ]
      }
    }),
    jsonencode({
      gitea = {
        oauth = [
          {
            name            = "Cognito"
            provider        = "openidConnect"
            autoDiscoverUrl = "https://cognito-idp.${data.aws_region.current.name}.amazonaws.com/${data.aws_cognito_user_pools.thomasklein_infra.ids[0]}/.well-known/openid-configuration"
            #useCustomUrls =
            #customAuthUrl =
            #customTokenUrl =
            #customProfileUrl =
            #customEmailUrl =
          }
        ]
      }
    }),
    jsonencode({
      gitea = {
        config = {
          # APP_NAME = ""
          server = {
            ROOT_URL = "https://${local.ingress_domain}/"
          }
          indexer = {
            ISSUE_INDEXER_TYPE = "db" # bleve doesn't like 9p filesystems :/
          }
          metrics = {
              ENABLED = false ## the metrics not really worth it
          }
          service = {
              DISABLE_REGISTRATION = true
          }
        }
        admin = {
          username = "thomasklein"
          email    = "kiss.tamas94@gmail.com"
        }
      }
    }),
    jsonencode({
      persistence = {
        enabled       = true
        existingClaim = module.gitea_persistance.pvc_name
      }
    }),
    jsonencode({
      postgresql = {
        enabled = true
        persistence = {
          enabled       = true
          existingClaim = module.postgres_persistance.pvc_name
        }
        podSecurityContext = {
          enabled = true
        }
        volumePermissions = {
          enabled = true
        }
      }
    }),
  ]

  set_sensitive {
    name  = "gitea.oauth[0].key"
    value = aws_cognito_user_pool_client.gitea.id
  }
  set_sensitive {
    name  = "gitea.oauth[0].secret"
    value = aws_cognito_user_pool_client.gitea.client_secret
  }

  set_sensitive {
    name  = "gitea.admin.password"
    value = random_password.gitea_admin.result
  }
}

resource "random_password" "gitea_admin" {
  length  = 16
  special = true
}