---
# Source: actual/charts/actual/templates/common.yaml
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: actual-data
  labels:
    app.kubernetes.io/instance: actual
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: actual
    helm.sh/chart: actual-4.4.0
  annotations:
    helm.sh/resource-policy: keep
  namespace: actual
spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "2Gi"
  storageClassName: "ceph-block"
---
# Source: actual/charts/actual/templates/common.yaml
apiVersion: v1
kind: Service
metadata:
  name: actual
  labels:
    app.kubernetes.io/instance: actual
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: actual
    app.kubernetes.io/service: actual
    helm.sh/chart: actual-4.4.0
  namespace: actual
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 5006
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/controller: main
    app.kubernetes.io/instance: actual
    app.kubernetes.io/name: actual
---
# Source: actual/charts/actual/templates/common.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: actual
  labels:
    app.kubernetes.io/controller: main
    app.kubernetes.io/instance: actual
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: actual
    helm.sh/chart: actual-4.4.0
  namespace: actual
spec:
  revisionHistoryLimit: 3
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/controller: main
      app.kubernetes.io/name: actual
      app.kubernetes.io/instance: actual
  template:
    metadata:
      labels: 
        app.kubernetes.io/controller: main
        app.kubernetes.io/instance: actual
        app.kubernetes.io/name: actual
    spec: 
      enableServiceLinks: false
      serviceAccountName: default
      automountServiceAccountToken: true
      hostIPC: false
      hostNetwork: false
      hostPID: false
      dnsPolicy: ClusterFirst
      containers: 
        - env:
          - name: TZ
            value: US/Central
          image: ghcr.io/actualbudget/actual:25.11.0
          imagePullPolicy: IfNotPresent
          livenessProbe:
            exec:
              command:
              - /usr/bin/env
              - bash
              - -c
              - node src/scripts/health-check.js
            failureThreshold: 5
            initialDelaySeconds: 60
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
          name: main
          resources:
            requests:
              cpu: 10m
              memory: 128Mi
          volumeMounts:
          - mountPath: /data
            name: data
      volumes: 
        - name: data
          persistentVolumeClaim:
            claimName: actual-data
---
# Source: actual/templates/external-secret.yaml
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: actual-data-backup-secret
  namespace: actual
  labels:
    app.kubernetes.io/name: actual-data-backup-secret
    app.kubernetes.io/instance: actual
    app.kubernetes.io/part-of: actual
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault
  target:
    template:
      mergePolicy: Merge
      engineVersion: v2
      data:
        RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/actual/actual-data"
  data:
    - secretKey: BUCKET_ENDPOINT
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/volsync/restic/config
        metadataPolicy: None
        property: S3_BUCKET_ENDPOINT
    - secretKey: RESTIC_PASSWORD
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/volsync/restic/config
        metadataPolicy: None
        property: RESTIC_PASSWORD
    - secretKey: AWS_DEFAULT_REGION
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/volsync/restic/config
        metadataPolicy: None
        property: AWS_DEFAULT_REGION
    - secretKey: AWS_ACCESS_KEY_ID
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /digital-ocean/home-infra/volsync-backups
        metadataPolicy: None
        property: access_key
    - secretKey: AWS_SECRET_ACCESS_KEY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /digital-ocean/home-infra/volsync-backups
        metadataPolicy: None
        property: secret_key
---
# Source: actual/templates/http-route.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: http-route-actual
  namespace: actual
  labels:
    app.kubernetes.io/name: http-route-actual
    app.kubernetes.io/instance: actual
    app.kubernetes.io/part-of: actual
spec:
  parentRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
      name: traefik-gateway
      namespace: traefik
  hostnames:
    - actual.alexlebens.net
  rules:
    - matches:
      - path:
          type: PathPrefix
          value: /
      backendRefs:
        - group: ''
          kind: Service
          name: actual
          port: 80
          weight: 100
---
# Source: actual/templates/replication-source.yaml
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
  name: actual-data-backup-source
  namespace: actual
  labels:
    app.kubernetes.io/name: actual-data-backup-source
    app.kubernetes.io/instance: actual
    app.kubernetes.io/part-of: actual
spec:
  sourcePVC: actual-data
  trigger:
    schedule: 0 4 * * *
  restic:
    pruneIntervalDays: 7
    repository: actual-data-backup-secret
    retain:
      hourly: 1
      daily: 3
      weekly: 2
      monthly: 2
      yearly: 4
    copyMethod: Snapshot
    storageClassName: ceph-block
    volumeSnapshotClassName: ceph-blockpool-snapshot