yubal:
  controllers:
    main:
      type: deployment
      replicas: 1
      strategy: Recreate
      revisionHistoryLimit: 3
      pod:
        securityContext:
          runAsUser: 1000
          runAsGroup: 1000
          fsGroup: 1000
      containers:
        main:
          image:
            repository: ghcr.io/guillevc/yubal
            tag: 4.0.0
            pullPolicy: IfNotPresent
          env:
            - name: YUBAL_TZ
              value: America/Chicago
            - name: YUBAL_HOST
              value: 0.0.0.0
            - name: YUBAL_PORT
              value: 8000
            - name: YUBAL_LOG_LEVEL
              value: INFO
          resources:
            requests:
              cpu: 10m
              memory: 128Mi
        # gluetun:
        #   image:
        #     repository: ghcr.io/qdm12/gluetun
        #     tag: v3.41.0@sha256:6b54856716d0de56e5bb00a77029b0adea57284cf5a466f23aad5979257d3045
        #     pullPolicy: IfNotPresent
        #   lifecycle:
        #     postStart:
        #       exec:
        #         command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
        #   env:
        #     - name: VPN_SERVICE_PROVIDER
        #       value: protonvpn
        #     - name: PUID
        #       value: "1000"
        #     - name: PGID
        #       value: "1000"
        #     - name: VPN_TYPE
        #       value: wireguard
        #     - name: WIREGUARD_PRIVATE_KEY
        #       valueFrom:
        #         secretKeyRef:
        #           name: yubal-wireguard-conf
        #           key: private-key
        #     - name: UPDATER_PROTONVPN_EMAIL
        #       valueFrom:
        #         secretKeyRef:
        #           name: yubal-wireguard-conf
        #           key: proton-email
        #     - name: UPDATER_PROTONVPN_PASSWORD
        #       valueFrom:
        #         secretKeyRef:
        #           name: yubal-wireguard-conf
        #           key: proton-password
        #     - name: FIREWALL_OUTBOUND_SUBNETS
        #       value: 10.0.0.0/8
        #     - name: FIREWALL_INPUT_PORTS
        #       value: 8000
        #     - name: DNS_UPSTREAM_RESOLVER_TYPE
        #       value: dot
        #   securityContext:
        #     privileged: True
        #     capabilities:
        #       add:
        #         - NET_ADMIN
        #         - SYS_MODULE
        #   probes:
        #     liveness:
        #       enabled: true
        #       custom: true
        #       spec:
        #         exec:
        #           command:
        #             - /gluetun-entrypoint
        #             - healthcheck
        #         failureThreshold: 5
        #         initialDelaySeconds: 30
        #         periodSeconds: 30
        #         successThreshold: 1
        #         timeoutSeconds: 15
        #   resources:
        #     limits:
        #       devic.es/tun: "1"
        #     requests:
        #       devic.es/tun: "1"
        #       cpu: 10m
        #       memory: 128Mi
  service:
    main:
      controller: main
      ports:
        http:
          port: 80
          targetPort: 8000
          protocol: HTTP
  route:
    main:
      kind: HTTPRoute
      parentRefs:
        - group: gateway.networking.k8s.io
          kind: Gateway
          name: traefik-gateway
          namespace: traefik
      hostnames:
        - yubal.alexlebens.net
      rules:
        - backendRefs:
            - group: ''
              kind: Service
              name: yubal
              port: 80
              weight: 100
          matches:
            - path:
                type: PathPrefix
                value: /
  persistence:
    config:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 1Gi
      retain: true
      advancedMounts:
        main:
          main:
            - path: /app/config
              readOnly: false
    music:
      existingClaim: yubal-nfs-storage
      advancedMounts:
        main:
          main:
            - path: /app/data
              readOnly: false