# Gokapi - Lightweight file sharing server
# https://github.com/Forceu/gokapi
# Version: v2.1.0
# Domain: fileshare.dooplex.hu
# Auth: OIDC configured via web UI after first deployment
#
# Gokapi Setup:
# 1. Deploy and access setup wizard at https://fileshare.dooplex.hu
# 2. Initial setup runs on first access
# 3. Configure OIDC in Settings > Authentication:
#    - Provider URL: https://authentik.dooplex.hu/application/o/gokapi/
#    - Client ID: from Authentik
#    - Client Secret: from Authentik
#    - Redirect URL: https://fileshare.dooplex.hu/oauth-callback
#
# Authentik Setup:
# 1. Create OAuth2/OIDC Provider:
#    - Name: gokapi
#    - Client Type: Confidential
#    - Redirect URIs: https://fileshare.dooplex.hu/oauth-callback
#    - Scopes: openid, email, profile
# 2. Create Application linked to this provider
---
apiVersion: v1
kind: Namespace
metadata:
  name: fileshare-system
  labels:
    app.kubernetes.io/name: gokapi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gokapi
  namespace: fileshare-system
  labels:
    app.kubernetes.io/instance: gokapi
    app.kubernetes.io/name: gokapi
    app.kubernetes.io/version: "2.1.0"
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/instance: gokapi
      app.kubernetes.io/name: gokapi
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: gokapi
        app.kubernetes.io/name: gokapi
        app.kubernetes.io/version: "2.1.0"
    spec:
      securityContext:
        fsGroup: 1000
      containers:
      - name: gokapi
        image: f0rc3/gokapi:v2.1.0
        env:
        - name: TZ
          value: "Europe/Budapest"
        - name: GOKAPI_PORT
          value: "53842"
        - name: GOKAPI_EXTERNAL_URL
          value: "https://fileshare.dooplex.hu/"
        - name: GOKAPI_LOCALHOST
          value: "false"
        - name: GOKAPI_USE_SSL
          value: "false"
        - name: GOKAPI_DATA_DIR
          value: "/app/data"
        - name: GOKAPI_CONFIG_DIR
          value: "/app/config"
        - name: GOKAPI_MAX_MEMORY_UPLOAD
          value: "100"
        - name: GOKAPI_LOG_STDOUT
          value: "true"
        # Initial admin user (only used for first setup)
        - name: GOKAPI_USERNAME
          valueFrom:
            secretKeyRef:
              name: gokapi-app
              key: admin-username
        - name: GOKAPI_PASSWORD
          valueFrom:
            secretKeyRef:
              name: gokapi-app
              key: admin-password
        ports:
        - containerPort: 53842
          name: http
        resources:
          requests:
            cpu: 50m
            memory: 64Mi
          limits:
            cpu: 500m
            memory: 256Mi
        volumeMounts:
        - name: config
          mountPath: /app/config
        - name: data
          mountPath: /app/data
        livenessProbe:
          httpGet:
            path: /
            port: http
          initialDelaySeconds: 30
          periodSeconds: 30
        readinessProbe:
          httpGet:
            path: /
            port: http
          initialDelaySeconds: 10
          periodSeconds: 10
        securityContext:
          runAsUser: 1000
          runAsGroup: 1000
      volumes:
      - name: config
        persistentVolumeClaim:
          claimName: gokapi-config
      - name: data
        persistentVolumeClaim:
          claimName: gokapi-data
---
apiVersion: v1
kind: Service
metadata:
  name: gokapi
  namespace: fileshare-system
  labels:
    app.kubernetes.io/instance: gokapi
    app.kubernetes.io/name: gokapi
spec:
  type: ClusterIP
  ports:
  - name: http
    port: 53842
    targetPort: http
  selector:
    app.kubernetes.io/instance: gokapi
    app.kubernetes.io/name: gokapi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gokapi
  namespace: fileshare-system
  labels:
    app.kubernetes.io/instance: gokapi
    app.kubernetes.io/name: gokapi
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    external-dns.alpha.kubernetes.io/hostname: fileshare.dooplex.hu,fileshare.home
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "1g"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
spec:
  ingressClassName: nginx-internal
  rules:
  - host: fileshare.dooplex.hu
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: gokapi
            port:
              number: 53842
  - host: fileshare.home
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: gokapi
            port:
              number: 53842
  tls:
  - hosts:
    - fileshare.dooplex.hu
    secretName: gokapi-tls
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gokapi-config
  namespace: fileshare-system
  labels:
    app.kubernetes.io/instance: gokapi
    app.kubernetes.io/name: gokapi-config
    recurring-job-group.longhorn.io/needbackup: enabled
    recurring-job.longhorn.io/source: enabled
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: longhorn
  resources:
    requests:
      storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gokapi-data
  namespace: fileshare-system
  labels:
    app.kubernetes.io/instance: gokapi
    app.kubernetes.io/name: gokapi-data
    recurring-job-group.longhorn.io/needbackup: enabled
    recurring-job.longhorn.io/source: enabled
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: longhorn
  resources:
    requests:
      storage: 50Gi