apiVersion: batch/v1
kind: Job
metadata:
  annotations:
    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    argocd.argoproj.io/sync-options: Replace=true
  name: nextcloud-secret-init
  namespace: nextcloud
spec:
  template:
    spec:
      containers:
        - command:
            - sh
            - -c
            - |
              set -e

              if ! kubectl get secret nextcloud-admin-secret -n ${NAMESPACE} >/dev/null 2>&1; then
                PASSWORD=$(head -c 32 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 24)
                kubectl create secret generic nextcloud-admin-secret \
                  -n ${NAMESPACE} \
                  --from-literal=nextcloud-username=admin \
                  --from-literal=nextcloud-password="${PASSWORD}"
                echo "Created nextcloud-admin-secret"
              else
                echo "nextcloud-admin-secret already exists, skipping"
              fi

              if ! kubectl get secret nextcloud-valkey-password -n ${NAMESPACE} >/dev/null 2>&1; then
                VALKEY_PASSWORD=$(head -c 32 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 24)
                kubectl create secret generic nextcloud-valkey-password \
                  -n ${NAMESPACE} \
                  --from-literal=password="${VALKEY_PASSWORD}"
                echo "Created nextcloud-valkey-password"
              else
                echo "nextcloud-valkey-password already exists, skipping"
              fi
          env:
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          image: alpine/k8s:1.32.3
          name: init
      restartPolicy: OnFailure
      serviceAccountName: nextcloud-secret-init
  ttlSecondsAfterFinished: 300