bases:
  - ../../namespaces/gitea
  - ../../namespaces/grafana
  - ../../namespaces/nextcloud

resources:
  - cert-manager/clusterissuer.yaml

secretGenerator:
  - name: digitalocean-api-key
    type: Opaque
    namespace: cert-manager
    literals:
      - access-token=${ssm:/prod/digitalocean/api_token}

#   - name: drone-gitea-oauth-secret
#     type: Opaque
#     namespace: gitea
#     behavior: replace
#     literals:
#       - client_id=749cde98-9b3b-4e19-8933-2937e12625f2
#       - client_secret=12wTErChjQQW3CGEzbDMiSxEt08i-abeB0pbRbXEKKg=

patchesJson6902:
  - target: &ingress_target
      group: networking.k8s.io
      version: v1beta1
      kind: Ingress
      name: gitea
    patch: |-
      - op: replace
        path: /spec/tls/0/hosts/0
        value: gitea.staging.badjware.dev
      - op: replace
        path: /spec/rules/0/host
        value: gitea.staging.badjware.dev
  - target:
      <<: *ingress_target
      name: grafana
    patch: |-
      - op: replace
        path: /spec/tls/0/hosts/0
        value: grafana.staging.badjware.dev
      - op: replace
        path: /spec/rules/0/host
        value: grafana.staging.badjware.dev
  - target:
      <<: *ingress_target
      name: nextcloud
    patch: |-
      - op: replace
        path: /spec/tls/0/hosts/0
        value: nextcloud.staging.badjware.dev
      - op: replace
        path: /spec/rules/0/host
        value: nextcloud.staging.badjware.dev
  - target:
      <<: *ingress_target
      name: drone
    patch: |-
      - op: replace
        path: /spec/tls/0/hosts/0
        value: drone.staging.badjware.dev
      - op: replace
        path: /spec/rules/0/host
        value: drone.staging.badjware.dev

# allow "kubectl apply -l managed-by=kustomize --prune ..."
commonlabels:
  managed-by: kustomize

transformers:
  - ssm-secrets.yaml

configurations:
  - cert-manager/kustomizeconfig.yaml