apiVersion: v1
kind: ConfigMap
metadata:
  name: env
  namespace: bookstack
data:
  .env: |
    APP_DEFAULT_DARK_MODE=true
    APP_KEY=base64:Gvel4j1kfhBBoT7aho5ibdozSkf7BwB/4vDfSbMTkiU=
    APP_URL=https://bookstack.apps.undercloud.dev

    DB_HOST='db'
    DB_PORT='3306'
    DB_DATABASE='bookstack'
    DB_USERNAME='bookstack'
    DB_PASSWORD='verysecurePWDBbookstackbookstack'

    MAIL_DRIVER=smtp
    MAIL_FROM_NAME="BookStack"
    MAIL_FROM=bookstack@example.com
    MAIL_HOST=localhost
    MAIL_PORT=1025
    MAIL_USERNAME=null
    MAIL_PASSWORD=null
    MAIL_ENCRYPTION=null

    AUTH_METHOD=ldap
    # AUTH_METHOD=standard

    # Samba AD / Active Directory
    LDAP_SERVER=ldaps://dc.undercloud.local:636
    LDAP_BASE_DN=OU=users,OU=Undercloud,DC=undercloud,DC=local

    LDAP_DN="CN=bookstack,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local"
    LDAP_PASS="1thisismySECURELDAPPWbookstack"

    # Search users by AD login name and require membership in the users group
    LDAP_USER_FILTER=(&(sAMAccountName={user}))

    LDAP_VERSION=3

    # Use a stable unique AD identifier
    LDAP_ID_ATTRIBUTE=BIN;objectGUID

    LDAP_EMAIL_ATTRIBUTE=mail
    LDAP_DISPLAY_NAME_ATTRIBUTE=displayName
    LDAP_THUMBNAIL_ATTRIBUTE=thumbnailPhoto

    LDAP_START_TLS=false

    # Keep true if your LDAPS cert is internal/self-signed.
    # Set to false once BookStack trusts your CA.
    LDAP_TLS_INSECURE=true

    LDAP_USER_TO_GROUPS=true
    LDAP_GROUP_ATTRIBUTE=memberOf
    LDAP_REMOVE_FROM_GROUPS=false

    #APP_DEBUG=true
    #LDAP_DUMP_USER_DETAILS=true
    #LDAP_DUMP_USER_GROUPS=true
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: startup
  namespace: bookstack
data:
  startup.sh: |
    #!/bin/sh
    echo "startup..."
    #if test ! -f "/config/startup.ran"; then
    #  touch /config/startup.ran
      cp -f /mnt/.env /config/www/.env
    #else
    #  echo "startup ran already!"
    #fi
    echo "startup done."
    #exit 123
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: bookstack
  namespace: bookstack
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 32Gi
  storageClassName: cephfs-hyper
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: bookstack
  namespace: bookstack
  labels:
    app: bookstack
spec:
  replicas: 1
  selector:
    matchLabels:
      app: bookstack
  template:
    metadata:
      labels:
        app: bookstack
    spec:
      dnsConfig:
        options:
          - name: ndots
            value: "1"
      initContainers:
      #- name: copyappini
      #  image: linuxserver/bookstack
      #  command: ['/bin/startup.sh']
      #  volumeMounts:
      #  - mountPath: "/config"
      #    name: bookstack
      #  - mountPath: "/mnt/.env"
      #    name: env
      #    subPath: .env
      #  - mountPath: /bin/startup.sh
      #    name: startup
      #    subPath: startup.sh
      containers:
      - name: bookstack
        image: linuxserver/bookstack
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        #lifecycle:
        #    postStart:
        #      exec:
        #        command:
        #          - "/bin/startup.sh"
        #livenessProbe:
        #  httpGet:
        #    path: /status
        #    port: 80
        #    #httpHeaders:
        #    #- name: Custom-Header
        #    #  value: Awesome
        #  initialDelaySeconds: 120
        #  periodSeconds: 10
        env:
        #- name: PUID
        #  value: "1000"
        #- name: PGID
        #  value: "1000"
        #- name: DB_HOST
        #  value: "db"
        #- name: DB_PORT
        #  value: "3306"
        #- name: APP_URL
        #  value: "https://bookstack.apps.undercloud.dev"
        - name: DB_USER
          valueFrom:
            secretKeyRef:
              name: bookstack-db
              key: username
              optional: false
        - name: DB_PASS
          valueFrom:
            secretKeyRef:
              name: bookstack-db
              key: user.pw
              optional: false
        - name: DB_DATABASE
          value: "bookstack"
        volumeMounts:
        - mountPath: "/config"
          name: bookstack
        - mountPath: "/config/www/.env"
          name: env
          subPath: .env
        #lifecycle:
        #  postStart:
        #    exec:
        #      command:
        #        - /bin/sh
        #        - -c
        #        - |
        #          i=0
        #          until php /app/www/artisan migrate:status >/dev/null 2>&1; do
        #            i=$((i+1))
        #            [ "$i" -gt 60 ] && exit 1
        #            sleep 5
        #          done

        #          php /app/www/artisan bookstack:create-admin \
        #            --initial \
        #            --email="${ADMIN_EMAIL}" \
        #            --name="${ADMIN_NAME}" \
        #            --password="${ADMIN_PASSWORD}" || [ $? -eq 2 ]
      volumes:
      - name: bookstack
        persistentVolumeClaim:
          claimName: bookstack
      - name: env
        configMap:
          name: env
          defaultMode: 0777
          items:
          - key: ".env"
            path: ".env"
      #- name: startup
      #  configMap:
      #    name: startup
      #    defaultMode: 0700
      #    items:
      #    - key: "startup.sh"
      #      path: "startup.sh"
---
apiVersion: v1
kind: Service
metadata:
  name: bookstack
  namespace: bookstack
  labels:
    app: bookstack
spec:
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv6
  - IPv4
  ipFamilyPolicy: PreferDualStack
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: bookstack
  sessionAffinity: None
  type: ClusterIP