apiVersion: v1
kind: Secret
metadata:
  name: {{ include "wg-portal.fullname" . }}
  labels: {{- include "wg-portal.labels" . | nindent 4 }}
stringData:
  config.yml: |
    advanced:
      start_listen_port: {{ .Values.service.wireguard.ports | sortAlpha | first }}
      {{- with .Values.config.advanced }}
      {{- tpl (toYaml (omit . "start_listen_port")) $ | nindent 6 }}
      {{- end }}

    {{- with .Values.config.auth }}
    auth: {{- tpl (toYaml .) $ | nindent 6 }}
    {{- end }}

    {{- with mustMerge .Values.config.core (include "wg-portal.admin" . | fromYaml) }}
    core: {{- tpl (toYaml .) $ | nindent 6 }}
    {{- end }}

    {{- with .Values.config.database }}
    database: {{- tpl (toYaml .) $ | nindent 6 }}
    {{- end }}

    {{- with .Values.config.mail }}
    mail: {{- tpl (toYaml .) $ | nindent 6 }}
    {{- end }}

    {{- with .Values.config.statistics }}
    statistics: {{- tpl (toYaml .) $ | nindent 6 }}
    {{- end }}
    web:
      listening_address: :{{ .Values.service.web.port }}
      {{- if and .Values.ingress.enabled (not (hasKey .Values.config.web "external_url")) }}
      {{- $proto := ternary "http" "https" (empty .Values.ingress.tls) }}
      external_url: {{ trimSuffix "/" (printf "%s://%s%s" $proto .Values.ingress.host .Values.ingress.path) }}
      {{- end }}
      {{- with .Values.config.web }}
      {{- tpl (toYaml (omit . "listening_address")) $ | nindent 6 }}
      {{- end }}