apiversion: v1
kind: Pod
metadata:
  name: notes-pod
  annotations:
    io.podman.annotations.infra.name: notes-pod-infra
spec:
  containers:
  - name: hedgedoc
    image: quay.io/hedgedoc/hedgedoc:alpine
    env:
    - name: CMD_DB_URL
      valuefrom:
        secretkeyref:
          name: notes-secrets
          key: postgres-url
    - name: CMD_ALLOW_EMAIL_REGISTER
      value: true
    - name: CMD_DOMAIN
      value: "notes.bijl.us"
    - name: CMD_PROTOCOL_USESSL
      value: true
    - name: CMD_URL_ADDPORT
      value: false
    - name: NODE_ENV
      value: production
    - name: CMD_IMAGE_UPLOAD_TYPE
      value: filesystem
    - name: UPLOADS_MODE
      value: 0700
    ports:
    - containerport: 3000
      hostport: 4080
      protocol: TCP
    volumemounts:
    - mountpath: /hedgedoc/public/uploads
      name: hedgedoc-uploads
    - mountpath: /etc/localtime
      name: localtime
      readonly: true

  - name: postgres
    image: docker.io/library/postgres:16-alpine
    env:
    - name: POSTGRES_PASSWORD
      valuefrom:
        secretkeyref:
          name: notes-secrets
          key: postgres-password
    volumemounts:
    - mountpath: /dump
      name: postgres-dump
    - mountpath: /var/lib/postgresql/data
      name: postgres-data
    - mountpath: /etc/localtime
      name: localtime
      readonly: true

  volumes:
  - persistentvolumeclaim:
      claimname: notes-pod-hedgedoc-uploads
    name: hedgedoc-uploads
  - hostpath:
      path: <home>/.dump/notes
      type: Directory
    name: postgres-dump
  - persistentvolumeclaim:
      claimname: notes-pod-postgres-data
    name: postgres-data
  - hostPath:
      path: /etc/localtime
      type: File
    name: localtime