apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

# Production overlay — targets Scaleway Elastic Metal (Paris)
#
# Deploy (DOMAIN_SUFFIX and ACME_EMAIL are substituted by sunbeam apply):
#   sunbeam apply --env production --domain yourdomain.com

resources:
  - ../../base/build
  - ../../base/longhorn
  - ../../base/cert-manager
  - ../../base/ingress
  - ../../base/ory
  - ../../base/data
  - ../../base/storage
  - ../../base/lasuite
  - ../../base/media
  - ../../base/devtools
  - ../../base/vso
  - ../../base/monitoring
  - ../../base/matrix
  # cert-manager ClusterIssuer + Certificate (requires cert-manager to be installed)
  - cert-manager.yaml
  # CNPG daily backup schedule
  - postgres-scheduled-backup.yaml

images:
  # La Gaufre integration service — built and pushed by `sunbeam build integration`
  - name: integration
    newName: src.DOMAIN_SUFFIX/studio/integration
    newTag: latest

  # Meet — built from source and pushed to Gitea registry.
  - name: meet-backend
    newName: src.DOMAIN_SUFFIX/studio/meet-backend
    newTag: latest
  - name: meet-frontend
    newName: src.DOMAIN_SUFFIX/studio/meet-frontend
    newTag: latest

  # Messages — built from source and pushed to Gitea registry.
  - name: messages-backend
    newName: src.DOMAIN_SUFFIX/studio/messages-backend
    newTag: latest
  - name: messages-frontend
    newName: src.DOMAIN_SUFFIX/studio/messages-frontend
    newTag: latest
  - name: messages-mta-in
    newName: src.DOMAIN_SUFFIX/studio/messages-mta-in
    newTag: latest
  - name: messages-mta-out
    newName: src.DOMAIN_SUFFIX/studio/messages-mta-out
    newTag: latest
  - name: messages-mpa
    newName: src.DOMAIN_SUFFIX/studio/messages-mpa
    newTag: latest
  - name: messages-socks-proxy
    newName: src.DOMAIN_SUFFIX/studio/messages-socks-proxy
    newTag: latest

  # Calendars — built from source and pushed to Gitea registry.
  - name: calendars-backend
    newName: src.DOMAIN_SUFFIX/studio/calendars-backend
    newTag: latest
  - name: calendars-caldav
    newName: src.DOMAIN_SUFFIX/studio/calendars-caldav
    newTag: latest
  - name: calendars-frontend
    newName: src.DOMAIN_SUFFIX/studio/calendars-frontend
    newTag: latest

  # Projects (Kanban) — built and pushed by `sunbeam build projects`
  - name: projects
    newName: src.DOMAIN_SUFFIX/studio/projects
    newTag: latest

  # Tuwunel Matrix homeserver — built and pushed by `sunbeam build tuwunel`
  - name: tuwunel
    newName: src.DOMAIN_SUFFIX/studio/tuwunel
    newTag: latest

  # Sol virtual librarian — built and pushed by `sunbeam build sol`
  - name: sol
    newName: src.DOMAIN_SUFFIX/studio/sol
    newTag: latest

patches:
  # Pingora host ports — bind :80/:443 to the host network
  - path: patch-pingora-hostport.yaml

  # Production resource limits for 64 GiB server
  - path: values-resources.yaml

  # LiveKit TURN service: ClusterIP (Pingora routes TURN traffic on :443)
  - path: patch-livekit-service.yaml

  # CNPG: production sizing (500 Gi, 8 Gi RAM) + barman S3 backup config
  - path: patch-postgres-production.yaml

  # OpenSearch: expand PVC to 50 Gi
  - path: patch-opensearch-storage.yaml

  # Tuwunel: production resource limits and PVC sizing
  - path: patch-tuwunel.yaml

  # SeaweedFS volume: expand PVC to 600 Gi
  - path: patch-seaweedfs-volume-size.yaml

  # MTA-in: bind port 25 to the host for inbound email delivery
  - patch: |
      - op: add
        path: /spec/template/spec/containers/0/ports/0/hostPort
        value: 25
    target:
      kind: Deployment
      name: messages-mta-in
      namespace: lasuite