From 094a76b6475e2619e6b40acfd6f70853a7911ec6 Mon Sep 17 00:00:00 2001
From: Florian Piesche <florian@yellowkeycard.net>
Date: Sun, 21 Mar 2021 12:26:31 +0000
Subject: [PATCH] Automatically generate random secrets for the redis password
 and django secret

---
 charts/funkwhale/templates/_helpers.tpl |  4 ++--
 charts/funkwhale/templates/secret.yaml  |  8 +++++++-
 charts/funkwhale/values.yaml            | 11 ++++++++---
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/charts/funkwhale/templates/_helpers.tpl b/charts/funkwhale/templates/_helpers.tpl
index c3f3c9d..fbb92f1 100644
--- a/charts/funkwhale/templates/_helpers.tpl
+++ b/charts/funkwhale/templates/_helpers.tpl
@@ -7,11 +7,11 @@ Expand the name of the chart.
 {{- end -}}
 
 {{- define "funkwhale.dbUrl" -}}
-postgres://{{ .Values.database.user}}:{{ .Values.database.password }}@{{ .Values.database.host }}:{{ .Values.database.port }}/{{ .Values.database.database }}
+postgres://{{ .Values.database.user }}:{{ .Values.database.password }}@{{ .Values.database.host }}:{{ .Values.database.port }}/{{ .Values.database.database }}
 {{- end -}}
 
 {{- define "funkwhale.redisUrl" -}}
-redis://:{{ .Values.redis.password }}@{{ .Values.redis.host | default (printf "%s-%s" (include "funkwhale.fullname" .) "redis-master") }}:{{ .Values.redis.redisPort }}/0
+redis://:{{ default uuidv4 .Values.redis.password }}@{{ .Values.redis.host | default (printf "%s-%s" (include "funkwhale.fullname" .) "redis-master") }}:{{ .Values.redis.redisPort }}/0
 {{- end -}}
 
 {{/*
diff --git a/charts/funkwhale/templates/secret.yaml b/charts/funkwhale/templates/secret.yaml
index fbc05a1..dcfa3cf 100644
--- a/charts/funkwhale/templates/secret.yaml
+++ b/charts/funkwhale/templates/secret.yaml
@@ -1,3 +1,5 @@
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "funkwhale.fullname" .)) -}}
+
 apiVersion: v1
 kind: Secret
 metadata:
@@ -10,7 +12,11 @@ metadata:
 data:
   CACHE_URL: {{ include "funkwhale.redisUrl" . | b64enc }}
   DATABASE_URL: {{ include "funkwhale.dbUrl" . | b64enc }}
-  DJANGO_SECRET_KEY: {{ .Values.djangoSecret | b64enc }}
+  {{ if $secret -}}
+  DJANGO_SECRET_KEY: {{ $secret.data.DJANGO_SECRET_KEY }}
+  {{ else -}}
+  DJANGO_SECRET_KEY: {{ (default uuidv4 .Values.djangoSecret) | b64enc }}
+  {{ end }}
 
 {{- range $key, $val := .Values.extraSecret }}
   {{ $key }}: {{ $val | b64enc }}
diff --git a/charts/funkwhale/values.yaml b/charts/funkwhale/values.yaml
index a0f9834..17e3940 100644
--- a/charts/funkwhale/values.yaml
+++ b/charts/funkwhale/values.yaml
@@ -47,6 +47,14 @@ database:
   database: funkwhale
 
 redis:
+  # If you already have a Redis service you'd like to use, set
+  # this to false and adjust the host to use your existing service.
+  enabled: true
+
+  host: ''
+  redisPort: 6379
+  password: ''
+
   cluster:
     enabled: false
   master:
@@ -55,9 +63,6 @@ redis:
   slave:
     persistence:
       enabled: false
-  password: funkwhale
-  redisPort: 6379
-  # host: {{ template "funkwhale.fullname" . }}-redis-master
 
 djangoSecret: ''