---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pkg-repo-pvc
  namespace: pkg-repo
spec:
  storageClassName: longhorn
  accessModes: [ReadWriteOnce]
  resources:
    requests:
      storage: 10Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: reprepro-config
  namespace: pkg-repo
data:
  distributions: |
    Codename: trixie
    Suite: stable
    Components: main
    Architectures: amd64 arm64
    SignWith: yes
  options: |
    basedir /repo/debian
  init.sh: |
    #!/bin/bash
    set -e

    # Install reprepro (one-time, cached in PVC)
    if ! command -v reprepro &>/dev/null; then
      apt-get update && apt-get install -y --no-install-recommends reprepro gpg gpg-agent
      rm -rf /var/lib/apt/lists/*
    fi

    # Import GPG key
    gpg --batch --import /gpg/private.key 2>/dev/null || true

    # Export public key for clients
    gpg --armor --export > /repo/pubkey.gpg

    # Always ensure conf is up-to-date and repo is initialized
    mkdir -p /repo/debian/conf
    cp /config/distributions /repo/debian/conf/
    cp /config/options /repo/debian/conf/

    # Export (initialize or re-sign) the repo
    cd /repo/debian && reprepro export

    # Index page
    cat > /repo/index.html <<'HTML'
    <!DOCTYPE html>
    <html><head><title>n0ball repo</title></head>
    <body>
    <h1>n0ball Package Repository</h1>
    <ul>
    <li><a href="/debian/">Debian (trixie)</a></li>
    <li><a href="/pubkey.gpg">GPG Public Key</a></li>
    </ul>
    </body></html>
    HTML

    echo "Repo initialized. Waiting for commands..."
    sleep infinity
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pkg-repo
  namespace: pkg-repo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pkg-repo
  template:
    metadata:
      labels:
        app: pkg-repo
    spec:
      containers:
        - name: nginx
          image: nginx:stable
          ports:
            - containerPort: 80
          volumeMounts:
            - name: repo-data
              mountPath: /usr/share/nginx/html
              readOnly: true
        - name: reprepro
          image: debian:trixie
          command: ["bash", "/config/init.sh"]
          volumeMounts:
            - name: repo-data
              mountPath: /repo
            - name: gpg-key
              mountPath: /gpg
              readOnly: true
            - name: config
              mountPath: /config
              readOnly: true
            - name: incoming
              mountPath: /incoming
      volumes:
        - name: repo-data
          persistentVolumeClaim:
            claimName: pkg-repo-pvc
        - name: gpg-key
          secret:
            secretName: repo-gpg-key
        - name: config
          configMap:
            name: reprepro-config
            defaultMode: 0755
        - name: incoming
          emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  name: pkg-repo
  namespace: pkg-repo
spec:
  selector:
    app: pkg-repo
  ports:
    - port: 80
      targetPort: 80