{{- if .Values.mastodon.createAdmin.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
  name: {{ include "mastodon.fullname" . }}-create-admin
  labels:
    {{- include "mastodon.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": post-install
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
    "helm.sh/hook-weight": "-1"
spec:
  template:
    metadata:
      name: {{ include "mastodon.fullname" . }}-create-admin
    spec:
      restartPolicy: Never
      {{- if (not .Values.mastodon.s3.enabled) }}
      # ensure we run on the same node as the other rails components; only
      # required when using PVCs that are ReadWriteOnce
      {{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
      affinity:
        podAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
                - key: component
                  operator: In
                  values:
                    - rails
            topologyKey: kubernetes.io/hostname
      {{- end }}
      volumes:
        - name: assets
          persistentVolumeClaim:
            claimName: {{ template "mastodon.fullname" . }}-assets
        - name: system
          persistentVolumeClaim:
            claimName: {{ template "mastodon.fullname" . }}-system
      {{- end }}
      containers:
        - name: {{ include "mastodon.fullname" . }}-create-admin
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          command:
            - bin/tootctl
            - accounts
            - create
            - {{ .Values.mastodon.createAdmin.username }}
            - --email
            - {{ .Values.mastodon.createAdmin.email }}
            - --confirmed
            - --role
            - admin
          envFrom:
            - configMapRef:
                name: {{ include "mastodon.fullname" . }}-env
            - secretRef:
                name: {{ template "mastodon.fullname" . }}
          env:
            - name: "DB_PASS"
              valueFrom:
                secretKeyRef:
                  {{- if .Values.postgresql.enabled }}
                  name: {{ .Release.Name }}-postgresql
                  {{- else }}
                  name: {{ template "mastodon.fullname" . }}
                  {{- end }}
                  key: postgresql-password
            - name: "REDIS_PASSWORD"
              valueFrom:
                secretKeyRef:
                  name: {{ .Release.Name }}-redis
                  key: redis-password
            - name: "PORT"
              value: {{ .Values.mastodon.web.port | quote }}
          {{- if (not .Values.mastodon.s3.enabled) }}
          volumeMounts:
            - name: assets
              mountPath: /opt/mastodon/public/assets
            - name: system
              mountPath: /opt/mastodon/public/system
          {{- end }}
{{- end }}