From 03bb231e44df7b4efb89f8f83954ae60599a77c7 Mon Sep 17 00:00:00 2001
From: Axel Lender <lender@b1-systems.de>
Date: Wed, 9 Jul 2025 15:41:03 +0200
Subject: [PATCH] fix(helmfile): Unify database credentials

Signed-off-by: Axel Lender <lender@b1-systems.de>
---
 .../nextcloud/values-nextcloud-management.yaml.gotmpl |  9 +++------
 helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl  |  9 +++------
 helmfile/apps/xwiki/values.yaml.gotmpl                | 11 +++--------
 3 files changed, 9 insertions(+), 20 deletions(-)

diff --git a/helmfile/apps/nextcloud/values-nextcloud-management.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-management.yaml.gotmpl
index 6717e36a..27016469 100644
--- a/helmfile/apps/nextcloud/values-nextcloud-management.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-management.yaml.gotmpl
@@ -111,17 +111,14 @@ configuration:
       password:
         {{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
         value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
-        secret:
-          name: {{ .Values.externalSecrets.mariadb.nextcloudUser.name | quote }}
-          key: {{ .Values.externalSecrets.mariadb.nextcloudUser.key | quote }}
         {{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
         value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
-        secret:
-          name: {{ .Values.externalSecrets.postgresql.nextcloudUser.name | quote }}
-          key: {{ .Values.externalSecrets.postgresql.nextcloudUser.key | quote }}
         {{- else }}
         value: {{ .Values.databases.nextcloud.password | quote }}
         {{- end }}
+        secret:
+          name: {{ .Values.externalSecrets.databases.nextcloud.password.name | quote }}
+          key: {{ .Values.externalSecrets.databases.nextcloud.password.key | quote }}
 
   ldap:
     base: {{ .Values.ldap.baseDn | quote }}
diff --git a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
index bcd8f0f8..9c90594c 100644
--- a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
@@ -121,17 +121,14 @@ aio:
         password:
           {{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
           value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
-          secret:
-            name: {{ .Values.externalSecrets.mariadb.nextcloudUser.name | quote }}
-            key: {{ .Values.externalSecrets.mariadb.nextcloudUser.key | quote }}
           {{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
           value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
-          secret:
-            name: {{ .Values.externalSecrets.postgresql.nextcloudUser.name | quote }}
-            key: {{ .Values.externalSecrets.postgresql.nextcloudUser.key | quote }}
           {{- else }}
           value: {{ .Values.databases.nextcloud.password | quote }}
           {{- end }}
+          secret:
+            name: {{ .Values.externalSecrets.databases.nextcloud.password.name | quote }}
+            key: {{ .Values.externalSecrets.databases.nextcloud.password.key | quote }}
     trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }}
   containerSecurityContext:
     allowPrivilegeEscalation: false
diff --git a/helmfile/apps/xwiki/values.yaml.gotmpl b/helmfile/apps/xwiki/values.yaml.gotmpl
index 94a5782d..0fedebb0 100644
--- a/helmfile/apps/xwiki/values.yaml.gotmpl
+++ b/helmfile/apps/xwiki/values.yaml.gotmpl
@@ -45,18 +45,13 @@ externalDB:
   user: {{ .Values.databases.xwiki.username | quote }}
   host: {{ printf "%s:%d" .Values.databases.xwiki.host .Values.databases.xwiki.port | quote }}
   customKeyRef:
-    {{- if or (.Values.externalSecrets.mariadb.rootPassword.name) (.Values.externalSecrets.postgresql.xwikiUser.name) }}
+    {{- if .Values.externalSecrets.databases.xwiki.password.name }}
     enabled: true
+    name: {{ .Values.externalSecrets.databases.xwiki.password.name | quote }}
+    key: {{ .Values.externalSecrets.databases.xwiki.password.key | quote }}
     {{- else }}
     enabled: false
     {{- end }}
-    {{- if eq .Values.databases.xwiki.type "mariadb" }}
-    name: {{ .Values.externalSecrets.mariadb.rootPassword.name | quote }}
-    key: {{ .Values.externalSecrets.mariadb.rootPassword.key | quote }}
-    {{- else }}
-    name: {{ .Values.externalSecrets.postgresql.xwikiUser.name | quote }}
-    key: {{ .Values.externalSecrets.postgresql.xwikiUser.key | quote }}
-    {{- end }}
 
 securityContext:
   enabled: true