replicaCount: 1

image:
  repository: lscr.io/linuxserver/nzbget
  tag: "latest"
  pullPolicy: Always

env:
  - name: PUID
    value: "1000"
  - name: PGID
    value: "1000"
  - name: TZ
    value: "Europe/Amsterdam"
  - name: HTTP_PROXY
    value: "http://gluetun.default.svc.cluster.local:8888"
  - name: http_proxy
    value: "http://gluetun.default.svc.cluster.local:8888"
  - name: HTTPS_PROXY
    value: "http://gluetun.default.svc.cluster.local:8888"
  - name: https_proxy
    value: "http://gluetun.default.svc.cluster.local:8888"
  - name: NO_PROXY
    value: "localhost,127.0.0.1,.svc,.cluster.local"

# nzbget cannot read server credentials from environment variables (its
# ${...} config syntax only references other nzbget options, not env). So an
# init container renders the Server1 (newshosting) block into nzbget.conf on
# every start: the non-secret settings live here in git, while the username
# and password come from the out-of-band `usenet-creds` Secret (same pattern
# as gluetun-wireguard — secret not committed). Rotating the secret + a pod
# restart re-renders the creds. No provider password is ever stored in git.
initContainers:
  - name: render-newshosting
    image: lscr.io/linuxserver/nzbget:latest
    command:
      - sh
      - -c
      - |
        f=/config/nzbget.conf
        [ -f "$f" ] || { echo "nzbget.conf absent; main container will seed defaults"; exit 0; }
        sed -i \
          -e "s|^Server1.Active=.*|Server1.Active=yes|" \
          -e "s|^Server1.Name=.*|Server1.Name=newshosting|" \
          -e "s|^Server1.Host=.*|Server1.Host=news.newshosting.com|" \
          -e "s|^Server1.Port=.*|Server1.Port=563|" \
          -e "s|^Server1.Encryption=.*|Server1.Encryption=yes|" \
          -e "s|^Server1.Connections=.*|Server1.Connections=30|" \
          -e "s|^Server1.Username=.*|Server1.Username=${NEWSHOSTING_USER}|" \
          -e "s|^Server1.Password=.*|Server1.Password=${NEWSHOSTING_PASS}|" \
          "$f"
        echo "rendered newshosting Server1 block into nzbget.conf"
    env:
      - name: NEWSHOSTING_USER
        valueFrom:
          secretKeyRef:
            name: usenet-creds
            key: NEWSHOSTING_USER
      - name: NEWSHOSTING_PASS
        valueFrom:
          secretKeyRef:
            name: usenet-creds
            key: NEWSHOSTING_PASS
    volumeMounts:
      - name: plex-data
        mountPath: /config
        subPath: configs/nzbget

service:
  type: ClusterIP
  port: 6789

volumes:
  - name: plex-data
    persistentVolumeClaim:
      claimName: "plex-data"

volumeMounts:
  - name: plex-data
    mountPath: "/config"
    subPath: "configs/nzbget"
  - name: plex-data
    mountPath: "/nfs"

livenessProbe:
  tcpSocket:
    port: 6789
  initialDelaySeconds: 10
  periodSeconds: 20
  timeoutSeconds: 2
  failureThreshold: 3

readinessProbe:
  tcpSocket:
    port: 6789
  initialDelaySeconds: 5
  periodSeconds: 10
  timeoutSeconds: 2
  failureThreshold: 3

resources:
  requests:
    memory: "500Mi"
    cpu: "500m"
    ephemeral-storage: "50Mi"
  limits:
    memory: "2Gi"
    cpu: "2"
    ephemeral-storage: "1Gi"

nodeSelector: {}

tolerations: []

affinity: {}