---
apiVersion: v1
kind: ConfigMap
metadata:
  name: verdaccio
  namespace: homelab
data:
  config.yaml: |
    storage: /verdaccio/storage

    uplinks:
      npmjs:
        url: https://registry.npmjs.org/

    packages:
      "@*/*":
        access: $all
        publish: never
        proxy: npmjs

      "**":
        access: $all
        publish: never
        proxy: npmjs

    log:
      - {type: stdout, format: pretty, level: http}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: verdaccio
  namespace: homelab
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: longhorn
  resources:
    requests:
      storage: 128Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: verdaccio
  namespace: homelab
spec:
  replicas: 3
  selector:
    matchLabels:
      app: verdaccio
  template:
    metadata:
      labels:
        app: verdaccio
    spec:
      nodeSelector:
        nodepool: worker

      topologySpreadConstraints:
        - maxSkew: 1
          topologyKey: kubernetes.io/hostname
          whenUnsatisfiable: ScheduleAnyway
          labelSelector:
            matchLabels:
              app: verdaccio

      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: app
                    operator: In
                    values:
                      - verdaccio
              topologyKey: "kubernetes.io/hostname"

      containers:
        - name: verdaccio
          image: verdaccio/verdaccio:latest
          env:
            - name: VERDACCIO_APP_CONFIG
              value: /verdaccio/conf/custom.yaml
            - name: VERDACCIO_PORT
              value: "4873"
          ports:
            - containerPort: 4873
          volumeMounts:
            - name: storage
              mountPath: /verdaccio/storage
            - name: config
              mountPath: /verdaccio/conf/config.yaml
              subPath: config.yaml

      volumes:
        - name: storage
          persistentVolumeClaim:
            claimName: verdaccio
        - name: config
          configMap:
            name: verdaccio
---
apiVersion: v1
kind: Service
metadata:
  name: verdaccio
  namespace: homelab
spec:
  selector:
    app: verdaccio
  ports:
    - port: 4873
      targetPort: 4873
  type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: verdaccio
  namespace: homelab
  annotations:
    cert-manager.io/cluster-issuer: "cloudflare-issuer"
    cert-manager.io/acme-challenge-type: "dns01"
    cert-manager.io/private-key-size: "4096"

    # NGINX IP-based rate limiting
    nginx.ingress.kubernetes.io/limit-rps: "10"
    nginx.ingress.kubernetes.io/limit-burst-multiplier: "5"
    nginx.ingress.kubernetes.io/limit-whitelist: "127.0.0.1"
spec:
  ingressClassName: nginx-internal
  tls:
    - hosts:
        - npm.dogar.dev
      secretName: verdaccio-tls
  rules:
    - host: npm.dogar.dev
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: verdaccio
                port:
                  number: 4873