From d3a54f13b070d1e7f2111fe5926f658091507f28 Mon Sep 17 00:00:00 2001
From: Marko Oldenburg <development@cooltux.net>
Date: Sun, 23 Nov 2025 13:01:43 +0100
Subject: [PATCH] Refactor environment variables in deployment template

The environment variables for the Paperless-NGX deployment have been
refactored and moved into the main container section within the
Kubernetes deployment manifest. This change organizes the
environment variable definitions, enhancing readability and
maintainability.

Key modifications include:
- Moved the `env` section under `containers.main`, allowing for
  a clearer structure.
- Retained the logic for PostgreSQL, MariaDB, and Redis database
  configuration while ensuring environment variables are set
  within the context of the main application container.

This change does not introduce any breaking functionality, but
it does improve the clarity and intent of the configuration.
---
 charts/paperless-ngx/templates/common.yaml | 91 ++++++++++++----------
 charts/paperless-ngx/values.yaml           |  9 +--
 2 files changed, 52 insertions(+), 48 deletions(-)

diff --git a/charts/paperless-ngx/templates/common.yaml b/charts/paperless-ngx/templates/common.yaml
index c172e65..cbfc981 100644
--- a/charts/paperless-ngx/templates/common.yaml
+++ b/charts/paperless-ngx/templates/common.yaml
@@ -1,48 +1,53 @@
 {{/* Append the hardcoded settings */}}
 {{- define "healthchecks.harcodedValues" -}}
-env:
-  PAPERLESS_TIME_ZONE: {{ .Values.env.TZ }}
-  PAPERLESS_PORT: {{ quote .Values.service.main.ports.http.port }}
-
-  {{- with .Values.ingress.main }}
-  {{- if and .enabled .hosts }}
-  PAPERLESS_URL: http{{ if .tls }}s{{ end }}://{{ (first .hosts).host }}
-  {{- end }}
-  {{- end }}
-
-  {{- if .Values.postgresql.enabled }}
-  {{- with .Values.postgresql }}
-  PAPERLESS_DBENGINE: postgresql
-  PAPERLESS_DBHOST: {{ $.Release.Name }}-postgresql
-  PAPERLESS_DBNAME: {{ .auth.database }}
-  PAPERLESS_DBUSER: {{ default "postgres" .auth.username }}
-  PAPERLESS_DBPASS:
-    secretKeyRef:
-      name: {{ .auth.existingSecret | default (printf "%s-postgresql" $.Release.Name) }}
-      key: {{ if not .auth.password }}postgres-{{ end }}password
-  {{- end }}
-  {{- else if .Values.mariadb.enabled }}
-  {{- with .Values.mariadb}}
-  PAPERLESS_DBENGINE: mariadb
-  PAPERLESS_DBHOST: {{ $.Release.Name }}-mariadb
-  PAPERLESS_DBNAME: {{ .auth.database }}
-  PAPERLESS_DBUSER: {{ .auth.username }}
-  PAPERLESS_DBPASS:
-    secretKeyRef:
-      name: {{ .auth.existingSecret | default (printf "%s-mariadb" $.Release.Name) }}
-      key: mariadb-password
-  {{- end }}
-  {{- end }}
-
-  {{- if .Values.redis.enabled }}
-  {{- with .Values.redis }}
-  A_REDIS_PASSWORD:
-    secretKeyRef:
-      name: {{ .auth.existingSecret | default (printf "%s-redis" $.Release.Name) }}
-      key: {{ .auth.existingSecretPasswordKey | default "redis-password" }}
-  PAPERLESS_REDIS: redis://{{ .auth.username }}:$(A_REDIS_PASSWORD)@{{ $.Release.Name }}-redis-master
-  {{- end }}
-  {{- end }}
+controllers:
+  main:
+    type: deployment
+    containers:
+      main:
+        env:
+          PAPERLESS_TIME_ZONE: {{ .Values.env.TZ }}
+          PAPERLESS_PORT: {{ quote .Values.service.main.ports.http.port }}
+        
+          {{- with .Values.ingress.main }}
+          {{- if and .enabled .hosts }}
+          PAPERLESS_URL: http{{ if .tls }}s{{ end }}://{{ (first .hosts).host }}
+          {{- end }}
+          {{- end }}
+        
+          {{- if .Values.postgresql.enabled }}
+          {{- with .Values.postgresql }}
+          PAPERLESS_DBENGINE: postgresql
+          PAPERLESS_DBHOST: {{ $.Release.Name }}-postgresql
+          PAPERLESS_DBNAME: {{ .auth.database }}
+          PAPERLESS_DBUSER: {{ default "postgres" .auth.username }}
+          PAPERLESS_DBPASS:
+            secretKeyRef:
+              name: {{ .auth.existingSecret | default (printf "%s-postgresql" $.Release.Name) }}
+              key: {{ if not .auth.password }}postgres-{{ end }}password
+          {{- end }}
+          {{- else if .Values.mariadb.enabled }}
+          {{- with .Values.mariadb}}
+          PAPERLESS_DBENGINE: mariadb
+          PAPERLESS_DBHOST: {{ $.Release.Name }}-mariadb
+          PAPERLESS_DBNAME: {{ .auth.database }}
+          PAPERLESS_DBUSER: {{ .auth.username }}
+          PAPERLESS_DBPASS:
+            secretKeyRef:
+              name: {{ .auth.existingSecret | default (printf "%s-mariadb" $.Release.Name) }}
+              key: mariadb-password
+          {{- end }}
+          {{- end }}
+        
+          {{- if .Values.redis.enabled }}
+          {{- with .Values.redis }}
+          A_REDIS_PASSWORD:
+            secretKeyRef:
+              name: {{ .auth.existingSecret | default (printf "%s-redis" $.Release.Name) }}
+              key: {{ .auth.existingSecretPasswordKey | default "redis-password" }}
+          PAPERLESS_REDIS: redis://{{ .auth.username }}:$(A_REDIS_PASSWORD)@{{ $.Release.Name }}-redis-master
+          {{- end }}
+          {{- end }}
 {{- end -}}
 {{- $_ := merge .Values (include "healthchecks.harcodedValues" . | fromYaml) -}}
 
diff --git a/charts/paperless-ngx/values.yaml b/charts/paperless-ngx/values.yaml
index 6da2f3f..7ec6d3a 100644
--- a/charts/paperless-ngx/values.yaml
+++ b/charts/paperless-ngx/values.yaml
@@ -20,11 +20,10 @@ controllers:
           # @default -- See [values.yaml](./values.yaml)
         # -- Set the resource requests / limits for the container.
         resources: {}
-
-env:
-  # -- Set the container timezone
-  TZ: UTC
-  # PAPERLESS_SECRET_KEY: ""
+        env:
+          # -- Set the container timezone
+          TZ: UTC
+          # PAPERLESS_SECRET_KEY: ""
 
 service:
   # -- Configures service settings for the chart.