# Picsur Image Hosting Service

Picsur is a self-hosted image sharing service similar to Imgur. This deployment integrates with the existing PostgreSQL cluster and provides automatic DNS/SSL setup.

## Prerequisites

### Database Setup
Before deploying, create the database and user manually. **Note**: Connect to the PRIMARY instance (check with `kubectl get cluster postgresql-shared -n postgresql-system -o jsonpath="{.status.currentPrimary}"`):

```bash
# Step 1: Create database and user (if they don't exist)
kubectl exec -it postgresql-shared-2 -n postgresql-system -- psql -U postgres -c "CREATE DATABASE picsur;"
kubectl exec -it postgresql-shared-2 -n postgresql-system -- psql -U postgres -c "CREATE USER picsur WITH ENCRYPTED PASSWORD 'your_secure_password';"

# Step 2: Grant database-level permissions
kubectl exec -it postgresql-shared-2 -n postgresql-system -- psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE picsur TO picsur;"

# Step 3: Grant schema-level permissions (CRITICAL for table creation)
kubectl exec -it postgresql-shared-2 -n postgresql-system -- psql -U postgres -d picsur -c "GRANT ALL ON SCHEMA public TO picsur; GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO picsur; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO picsur;"
```

**Troubleshooting**: If Picsur fails with "permission denied for schema public", you need to run Step 3 above. The user needs explicit permissions on the public schema to create tables.

### Secret Configuration
Update the `secret.yaml` file with proper SOPS encryption:

```bash
# Edit the secret with your actual values
sops manifests/applications/picsur/secret.yaml

# Update these values:
# - PICSUR_DB_USERNAME: picsur
# - PICSUR_DB_PASSWORD: your_secure_password
# - PICSUR_DB_DATABASE: picsur
# - PICSUR_ADMIN_PASSWORD: your_admin_password
# - PICSUR_JWT_SECRET: your_jwt_secret_key
```

## Configuration

### Environment Variables
- `PICSUR_DB_HOST`: PostgreSQL connection host
- `PICSUR_DB_PORT`: PostgreSQL port (5432)
- `PICSUR_DB_USERNAME`: Database username
- `PICSUR_DB_PASSWORD`: Database password
- `PICSUR_DB_DATABASE`: Database name
- `PICSUR_ADMIN_PASSWORD`: Admin user password
- `PICSUR_JWT_SECRET`: JWT secret for authentication
- `PICSUR_MAX_FILE_SIZE`: Maximum file size (default: 50MB)

### Storage
- Uses Longhorn persistent volume with `longhorn-retain` storage class
- 20GB initial storage allocation
- Volume labeled for S3 backup inclusion

### Resources
- **Requests**: 200m CPU, 512Mi memory
- **Limits**: 1000m CPU, 2Gi memory
- **Worker Memory**: 1024MB (configured in Picsur admin UI)
- Suitable for image hosting with large file processing (up to 50MB files, 40MP+ panoramas)

## Access

Once deployed, Picsur will be available at:
- **URL**: https://picsur.keyboardvagabond.com
- **Admin Username**: admin
- **Admin Password**: As configured in secret

## Monitoring

Basic health checks are configured. If Picsur exposes metrics, uncomment the ServiceMonitor in `monitoring.yaml`.

## Integration with WriteFreely

Picsur can be used as an image backend for WriteFreely:
1. Upload images to Picsur
2. Use the direct image URLs in WriteFreely posts
3. Images are served from your own infrastructure

## Scaling

Current deployment is single-replica. For high availability:
1. Increase replica count
2. Consider using ReadWriteMany storage if needed
3. Ensure database can handle multiple connections