---
openproject:

  # 1. Allgemeine Einstellungen (Host)
  openproject:
    host: "openproject.apps.internal.k3s.stabify.de"

  # 2. Ingress
  ingress:
    enabled: true
    ingressClassName: "traefik"
    host: "openproject.apps.internal.k3s.stabify.de"
    
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-prod
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
      traefik.ingress.kubernetes.io/router.tls: "true"

    tls:
      secretName: openproject-tls
      hosts: openproject.apps.internal.k3s.stabify.de

  # 3. Datenbank (PostgreSQL)
  postgresql:
    enabled: true
    auth:
      existingSecret: "openproject-db-credentials"
      secretKeys:
        adminPasswordKey: "postgres-password"
        userPasswordKey: "password"
    
    # WICHTIG: 'primary' gehört UNTER 'postgresql', nicht auf Ebene 0!
    primary:
      persistence:
        enabled: true
        size: 10Gi
        storageClass: "longhorn"

  # 4. Datei-Speicher
  persistence:
    enabled: true
    size: 10Gi
    accessMode: ReadWriteOnce
    storageClass: "longhorn"

  # 5. Memcached
  memcached:
    enabled: true

  # OIDC Authentik Provider
  oidc:
    enabled: true
    provider: "openproject"
    displayName: "Authentik"
    host: "https://auth.apps.k3s.stabify.de"
    authorizationEndpoint: "https://auth.apps.k3s.stabify.de/application/o/authorize/"
    tokenEndpoint: "https://auth.apps.k3s.stabify.de/application/o/token/"
    userinfoEndpoint: "https://auth.apps.k3s.stabify.de/application/o/userinfo/"
    endSessionEndpoint: "https://auth.apps.k3s.stabify.de/application/o/openproject/end-session/"
    scope: "[openid]"

    # Optional attribute mappings from the id token
    attribute_map: {}

    ## To avoid having sensitive credentials in your values.yaml, the preferred way is to
    ## use an existing secret containing the OIDC compatible access credentials.
    ## Specify the name of this existing secret here.
    existingSecret:
    secretKeys:
      identifier: "clientId"
      secret: "clientSecret"