dex:
  config:
    issuer: https://dex.khuedoan.com
    storage:
      type: kubernetes
      config:
        inCluster: true
    oauth2:
      skipApprovalScreen: true
      # alwaysShowLoginScreen: true
    connectors:
      - type: gitea
        id: gitea
        name: Gitea
        config:
          clientID: $GITEA_CLIENT_ID
          clientSecret: $GITEA_CLIENT_SECRET
          redirectURI: https://dex.khuedoan.com/callback
          baseURL: https://git.khuedoan.com
    staticClients:
      - id: grafana-sso
        name: Grafana
        redirectURIs:
          - 'https://grafana.khuedoan.com/login/generic_oauth'
        secretEnv: GRAFANA_SSO_CLIENT_SECRET
    # enablePasswordDB: true
    # staticPasswords:
    #   - email: "admin@localhost"
    #     userID: 28e21718-2f8d-18ba-92a2-5f73d3ad2b4c
    #     username: admin
    #     hash: $2y$10$ft3vlZMQraUhRNFM4RvfeeYdErEBBrGirjN/nR4SujAJE3rHmdb7a
  # TODO remove test values
  # envFrom:
  envVars:
    - name: GITEA_CLIENT_ID
      value: 38e22718-4f7d-48ab-92a2-6f73d3ad2b4c
    - name: GITEA_CLIENT_SECRET
      value: klZ0sU1EXA5il68lwCOW9kAjCoFFMVINdSuvG951B3Pr
    - name: GRAFANA_SSO_CLIENT_SECRET
      value: klZ0sU1EXA5il68lwCOW9kAjCoFFMVINdSuvG951B3Pr
  ingress:
    enabled: true
    className: nginx
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-prod
      hajimari.io/enable: 'false'
    hosts:
      - host: &host dex.khuedoan.com
        paths:
          - path: /
            pathType: ImplementationSpecific
    tls:
      - secretName: dex-tls-certificate
        hosts:
          - *host