dex:
  config:
    issuer: https://dex.khuedoan.com
    storage:
      type: kubernetes
      config:
        inCluster: true
    oauth2:
      skipApprovalScreen: true
    connectors:
      - type: gitea
        id: gitea
        name: Gitea
        config:
          clientID: $GITEA_CLIENT_ID
          clientSecret: $GITEA_CLIENT_SECRET
          redirectURI: https://dex.khuedoan.com/callback
          baseURL: https://git.khuedoan.com
    staticClients:
      - id: grafana-sso
        name: Grafana
        redirectURIs:
          - 'https://grafana.khuedoan.com/login/generic_oauth'
        secretEnv: GRAFANA_SSO_CLIENT_SECRET
  envFrom:
    - secretRef:
        name: dex-secrets
  ingress:
    enabled: true
    className: nginx
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-prod
      hajimari.io/enable: 'false'
    hosts:
      - host: &host dex.khuedoan.com
        paths:
          - path: /
            pathType: ImplementationSpecific
    tls:
      - secretName: dex-tls-certificate
        hosts:
          - *host