ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: main
  hosts:
    - host: dex.dev.t09.de
      paths:
        - path: /
          pathType: Prefix
  tls:
    - hosts:
        - dex.dev.t09.de
      secretName: dex-cert

envVars:
  - name: FORGEJO_CLIENT_SECRET
    valueFrom:
      secretKeyRef:
        name: dex-forgejo-client
        key: clientSecret
  - name: FORGEJO_CLIENT_ID
    valueFrom:
      secretKeyRef:
        name: dex-forgejo-client
        key: clientID
  - name: OIDC_DEX_GRAFANA_CLIENT_SECRET
    valueFrom:
      secretKeyRef:
        name: dex-grafana-client
        key: clientSecret
  - name: OIDC_DEX_ARGO_CLIENT_SECRET
    valueFrom:
      secretKeyRef:
        name: dex-argo-client
        key: clientSecret
  - name: LOG_LEVEL
    value: debug

config:
  # Set it to a valid URL
  issuer: https://dex.dev.t09.de

  # See https://dexidp.io/docs/storage/ for more options
  storage:
    type: memory

  oauth2:
    skipApprovalScreen: true
    alwaysShowLoginScreen: false

  connectors:
    - type: gitea
      id: gitea
      name: Forgejo
      config:
        clientID: "$FORGEJO_CLIENT_ID"
        clientSecret: "$FORGEJO_CLIENT_SECRET"
        redirectURI: https://dex.dev.t09.de/callback
        baseURL: https://edp.buildth.ing
        # loadAllGroups: true
        orgs:
          - name: DevFW
  enablePasswordDB: false

  staticClients:
    - id: controller-argocd-dex
      name: ArgoCD Client
      redirectURIs:
        - "https://argocd.dev.t09.de/auth/callback"
      secretEnv: "OIDC_DEX_ARGO_CLIENT_SECRET"
    - id: grafana
      redirectURIs:
        - "https://grafana.dev.t09.de/login/generic_oauth"
      name: "Grafana"
      secretEnv: "OIDC_DEX_GRAFANA_CLIENT_SECRET"