# Global
## Set this to create nginx for argocd and other services
bootstrap:
  argo_namespace: argo-cd

  argo_keycloak_clientSecret: vJTtJFwdmctFjxWknh9WHcHvTMJvChmg

  # ArgoCD OIDC with Keycloak
  argocd:
    server:
      config:
        oidcConfig:
          name: sso
          issuer: "https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure"
          clientID: "argocd"
          clientSecret: $oidc.keycloak.clientSecret
          requestedScopes: ["openid", "profile", "email", "groups"]
      rbacConfig:
        policy.default: role:readonly
        policy.csv: |
          g, admin, role:admin
          g, argocd-admins, role:admin

  stage: prodwork01
  domain: smardigo.digital

  gitea_instance: prodnso-gitea-01
  gitea_repo_path: "argocd/prodwork01-argocd"

  ingress_ip_whitelist:
    - "212.121.131.106/32" # netgo berlin
    - "149.233.6.129/32" # netgo e-shelter
    - "46.245.219.98/32" # netgo borken
    - "79.215.12.94/32" # sven
    - "164.138.195.162/32" # aachen

  # Application specific
  cert-manager:
    enable: false

  cloud_provider: hetzner
  teams_webhook: https://netgo.webhook.office.com/webhookb2/783c0128-5ab8-45a5-a81f-f9f78a98c342@a80318cd-cd6f-4d2e-83bb-ce3d4140f8b7/IncomingWebhook/d66e86e336004dfd980f208274141ee3/521ac200-eb68-43b8-ae5b-a4f210b0f983
  alertmanager_config_secret_name: myalertmanager

  oidc:
    namespace: mobene-keycloak
    iam:
      secret_name_keycloak_creds: iam-keycloak-creds
      envvars:
        iam_keycloak_auth_server_url: "https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/"

  prometheus_config_blackbox_targets:
    - https://www.google.com
    - https://www.stackoverflow.com