# Global
## Set this to create nginx for argocd and other services
bootstrap:
  argo_namespace: argo-cd

  argo_keycloak_clientSecret: vJTtJFwdmctFjxWknh9WHcHvTMJvChmg

  # ArgoCD OIDC with Keycloak
  argocd:
    server:
      config:
        oidcConfig:
          name: sso
          issuer: "https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure"
          clientID: "argocd"
          clientSecret: $oidc.keycloak.clientSecret
          requestedScopes: ["openid", "profile", "email", "groups"]
      rbacConfig:
        policy.default: ''
        policy.csv: |
          g, admin, role:admin
          g, argocd-admins, role:admin
          g, mobenedevs, role:mobene-users
          p, role:mobene-users, project, get, mobene, allow
          p, role:mobene-users, applications, get, mobene/*, allow
          p, role:mobene-users, applications, sync, mobene/*, allow
          p, role:mobene-users, repositories, get, *, allow
  
  # grafana:
  #   grafana_ini:
  #     auth.generic_oauth:
  #       enabled: true
  #       name: Keycloak
  #       allow_sign_up: true
  #       tls_skip_verify_insecure: true
  #       scopes: profile,email,groups
  #       auth_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/auth
  #       token_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/token
  #       api_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/userinfo
  #       client_id: grafana
  #       client_secret: pCi7uGpA3NB5MMtIqmZGTrdqqW5K2Jkd
  #       role_attribute_path: contains(groups[*], 'grafana-viewer') && 'Editor' || 'Viewer'
  #     server:
  #       root_url: https://prodwork01-grafana.smardigo.digital

  stage: prodwork01
  domain: smardigo.digital

  gitea_instance: prodnso-gitea-01
  gitea_repo_path: "argocd/prodwork01-argocd"

  ingress_ip_whitelist:
    - "212.121.131.106/32" # netgo berlin
    - "149.233.6.129/32" # netgo e-shelter
    - "46.245.219.98/32" # netgo borken
    - "79.215.12.94/32" # sven
    - "164.138.195.162/32" # aachen

  # Application specific
  cert-manager:
    enable: false

  cloud_provider: hetzner
  teams_webhook: https://netgo.webhook.office.com/webhookb2/783c0128-5ab8-45a5-a81f-f9f78a98c342@a80318cd-cd6f-4d2e-83bb-ce3d4140f8b7/IncomingWebhook/d66e86e336004dfd980f208274141ee3/521ac200-eb68-43b8-ae5b-a4f210b0f983
  alertmanager_config_secret_name: myalertmanager

  oidc:
    namespace: mobene-keycloak
    iam:
      secret_name_keycloak_creds: iam-keycloak-creds
      envvars:
        #iam_keycloak_auth_server_url: "https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/"
        iam_keycloak_auth_server_url: "https://prodnso-keycloak-01.smardigo.digital/auth/"

  elk_logging:
    elasticsearch:
      nodeSets:
      - name: resized
        count: 3
        config:
          node.store.allow_mmap: false
        volumeClaimTemplates:
        - metadata:
            name: elasticsearch-data
          spec:
            accessModes:
            - ReadWriteOnce
            resources:
              requests:
                storage: 80Gi
            storageClassName: hcloud-volumes

  prometheus:
    retention: 30d
    storageSpec:
      volumeClaimTemplate:
        spec:
          storageClassName: hcloud-volumes
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 40Gi
    config:
      blackboxTargets:
        - https://www.google.com
        - https://www.stackoverflow.com
        - https://www.heise.de