## Ingress settings
image:
  repository: norishapp/norish
  tag: "v0.13.6-beta"
  pullPolicy: IfNotPresent

ingress:
  enabled: true
  className: "traefik"
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
  hosts:
    - host: norish.tomik.lat
      paths:
        - path: /
          pathType: Prefix
  tls:
    - hosts:
        - norish.tomik.lat

## Persistence settings
persistence:
  enabled: true
  storageClass: "longhorn"
  accessMode: ReadWriteOnce
  size: 5Gi

config:
  # Application URL (required)
  # This should match your ingress hostname
  authUrl: "https://norish.tomik.lat"

  # Master encryption key (required)
  # Generate with: openssl rand -base64 32
  # For production, use an existing Kubernetes Secret
  masterKey:
    existingSecret: ""        # Name of existing Kubernetes secret
    secretKey: "master-key"   # Key in the secret where master key is stored
    value: "cp6eVbe4ddmJxlJCJyux5Nlk39gbJR3M9mWjAqEon1c="                 # Only used if existingSecret is not set (must be 32-byte base64)

  # Authentication provider configuration
  # Configure ONE provider for initial admin account creation
  # After first login, manage additional providers via Settings → Admin
  auth:
    # OIDC/OAuth2 provider
    oidc:
      enabled: true
      name: "Authentik"
      issuer: "https://authentik.tomik.lat/application/o/norish/"
      clientId: "tSQZSJDBs479OVLyEzwDYAVaVYJhQuaFouIRWHyg"
      clientSecret: "SpCQGIhXXF9iVT6qc37ApPC8epy1ZhukDtPp6Ipy8XqI7HK4LQUJmsbNTGhLaz25rNgM3GUUDo0vqoGe4INiEjiPeQ4tpiokrvnjPQ2tXf8AFCiu79eyFttB7TCEdtfI"

    # GitHub OAuth
    github:
      enabled: false
      clientId: ""
      clientSecret: ""
      # Use existing secret for GitHub credentials
      existingSecret: ""
      clientIdKey: "github-client-id"
      clientSecretKey: "github-client-secret"

    # Google OAuth
    google:
      enabled: false
      clientId: ""
      clientSecret: ""
      # Use existing secret for Google credentials
      existingSecret: ""
      clientIdKey: "google-client-id"
      clientSecretKey: "google-client-secret"

## External PostgreSQL database configuration (REQUIRED)
## Norish requires a central PostgreSQL database
## You must have a PostgreSQL server available before deploying this chart
database:
  # Database connection details
  host: "postgres-cluster-pooler.dbs.svc.cluster.local"                 # Required: PostgreSQL server hostname
  port: 5432
  # Use existing secret for database credentials (recommended for production)
  existingSecret: "norish3-db-credentials"          # Name of existing Kubernetes secret
  usernameKey: "username"     # Key in the secret for database username
  passwordKey: "password"     # Key in the secret for database password
  databaseKey: "database"     # Key in the secret for database name (optional)