---
apiVersion: v1
kind: Secret
metadata:
  name: {{ .Release.Name }}
data:
  DB_PASS: {{ .Values.database.password | default (derivePassword 1 "long" .Values.commons.masterPassword "paperless" "database_password" | b64enc) | b64enc }}
  {{- with .Values.commons.mail.password }}
  EMAIL_PASS: {{ . | b64enc }}
  {{- end }}
  ADMIN_PASS: {{ .Values.auth.admin | default (derivePassword 1 "long" .Values.commons.masterPassword "paperless" "admin_password" | b64enc) | b64enc }}
  # - "authentik Admins"
  oidc: {{ toYaml (dict
    "config" (dict
      "oidcProviders" (dict
        "openid_connect" (dict
          "APPS" (list (dict
            "provider_id" "mycloud"
            "name" .Values.commons.theme.title
            "client_id" (.Values.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "paperless" "auth.clientID"))
            "secret" (.Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "paperless" "auth.clientSecret"))
            "settings" (dict
              "server_url" (printf "https://%s/application/o/mycloud-paperless/.well-known/openid-configuration" (.Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain)))
            )
          ) .Values.auth.extra | compact)
        )
      )
    )
  ) | b64enc }}