---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: {{ .Release.Name }}-auth
spec:
  chart:
    spec:
      sourceRef:
        kind: GitRepository
        name: "wrenix-helm-charts"
        namespace: "flux-system"
      chart: "./authentik-application"
      reconcileStrategy: "Revision"
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
  driftDetection:
    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    {{- $clientHost := .Values.server.auth.webClient | default (printf "element.%s" .Values.commons.ingress.domain) }}
    blueprint:
      authentik:
        domain: "https://{{ include "mycloud-matrix.domain.auth" . }}"
      provider:
        type: "oidc"
        name: "Matrix"
        oidc:
          clientType: "confidential"
          {{- if .Values.server.authenticationService.enabled }}
          redirectURL: "https://{{ include "mycloud-matrix.host.authenticationService" . }}/upstream/callback/0000000000000000000MYC10VD"
          {{- else }}
          redirectURL: "https://{{ include "mycloud-matrix.host.server" . }}/_synapse/client/oidc/callback"
          {{- end }}
          clientID: {{ .Values.server.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix" "auth.clientID") | sha256sum }}
          clientSecret: {{ .Values.server.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "matrix" "auth.clientSecret") | sha256sum }}
          signingKey: "authentik Self-signed Certificate"
          scopes:
            - name: "authentik default OAuth Mapping: OpenID 'openid'"
            - name: "authentik default OAuth Mapping: OpenID 'email'"
            - name: "authentik default OAuth Mapping: OpenID 'profile'"

      groups:
        - slug: "mycloud - users"
          bindID: "c261fd19-dbe2-43c6-9de8-e7265c1d57fd"

      application:
        policyEngineMode: "any"
        openInNewTab: true
        publisher: "WrenIX's myCloud"
        slug: "mycloud-matrix"
        group: "Chat"
        name: "Matrix"
        launchURL: "https://{{ $clientHost }}/"
        icon: "https://{{ $clientHost }}/themes/element/img/logos/element-logo.svg"
        description: "Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers."