{{- if and
  .Values.commons.auth.enabled (eq .Values.commons.auth.type "authentik")
  .Values.prometheus.ingress.enabled
}}
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: authentik-application-prometheus
spec:
  chart:
    spec:
      sourceRef:
        kind: GitRepository
        name: "wrenix-helm-charts"
        namespace: "flux-system"
      chart: "./authentik-application"
      reconcileStrategy: "Revision"
  releaseName: authentik-application-infra-prometheus
  targetNamespace: {{ .Values.commons.auth.namespace }}
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
  driftDetection:
    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    {{- $domain := .Values.prometheus.ingress.host | default (printf "prometheus.%s" .Values.commons.ingress.domain) }}
    {{- $url := printf "https://%s" $domain }}
    blueprint:
      authentik:
        domain: "https://{{ .Values.commons.auth.authentik.domain }}"
      provider:
        enabled: {{ not .Values.prometheus.auth.anonymous.enabled }}
        type: "proxy"
        proxy:
          externalHost: {{ $url | quote }}
          skipPathRegex: |
            /favicon.ico
          ingress:
            enabled: true
            domain: {{ $domain | quote }}
            backend: {{ .Values.commons.auth.authentik.backend }}

      groups:
        - slug: "app: infra"
          bindID: "2b105d85-37f8-4552-b633-8434efeeebe7"

      application:
        group: "Infrastructure"
        policyEngineMode: "any"
        openInNewTab: true
        publisher: "WrenIX's Infra"
        slug: "infra-prometheus"
        name: "Prometheus"
        launchURL: {{ $url | quote }}
        icon: "{{ $url }}/favicon.ico"
        description: "Prometheus is an open-source systems monitoring and alerting toolkit."
{{- end }}