apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: directus-config
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: directus-config
    {{- include "custom.labels" . | nindent 4 }}
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: openbao
  data:
    - secretKey: key
      remoteRef:
        key: /cl01tl/directus/key
        property: key
    - secretKey: secret
      remoteRef:
        key: /cl01tl/directus/key
        property: secret
    - secretKey: admin-email
      remoteRef:
        key: /cl01tl/directus/config
        property: admin-email
    - secretKey: admin-password
      remoteRef:
        key: /cl01tl/directus/config
        property: admin-password

---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: directus-metric-token
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: directus-metric-token
    {{- include "custom.labels" . | nindent 4 }}
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: openbao
  data:
    - secretKey: metric-token
      remoteRef:
        key: /cl01tl/directus/metrics
        property: metric-token

---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: directus-valkey-config
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: directus-valkey-config
    {{- include "custom.labels" . | nindent 4 }}
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: openbao
  data:
    - secretKey: user
      remoteRef:
        key: /cl01tl/directus/valkey
        property: user
    - secretKey: password
      remoteRef:
        key: /cl01tl/directus/valkey
        property: password
    - secretKey: default
      remoteRef:
        key: /cl01tl/directus/valkey
        property: password

---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: directus-oidc-authentik
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: directus-oidc-authentik
    {{- include "custom.labels" . | nindent 4 }}
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: openbao
  data:
    - secretKey: OIDC_CLIENT_ID
      remoteRef:
        key: /cl01tl/authentik/oidc/directus
        property: client
    - secretKey: OIDC_CLIENT_SECRET
      remoteRef:
        key: /cl01tl/authentik/oidc/directus
        property: secret

---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: directus-bucket-garage
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: directus-bucket-garage
    {{- include "custom.labels" . | nindent 4 }}
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: openbao
  data:
    - secretKey: ACCESS_KEY_ID
      remoteRef:
        key: /garage/home-infra/directus-assets
        property: ACCESS_KEY_ID
    - secretKey: ACCESS_SECRET_KEY
      remoteRef:
        key: /garage/home-infra/directus-assets
        property: ACCESS_SECRET_KEY
    - secretKey: ACCESS_REGION
      remoteRef:
        key: /garage/home-infra/directus-assets
        property: ACCESS_REGION