authentik:
  global:
    env:
      - name: AUTHENTIK_SECRET_KEY
        valueFrom:
          secretKeyRef:
            name: authentik-key-secret
            key: key
      - name: AUTHENTIK_POSTGRESQL__HOST
        valueFrom:
          secretKeyRef:
            name: authentik-postgresql-18-cluster-app
            key: host
      - name: AUTHENTIK_POSTGRESQL__NAME
        valueFrom:
          secretKeyRef:
            name: authentik-postgresql-18-cluster-app
            key: dbname
      - name: AUTHENTIK_POSTGRESQL__USER
        valueFrom:
          secretKeyRef:
            name: authentik-postgresql-18-cluster-app
            key: user
      - name: AUTHENTIK_POSTGRESQL__PASSWORD
        valueFrom:
          secretKeyRef:
            name: authentik-postgresql-18-cluster-app
            key: password
  authentik:
    redis:
      host: redis-replication-authentik-master
  server:
    name: server
    replicas: 1
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
    route:
      main:
        enabled: true
        apiVersion: gateway.networking.k8s.io/v1
        kind: HTTPRoute
        hostnames:
          - authentik.alexlebens.net
        parentRefs:
          - group: gateway.networking.k8s.io
            kind: Gateway
            name: traefik-gateway
            namespace: traefik
        httpsRedirect: false
        matches:
          - path:
              type: PathPrefix
              value: /
  worker:
    name: worker
    replicas: 1
  prometheus:
    rules:
      enabled: true
  postgresql:
    enabled: false
  redis:
    enabled: false
postgres-18-cluster:
  mode: recovery
  recovery:
    method: objectStore
    objectStore:
      index: 1
  backup:
    objectStore:
      - name: garage-local
        index: 1
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
      # - name: garage-remote
      #   index: 1
      #   destinationBucket: postgres-backups
      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
      #   retentionPolicy: "90d"
      #   data:
      #     compression: bzip2
      # - name: external
      #   index: 1
      #   endpointURL: https://nyc3.digitaloceanspaces.com
      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
      #   isWALArchiver: false
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 0 0 * * *"
        backupName: garage-local
      # - name: weekly-backup
      #   suspend: true
      #   immediate: true
      #   schedule: "0 0 4 * * SAT"
      #   backupName: garage-remote
      # - name: daily-backup
      #   suspend: true
      #   immediate: true
      #   schedule: "0 0 0 * * *"
      #   backupName: external
redis-replication:
  existingSecret:
    enabled: false
  redisReplication:
    clusterSize: 3
  redisSentinel:
    enabled: true
    clusterSize: 3