argo-workflows:
  controller:
    metricsConfig:
      enabled: true
    persistence:
      connectionPool:
        maxIdleConns: 100
        maxOpenConns: 0
      nodeStatusOffLoad: true
      archive: true
      postgresql:
        host: argo-workflows-postgresql-18-cluster-rw
        port: 5432
        database: app
        tableName: app
        userNameSecret:
          name: argo-workflows-postgresql-18-cluster-app
          key: username
        passwordSecret:
          name: argo-workflows-postgresql-18-cluster-app
          key: password
        ssl: false
        sslMode: disable
    workflowWorkers: 2
    workflowTTLWorkers: 1
    podCleanupWorkers: 1
    cronWorkflowWorkers: 1
    resources:
      requests:
        cpu: 10m
        memory: 128Mi
    serviceMonitor:
      enabled: true
    name: workflow-controller
    workflowNamespaces:
      - argocd
      - argo-workflows
  server:
    authModes:
      - sso
    ingress:
      enabled: false
    sso:
      enabled: true
      issuer: https://authentik.alexlebens.net/application/o/argo-workflows/
      clientId:
        name: argo-workflows-oidc-secret
        key: client
      clientSecret:
        name: argo-workflows-oidc-secret
        key: secret
      redirectUrl: https://argo-workflows.alexlebens.net/oauth2/callback
      rbac:
        enabled: false
      scopes:
        - openid
        - email
        - profile
  useStaticCredentials: true
  artifactRepository:
    archiveLogs: false
argo-events:
  controller:
    resources:
      requests:
        cpu: 10m
        memory: 128Mi
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
  webhook:
    enabled: true
    resources:
      requests:
        cpu: 10m
        memory: 128Mi
postgres-18-cluster:
  mode: recovery
  recovery:
    method: objectStore
    objectStore:
      index: 1
  backup:
    objectStore:
      - name: garage-local
        index: 1
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
      # - name: garage-remote
      #   index: 1
      #   destinationBucket: postgres-backups
      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
      #   retentionPolicy: "90d"
      #   data:
      #     compression: bzip2
      # - name: external
      #   index: 1
      #   endpointURL: https://nyc3.digitaloceanspaces.com
      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
      #   isWALArchiver: false
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 0 0 * * *"
        backupName: garage-local
      # - name: weekly-backup
      #   suspend: true
      #   immediate: true
      #   schedule: "0 0 4 * * SAT"
      #   backupName: garage-remote
      # - name: daily-backup
      #   suspend: true
      #   immediate: true
      #   schedule: "0 0 0 * * *"
      #   backupName: external