apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: vaultwarden
  namespace: vaultwarden
spec:
  interval: 10m
  chart:
    spec:
      chart: vaultwarden
      sourceRef:
        kind: HelmRepository
        name: vaultwarden
        namespace: flux-system
  values:
    domain: https://vault.n0ball.tw
    database:
      type: postgresql
      existingSecret: vaultwarden-db-secret
      existingSecretKey: DATABASE_URL
    sso:
      enabled: true
      authority: https://keycloak.n0ball.tw/realms/homelab
      existingSecret: vaultwarden-oidc-secret
      clientId:
        existingSecretKey: SSO_CLIENT_ID
      clientSecret:
        existingSecretKey: SSO_CLIENT_SECRET
      signupsMatchEmail: true
      onlySSO: true
      enforceSSO: true
    smtp:
      existingSecret: vaultwarden-smtp-secret
      host:
        existingSecretKey: SMTP_HOST
      port:
        existingSecretKey: SMTP_PORT
      from:
        existingSecretKey: SMTP_FROM
      username:
        existingSecretKey: SMTP_USERNAME
      password:
        existingSecretKey: SMTP_PASSWORD
      security: starttls
    ingress:
      enabled: true
      class: traefik
      annotations:
        cert-manager.io/cluster-issuer: "n0ball-tw-issuer"
      hostname: vault.n0ball.tw
      tls: true