# Authelia Helm Values
# Chart: https://charts.authelia.com

# Ingress - disabled, using separate ingress.yaml
ingress:
  enabled: false

# Pod configuration
pod:
  replicas: 1
  resources:
    requests:
      cpu: 25m
      memory: 64Mi
    limits:
      memory: 128Mi
  extraVolumes:
    - name: users-database
      configMap:
        name: authelia-config
  extraVolumeMounts:
    - name: users-database
      mountPath: /config/users_database.yml
      subPath: users_database.yml
      readOnly: true

# ConfigMap configuration
configMap:
  # Authentication backend - file-based users
  authentication_backend:
    file:
      enabled: true
      path: /config/users_database.yml
      password:
        algorithm: argon2
        argon2:
          variant: argon2id
          iterations: 3
          memory: 65536
          parallelism: 4
          key_length: 32
          salt_length: 16

  # Session configuration
  session:
    cookies:
      - domain: kro.kr
        subdomain: auth0213

  # Storage - PostgreSQL (CNPG cluster)
  storage:
    postgres:
      enabled: true
      address: tcp://postgresql-rw.postgresql.svc.cluster.local:5432
      database: authelia
      username: bluemayne
      timeout: 5s

  # Access control rules
  access_control:
    default_policy: one_factor

  # Notifier - filesystem (no email)
  notifier:
    filesystem:
      enabled: true
      filename: /data/notification.txt

  # TOTP configuration
  totp:
    enabled: true
    issuer: mayne.kro.kr

  # Identity providers (OIDC) - can be enabled later
  identity_providers:
    oidc:
      enabled: false

# Secret configuration - use existing secret from Vault
secret:
  existingSecret: authelia-secrets

# No persistence needed - using PostgreSQL