---
# Set **noble_authentik_install: true** after filling **.env** (see role README and repository **.env.sample**).
noble_authentik_install: false
# When true, run **configure_authentik.py** against the Authentik API (requires bootstrap token + client secrets).
noble_authentik_configure_idp: true

noble_authentik_chart_version: "2026.2.3"
noble_authentik_oauth2_proxy_chart_version: "10.4.3"

noble_authentik_host: auth.apps.noble.lab.pcenicni.dev
noble_authentik_public_url: "https://{{ noble_authentik_host }}"
noble_authentik_api_base: "{{ noble_authentik_public_url }}/api/v3"

noble_authentik_oauth2_proxy_host: oauth2.apps.noble.lab.pcenicni.dev

# OIDC client ids (must match Authentik providers created by configure script)
noble_authentik_client_id_argocd: argocd
noble_authentik_client_id_grafana: grafana
noble_authentik_client_id_headlamp: headlamp
noble_authentik_client_id_oauth2_proxy: oauth2-proxy

# Secrets / bootstrap — prefer **lookup('env', ...)** set via repository **.env** (see from_env.yml).
noble_authentik_secret_key: ""
noble_authentik_postgresql_password: ""
noble_authentik_bootstrap_token: ""
noble_authentik_bootstrap_email: ""
noble_authentik_bootstrap_password: ""

noble_authentik_client_secret_argocd: ""
noble_authentik_client_secret_grafana: ""
noble_authentik_client_secret_headlamp: ""
noble_authentik_client_secret_oauth2_proxy: ""
noble_authentik_oauth2_proxy_cookie_secret: ""

noble_authentik_helm_wait_timeout: 25m

# Re-apply the same chart versions as the rest of noble.yml when flipping SSO on.
noble_authentik_argocd_chart_version: "9.4.17"
noble_authentik_kube_prometheus_chart_version: "82.15.1"
noble_authentik_headlamp_chart_version: "0.40.1"
noble_authentik_longhorn_chart_version: "1.11.2"
noble_authentik_kube_prometheus_helm_wait_timeout: 60m