---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: "synapse-werts-config"
  namespace: synapse
spec:
  refreshInterval: "5s"
  secretStoreRef:
    name: k8s-store
    kind: SecretStore
  data:
  - {"secretKey": "registration_shared_secret", "remoteRef": {"key": "synapse-werts-secrets", "property": "registration_shared_secret"}}
  - {"secretKey": "pepper", "remoteRef": {"key": "synapse-werts-secrets", "property": "password_config__pepper"}}
  - {"secretKey": "macaroon_secret_key", "remoteRef": {"key": "synapse-werts-secrets", "property": "macaroon_secret_key"}}
  - {"secretKey": "form_secret", "remoteRef": {"key": "synapse-werts-secrets", "property": "form_secret"}}

  - {"secretKey": "oidc_client_id", "remoteRef": {"key": "synapse-werts-secrets-oidc", "property": "client_id"}}
  - {"secretKey": "oidc_client_secret", "remoteRef": {"key": "synapse-werts-secrets-oidc", "property": "client_secret"}}

  - {"secretKey": "db_user", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "user"}}
  - {"secretKey": "db_password", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "password"}}
  - {"secretKey": "db_dbname", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "dbname"}}
  - {"secretKey": "db_host", "remoteRef": {"key": "synapse-werts-db-pguser-synapse-werts-db", "property": "host"}}
  target:
    name: synapse-werts-config
    template:
      type: Opaque
      data:
        "homeserver.yaml": |
           macaroon_secret_key: "{{.macaroon_secret_key}}"
           form_secret: "{{.form_secret}}"
           registration_shared_secret: "{{.registration_shared_secret}}"
           password_config:
             enabled: true
             pepper: "{{ .pepper }}"
            
           server_name: werts.us
           public_baseurl: https://chat.werts.us/
           pid_file: /data/homeserver.pid

           media_store_path: "/data/media_store"
           report_stats: false
           trusted_key_servers:
             - server_name: "matrix.org"
           signing_key_path: "/data/my.matrix.host.signing.key"
           limit_remote_rooms:
             enabled: true
             complexity: 0.0
             complexity_error: "only admins are allowed to join federated rooms"
             admins_can_join: true
           allow_public_rooms_without_auth: false
           allow_public_rooms_over_federation: false


           listeners:
             - port: 8008
               tls: false
               type: http
               x_forwarded: true

               resources:
                 - names: [client, federation]
                   compress: false
           database:
             name: psycopg2
             args:
               user: "{{ .db_user }}"
               password: "{{ .db_password }}"
               database: "{{ .db_dbname }}"
               host: "{{ .db_host }}"
               cp_min: 5
               cp_max: 10
           oidc_providers:
             - idp_id: my_idp
               idp_name: "werts.us"
               discover: true
               issuer: "https://auth.werts.us/realms/werts"
               scopes: ["openid", "profile"]
               skip_verification: true
               user_mapping_provider:
                 config:
                   subject_claim: "preferred_username"
                   localpart_template: "{{"{{"}} user.preferred_username {{"}}"}}"
                   display_name_template: "{{"{{"}} user.name {{"}}"}}"
                   email_template: "{{"{{"}} user.email {{"}}"}}"
               client_id: "{{ .oidc_client_id }}"
               client_secret: "{{ .oidc_client_secret }}"