---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: lldap
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: lldap-secret
    template:
      engineVersion: v2
      data:
        LLDAP_JWT_SECRET: "{{ .LLDAP_JWT_SECRET }}"
        LLDAP_LDAP_USER_PASS: "{{ .password }}"
        LLDAP_USER_DN: "{{ .username }}"
        LLDAP_LDAP_USER_EMAIL: "{{ .LLDAP_LDAP_USER_EMAIL }}"
        LLDAP_SERVER_KEY_SEED: "{{ .LLDAP_SERVER_KEY_SEED }}"
  dataFrom:
    - extract:
        key: lldap
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: lldap-db
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: crunchy-pgo-secrets
  target:
    name: lldap-db-secret
    template:
      engineVersion: v2
      data:
        LLDAP_DATABASE_URL: 'postgres://{{ index . "user" }}:{{ index . "password" }}@{{ index . "host" }}:{{ index . "port" }}/{{ index . "dbname" }}'
  dataFrom:
    - extract:
        key: postgres-pguser-lldap