apiVersion: v1
kind: ConfigMap
metadata:
  name: projects-config
  namespace: lasuite
data:
  BASE_URL: "https://projects.DOMAIN_SUFFIX"
  TRUST_PROXY: "1"
  NODE_ENV: "production"

  # OIDC — Hydra as the identity provider
  OIDC_ISSUER: "https://auth.DOMAIN_SUFFIX/"
  OIDC_SCOPES: "openid email profile"
  OIDC_ENFORCED: "true"
  OIDC_IGNORE_USERNAME: "true"
  OIDC_IGNORE_ROLES: "true"
  OIDC_ADMIN_ROLES: "*"
  OIDC_FULLNAME_ATTRIBUTES: "given_name,family_name"
  # Planka defaults to response_mode=fragment, which returns the auth code in the
  # URL hash (#code=...). The SPA callback handler doesn't parse fragments correctly,
  # causing a silent auth loop. Use query mode so the code comes as ?code=...
  OIDC_RESPONSE_MODE: "query"

  # S3 file storage via SeaweedFS
  S3_ENDPOINT: "http://seaweedfs-filer.storage.svc.cluster.local:8333"
  S3_BUCKET: "projects"
  S3_REGION: "us-east-1"
  S3_FORCE_PATH_STYLE: "true"

  # SMTP via in-cluster Postfix relay
  SMTP_HOST: "postfix.lasuite.svc.cluster.local"
  SMTP_PORT: "25"
  SMTP_SECURE: "false"
  SMTP_FROM: "Projects <noreply@DOMAIN_SUFFIX>"

  # La Gaufre waffle menu widget
  REACT_APP_LAGAUFRE_WIDGET_API_URL: "https://integration.DOMAIN_SUFFIX/api/v2/services.json"
  REACT_APP_LAGAUFRE_WIDGET_PATH: "https://integration.DOMAIN_SUFFIX/api/v2/"

  # Default language for new OIDC users (browser detection fallback if unset)
  DEFAULT_LANGUAGE: "en-US"

  # Permissions
  ALLOW_ALL_TO_CREATE_PROJECTS: "true"