# ArgoCD configuration for TuringPi K3s cluster
# Simplified setup - no RBAC restrictions for single-user environment

global:
  # Set domain for your LAN access
  domain: argocd.turing.lan

# Server configuration
server:
  # Enable ingress for web UI access
  ingress:
    enabled: true
    controller: generic
    ingressClassName: nginx
    hostname: argocd.turing.lan
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
      # Restrict to LAN access (matching your existing pattern)
      nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16,10.0.0.0/8,172.16.0.0/12"

  # Use LoadBalancer service for direct access via MetalLB  
  service:
    type: LoadBalancer
    servicePortHttp: 80
    servicePortHttps: 443

  # Enable insecure mode since this is a homelab (simpler setup)
  extraArgs:
    - --insecure

# ApplicationSet controller (for managing multiple apps)
applicationSet:
  enabled: true

# Image updater will be installed separately
# This is just the base ArgoCD installation

# Disable HA components for single-node simplicity
redis-ha:
  enabled: false

# Use single Redis instance
redis:
  enabled: true

# Disable RBAC since you're the only user
rbac:
  create: true
  # Allow admin access without restrictions
  policy.default: role:admin

# No authentication complexity needed for homelab
configs:
  secret:
    createSecret: true
  params:
    applicationsetcontroller.policy: sync

# Storage for repo data (using your NFS setup)
repoServer:
  volumes:
    - name: custom-tools
      emptyDir: {}
  
# Monitoring (since you have Prometheus)
prometheus:
  enabled: false  # Set to true if you want ArgoCD metrics in Prometheus