replicaCount: 1

image:
  repository: ghcr.io/blessedrebus/krawl
  pullPolicy: Always
  tag: "latest"

imagePullSecrets: []
nameOverride: "krawl"
fullnameOverride: ""

serviceAccount:
  create: false
  annotations: {}
  name: ""

podAnnotations: {}

podSecurityContext: {}

securityContext: {}

service:
  type: LoadBalancer
  port: 5000
  annotations: {}
  # Preserve source IP when using LoadBalancer
  externalTrafficPolicy: Local

ingress:
  enabled: true
  className: "traefik"
  annotations: {}
  hosts:
    - host: krawl.example.com
      paths:
        - path: /
          pathType: Prefix
  tls: []
  #  - secretName: krawl-tls
  #    hosts:
  #      - krawl.example.com

resources:
  limits:
    cpu: 500m
    memory: 256Mi
  requests:
    cpu: 100m
    memory: 64Mi

autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 1
  targetCPUUtilizationPercentage: 70
  targetMemoryUtilizationPercentage: 80

nodeSelector: {}

tolerations: []

affinity: {}

# Application configuration (config.yaml structure)
config:
  server:
    port: 5000
    delay: 100
    timezone: null  # IANA timezone (e.g., "America/New_York", "Europe/Rome"). If not set, system timezone is used.
  links:
    min_length: 5
    max_length: 15
    min_per_page: 10
    max_per_page: 15
    char_space: "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
    max_counter: 10
  canary:
    token_url: null  # Set your canary token URL here
    token_tries: 10
  dashboard:
    secret_path: null  # Auto-generated if not set, or set to "/my-secret-dashboard"
  api:
    server_url: null
    server_port: 8080
    server_path: "/api/v2/users"
  database:
    path: "data/krawl.db"
    retention_days: 30
  behavior:
    probability_error_codes: 0

# Database persistence configuration
database:
  # Persistence configuration
  persistence:
    enabled: true
    # Storage class name (use default if not specified)
    # storageClassName: ""
    # Access mode for the persistent volume
    accessMode: ReadWriteOnce
    # Size of the persistent volume
    size: 1Gi
    # Optional: Use existing PVC
    # existingClaim: ""

networkPolicy:
  enabled: true
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - from:
      - podSelector: {}
      - namespaceSelector: {}
      - ipBlock:
          cidr: 0.0.0.0/0
      ports:
      - protocol: TCP
        port: 5000
  egress:
    - to:
      - namespaceSelector: {}
      - ipBlock:
          cidr: 0.0.0.0/0
      ports:
      - protocol: TCP
      - protocol: UDP

# Wordlists configuration
wordlists:
  usernames:
    prefixes:
      - admin
      - user
      - developer
      - root
      - system
      - db
      - api
      - service
      - deploy
      - test
      - prod
      - backup
      - monitor
      - jenkins
      - webapp
    suffixes:
      - ""
      - "_prod"
      - "_dev"
      - "_test"
      - "123"
      - "2024"
      - "_backup"
      - "_admin"
      - "01"
      - "02"
      - "_user"
      - "_service"
      - "_api"
  passwords:
    prefixes:
      - P@ssw0rd
      - Passw0rd
      - Admin
      - Secret
      - Welcome
      - System
      - Database
      - Secure
      - Master
      - Root
    simple:
      - test
      - demo
      - temp
      - change
      - password
      - admin
      - letmein
      - welcome
      - default
      - sample
  emails:
    domains:
      - example.com
      - company.com
      - localhost.com
      - test.com
      - domain.com
      - corporate.com
      - internal.net
      - enterprise.com
      - business.org
  api_keys:
    prefixes:
      - sk_live_
      - sk_test_
      - api_
      - key_
      - token_
      - access_
      - secret_
      - prod_
      - ""
  databases:
    names:
      - production
      - prod_db
      - main_db
      - app_database
      - users_db
      - customer_data
      - analytics
      - staging_db
      - dev_database
      - wordpress
      - ecommerce
      - crm_db
      - inventory
    hosts:
      - localhost
      - db.internal
      - mysql.local
      - postgres.internal
      - 127.0.0.1
      - db-server-01
      - database.prod
      - sql.company.com
  applications:
    names:
      - WebApp
      - API Gateway
      - Dashboard
      - Admin Panel
      - CMS
      - Portal
      - Manager
      - Console
      - Control Panel
      - Backend
  users:
    roles:
      - Administrator
      - Developer
      - Manager
      - User
      - Guest
      - Moderator
      - Editor
      - Viewer
      - Analyst
      - Support
  directory_listing:
    files:
      - admin.txt
      - test.exe
      - backup.sql
      - database.sql
      - db_backup.sql
      - dump.sql
      - config.php
      - credentials.txt
      - passwords.txt
      - users.csv
      - .env
      - id_rsa
      - id_rsa.pub
      - private_key.pem
      - api_keys.json
      - secrets.yaml
      - admin_notes.txt
      - settings.ini
      - database.yml
      - wp-config.php
      - .htaccess
      - server.key
      - cert.pem
      - shadow.bak
      - passwd.old
    directories:
      - uploads/
      - backups/
      - logs/
      - temp/
      - cache/
      - private/
      - config/
      - admin/
      - database/
      - backup/
      - old/
      - archive/
      - .git/
      - keys/
      - credentials/
  server_headers:
    - Apache/2.2.22 (Ubuntu)
    - nginx/1.18.0
    - Microsoft-IIS/10.0
    - LiteSpeed
    - Caddy
    - Gunicorn/20.0.4
    - uvicorn/0.13.4
    - Express
    - Flask/1.1.2
    - Django/3.1
  error_codes:
    - 400
    - 401
    - 403
    - 404
    - 500
    - 502
    - 503