helm/hemmelig/values.yaml

# Default values for hemmelig

replicaCount: 1

image:
  repository: hemmeligapp/hemmelig
  tag: "v7"
  pullPolicy: IfNotPresent

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

# Required configuration
config:
  # Generate with: openssl rand -base64 32
  betterAuthSecret: ""
  # Public URL of your instance (required for OAuth and cookie handling)
  betterAuthUrl: ""
  # Base URL for OAuth callbacks (required for social login)
  baseUrl: ""

# Additional environment variables
env: []
  # - name: HEMMELIG_ANALYTICS_ENABLED
  #   value: "true"

# Use existing secret for sensitive values
existingSecret: ""
# Keys expected in the secret:
#   BETTER_AUTH_SECRET
#   HEMMELIG_ANALYTICS_HMAC_SECRET (optional)
#   HEMMELIG_AUTH_GITHUB_ID, HEMMELIG_AUTH_GITHUB_SECRET (optional)
#   HEMMELIG_AUTH_GOOGLE_ID, HEMMELIG_AUTH_GOOGLE_SECRET (optional)
#   HEMMELIG_AUTH_MICROSOFT_ID, HEMMELIG_AUTH_MICROSOFT_SECRET, HEMMELIG_AUTH_MICROSOFT_TENANT_ID (optional)
#   HEMMELIG_AUTH_DISCORD_ID, HEMMELIG_AUTH_DISCORD_SECRET (optional)
#   HEMMELIG_AUTH_GITLAB_ID, HEMMELIG_AUTH_GITLAB_SECRET, HEMMELIG_AUTH_GITLAB_ISSUER (optional)
#   HEMMELIG_AUTH_APPLE_ID, HEMMELIG_AUTH_APPLE_SECRET (optional)
#   HEMMELIG_AUTH_TWITTER_ID, HEMMELIG_AUTH_TWITTER_SECRET (optional)
#   HEMMELIG_AUTH_GENERIC_OAUTH (optional)

# OAuth / Social Login Configuration
oauth:
  github:
    enabled: false
    clientId: ""
    clientSecret: ""
  google:
    enabled: false
    clientId: ""
    clientSecret: ""
  microsoft:
    enabled: false
    clientId: ""
    clientSecret: ""
    tenantId: "" # Optional
  discord:
    enabled: false
    clientId: ""
    clientSecret: ""
  gitlab:
    enabled: false
    clientId: ""
    clientSecret: ""
    issuer: ""  # Optional, for self-hosted GitLab (e.g., https://gitlab.example.com)
  apple:
    enabled: false
    clientId: ""
    clientSecret: ""
  twitter:
    enabled: false
    clientId: ""
    clientSecret: ""
  generic: ""
    # Example: '[{"providerId":"authentik","discoveryUrl":"https://auth.example.com/.well-known/openid-configuration","clientId":"client-id","clientSecret":"secret","scopes":["openid","profile","email"]}]'

serviceAccount:
  create: true
  automount: true
  annotations: {}
  name: ""

podAnnotations: {}
podLabels: {}


service:
  type: ClusterIP
  port: 3000

ingress:
  enabled: false
  className: ""
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: hemmelig.local
      paths:
        - path: /
          pathType: Prefix
  tls: []
    # - secretName: hemmelig-tls
    #   hosts:
    #     - hemmelig.local

resources: {}
  # limits:
  #   cpu: 500m
  #   memory: 512Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi

# Persistence for SQLite database and uploads
persistence:
  data:
    enabled: true
    size: 1Gi
    storageClass: ""
    accessMode: ReadWriteOnce
    # existingClaim: ""
  uploads:
    enabled: true
    size: 5Gi
    storageClass: ""
    accessMode: ReadWriteOnce
    # existingClaim: ""

livenessProbe:
  httpGet:
    path: /api/healthz
    port: http
  initialDelaySeconds: 10
  periodSeconds: 30
  timeoutSeconds: 10
  failureThreshold: 3

readinessProbe:
  httpGet:
    path: /api/healthz
    port: http
  initialDelaySeconds: 5
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 3

nodeSelector: {}

tolerations: []

affinity: {}
feat: rebrand Hemmelig to paste.es for cloudhost.es - Set Spanish as default language with ephemeral/encrypted privacy focus - Translate all user-facing strings and legal pages to Spanish - Replace Norwegian flag with Spanish flag in footer - Remove Hemmelig/terces.cloud links, add cloudhost.es sponsorship - Rewrite PrivacyPage: zero data collection, ephemeral design emphasis - Rewrite TermsPage: Spanish law, RGPD, paste.es/CloudHost.es references - Update PWA manifest, HTML meta tags, package.json branding - Rename webhook headers to X-Paste-Event / X-Paste-Signature - Update API docs title and contact to paste.es / cloudhost.es Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-02-24 09:30:19 +01:00			`# Default values for hemmelig`

			`replicaCount: 1`

			`image:`
			`repository: hemmeligapp/hemmelig`
			`tag: "v7"`
			`pullPolicy: IfNotPresent`

			`imagePullSecrets: []`
			`nameOverride: ""`
			`fullnameOverride: ""`

			`# Required configuration`
			`config:`
			`# Generate with: openssl rand -base64 32`
			`betterAuthSecret: ""`
			`# Public URL of your instance (required for OAuth and cookie handling)`
			`betterAuthUrl: ""`
			`# Base URL for OAuth callbacks (required for social login)`
			`baseUrl: ""`

			`# Additional environment variables`
			`env: []`
			`# - name: HEMMELIG_ANALYTICS_ENABLED`
			`# value: "true"`

			`# Use existing secret for sensitive values`
			`existingSecret: ""`
			`# Keys expected in the secret:`
			`# BETTER_AUTH_SECRET`
			`# HEMMELIG_ANALYTICS_HMAC_SECRET (optional)`
			`# HEMMELIG_AUTH_GITHUB_ID, HEMMELIG_AUTH_GITHUB_SECRET (optional)`
			`# HEMMELIG_AUTH_GOOGLE_ID, HEMMELIG_AUTH_GOOGLE_SECRET (optional)`
			`# HEMMELIG_AUTH_MICROSOFT_ID, HEMMELIG_AUTH_MICROSOFT_SECRET, HEMMELIG_AUTH_MICROSOFT_TENANT_ID (optional)`
			`# HEMMELIG_AUTH_DISCORD_ID, HEMMELIG_AUTH_DISCORD_SECRET (optional)`
			`# HEMMELIG_AUTH_GITLAB_ID, HEMMELIG_AUTH_GITLAB_SECRET, HEMMELIG_AUTH_GITLAB_ISSUER (optional)`
			`# HEMMELIG_AUTH_APPLE_ID, HEMMELIG_AUTH_APPLE_SECRET (optional)`
			`# HEMMELIG_AUTH_TWITTER_ID, HEMMELIG_AUTH_TWITTER_SECRET (optional)`
			`# HEMMELIG_AUTH_GENERIC_OAUTH (optional)`

			`# OAuth / Social Login Configuration`
			`oauth:`
			`github:`
			`enabled: false`
			`clientId: ""`
			`clientSecret: ""`
			`google:`
			`enabled: false`
			`clientId: ""`
			`clientSecret: ""`
			`microsoft:`
			`enabled: false`
			`clientId: ""`
			`clientSecret: ""`
			`tenantId: "" # Optional`
			`discord:`
			`enabled: false`
			`clientId: ""`
			`clientSecret: ""`
			`gitlab:`
			`enabled: false`
			`clientId: ""`
			`clientSecret: ""`
			`issuer: "" # Optional, for self-hosted GitLab (e.g., https://gitlab.example.com)`
			`apple:`
			`enabled: false`
			`clientId: ""`
			`clientSecret: ""`
			`twitter:`
			`enabled: false`
			`clientId: ""`
			`clientSecret: ""`
			`generic: ""`
			`# Example: '[{"providerId":"authentik","discoveryUrl":"https://auth.example.com/.well-known/openid-configuration","clientId":"client-id","clientSecret":"secret","scopes":["openid","profile","email"]}]'`

			`serviceAccount:`
			`create: true`
			`automount: true`
			`annotations: {}`
			`name: ""`

			`podAnnotations: {}`
			`podLabels: {}`



			`service:`
			`type: ClusterIP`
			`port: 3000`

			`ingress:`
			`enabled: false`
			`className: ""`
			`annotations: {}`
			`# kubernetes.io/ingress.class: nginx`
			`# cert-manager.io/cluster-issuer: letsencrypt-prod`
			`hosts:`
			`- host: hemmelig.local`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`tls: []`
			`# - secretName: hemmelig-tls`
			`# hosts:`
			`# - hemmelig.local`

			`resources: {}`
			`# limits:`
			`# cpu: 500m`
			`# memory: 512Mi`
			`# requests:`
			`# cpu: 100m`
			`# memory: 128Mi`

			`# Persistence for SQLite database and uploads`
			`persistence:`
			`data:`
			`enabled: true`
			`size: 1Gi`
			`storageClass: ""`
			`accessMode: ReadWriteOnce`
			`# existingClaim: ""`
			`uploads:`
			`enabled: true`
			`size: 5Gi`
			`storageClass: ""`
			`accessMode: ReadWriteOnce`
			`# existingClaim: ""`

			`livenessProbe:`
			`httpGet:`
			`path: /api/healthz`
			`port: http`
			`initialDelaySeconds: 10`
			`periodSeconds: 30`
			`timeoutSeconds: 10`
			`failureThreshold: 3`

			`readinessProbe:`
			`httpGet:`
			`path: /api/healthz`
			`port: http`
			`initialDelaySeconds: 5`
			`periodSeconds: 10`
			`timeoutSeconds: 5`
			`failureThreshold: 3`

			`nodeSelector: {}`

			`tolerations: []`

			`affinity: {}`