# Default values for hemmelig

replicaCount: 1

image:
  repository: hemmeligapp/hemmelig
  tag: "v7"
  pullPolicy: IfNotPresent

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

# Required configuration
config:
  # Generate with: openssl rand -base64 32
  betterAuthSecret: ""
  # Public URL of your instance (required for OAuth and cookie handling)
  betterAuthUrl: ""
  # Base URL for OAuth callbacks (required for social login)
  baseUrl: ""

# Additional environment variables
env: []
  # - name: HEMMELIG_ANALYTICS_ENABLED
  #   value: "true"

# Use existing secret for sensitive values
existingSecret: ""
# Keys expected in the secret:
#   BETTER_AUTH_SECRET
#   HEMMELIG_ANALYTICS_HMAC_SECRET (optional)
#   HEMMELIG_AUTH_GITHUB_ID, HEMMELIG_AUTH_GITHUB_SECRET (optional)
#   HEMMELIG_AUTH_GOOGLE_ID, HEMMELIG_AUTH_GOOGLE_SECRET (optional)
#   HEMMELIG_AUTH_MICROSOFT_ID, HEMMELIG_AUTH_MICROSOFT_SECRET, HEMMELIG_AUTH_MICROSOFT_TENANT_ID (optional)
#   HEMMELIG_AUTH_DISCORD_ID, HEMMELIG_AUTH_DISCORD_SECRET (optional)
#   HEMMELIG_AUTH_GITLAB_ID, HEMMELIG_AUTH_GITLAB_SECRET, HEMMELIG_AUTH_GITLAB_ISSUER (optional)
#   HEMMELIG_AUTH_APPLE_ID, HEMMELIG_AUTH_APPLE_SECRET (optional)
#   HEMMELIG_AUTH_TWITTER_ID, HEMMELIG_AUTH_TWITTER_SECRET (optional)
#   HEMMELIG_AUTH_GENERIC_OAUTH (optional)

# OAuth / Social Login Configuration
oauth:
  github:
    enabled: false
    clientId: ""
    clientSecret: ""
  google:
    enabled: false
    clientId: ""
    clientSecret: ""
  microsoft:
    enabled: false
    clientId: ""
    clientSecret: ""
    tenantId: "" # Optional
  discord:
    enabled: false
    clientId: ""
    clientSecret: ""
  gitlab:
    enabled: false
    clientId: ""
    clientSecret: ""
    issuer: ""  # Optional, for self-hosted GitLab (e.g., https://gitlab.example.com)
  apple:
    enabled: false
    clientId: ""
    clientSecret: ""
  twitter:
    enabled: false
    clientId: ""
    clientSecret: ""
  generic: ""
    # Example: '[{"providerId":"authentik","discoveryUrl":"https://auth.example.com/.well-known/openid-configuration","clientId":"client-id","clientSecret":"secret","scopes":["openid","profile","email"]}]'

serviceAccount:
  create: true
  automount: true
  annotations: {}
  name: ""

podAnnotations: {}
podLabels: {}



service:
  type: ClusterIP
  port: 3000

ingress:
  enabled: false
  className: ""
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: hemmelig.local
      paths:
        - path: /
          pathType: Prefix
  tls: []
    # - secretName: hemmelig-tls
    #   hosts:
    #     - hemmelig.local

resources: {}
  # limits:
  #   cpu: 500m
  #   memory: 512Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi

# Persistence for SQLite database and uploads
persistence:
  data:
    enabled: true
    size: 1Gi
    storageClass: ""
    accessMode: ReadWriteOnce
    # existingClaim: ""
  uploads:
    enabled: true
    size: 5Gi
    storageClass: ""
    accessMode: ReadWriteOnce
    # existingClaim: ""

livenessProbe:
  httpGet:
    path: /api/healthz
    port: http
  initialDelaySeconds: 10
  periodSeconds: 30
  timeoutSeconds: 10
  failureThreshold: 3

readinessProbe:
  httpGet:
    path: /api/healthz
    port: http
  initialDelaySeconds: 5
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 3

nodeSelector: {}

tolerations: []

affinity: {}