init:
  version: 0
  namespace: "bases"

commons:
  # -- masterPassword to generate secrets
  # @section -- Commons
  masterPassword: "CHANGEME"

  helm:
    release:
      # -- install of FluxCD HelmRelease
      # @section -- Commons helm release
      install: {}
      # -- test of FluxCD HelmRelease
      # @section -- Commons helm release
      test: {}
      # -- upgrade of FluxCD HelmRelease
      # @section -- Commons helm release
      upgrade: {}
      # -- driftDetection of FluxCD HelmRelease
      # @section -- Commons helm release
      driftDetection: {}

  ingress:
    # -- top domain for all services
    # @section -- Commons Ingress
    domain: "wrenix.eu"
    # -- annotations for all ingress objects
    # @section -- Commons Ingress
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-prod
    tls:
      # -- tls on every ingress
      # @section -- Commons Ingress
      enabled: true
      # -- use own definition of tls (e.g. for own or wildcard certificate)
      # @section -- Commons Ingress
      override: []

  prometheus:
    monitor:
      # -- labels on Pod- and Service-Monitor
      # @section -- Commons Monitoring
      labels: {}
    rules:
      # -- labels on PrometheusRules
      # @section -- Commons Monitoring
      labels: {}

  grafana:
    dashboards:
      # -- labels of grafana dashboard configmap
      # @section -- Commons Monitoring
      labels: {}
      # -- annotations of grafana dashboard configmap
      # @section -- Commons Monitoring
      annotations: {}


ingress:
  # -- default: fs.(Values.commons.ingress.domain)
  host:
  # -- ingress annotatations - default are all the best practise of collabora
  annotations:
    # nginx controller
    nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc"
    nginx.ingress.kubernetes.io/server-snippet: |
      location /cool/getMetrics { deny all; return 403; }
      location /cool/adminws/ { deny all; return 403; }
      location /browser/dist/admin/admin.html { deny all; return 403; }
    # haproxy community
    haproxy-ingress.github.io/timeout-tunnel: 3600s
    haproxy-ingress.github.io/assign-backend-server-id: "true"
    haproxy-ingress.github.io/balance-algorithm: url_param WOPISrc
    haproxy-ingress.github.io/config-backend:
      hash-type consistent
      acl admin_url path_beg /cool/getMetrics
      acl admin_url path_beg /cool/adminws/
      acl admin_url path_beg /browser/dist/admin/admin.html
      http-request deny if admin_url


# -- adminPassword to access collabora admin platform
adminPassword:

# -- allowed host to use this collabora instance
# if not set we allow defaults (like nextcloud)
# example:
#  main.host.de: [ "alias1.host.de", "alias2.host.de" ]
allowedHosts: {}