init:
  version: 0
  namespace: "bases"

commons:
  masterPassword: "CHANGEME"

  helm:
    release:
      install: {}
      test: {}
      upgrade: {}
      driftDetection: {}

  ingress:
    domain: "wrenix.eu"
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-prod
    tls:
      # -- tls on every ingress
      enabled: true
      # -- use own definition of tls (e.g. for own or wildcard certificate)
      override:

  prometheus:
    monitor:
      labels: {}
    rules:
      labels: {}
  grafana:
    dashboards:
      labels: {}
      annotations: {}


ingress:
  # -- default: fs.(Values.commons.ingress.domain)
  host:
  # -- ingress annotatations - default are all the best practise of collabora
  annotations:
    # nginx controller
    nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc"
    nginx.ingress.kubernetes.io/server-snippet: |
      location /cool/getMetrics { deny all; return 403; }
      location /cool/adminws/ { deny all; return 403; }
      location /browser/dist/admin/admin.html { deny all; return 403; }
    # haproxy community
    haproxy-ingress.github.io/timeout-tunnel: 3600s
    haproxy-ingress.github.io/assign-backend-server-id: "true"
    haproxy-ingress.github.io/balance-algorithm: url_param WOPISrc
    haproxy-ingress.github.io/config-backend:
      hash-type consistent
      acl admin_url path_beg /cool/getMetrics
      acl admin_url path_beg /cool/adminws/
      acl admin_url path_beg /browser/dist/admin/admin.html
      http-request deny if admin_url


# -- adminPassword to access collabora admin platform
adminPassword:

# -- allowed host to use this collabora instance
# if not set we allow defaults (like nextcloud)
# example:
#  main.host.de: [ "alias1.host.de", "alias2.host.de" ]
allowedHosts: {}