env: dev # For storage class provisioning
host: localhost # For reverse proxy rule

mongo-express:
  enabled: true
  mongodbServer: dev-mongodb.dev
  mongodbPort: 27017
  mongodbEnableAdmin: true
  mongodbAdminUsername: root
  mongodbAdminPassword: rootpwd
  siteBaseUrl: /mongoexpress
  basicAuthUsername: test
  basicAuthPassword: testme
  mongodb:
    enabled: false

mongodb:
  enabled: true
  global:
    defaultStorageClass: kind-sc
    storageClass: kind-sc
  architecture: standalone
  useStatefulSet: false
  auth:
    enabled: true
    rootUser: root
    rootPassword: rootpwd
    databases: ["DC_myDC"]
    usernames: ["opencloud"]
    passwords: ["opencloud"]
  resourcesPreset: "small"
  replicaCount: 1
  persistence:
    enabled: true
    storageClass: kind-sc
    existingClaim: mongo-pvc
    accessModes: 
    - ReadWriteOnce
    size: 100Mi
  persistentVolumeClaimRetentionPolicy:
    enabled: true
    whenDeleted: Retain
    whenScaled: Retain
  arbiter:
    enabled: false
  livenessProbe:
    enabled: true
  readinessProbe:
    enabled: true

nats:
  enabled: true
  jetstream:
    enabled: true
    fileStore:
      size: 20Mi
      storageClassName: kind-sc


openldap:
  enabled: true
  test:
    enabled: false
  ltb-passwd:
    enabled: false
  replicaCount: 1
  image:
    repository: osixia/openldap
    tag: 1.5.0
  tls:
    enabled: false
  env:
    LDAP_ORGANISATION: "Example opencloud"
    LDAP_DOMAIN: "example.com"
    LDAP_BACKEND: "mdb"
    LDAP_TLS: "false"
    LDAP_TLS_ENFORCE: "false"
    LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
  adminPassword: "admin@password"
  configPassword: "config@password"
  phpldapadmin:
    enabled: false
  persistence:
    enabled: true
    accessMode: ReadWriteOnce
    size: 10Mi
    storageClass: kind-sc
  replication:
    enabled: false
  customLdifFiles:

    01-schema.ldif: |-
      dn: ou=groups,dc=example,dc=com
      objectClass: organizationalUnit
      ou: groups

      dn: ou=users,dc=example,dc=com
      objectClass: organizationalUnit
      ou: users

      dn: cn=lastGID,dc=example,dc=com
      objectClass: device
      objectClass: top
      description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group.
      cn: lastGID
      serialNumber: 2001

      dn: cn=lastUID,dc=example,dc=com
      objectClass: device
      objectClass: top
      serialNumber: 2001
      description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account.
      cn: lastUID

      dn: cn=everybody,ou=groups,dc=example,dc=com
      objectClass: top
      objectClass: posixGroup
      cn: everybody
      memberUid: admin
      gidNumber: 2003

    02-ldapadmin.ldif : |-
      dn: cn=ldapadmin,ou=groups,dc=example,dc=com
      objectClass: top
      objectClass: posixGroup
      cn: ldapadmin
      memberUid: ldapadmin
      gidNumber: 2001

      dn: uid=ldapadmin,ou=users,dc=example,dc=com
      givenName: ldap
      sn: admin
      uid: ldapadmin
      cn: ldapadmin
      mail: ldapadmin@example.com
      objectClass: person
      objectClass: inetOrgPerson
      objectClass: posixAccount
      userPassword: ldapadmin
      uidNumber: 2001
      gidNumber: 2001
      loginShell: /bin/bash
      homeDirectory: /home/ldapadmin

    03-opencloudadmin.ldif : |-
      dn: cn=admin,ou=groups,dc=example,dc=com
      objectClass: top
      objectClass: posixGroup
      cn: admin
      memberUid: admin
      gidNumber: 2002

      dn: uid=admin,ou=users,dc=example,dc=com
      givenName: John
      sn: Doe
      uid: admin
      mail: john.doe@example.com
      cn: JohnDoe
      objectClass: person
      objectClass: inetOrgPerson
      objectClass: posixAccount
      userPassword:: e0NSWVBUfSQ2JDdTZ0daU1FXJGw1ZWRTTHVDaDV6a0NvUlllZzFLd3MwUHRKQ
      jJQL09CQWdoc0RkbWhzTXJPcEpCbzR3b01yNWJQcjlubi8udWdzM25LcHlKQmt2eHVJWFM0eUQ1
      cnox
      uidNumber: 2002
      gidNumber: 2002
      loginShell: /bin/bash
      homeDirectory: /home/admin

# ldap user manager configuration
ldapUserManager:
  enabled: true
  env:
    SERVER_HOSTNAME: "users.example.com"
    LDAP_BASE_DN: "dc=example,dc=com"
    LDAP_REQUIRE_STARTTLS: "false"
    LDAP_ADMINS_GROUP: "ldapadmin"
    LDAP_ADMIN_BIND_DN: "cn=admin,dc=example,dc=com"
    LDAP_ADMIN_BIND_PWD: "admin@password"
    LDAP_IGNORE_CERT_ERRORS: "true"
    EMAIL_DOMAIN: ""
    NO_HTTPS: "true"
    SERVER_PATH: "/users"
    ORGANISATION_NAME: "Example"
    LDAP_USER_OU: "users"
    LDAP_GROUP_OU: "groups"
    ACCEPT_WEAK_PASSWORDS: "true"
  resources:
    limits:
      cpu: "128m"
      memory: "256Mi"
    requests:
      cpu: "128m"
      memory: "256Mi"

traefik:
  enabled: true
  service:
    type: NodePort
  ingressRoute:
    dashboard:
      enabled: true
      matchRule: Host(`localhost`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`)
      entryPoints: [web]
  ports:
    web:
      nodePort: 30950

hydra:
  enabled: true
  maester:
    enabled: true
  hydra:
    dev: true
    config:
      dsn: memory
      urls:
        login: http://localhost/authentication/login
        consent: http://localhost/consent/consent
        logout: http://localhost/authentication/logout
        self:
          issuer: http://localhost/idp

keto:
  enabled: true
  keto:
    config:
      serve:
        read:
          port: 4466
        write:
          port: 4467
        metrics:
          port: 4468
      namespaces:
        - id: 0
          name: open-cloud
      dsn: memory

ocAuth:
  enabled: true
  image: oc/oc-auth:0.0.1
  authType: hydra
  keto:
    adminRole: admin
  hydra:
    openCloudOauth2ClientSecretName: oc-auth-got-secret
  ldap:
    bindDn: "cn=admin,dc=example,dc=com"
    binPwd: "admin@password"
    baseDn: "dc=example,dc=com"
    roleBaseDn: "ou=AppRoles,dc=example,dc=com"
  resources:
    limits:
      cpu: "128m"
      memory: "128Mi"
    requests:
      cpu: "128m"
      memory: "256Mi"
      
loki:
  enabled: false

grafana:
  enabled: false