image:
  repository: tccr.io/truecharts/wg-easy
  pullPolicy: IfNotPresent
  tag: latest@sha256:5cc96ad86c87fb2ebc7dab65fc5b190ff0dcce370d0b9afa4aa4b5b2580a5000

securityContext:
  container:
    PUID: 0
    runAsUser: 0
    runAsGroup: 0
    readOnlyRootFilesystem: false
    runAsNonRoot: false
    capabilities:
      add:
        - NET_ADMIN
        - NET_RAW
        - SYS_MODULE

service:
  main:
    ports:
      main:
        port: 51821
  vpn:
    enabled: true
    ports:
      vpn:
        enabled: true
        protocol: udp
        port: 51820

workload:
  main:
    podSpec:
      containers:
        main:
          probes:
            liveness:
              type: tcp
            readiness:
              type: tcp
            startup:
              type: tcp
          env:
            WG_HOST: "localhost"
            PORT: "{{ .Values.service.main.ports.main.port }}"
            WG_PORT: "{{ .Values.service.vpn.ports.vpn.port }}"
            WG_MTU: 0
            WG_PERSISTENT_KEEPALIVE: 0
            WG_DEFAULT_ADDRESS: "10.8.0.x"
            WG_DEFAULT_DNS: "1.1.1.1"
            WG_ALLOWED_IPS: "0.0.0.0/0, ::/0"
            PASSWORD: "secretpass"

persistence:
  config:
    enabled: true
    mountPath: "/etc/wireguard"

portal:
  open:
    enabled: true