image:
  repository: ghcr.io/wg-easy/wg-easy
  pullPolicy: IfNotPresent
  tag: 8@sha256:f185fec28bf4a811e62d5791b7f05351113d3fe3c5ed9582e368e978625e6685
securityContext:
  container:
    PUID: 0
    runAsUser: 0
    runAsGroup: 0
    readOnlyRootFilesystem: false
    runAsNonRoot: false
    capabilities:
      add:
        - NET_ADMIN
        - NET_RAW
        - SYS_MODULE
service:
  main:
    ports:
      main:
        port: 51821
  vpn:
    enabled: true
    ports:
      vpn:
        enabled: true
        protocol: udp
        port: 51820
workload:
  main:
    podSpec:
      containers:
        main:
          probes:
            liveness:
              type: tcp
            readiness:
              type: tcp
            startup:
              type: tcp
          env:
            WG_HOST: "localhost"
            PORT: "{{ .Values.service.main.ports.main.port }}"
            WG_PORT: "{{ .Values.service.vpn.ports.vpn.port }}"
            WG_MTU: 0
            WG_PERSISTENT_KEEPALIVE: 0
            WG_DEFAULT_ADDRESS: "10.8.0.x"
            WG_DEFAULT_DNS: "1.1.1.1"
            WG_ALLOWED_IPS: "0.0.0.0/0, ::/0"
            PASSWORD: "secretpass"
persistence:
  config:
    enabled: true
    mountPath: "/etc/wireguard"
portal:
  open:
    enabled: true