image:
  repository: 2fauth/2fauth
  pullPolicy: IfNotPresent
  tag: 5.1.1@sha256:ef78cc3c0cfbb302b6b933941639b2de7a018251c95fd1ee354a421486d144f1

securityContext:
  container:
    readOnlyRootFilesystem: false
    runAsUser: 1000
    runAsGroup: 1000

twofauth:
  app:
    name: 2FAuth
    site_owner: mail@example.com
    url: http://localhost:8000
    session_lifetime: 120
    trusted_proxies: []
  mail:
    driver: log
    host: ""
    port: 587
    from: ""
    user: ""
    pass: ""
    # TLS | STARTTLS | SSL
    encryption: STARTTLS
    from_name: 2FAuth
    from_address: changeme@example.com
  auth:
    # web-guard | reverse-proxy-guard
    guard: web-guard
    # show if guard uses reverse-proxy-guard
    proxy_header_for_user: ""
    proxy_header_for_email: ""
    proxy_logout_url: ""
  webauthn:
    name: 2FAuth
    id: ""
    icon: ""
    # required | preferred | discouraged
    user_verified: preferred

workload:
  main:
    podSpec:
      containers:
        main:
          probes:
            liveness:
              path: /infos
            readiness:
              path: /infos
            startup:
              type: tcp
          env:
            # APP
            APP_ENV: local
            APP_KEY:
              secretKeyRef:
                name: twofauth-secret
                key: APP_KEY
            APP_NAME: "{{ .Values.twofauth.app.name }}"
            SITE_OWNER: "{{ .Values.twofauth.app.site_owner }}"
            APP_URL: "{{ .Values.twofauth.app.url }}"
            SESSION_LIFETIME: "{{ .Values.twofauth.app.session_lifetime }}"
            TRUSTED_PROXIES: '{{ join "," .Values.twofauth.app.trusted_proxies }}'
            # MAIL
            MAIL_DRIVER: "{{ .Values.twofauth.mail.driver }}"
            MAIL_HOST: "{{ .Values.twofauth.mail.host }}"
            MAIL_PORT: "{{ .Values.twofauth.mail.port }}"
            MAIL_FROM: "{{ .Values.twofauth.mail.from }}"
            MAIL_USERNAME: "{{ .Values.twofauth.mail.user }}"
            MAIL_PASSWORD: "{{ .Values.twofauth.mail.pass }}"
            MAIL_ENCRYPTION: "{{ .Values.twofauth.mail.encryption }}"
            MAIL_FROM_NAME: "{{ .Values.twofauth.mail.from_name }}"
            MAIL_FROM_ADDRESS: "{{ .Values.twofauth.mail.from_address }}"
            # AUTH
            AUTHENTICATION_GUARD: "{{ .Values.twofauth.auth.guard }}"
            AUTH_PROXY_HEADER_FOR_USER: "{{ .Values.twofauth.auth.proxy_header_for_user }}"
            AUTH_PROXY_HEADER_FOR_EMAIL: "{{ .Values.twofauth.auth.proxy_header_for_email }}"
            PROXY_LOGOUT_URL: "{{ .Values.twofauth.auth.proxy_logout_url }}"
            # WebAuthn:
            WEBAUTHN_NAME: "{{ .Values.twofauth.webauthn.name }}"
            WEBAUTHN_ID: "{{ .Values.twofauth.webauthn.id }}"
            # Optional image data in BASE64 (128 bytes maximum) or an image url
            WEBAUTHN_ICON: "{{ .Values.twofauth.webauthn.icon }}"
            WEBAUTHN_USER_VERIFICATION: "{{ .Values.twofauth.webauthn.user_verified }}"
            # Postgres
            DB_CONNECTION: pgsql
            DB_DATABASE: "{{ .Values.cnpg.main.database }}"
            DB_USERNAME: "{{ .Values.cnpg.main.user }}"
            DB_PORT: 5432
            DB_HOST:
              secretKeyRef:
                name: cnpg-main-urls
                key: host
            DB_PASSWORD:
              secretKeyRef:
                name: cnpg-main-user
                key: password

service:
  main:
    ports:
      main:
        protocol: http
        targetPort: 8000
        port: 8000

persistence:
  config:
    enabled: true
    mountPath: /2fauth
  varrun:
    enabled: false

cnpg:
  main:
    enabled: true
    user: twofauth
    database: twofauth

portal:
  open:
    enabled: true