## Global settings
nameOverride: ""
fullnameOverride: ""

## Image settings
image:
  repository: donetick/donetick
  tag: "v0.1.60"
  pullPolicy: IfNotPresent

imagePullSecrets: []
  
## Deployment settings
replicaCount: 1
revisionHistoryLimit: 3

# Optional startup arguments
startupArgs: []
  # - "--skip-migrations"  # Uncomment to skip database migrations on startup

# Pod security settings
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 1000
  fsGroup: 1000

containerSecurityContext:
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: true
  capabilities:
    drop:
      - ALL

## Pod scheduling
nodeSelector: {}
tolerations: []
affinity: {}

## Pod annotations
podAnnotations: {}

## Service settings
service:
  type: ClusterIP
  port: 2021
  annotations: {}

## Ingress settings
ingress:
  enabled: false
  className: ""
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
  hosts:
    - host: donetick.domain.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - hosts:
        - donetick.domain.com
      # Optional: specify the name of an existing TLS secret
      # secretName: "existing-tls-secret"

## Persistence settings
persistence:
  enabled: false
  storageClass: ""
  accessMode: ReadWriteOnce
  size: 1Gi
  annotations: {}

## Environment variables
env:
  - name: DT_ENV
    value: selfhosted
  - name: DT_SQLITE_PATH
    value: /donetick-data/donetick.db

# Extra environment variables (for advanced use cases)
extraEnv: []
  # - name: DT_LOG_LEVEL
  #   value: "debug"
  # - name: DT_SKIP_MIGRATIONS
  #   value: "true"

# Extra volume mounts
extraVolumeMounts: []

# Extra volumes 
extraVolumes: []

## Resource limits and requests
resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 500m
  #   memory: 512Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi

## Application health checks
probes:
  startup:
    enabled: true
    initialDelaySeconds: 30
    periodSeconds: 15
    timeoutSeconds: 15
    failureThreshold: 80
    successThreshold: 1
    path: /health
  liveness:
    enabled: true
    initialDelaySeconds: 30
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 6
    successThreshold: 1
    path: /health
  readiness:
    enabled: true
    initialDelaySeconds: 5
    periodSeconds: 5
    timeoutSeconds: 3
    failureThreshold: 3
    successThreshold: 1
    path: /health

## Autoscaling configuration
autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 5
  targetCPUUtilizationPercentage: 80
  targetMemoryUtilizationPercentage: 80

## Application configuration
config:
  name: "selfhosted"
  is_done_tick_dot_com: false
  is_user_creation_disabled: false
  
  # Notification settings
  telegram:
    token: ""
  pushover:
    token: ""
  
  # Database configuration
  database:
    type: "sqlite"
    migration: true
    # Migration options
    migration_skip: false  # Set to true to skip database migrations
    migration_retry: 3     # Number of retries for failed migrations
    migration_timeout: "600s"  # Timeout for database migrations (default: 10 minutes)

    # These are only required for postgres
    host: ""
    port: 5432
    name: ""

    # Secret configuration for postgres credentials
    secrets:
      existingSecret: ""        # Name of existing Kubernetes secret containing postgres credentials
      userKey: "username"       # Key in the secret for database username
      passwordKey: "password"   # Key in the secret for database password
  
  # Security settings
  # For production, use a generated secret and store in a Kubernetes Secret
  jwt:
    existingSecret: "" # Set this to use an existing secret
    secretKey: "jwtSecret" # The key in the secret where JWT secret is stored
    secret: "changeme-this-secret-should-be-at-least-32-characters-long" # Only used if existingSecret is not set
    session_time: 168h
    max_refresh: 168h
  
  # Server configuration
  server:
    port: 2021
    read_timeout: 10s
    write_timeout: 10s
    rate_period: 60s
    rate_limit: 300
    cors_allow_origins:
      - "http://localhost:5173"
      - "http://localhost:7926"
      # The below are required for the android app to work
      - "https://localhost"
      - "capacitor://localhost"
    serve_frontend: true

  # Scheduler configuration
  scheduler_jobs:
    due_job: 30m
    overdue_job: 3h
    pre_due_job: 3h
  
  # Email settings
  email:
    host: ""
    port: ""
    key: ""
    email: ""
    appHost: ""
  
  # OAuth2 configuration
  oauth2:
    # Direct configuration
    client_id: ""
    client_secret: ""
    # Secret configuration - alternative to direct configuration
    existingSecret: ""        # Name of existing Kubernetes secret
    clientIdKey: "client-id"  # Key in the secret for client ID
    clientSecretKey: "client-secret" # Key in the secret for client secret
    # Other OAuth2 settings
    auth_url: ""
    token_url: ""
    user_info_url: ""
    redirect_url: ""
    name: ""

  # Real-time configuration
  realtime:
    max_connections: 100
    ping_interval: "30s"
    pong_wait: "60s"
    write_wait: "10s"
    max_message_size: 512

  # Logging configuration
  logging:
    level: "info"
    format: "json"

  # Storage configuration
  storage:
    type: "local"
    path: "/donetick-data/uploads"

  # Feature flags
  features:
    notifications: true
    realtime: true
    oauth: false