## Global settings
nameOverride: ""
fullnameOverride: ""

## Image settings
image:
  repository: ghcr.io/mealie-recipes/mealie
  tag: "v3.1.1"
  pullPolicy: IfNotPresent
  
## Deployment settings
replicaCount: 1
revisionHistoryLimit: 3

# Pod security settings
podSecurityContext:
  runAsNonRoot: false
  runAsUser: 911
  fsGroup: 911

containerSecurityContext:
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: false
  capabilities:
    drop:
      - ALL

## Pod scheduling
nodeSelector: {}
tolerations: []
affinity: {}

## Service settings
service:
  type: ClusterIP
  port: 9000

## Ingress settings
ingress:
  enabled: false
  className: ""
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
  hosts:
    - host: mealie.domain.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - hosts:
        - mealie.domain.com

## Persistence settings
persistence:
  enabled: false
  storageClass: ""
  accessMode: ReadWriteOnce
  size: 5Gi
  annotations: {}

## Resource limits and requests
# resources:
#   limits:
#     cpu: 1000m
#     memory: 1000Mi
#   requests:
#     cpu: 100m
#     memory: 256Mi

## Application health checks
probes:
  liveness:
    enabled: true
    initialDelaySeconds: 60
    periodSeconds: 30
    timeoutSeconds: 10
    failureThreshold: 3
    successThreshold: 1
    path: /
  readiness:
    enabled: true
    initialDelaySeconds: 30
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 3
    successThreshold: 1
    path: /

## Autoscaling configuration
autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 3
  targetCPUUtilizationPercentage: 80
  targetMemoryUtilizationPercentage: 80

## Environment variables
env:
  # General Settings
  PUID: "911"
  PGID: "911"
  DEFAULT_GROUP: "Home"
  DEFAULT_HOUSEHOLD: "Family"
  BASE_URL: "http://localhost:9000"
  TOKEN_TIME: "48"
  API_PORT: "9000"
  API_DOCS: "true"
  TZ: "UTC"
  ALLOW_SIGNUP: "false"
  ALLOW_PASSWORD_LOGIN: "true"
  LOG_LEVEL: "info"
  DAILY_SCHEDULE_TIME: "23:45"
  
  # Security
  SECURITY_MAX_LOGIN_ATTEMPTS: "5"
  SECURITY_USER_LOCKOUT_TIME: "24"
  
  # Database
  DB_ENGINE: "postgres" # postgres or sqlite
  
  # Webworker
  UVICORN_WORKERS: "1"

# Extra environment variables (for advanced use cases)
extraEnv: []
  # - name: POSTGRES_USER
  #   value: "mealie"
  # - name: POSTGRES_PASSWORD
  #   value: "mealie"
  # - name: POSTGRES_SERVER
  #   value: "postgres"
  # - name: POSTGRES_PORT
  #   value: "5432"
  # - name: POSTGRES_DB
  #   value: "mealie"

# Extra volume mounts
extraVolumeMounts: []

# Extra volumes 
extraVolumes: []

## PostgreSQL configuration (when using external database)
postgresql:
  enabled: false
  # External PostgreSQL settings
  external:
    enabled: false
    host: ""
    port: 5432
    database: "mealie"
    user: "mealie"
    password: ""
    # Use existing secret for database credentials
    existingSecret: ""
    userKey: "username"
    passwordKey: "password"

## SMTP Email configuration
email:
  enabled: false
  host: ""
  port: 587
  fromName: "Mealie"
  authStrategy: "TLS"  # TLS, SSL, NONE
  fromEmail: ""
  user: ""
  password: ""
  # Use existing secret for SMTP credentials
  existingSecret: ""
  userKey: "smtp-user"
  passwordKey: "smtp-password"

## LDAP Authentication
ldap:
  enabled: false
  serverUrl: ""
  tlsInsecure: false
  tlsCaCertFile: ""
  enableStartTls: false
  baseDn: ""
  queryBind: ""
  queryPassword: ""
  userFilter: ""
  adminFilter: ""
  idAttribute: "uid"
  nameAttribute: "name"
  mailAttribute: "mail"
  # Use existing secret for LDAP credentials
  existingSecret: ""
  passwordKey: "ldap-password"

## OpenID Connect (OIDC)
oidc:
  enabled: false
  signupEnabled: true
  configurationUrl: ""
  clientId: ""
  clientSecret: ""
  userGroup: ""
  adminGroup: ""
  autoRedirect: false
  providerName: "OAuth"
  rememberMe: false
  signingAlgorithm: "RS256"
  userClaim: "email"
  nameClaim: "name"
  groupsClaim: "groups"
  scopesOverride: ""
  tlsCaCertFile: ""
  # Use existing secret for OIDC credentials
  existingSecret: ""
  clientIdKey: "oidc-client-id"
  clientSecretKey: "oidc-client-secret"

## OpenAI Integration
openai:
  enabled: false
  baseUrl: ""
  apiKey: ""
  model: "gpt-4o"
  customHeaders: ""
  customParams: ""
  enableImageServices: true
  workers: 2
  sendDatabaseData: true
  requestTimeout: 60
  # Use existing secret for OpenAI API key
  existingSecret: ""
  apiKeyKey: "openai-api-key"

## TLS Configuration
tls:
  enabled: false
  certificatePath: ""
  privateKeyPath: ""
  # Use existing secret for TLS certificates
  existingSecret: ""
  certificateKey: "tls.crt"
  privateKeyKey: "tls.key"

## Theming
theme:
  light:
    primary: "#E58325"
    accent: "#007A99"
    secondary: "#973542"
    success: "#43A047"
    info: "#1976D2"
    warning: "#FF6D00"
    error: "#EF5350"
  dark:
    primary: "#E58325"
    accent: "#007A99"
    secondary: "#973542"
    success: "#43A047"
    info: "#1976D2"
    warning: "#FF6D00"
    error: "#EF5350"