bitwarden_enabled: true
bitwarden_publish: false
bitwarden_use_external_db: true
bitwarden_default_values:
  fullnameOverride: "bitwarden"
  bitwarden:
    domain: "https://bitwarden.{{ domain }}"
    signupsAllowed: true
    invitationsAllowed: true
    gui:
      # If you set a different port here, you must also provide it under env
      port: 80
    websockets:
      enabled: true
      port: 3012
    admin:
      enabled: false
      disableAdminToken: true
      existingSecret:
        enabled: false
        name: ""
        tokenKey: ""
    # External database configuration.
    # Requires bitwardenrs/server >= 1.17.0 or bitwardenrs/server-{mysql,postgres} images
    # ref: https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-MySQL-Backend
    #      https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-PostgreSQL-Backend
    externalDatabase:
      enabled: true
      # Supported values: 'mysql', 'postgresql'.
      type: "postgresql"
      # Database host. Required if external database is enabled.
      host: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
      # Database port. Optional, default value is specific to the database backend.
      port: "5432"
      # Database name.
      database: "{{ bitwarden_db_name | default ('bitwarden') }}"
      # Database user.
      user: "{{ bitwarden_db_username }}"
      # Database password. Special characters must be escaped with percent encoding.
      password: "{{ bitwarden_db_password }}"
      # Use existing secret for database credentials.
      existingSecret:
        enabled: false
        name: ""
        userKey: ""
        # Special characters in the password value must be escaped with percent encoding.
        passwordKey: ""
    # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
    smtp:
      enabled: true
      # SMTP hostname, required if SMTP is enabled
      host: "mail.{{ domain }}"
      # SMTP sender e-mail address, required if SMTP is enabled
      from: "bitwarden@{{ domain }}"
      # SMTP sender name, defaults to 'Bitwarden_RS'
      fromName: "bitwarden"
      # Enable SSL connection
      ssl: true
      # Enable EXPLICIT_TLS
      explicitTLS: true
      # SMTP port
      port: 465
      # SMTP username
      user: "bitwarden@{{ domain }}"
      # SMTP password. Required is user is specified, ignored if no user provided
      password: "{{ bitwarden_ldap_pass | default(bitwarden_ldap_password) }}"
      timeout: 120
  env:
    LOG_LEVEL: "debug"
  # If you plan to run the WebUI on a port other than port 80, specify that here:
  # For example, if running the container as a non-root user.
  #  ROCKET_PORT: "80"
  persistence:
    enabled: true
    accessMode: "{{ bitwarden_storage_mode | default('ReadWriteMany') }}"
    size: "{{ bitwarden_size | default('8Gi') }}"
    storageClass: "{{ bitwarden_storage | default('nfs-ssd') }}"
    type: deployment
  ingress:
    enabled: true
    annotations:
      kubernetes.io/ingress.class: "{{ external_ingress_class if bitwarden_publish else internal_ingress_class }}"
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      cert-manager.io/acme-dns01-provider: "rfc2136"
      cert-manager.io/acme-challenge-type: "dns01"
      kubernetes.io/tls-acme: "true"
    hosts:
      - host: "bitwarden.{{ domain }}"
        paths: ["/"]
    tls:
      - secretName: "bitwarden.{{ domain }}-tls"
        hosts:
          - "bitwarden.{{ domain }}"