# upgrade strategy type (e.g. Recreate or RollingUpdate)
strategyType: Recreate

image:
  repository: adguard/adguardhome
  # Image tag is set via charts appVersion. If you want to override the tag, specify it here
  tag: v0.107.53
  pullPolicy: IfNotPresent

nameOverride: ""
fullnameOverride: ""

configAsCode:
  enabled: false
  resources: {}
  # requests:
  #   memory: 128Mi
  #   cpu: 100m
  image:
    repository: busybox
    tag: latest
    pullPolicy: Always
  config:
    bind_host: 0.0.0.0
    bind_port: 3000
    users: []
    # - name: admin
    #   password: $2y$05$mV4GSa5Dymk4Hjg3NCscBuCYSckCGfc2mbS57SNkBkBAfvqfOdFfm
    http_proxy: ""
    language: "en"
    rlimit_nofile: 0
    debug_pprof: false
    web_session_ttl: 720
    dns:
      bind_host: 0.0.0.0
      port: 53
      statistics_interval: 1
      querylog_enabled: true
      querylog_interval: 90
      querylog_size_memory: 1000
      anonymize_client_ip: false
      protection_enabled: true
      blocking_mode: default
      blocking_ipv4: ""
      blocking_ipv6: ""
      blocked_response_ttl: 10
      parental_block_host: family-block.dns.adguard.com
      safebrowsing_block_host: standard-block.dns.adguard.com
      ratelimit: 0
      ratelimit_whitelist: []
      refuse_any: true
      upstream_dns:
      - https://dns10.quad9.net/dns-query
      bootstrap_dns:
      - 9.9.9.10
      - 149.112.112.10
      - 2620:fe::10
      - 2620:fe::fe:10
      all_servers: false
      fastest_addr: false
      allowed_clients: []
      # - 10.0.0.1
      # - 10.0.1.1/24
      disallowed_clients: []
      # - 10.0.1.1
      # - 10.0.11.1/24
      blocked_hosts: []
      # - example.org
      # - '*.example.org'
      # - '||example.org^'
      cache_size: 4194304
      cache_ttl_min: 0
      cache_ttl_max: 0
      bogus_nxdomain: []
      aaaa_disabled: false
      enable_dnssec: false
      edns_client_subnet: false
      filtering_enabled: true
      filters_update_interval: 24
      parental_enabled: false
      safesearch_enabled: false
      safebrowsing_enabled: false
      safebrowsing_cache_size: 1048576
      safesearch_cache_size: 1048576
      parental_cache_size: 1048576
      cache_time: 30
      rewrites: []
      # - domain: example.org
      #   answer: 127.0.0.1
      # - domain: '*.example.org'
      #   answer: 127.0.0.1
      blocked_services: []
      # - facebook
      # - origin
      # - twitter
      # - snapchat
      # - skype
      # - whatsapp
      # - instagram
      # - youtube
      # - netflix
      # - twitch
      # - discord
      # - amazon
      # - ebay
      # - cloudflare
      # - steam
      # - epic_games
      # - reddit
      # - ok
      # - vk
      # - mail_ru
      # - tiktok
    tls:
      enabled: false
      server_name: ""
      force_https: false
      port_https: 443
      port_dns_over_tls: 853
      allow_unencrypted_doh: false
      strict_sni_check: false
      certificate_chain: ""
      private_key: ""
      certificate_path: ""
      private_key_path: ""
    filters:
    - enabled: true
      url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
      name: AdGuard DNS filter
      id: 1
    - enabled: false
      url: https://adaway.org/hosts.txt
      name: AdAway
      id: 2
    - enabled: false
      url: https://www.malwaredomainlist.com/hostslist/hosts.txt
      name: MalwareDomainList.com Hosts List
      id: 4
    whitelist_filters: []
    # - enabled: true
    #   url: https://easylist-downloads.adblockplus.org/exceptionrules.txt
    #   name: Allow nonintrusive advertising
    #   id: 1595760241
    user_rules: []
    # - '||example.org^'
    # - '@@||example.org^'
    # - 127.0.0.1 example.org
    # - '! Here goes a comment'
    # - '# Also a comment'
    dhcp:
      enabled: false
      interface_name: ""
      gateway_ip: ""
      subnet_mask: ""
      range_start: ""
      range_end: ""
      lease_duration: 86400
      icmp_timeout_msec: 1000
    clients: []
    # - name: myuser
    #   tags:
    #   - user_admin
    #   ids:
    #   - 192.168.91.1
    #   use_global_settings: true
    #   filtering_enabled: false
    #   parental_enabled: false
    #   safesearch_enabled: false
    #   safebrowsing_enabled: false
    #   use_global_blocked_services: true
    #   blocked_services: []
    #   upstreams: []
    log_file: ""
    verbose: false
    schema_version: 6

tlsSecretName: ""
# name of the secret that contains the tls cert and key.
# this secret will be mounted inside the adguard container /certs path. e.g. works with cert-manager

podSecurityContext: {}
  # fsGroup: 2000

securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  #   add:
  #   - NET_BIND_SERVICE
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000

timezone: "UTC"

ingress:
  enabled: false
  className: ""
  annotations: {}
  hosts:
    - host: chart-example.local
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local

# Probes configuration
probes:
  liveness:
    enabled: true
    initialDelaySeconds: 5
    failureThreshold: 5
    periodSeconds: 10
  readiness:
    enabled: false
    initialDelaySeconds: 5
    failureThreshold: 5
    periodSeconds: 10
  startup:
    enabled: false
    initialDelaySeconds: 5
    failureThreshold: 30
    periodSeconds: 10

service:
  type: ClusterIP
  # externalTrafficPolicy: Local
  # externalIPs: []
  # loadBalancerIP: ""
    # a fixed LoadBalancer IP
  # loadBalancerSourceRanges: []
  annotations: {}
    # metallb.universe.tf/address-pool: network-services
    # metallb.universe.tf/allow-shared-ip: adguard-home-svc
  port: 80

serviceTCP:
  enabled: false
  type: NodePort
  # externalTrafficPolicy: Local
  # externalIPs: []
  loadBalancerIP: ""
    # a fixed LoadBalancer IP
  # loadBalancerSourceRanges: []
  annotations: {}
    # metallb.universe.tf/address-pool: network-services
    # metallb.universe.tf/allow-shared-ip: adguard-home-svc

serviceUDP:
  enabled: true
  type: NodePort
  # externalTrafficPolicy: Local
  # externalIPs: []
  loadBalancerIP: ""
    # a fixed LoadBalancer IP
  # loadBalancerSourceRanges: []
  annotations: {}
    # metallb.universe.tf/address-pool: network-services
    # metallb.universe.tf/allow-shared-ip: adguard-home-svc

serviceDNSOverTLS:
  enabled: false
  ## Enable if you use AdGuard as a DNS over TLS/HTTPS server
  type: NodePort
  # externalTrafficPolicy: Local
  # externalIPs: []
  loadBalancerIP: ""
    # a fixed LoadBalancer IP
  # loadBalancerSourceRanges: []
  annotations: {}
    # metallb.universe.tf/address-pool: network-services
    # metallb.universe.tf/allow-shared-ip: adguard-home-svc

serviceDNSOverHTTPS:
  enabled: false
  ## Enable if you use AdGuard as a DNS over TLS/HTTPS server
  type: NodePort
  # externalTrafficPolicy: Local
  # externalIPs: []
  loadBalancerIP: ""
    # a fixed LoadBalancer IP
  # loadBalancerSourceRanges: []
  annotations: {}
    # metallb.universe.tf/address-pool: network-services
    # metallb.universe.tf/allow-shared-ip: adguard-home-svc

serviceDHCP:
  enabled: false
  ## Enable if you use AdGuard as a DHCP Server
  type: NodePort
  # externalTrafficPolicy: Local
  # externalIPs: []
  loadBalancerIP: ""
    # a fixed LoadBalancer IP
  annotations: {}
    # metallb.universe.tf/address-pool: network-services
    # metallb.universe.tf/allow-shared-ip: adguard-home-svc
    # external-dns.alpha.kubernetes.io/hostname: dns.example.com

serviceMonitor:
  enabled: false
  additionalLabels: {}

## Pod Annotations
podAnnotations:
  prometheus.io/scrape: "true"
  prometheus.io/port: "api"

persistence:
  config:
    enabled: true
    ## adguard-home configuration data Persistent Volume Storage Class
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
    ##   GKE, AWS & OpenStack)
    ##
    # storageClass: "-"
    ##
    ## If you want to reuse an existing claim, you can pass the name of the PVC using
    ## the existingClaim variable
    # existingClaim: your-claim
    # subPath: some-subpath
    accessMode: ReadWriteOnce
    size: 20Mi
    ## Do not delete the pvc upon helm uninstall
    skipuninstall: false
  work:
    enabled: true
    ## adguard-home work volume configuration
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
    ##   GKE, AWS & OpenStack)
    ##
    # storageClass: "-"
    ##
    ## If you want to reuse an existing claim, you can pass the name of the PVC using
    ## the existingClaim variable
    # existingClaim: your-claim
    # subPath: some-subpath
    accessMode: ReadWriteOnce
    size: 10Gi
    ## Do not delete the pvc upon helm uninstall
    skipuninstall: false

volumePermissions:
  image:
    repository: busybox
    tag: latest
    pullPolicy: Always
  resources: {}
    # requests:
    #   memory: 128Mi
    #   cpu: 100m

resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #  memory: 500Mi
  # requests:
  #  cpu: 50m
  #  memory: 275Mi

nodeSelector: {}

tolerations: []

affinity: {}