## Roundcube Docker image
image: roundcube/roundcubemail:{{ .Chart.AppVersion }}-fpm-alpine

## ImagePullPolicy for Roundcube Docker image
imagePullPolicy: IfNotPresent

## RBAC Role Based Access Control for resources
rbac:
  # Specifies whether RBAC resources should be created
  create: false
  rules: []
  ## Enable RBAC rules
    #  - apiGroups:
    #    - myApiGroups
    #    resourceNames:
    #    - myResourceNames
    #    resources:
    #    - myResources
    #    verbs:
    #    - use

## Service Account for Deployment
serviceAccount:
  # Specifies whether ServiceAccount resource should be created
  create: false
  # The name of the ServiceAccount to use.
  # If not set and create is true, a name is generated using a template
  name: ""
  additionalLabels: {}
  additionalAnnotations: {}

## Roundcube Core Configuration
config:

  ## DES Key for session encryption.
  ## Will be generated randomly if not set.
  desKey:

  ## User interface default language.
  defaultLanguage: en_US

  ## Allow for custom skin installation
  skins:
    classic:
      enabled: false
      composerPackage:
        name: roundcube/classic
        version: 1.6.0

    larry:
      enabled: false
      composerPackage:
        name: roundcube/larry
        version: 1.6.1

    ## custom skin example
    #custom:
    #  enabled: true
    #  composerPackage:
    #    name: custom (defaults to roundcube/{{ skin name }})
    #    version: 1.0 (defaults to rounddube version)

  ## User interface default skin.
  defaultSkin: elastic

  ## Plugin configuration
  plugins:

    ## https://github.com/roundcube/roundcubemail/blob/master/plugins/managesieve/config.inc.php.dist
    managesieve:
      enabled: false
      config:
        host: "%h:4190"
        useTls: true

    ## Context menu plugin: Adds context menus with common tasks to various parts of Roundcube
    ## https://packagist.org/packages/johndoh/contextmenu
    ## Example for a dynamically installed plugin (via composer)
    contextmenu:

      ## Enabled installing and loading the plugin.
      enabled: false

      ## composer package information
      composerPackage:
        name: "johndoh/contextmenu"
        version: "3.3"

  ## Maximum allowed upload file size (e.g., for attachmentes).
  ## Do not forget to adjust ingress accordingly, e.g., by adding the following annotation:
  ##   nginx.ingress.kubernetes.io/proxy-body-size: 25m
  uploadMaxFilesize: 25M

  ## Custom Roundcube configuration parameters
  customRoundcubeConfig: |
    /*
     * Custom Roundcube Configuration values
     * Check https://github.com/roundcube/roundcubemail/wiki/Configuration for available options.
     */

    // $config['skin_logo'] = "";
    // $config['support_url'] = "https://roundcube.net/";

  ## Custom configuration for PHP interpreter
  customPhpConfig: |
    ## Configure custom memory limit for PHP
    # memory_limit=128M

  ## Custom configuration for PHP-FPM
  ## Comment lines with semicolumn (;) in this file
  ## don't use pound (#) to comment lines
  customPhpFpmConfig: |
    ;pm.max_children=200
    ;pm.status_path=/status

## Configure database creation/usage
database:
  ## Which database source should be used
  ## Supported values:
  ##   * external:         Do not create a database, but use an existing external database. See `externalDatabase` for further configuration.
  ##   * zalando-postgres: Request a database to be created by Zalando Postgres operator (https://github.com/zalando/postgres-operator, operator needs to be preinstalled)
  source: external

  ## Number of database cluster instances to be launched
  ## (only applicable for source=zalando-postgres)
  instances: 

  ## Size of the volume to be created for the database
  volumeSize: 5Gi

  ## Name of the StorageClass to be used for the volume
  storageClassName:

## Configuration for an external database (not deployed within this chart)
## When working with a NetworkPolicy, add an egress rule to networkPolicy.egress.additionalRules to allow access to the database.
externalDatabase:
  ## Type of the external database. supported: mysql, pgsql, sqlite
  type: pgsql

  ## Hostname of the external database server
  host: postgres13.postgres

  ## Port number of the external database server
  port: 5432

  ## Database name
  name: roundkube

  ## Username for the external database server
  user: roundkube

  ## Password for the external database server
  password: roundkube

## IMAP settings
imap:
  ## Hostname or IP address of your IMAP server
  host: mail.allarddcs.nl

  ## IMAP port. Default ports depending on encryption setting:
  ##   143 - none, STARTTLS
  ##   993 - SSL/TLS (recommended)
  port: 143

  ## Transport encryption. Please change port accordingly. Allowed values:
  ##   none     - no encryption
  ##   starttls - use STARTTLS
  ##   ssltls   - use SSL/TLS (recommended)
  encryption: starttls


## SMTP settings
smtp:
  ## Hostname or IP address of your SMTP server
  host: mail.allarddcs.nl

  ## SMTP port. Default ports depending on encryption setting:
  ##    25 - none
  ##   465 - SSL/TLS
  ##   587 - STARTTLS (recommended)
  port: 587

  ## Transport encryption. Please change port accordingly. Allowed values:
  ##   none     - no encryption
  ##   starttls - use STARTTLS
  ##   ssltls   - use SSL/TLS (recommended)
  encryption: starttls

  ## SMTP username (use "%u" tp use IMAP username)
  username: "%u"

  ## SMTP password (use "%p" tp use IMAP password)
  password: "%p"


## Additional configuration for the ConfigMap resource
configMap:
  ## Additional labels for the ConfigMap resource
  additionalLabels: {}

  ## Additional annotations for the ConfigMap resource
  additionalAnnotations: {}


## Additional configuration for the Secret resource
secret:
  ## Additional labels for the Secret resource
  additionalLabels: {}

  ## Additional annotations for the Secret resource
  additionalAnnotations: {}


## Additional configuration for the Deployment resource
deployment:
  ## Number of instances of Roundcube to be started
  replicas: 1

  ## Deployment strategy (see https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/#DeploymentSpec)
  strategy:
    ## Deployment strategy type
    type: RollingUpdate

  ## Roundcube container's HTTP port
  port: 80

  ## Define additional ImagePullSecrets.
  imagePullSecrets:
    ## You can refer to existing ImagePullSecrets as follows:
    # - name: my-custom-secret

  ## Additional labels for the Deployment resource
  additionalLabels: {}

  ## Additional annotations for the Deployment resource
  additionalAnnotations: {}

  ## Pod affinity rule preset (see https://docs.bitnami.com/tutorials/assign-pod-nodes-helm-affinity-rules/)
  podAffinityPreset: ""

  ## Pod anti affinity rule preset (see https://docs.bitnami.com/tutorials/assign-pod-nodes-helm-affinity-rules/)
  podAntiAffinityPreset: hard

  ## Custom affinity rules (overrides podAffinityPreset and podAntiAffinityPreset)
  affinity: {}

  ## Configure resource allocation and limits
  # resources:
  #   requests:
  #     memory: "256Mi"
  #     cpu: "1000m"
  #   limits:
  #     memory: "256Mi"
  #     cpu: "1000m"

  ## Allow defining custom actions to be executed before deploying main container (e.g.: to prepare database)
  initContainers: []
  #  - name: init
  #    image: alpine:3
  #    command: [sh, -c]
  #    args:
  #      - echo "Hello, world!" > /mnt/extra-storage/test
  #    volumeMounts:
  #      - name: extra-storage
  #        mountPath: /mnt/extra-storage

  ## Additional volume mounts for the Deployment resource
  additionalVolumeMounts: []
  #  - name: extra-storage
  #    mountPath: /mnt/extra-storage

  ## Additional volumes for the Deployment resource
  additionalVolumes: []
  #  - name: extra-storage
  #    emptyDir: {}

  ## Additional environment variables for the Deployment resource
  additionalEnv: []
  #  - name: MY_ENV_VAR
  #    value: value

  containers:
    nginx:
      image: nginx:1.25.4
      imagePullPolicy: IfNotPresent


## Additional configuration for the Service resource
service:
  ## Service port for HTTP
  port: 80


  ## Additional labels for the Service resource
  additionalLabels: {}

  ## Additional annotations for the Service resource
  additionalAnnotations: {}

  ## https://kubernetes.io/docs/concepts/services-networking/dual-stack/
  ipFamilyPolicy: PreferDualStack


## Ingress resource configuration
ingress:
  ## Enable Ingress resource
  enabled: true
  ## Whether deploy https or plain http ingress
  useTLS: true

  class:
  host: roundcube.allarddcs.nl
  path: "/"
  pathType: ImplementationSpecific
  Classname: nginx

  ## TLS settings
  tls:

    ## Configure secret name, e.g., to re-use an existing secret
    secretName:

  ## Additional labels for the Ingress resource
  additionalLabels: {}

  ## Additional annotations for the Ingress resource
  additionalAnnotations: {}


## PodDisruptionBudget configuration
pdb:
  ## Enable PodDisruptionBudget
  enabled: true

  minAvailable: 1
  maxUnavailable: ""


  ## Additional labels for the PodDisruptionBudget resource
  additionalLabels: {}

  ## Additional annotations for the PodDisruptionBudget resource
  additionalAnnotations: {}


## NetworkPolicy configuration
## A NetworkPolicy can prevent unauthorized access to remote hosts on network level.
## By default, if enabled, the NetworkPolicy allows to connect to any IP with the IMAP and SMTP ports configured above.
## This also applies for the managesieve plugin, if enabled.
## More information on network policies: https://kubernetes.io/docs/concepts/services-networking/network-policies/
networkPolicy:

  ## Create a NetworkPolicy resource
  enabled: false

  ## Egress policies for Roundcube environment
  egress:
    ## IMAP related Egress policies
    imap:

      ## Explicitely configure allowed peers for the IMAP connection.
      ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#networkpolicypeer-v1-networking-k8s-io for all possible options.
      peers:
        - ipBlock:
            cidr: 0.0.0.0/0


    ## SMTP related Egress policies
    smtp:

      ## Explicitely configure allowed peers for the SMTP connection.
      ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#networkpolicypeer-v1-networking-k8s-io for all possible options.
      peers:
        - ipBlock:
            cidr: 0.0.0.0/0


    ## managesieve related Egress policies
    managesieve:

      ## Explicitely configure allowed peers for the managesieve connection. Will only be used if managesieve plugin is enabled.
      ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#networkpolicypeer-v1-networking-k8s-io for all possible options.
      peers:
        - ipBlock:
            cidr: 0.0.0.0/0


    ## Add additional, custom egress rules.
    ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#networkpolicyegressrule-v1-networking-k8s-io.
    additionalRules: []
    ## Example rule for a zalando postgres cluster called "shared-postgres" in namespace "postgres"
    #  - to:
    #    - namespaceSelector:
    #        matchLabels:
    #          kubernetes.io/metadata.name: postgres
    #    - podSelector:
    #        matchLabels:
    #          cluster-name: shared-postgres
    #    ports:
    #      - port: 5432
    #        protocol: TCP


  ## Additional labels for the NetworkPolicy
  additionalLabels: {}

  ## Additional annotations for the NetworkPolicy
  additionalAnnotations: {}