image:
  repository: ghcr.io/bitwarden/lite
  tag: "2025.12.0"
  pullPolicy: IfNotPresent

replicaCount: 1

service:
  type: ClusterIP
  port: 8080

ingress:
  enabled: true
  ingressClassName: traefik
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
  hosts:
    - host: bitwarden.immich-ad.ovh
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: bitwarden-tls
      hosts:
        - bitwarden.immich-ad.ovh

# Persist bitwarden data (attachments, icon cache, etc.)
persistence:
  enabled: true
  existingClaim: pvc-bitwarden-data

bitwarden:
  # REQUIRED for secure cookies, web vault, etc.
  domain: "bitwarden.immich-ad.ovh"
  disableUserRegistration: false

  installation:
    id: "bca307eb-c177-4eb7-b6a6-b3ba0129ff3d"
    key: "x4FBfkK4f1wDCuXWQdX9"

  # SMTP optional
  smtp:
    enabled: false
    host: ""
    port: 587
    username: ""
    password:
      existingSecret: ""
      key: "SMTP_PASSWORD"
    from: ""
hibp:
  apiKey: ""

# Database config
database:
  name: bitwarden
  user: bitwarden

# Bitnami PostgreSQL subchart values
postgresql:
  enabled: true
  image:
    registry: docker.io
    repository: bitnami/postgresql
    tag: latest

  auth:
    username: bitwarden
    database: bitwarden

    # Upgrade-safe: point to an existing secret you create once
    existingSecret: bitwarden-postgresql-auth
    secretKeys:
      adminPasswordKey: postgres-password
      userPasswordKey: password

  primary:
    persistence:
      enabled: true
      existingClaim: pvc-bitwarden-data  # bind to precreated PVC if you want