# OdooSky v3 instance-template-v3 — default values.
#
# Per-tenant overlay repos override only the keys that differ from these
# defaults. Keep this file as the single source of truth for what an
# Odoo instance looks like by default; do not duplicate defaults in the
# overlay schema or in Tower-Go.

instance:
  # Short slug used in K8s object names + as the Helm release name.
  # Must be DNS-safe (lowercase, no underscores, <= 40 chars).
  code: demo
  # The full HTTPS hostname this instance answers on.
  # Tenants live under *.tenants.odoosky.org (covered by wildcard DNS A).
  domain: demo.tenants.odoosky.org
  # Named size — looked up against the `sizes` table below to derive
  # CPU / memory limits + Odoo workers. Per-tenant overlays only need
  # `instance.size: medium` (etc); they don't have to know the numbers.
  size: small

# The named-size table. Single source of truth for what each instance
# tier actually gets. Adjust here, ALL future instances pick up the
# new defaults on next reconcile. Existing instances keep their
# previously-rendered manifests until ArgoCD re-syncs.
#
# Anchored loosely on v2's tested defaults:
#   tiny    — dev/preview, 1 user
#   small   — 5–15 users, default
#   medium  — 15–50 users
#   large   — 50–150 users
sizes:
  tiny:
    odoo:
      requests: { memory: 256Mi, cpu: 100m }
      limits:   { memory: 1Gi,   cpu: "1" }
    postgres:
      requests: { memory: 128Mi, cpu: 50m }
      limits:   { memory: 256Mi, cpu: 500m }
  small:
    odoo:
      requests: { memory: 512Mi, cpu: 250m }
      limits:   { memory: 2Gi,   cpu: "2" }
    postgres:
      requests: { memory: 256Mi, cpu: 100m }
      limits:   { memory: 1Gi,   cpu: "1" }
  medium:
    odoo:
      requests: { memory: 1Gi,  cpu: 500m }
      limits:   { memory: 4Gi,  cpu: "4" }
    postgres:
      requests: { memory: 512Mi, cpu: 250m }
      limits:   { memory: 2Gi,   cpu: "2" }
  large:
    odoo:
      requests: { memory: 2Gi, cpu: "1" }
      limits:   { memory: 8Gi, cpu: "6" }
    postgres:
      requests: { memory: 1Gi,  cpu: 500m }
      limits:   { memory: 4Gi,  cpu: "3" }

odoo:
  image: odoo
  tag: "18.0"
  # Filestore PVC size (Odoo's /var/lib/odoo).
  filestoreSize: 10Gi

# Addons selected for this instance. Each entry is a tagged image in
# the cluster-local registry (deployed by cluster-platform-v3 chart).
# The chart renders one initContainer per entry that copies the
# addon's content into a shared volume; the Odoo container reads from
# /mnt/extra-addons/<code>.
#
# Tower owns this list — it commits new entries to the tenant overlay
# AFTER ensuring the corresponding image exists in the destination
# cluster's registry (spawning a build Job from Gitea source if not).
#
# Schema:
#   addons:
#     - code: odoosky_demo
#       version: "18.0.1.0.0"
#       source: platform   # platform | tenant
#       image: registry.odoosky-system.svc.cluster.local:5000/addons/odoosky_demo
#
# Empty list = no extra addons; only Odoo's built-in modules.
addons: []

# Path inside the Odoo container where addons are materialized.
# Odoo's addons_path includes this dir; one folder per addon code.
# Override only if you need a non-standard layout.
addonsMountPath: /mnt/extra-addons

postgres:
  image: postgres
  tag: "16-alpine"
  user: odoo
  database: postgres
  # If empty, the chart auto-generates on first install and re-reads
  # the existing Secret on subsequent upgrades (lookup pattern).
  password: ""
  storage: 10Gi

backups:
  enabled: true
  # Cron schedule for the automatic backup job. Default 03:00 UTC
  # daily — quiet hour for most timezones, non-business in EU/US/AS.
  schedule: "0 3 * * *"
  # How many dumps to retain in S3. The backup job prunes older
  # objects matching the instance's prefix on every successful run.
  retain: 7
  # S3-compatible destination. The endpoint + region + bucket are
  # NON-secret and live in this committed values.yaml; the AWS
  # credentials live in a K8s Secret named by `credentialsSecret`,
  # provisioned out-of-band by Tower's bootstrap script (which reads
  # from OpenBao). The chart never sees access/secret keys directly.
  s3:
    endpoint: https://s3.eu-central-1.s4.mega.io
    region: eu-central-1
    bucket: odoosky-v3-backups
    # Per-instance S3 key prefix. Each instance writes under its own
    # code/ subdirectory inside the shared bucket.
    prefix: "{{ .Values.instance.code }}"
  # Name of the K8s Secret holding AWS_ACCESS_KEY_ID +
  # AWS_SECRET_ACCESS_KEY. Mounted via envFrom on the backup Job.
  credentialsSecret: s3-backup-creds

ingress:
  # Traefik entrypoint name (set on the Traefik install in the
  # `traefik` namespace).
  entryPoint: websecure
  # The pre-provisioned wildcard cert for *.tenants.odoosky.org —
  # one Certificate resource issued ONCE in the chart's release
  # namespace, then every instance's IngressRoute references the
  # resulting Secret. Avoids Let's Encrypt's per-week certificate
  # issuance ceiling (50/week/registered-domain) as we scale to
  # many tenants.
  #
  # See infrastructure/cluster/wildcard-cert.yaml for the
  # provisioning manifest.
  tlsSecret: tenants-wildcard-tls