# Copy to a private file (e.g. gitops/values/private-k3s.yaml, gitignored) or merge into your env values.
# Reference from Helm:  -f ../../values/k3s-example.yaml -f ../../values/private-k3s.yaml
# Argo CD: add a second entry under helm.valueFiles (paths relative to chart path).

onelab:
  compliance:
    enabled: true
    # Optional tweaks (defaults match chart values.yaml):
    # requireElectronicSignature: true
    # executionOperatorRestrictionPolicy: "reviewed"
    # executionAdminExpertRestrictionPolicy: "reviewed"
    # preventCsvImport: true
    # preventManualMetadataEdit: true
    # deviceRestart: true

  ldap:
    enabled: true
    # timeout: 30
    # encryption: "start_tls"
    # policy: "your-policy"
    # verifyCertificates: true
    # Paths inside the ldap-worker container (mount certs via extraVolumes if needed):
    # tlsCaPath: "/ldap/ca.crt"
    # tlsCertPath: "/ldap/client.crt"
    # tlsKeyPath: "/ldap/client.key"
    # tlsCiphers: ""
    # tlsSslVersion: ""

# Alternative: supply the full YAML yourself (no Helm templating of compliance/LDAP blocks).
# 1. kubectl create secret generic onelab-configurations-custom -n onelab \
#      --from-file=configurations.yml=./my-configurations.yml
# 2. Set in values:
# configuration:
#   existingSecretName: onelab-configurations-custom