From 52f7cbdca59747c02d2f98cbac00a893cb86233f Mon Sep 17 00:00:00 2001
From: richard <r_morgan@sympatico.ca>
Date: Sun, 25 Jan 2026 22:41:19 -0500
Subject: [PATCH] get bunkerweb-ui working

---
 .../files/bunkerweb/remote_values.yaml        | 55 +++++++++++++++++++
 .../prod.k3s/files/bunkerweb/values.yaml      | 53 +++++++++++++++++-
 .../prod.k3s/tasks/deployments/bunkerweb.yaml |  2 +-
 3 files changed, 108 insertions(+), 2 deletions(-)
 create mode 100644 ansible-5/roles/prod.k3s/files/bunkerweb/remote_values.yaml

diff --git a/ansible-5/roles/prod.k3s/files/bunkerweb/remote_values.yaml b/ansible-5/roles/prod.k3s/files/bunkerweb/remote_values.yaml
new file mode 100644
index 0000000..c18ead5
--- /dev/null
+++ b/ansible-5/roles/prod.k3s/files/bunkerweb/remote_values.yaml
@@ -0,0 +1,55 @@
+bunkerweb:
+  tag: 1.6.6
+  tolerations: []
+  volumeMounts: []
+  volumes: []
+controller:
+  enabled: true
+  tag: 1.6.6
+  tolerations: []
+
+scheduler:
+  tag: 1.6.6
+  extraEnvs:
+    # Enable real IP module to get real IP of clients
+    - name: USE_REAL_IP
+      value: "yes"
+  features:
+    php:
+      localPhp: ""
+      localPhpPath: ""
+      remotePhp: ""
+      remotePhpPort: ""
+      remotePhpPath: ""
+
+service:
+  annotations: {}
+  enabled: true
+  externalTrafficPolicy: Local
+  type: LoadBalancer
+
+settings:
+  existingSecret: ""
+  kubernetes:
+    domainName: cluster.local
+    ignoreAnnotations: ""
+    ingressClass: bunkerweb
+    namespaces: ""
+  misc:
+    apiWhitelistIp: 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
+    databaseUri: ""
+    dnsResolvers: default.svc.cluster.local
+  ui:
+    ingress:
+      enabled: false
+      extraAnnotations: {}
+      ingressClassName: ""
+      serverName: ""
+      serverPath: /
+      tlsSecretName: ""
+    overrideAdminCreds: "no"
+    totpSecrets: ""
+    wizard: true
+ui:
+  enabled: true
+  tag: 1.6.6
diff --git a/ansible-5/roles/prod.k3s/files/bunkerweb/values.yaml b/ansible-5/roles/prod.k3s/files/bunkerweb/values.yaml
index bb092d4..634c4b8 100644
--- a/ansible-5/roles/prod.k3s/files/bunkerweb/values.yaml
+++ b/ansible-5/roles/prod.k3s/files/bunkerweb/values.yaml
@@ -11,12 +11,41 @@ settings:
     # most of the time it's coredns.kube-system.svc.cluster.local or kube-dns.kube-system.svc.cluster.local
 #    dnsResolvers: "kube-dns.kube-system.svc.cluster.local"
     dnsResolvers: "default.svc.cluster.local"
+
   kubernetes:
     # We only consider Ingress resources with ingressClass bunkerweb to avoid conflicts with existing ingress controller
     ingressClass: "bunkerweb"
     # Optional: you can choose namespace(s) where BunkerWeb will listen for Ingress/ConfigMap changes
     # Default (blank value) is all namespaces
-    namespaces: ""
+    namespaces: "default stashapp"
+
+  # ----- WEB UI CONFIGURATION -----
+  ui:
+    # Enable the setup wizard on first launch
+    wizard: true
+    # Ingress configuration for UI access
+    ingress:
+      # Set to true to create an Ingress resource for the UI
+      enabled: true
+
+      # IngressClass name to use
+      ingressClassName: "traefik"
+
+      # Domain name for UI access
+      # Example: "bunkerweb-ui.example.com"
+      serverName: "bunkerweb-ui.xai-corp.net"
+
+      # Path for UI access (usually "/")
+      serverPath: "/"
+
+      # Additional annotations for the Ingress resource
+      # Example: {"cert-manager.io/cluster-issuer": "letsencrypt-prod"}
+      extraAnnotations:
+        cert-manager.io/cluster-issuer: letsencrypt-production
+
+      # Secret name containing TLS certificate
+      # Leave empty to disable HTTPS
+      tlsSecretName: xai-corp-production-tls-bunkerweb-ui
 
 # Override the bunkerweb-external service type to ClusterIP
 # Since we don't need to expose it to the outside world
@@ -31,10 +60,21 @@ bunkerweb:
 # Scheduler settings
 scheduler:
   tag: 1.6.6
+  livenessProbe:
+    periodSeconds: 15
+    timeoutSeconds: 2
+    failureThreshold: 5
   extraEnvs:
     # Enable real IP module to get real IP of clients
     - name: USE_REAL_IP
       value: "yes"
+  features:
+    php:
+      localPhp: ""
+      localPhpPath: ""
+      remotePhp: ""
+      remotePhpPort: ""
+      remotePhpPath: ""
 
 # Controller settings
 controller:
@@ -43,3 +83,14 @@ controller:
 # UI settings
 ui:
   tag: 1.6.6
+  livenessProbe:
+    periodSeconds: 15
+    timeoutSeconds: 2
+    failureThreshold: 5
+api:
+  enabled: true
+  tag: 1.6.6
+  livenessProbe:
+    periodSeconds: 15
+    timeoutSeconds: 2
+    failureThreshold: 5
diff --git a/ansible-5/roles/prod.k3s/tasks/deployments/bunkerweb.yaml b/ansible-5/roles/prod.k3s/tasks/deployments/bunkerweb.yaml
index 5c72f41..cc0ba3a 100644
--- a/ansible-5/roles/prod.k3s/tasks/deployments/bunkerweb.yaml
+++ b/ansible-5/roles/prod.k3s/tasks/deployments/bunkerweb.yaml
@@ -28,7 +28,7 @@
       local_action:
         module: kubernetes.core.helm
         release_state: "{{apps.bunkerweb.state}}"
-        name: bunkerweb
+        name: bunkerweb-1765770291
         namespace: "{{apps.bunkerweb.namespace}}"
         update_repo_cache: True
         chart_ref: bunkerweb/bunkerweb