controller:
  replicaCount: 3
  nodeSelector:
    nodepool: worker
  labels:
    app: nginx-internal
  topologySpreadConstraints:
    - maxSkew: 1
      topologyKey: kubernetes.io/hostname
      whenUnsatisfiable: DoNotSchedule
      labelSelector:
        matchLabels:
          app: nginx-internal
  ingressClassResource:
    name: nginx-internal
    enabled: true
    default: true
    controllerValue: "k8s.io/ingress-nginx"
    parameters: {}
  ingressClass: nginx-internal
  service:
    annotations:
      external-dns.alpha.kubernetes.io/hostname: "dogar.dev"
  extraVolumes:
    - name: nix-cache
      persistentVolumeClaim:
        claimName: nix-cache
  extraVolumeMounts:
    - name: nix-cache
      mountPath: /var/cache/nginx/nix
  podSecurityContext:
    fsGroup: 101
  config:
    proxy-buffering: "on"
    proxy-ssl-server-name: "true"
    http-snippet: |
      # Persistent on-disk cache; lives on the PVC
      proxy_cache_path /var/cache/nginx/nix levels=1:2 keys_zone=cachecache:32m max_size=120g inactive=365d use_temp_path=off;

      # Only advertise cacheability for 200/302
      map $status $cache_header {
        200     "public";
        302     "public";
        default "no-cache";
      }
    server-snippet: |
      location = /robots.txt {
        default_type text/plain;
        return 200 "User-agent: GPTBot\nDisallow: /\nUser-agent: CCBot\nDisallow: /\nUser-agent: *\nAllow: /\n";
      }
tcp:
  22:       "homelab/gitea-ssh:22"
  25565:    "minecraft/monifactory-server:25565"
  25566:    "minecraft/gtnh-server:25565"
  25567:    "minecraft/tfg-server:25565"
  25568:    "minecraft/atm10-server:25565"
  25569:    "minecraft/star-technology-server:25565"