Don't double quote env vars

hedge-sparrow · hedge-sparrow · commit 8f4e75d55ab2 · 2025-05-14T14:05:52.000+01:00
diff --git a/applications/wg-easy/charts/wg-easy/values.yaml b/applications/wg-easy/charts/wg-easy/values.yaml
@@ -7,10 +7,10 @@ wireguard:
 # See https://github.com/WeeJeWel/wg-easy for configuration options
   host: "example.com"
   port: 51820 # This is used in the postUp
-  defaultAddress: "10.10.10.x"
-  defaultDns: "1.1.1.1"
-  allowedIps: "0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3"
-  postUp: "iptables -A FORWARD -i wg0 -o eth0 -d 192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 -j DROP; iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT"
+  defaultAddress: 10.10.10.x
+  defaultDns: 1.1.1.1
+  allowedIps: 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3
+  postUp: iptables -A FORWARD -i wg0 -o eth0 -d 192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 -j DROP; iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT
 
 # Shared templates for Traefik routes
 templates:
@@ -26,7 +26,10 @@ templates:
 
 controllers:
   main:
+    serviceAccount:
+      name: default
     pod:
+      enableServiceLinks: true
       securityContext:
         sysctls:
           - name: net.ipv4.ip_forward
@@ -37,16 +40,16 @@ controllers:
           # Host is required, no default makes sense
           WG_HOST: '{{ required "external host name is required. Set wireguard.host" .Values.wireguard.host }}'
           # Use dig with sensible defaults for all other parameters
-          WG_PORT: '{{ dig "wireguard" "port" "" .Values | quote }}'
-          WG_MTU: '{{ dig "wireguard" "mtu" "" .Values | quote }}'
-          WG_PERSISTENT_KEEPALIVE: '{{ dig "wireguard" "persistentKeepalive" "" .Values | quote }}'
-          WG_DEFAULT_ADDRESS: '{{ dig "wireguard" "defaultAddress" "" .Values | quote }}'
-          WG_DEFAULT_DNS: '{{ dig "wireguard" "defaultDns" "" .Values | quote }}'
-          WG_ALLOWED_IPS: '{{ dig "wireguard" "allowedIps" "" .Values | quote }}'
-          WG_PRE_UP: '{{ dig "wireguard" "preUp" "" .Values | quote }}'
-          WG_POST_UP: '{{ dig "wireguard" "postUp" "" .Values | quote }}'
-          WG_PRE_DOWN: '{{ dig "wireguard" "preDown" "" .Values | quote }}'
-          WG_POST_DOWN: '{{ dig "wireguard" "postDown" "" .Values | quote }}'
+          WG_PORT: '{{ dig "wireguard" "port" "" .Values }}'
+          WG_MTU: '{{ dig "wireguard" "mtu" "" .Values}}'
+          WG_PERSISTENT_KEEPALIVE: '{{ dig "wireguard" "persistentKeepalive" "" .Values }}'
+          WG_DEFAULT_ADDRESS: '{{ dig "wireguard" "defaultAddress" "" .Values }}'
+          WG_DEFAULT_DNS: '{{ dig "wireguard" "defaultDns" "" .Values }}'
+          WG_ALLOWED_IPS: '{{ dig "wireguard" "allowedIps" "" .Values }}'
+          WG_PRE_UP: '{{ dig "wireguard" "preUp" "" .Values }}'
+          WG_POST_UP: '{{ dig "wireguard" "postUp" "" .Values }}'
+          WG_PRE_DOWN: '{{ dig "wireguard" "preDown" "" .Values }}'
+          WG_POST_DOWN: '{{ dig "wireguard" "postDown" "" .Values }}'
         envFrom:
           - secretRef:
               identifier: webpass
@@ -63,9 +66,6 @@ controllers:
           requests:
             cpu: 50m
             memory: 50Mi
-          limits:
-            cpu: 100m
-            memory: 100Mi
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
@@ -108,7 +108,7 @@ service:
   vpn:
     controller: main
     enabled: true
-    type: LoadBalancer
+    type: NodePort
     ipFamilyPolicy: SingleStack
     ipFamilies:
       - IPv4
