---
# node_red_instances:
#   test:
#     version: 3.1.3
#     port: 1880
#     credential_secret: "do-not-tell-anyone"
#     mqtt_tls:
#       certificate_provider: managed-ca
#       certificate_config:
#         ca:
#           host: iot
#           name: mqtt
#         cert:
#           common_name: test
#           extended_key_usage:
#           - clientAuth
#           extended_key_usage_critical: yes
#           create_subject_key_identifier: yes
#           not_after: +100w
#     publish:
#       zone: "{{ apps_publish_zone__foo }}"
#       hostnames:
#       - node-red.example.com
#       tls:
#         certificate_provider: ...
#       vhost_extra_directives: |
#         include snippets/whawty-sso-foo.conf;
#
#         location = /healthz {
#            auth_request off;
#            return 200;
#         }
#       location_extra_directives: |
#         auth_request_set $username $upstream_http_x_username;
#         proxy_set_header X-Username $username;
#     custom_image:
#       dockerfile: |
#         RUN npm install passport-trusted-header
#     extra_settings: |
#       adminAuth: {
#           type: "strategy",
#           strategy: {
#               name: "trusted-header",
#               label: "SSO login",
#               autoLogin: true,
#               strategy: require("passport-trusted-header").Strategy,
#               options: {
#                   headers: ['x-username'],
#                   verify: function(requestHeaders, done) {
#                       var username = requestHeaders['x-username']
#                       if(username === '') {
#                           done("x-username HTTP-Header is empty", null)
#                       }
#                       done(null, { username: username });
#                   }
#               },
#           },
#           users: [
#               { username: "equinox", permissions: ["*"] }
#           ],
#           default: {
#               permissions: "read"
#           }
#       }