Commit new Chart releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
606eeb56a0
commit
17af18d86e
|
@ -1,9 +0,0 @@
|
|||
|
||||
|
||||
## [firezone-0.0.8](https://github.com/truecharts/charts/compare/firezone-1.0.0...firezone-0.0.8) (2023-08-16)
|
||||
|
||||
### Fix
|
||||
|
||||
- Update common / questions ([#11584](https://github.com/truecharts/charts/issues/11584))
|
||||
|
||||
|
Binary file not shown.
|
@ -1,142 +0,0 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/firezone
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.7.30@sha256:e22dc7a9be93a804bbe0e3d301c883625463a3649d856c8b41f80a2257214667
|
||||
|
||||
securityContext:
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
PUID: 0
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
env:
|
||||
# web
|
||||
PHOENIX_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
|
||||
EXTERNAL_URL: "https://app.mydomain.com"
|
||||
# PHOENIX_SECURE_COOKIES: true
|
||||
# PHOENIX_HTTP_PROTOCOL_OPTIONS: "{}"
|
||||
# PHOENIX_EXTERNAL_TRUSTED_PROXIES: "[]"
|
||||
# PHOENIX_PRIVATE_CLIENTS: "[]"
|
||||
# DB
|
||||
DATABASE_HOST:
|
||||
secretKeyRef:
|
||||
name: cnpg-main-urls
|
||||
key: host
|
||||
DATABASE_PORT: 5432
|
||||
DATABASE_NAME: "{{ .Values.cnpg.main.database }}"
|
||||
DATABASE_USER: "{{ .Values.cnpg.main.user }}"
|
||||
DATABASE_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: cnpg-main-user
|
||||
key: password
|
||||
# DATABASE_POOL_SIZE
|
||||
DATABASE_SSL_ENABLED: false
|
||||
# DATABASE_SSL_OPTS: "{}"
|
||||
# Admin
|
||||
RESET_ADMIN_ON_BOOT: false
|
||||
DEFAULT_ADMIN_EMAIL: "admin@email.com"
|
||||
DEFAULT_ADMIN_PASSWORD: "1234567890"
|
||||
# Secrets and Encryption
|
||||
GUARDIAN_SECRET_KEY:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
key: GUARDIAN_SECRET_KEY
|
||||
DATABASE_ENCRYPTION_KEY:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
key: DATABASE_ENCRYPTION_KEY
|
||||
SECRET_KEY_BASE:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
key: SECRET_KEY_BASE
|
||||
LIVE_VIEW_SIGNING_SALT:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
key: LIVE_VIEW_SIGNING_SALT
|
||||
COOKIE_SIGNING_SALT:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
key: COOKIE_SIGNING_SALT
|
||||
COOKIE_ENCRYPTION_SALT:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
key: COOKIE_ENCRYPTION_SALT
|
||||
# Devices
|
||||
ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT: true
|
||||
ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION: true
|
||||
VPN_SESSION_DURATION: 0
|
||||
DEFAULT_CLIENT_PERSISTENT_KEEPALIVE: 25
|
||||
DEFAULT_CLIENT_MTU: 1280
|
||||
# DEFAULT_CLIENT_ENDPOINT: ""
|
||||
DEFAULT_CLIENT_DNS: "1.1.1.1,1.0.0.1"
|
||||
DEFAULT_CLIENT_ALLOWED_IPS: "0.0.0.0/0, ::/0"
|
||||
# Limits
|
||||
MAX_DEVICES_PER_USER: 10
|
||||
# Authorization
|
||||
LOCAL_AUTH_ENABLED: true
|
||||
DISABLE_VPN_ON_OIDC_ERROR: false
|
||||
SAML_ENTITY_ID: "urn:firezone.dev:firezone-app"
|
||||
# SAML_KEYFILE_PATH: "/var/firezone/saml.key"
|
||||
# SAML_CERTFILE_PATH: "/var/firezone/saml.crt"
|
||||
# OPENID_CONNECT_PROVIDERS: "[]"
|
||||
# SAML_IDENTITY_PROVIDERS: "[]"
|
||||
# WireGuard
|
||||
WIREGUARD_PORT: "{{ .Values.service.wireguard.ports.wireguard.port }}"
|
||||
WIREGUARD_IPV4_ENABLED: true
|
||||
WIREGUARD_IPV6_ENABLED: false
|
||||
# Outbound Emails
|
||||
OUTBOUND_EMAIL_FROM: ""
|
||||
OUTBOUND_EMAIL_ADAPTER: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
|
||||
# OUTBOUND_EMAIL_ADAPTER_OPTS: "{}"
|
||||
# Connectivity Checks
|
||||
CONNECTIVITY_CHECKS_ENABLED: true
|
||||
CONNECTIVITY_CHECKS_INTERVAL: 43200
|
||||
# Telemetry
|
||||
TELEMETRY_ENABLED: false
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
protocol: http
|
||||
port: 13000
|
||||
wireguard:
|
||||
enabled: true
|
||||
ports:
|
||||
wireguard:
|
||||
enabled: true
|
||||
protocol: udp
|
||||
port: 51820
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
mountPath: "/var/firezone"
|
||||
|
||||
cnpg:
|
||||
main:
|
||||
enabled: true
|
||||
user: firezone
|
||||
database: firezone
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: true
|
Binary file not shown.
Before Width: | Height: | Size: 12 KiB |
|
@ -4,6 +4,11 @@
|
|||
|
||||
|
||||
|
||||
## [firezone-0.1.0](https://github.com/truecharts/charts/compare/firezone-0.0.8...firezone-0.1.0) (2023-09-07)
|
||||
|
||||
|
||||
|
||||
|
||||
## [firezone-0.0.8](https://github.com/truecharts/charts/compare/firezone-1.0.0...firezone-0.0.8) (2023-08-16)
|
||||
|
||||
### Fix
|
|
@ -1,9 +1,9 @@
|
|||
apiVersion: v2
|
||||
appVersion: "0.7.30"
|
||||
appVersion: "0.7.35"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 14.0.1
|
||||
version: 14.0.3
|
||||
deprecated: false
|
||||
description: WireGuard-based VPN server and egress firewall
|
||||
home: https://truecharts.org/charts/incubator/firezone
|
||||
|
@ -22,7 +22,7 @@ sources:
|
|||
- https://github.com/truecharts/charts/tree/master/charts/incubator/firezone
|
||||
- https://github.com/firezone/firezone
|
||||
type: application
|
||||
version: 0.0.8
|
||||
version: 0.1.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- vpn
|
|
@ -0,0 +1,4 @@
|
|||
|
||||
|
||||
## [firezone-0.1.0](https://github.com/truecharts/charts/compare/firezone-0.0.8...firezone-0.1.0) (2023-09-07)
|
||||
|
Binary file not shown.
|
@ -0,0 +1,170 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/firezone
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.7.35@sha256:53c08baeb65dde8689ebb3bd1fc9fbb034970dfdc9bceb005c4ffa03fe2b3e93
|
||||
|
||||
securityContext:
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
PUID: 0
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
protocol: http
|
||||
port: 13000
|
||||
wireguard:
|
||||
enabled: true
|
||||
ports:
|
||||
wireguard:
|
||||
enabled: true
|
||||
protocol: udp
|
||||
port: 51820
|
||||
|
||||
firezone:
|
||||
web:
|
||||
external_url: "https://example.com"
|
||||
trusted_proxies: []
|
||||
private_clients: []
|
||||
admin:
|
||||
reset_admin_on_boot: false
|
||||
default_email: "admin@email.com"
|
||||
default_password: "1234567890"
|
||||
devices:
|
||||
allow_unprivileged_device_management: true
|
||||
allow_unprivileged_device_config: true
|
||||
vpn_session_duration: 0
|
||||
client_persistent_keepalive: 25
|
||||
default_client_mtu: 1280
|
||||
client_endpoint: ""
|
||||
client_dns:
|
||||
- 1.1.1.1
|
||||
- 1.0.0.1
|
||||
client_allowed_ips:
|
||||
- 0.0.0.0/0
|
||||
max_devices_per_user: 10
|
||||
authorization:
|
||||
local_auth_enabled: true
|
||||
disable_vpn_on_oidc_error: false
|
||||
wireguard:
|
||||
ipv4_masquerade_enabled: true
|
||||
connectivity:
|
||||
checks_enabled: true
|
||||
checks_interval: 43200
|
||||
other:
|
||||
telemetry_enabled: false
|
||||
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
env:
|
||||
# web
|
||||
PHOENIX_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
|
||||
EXTERNAL_URL: "{{ .Values.firezone.web.external_url }}"
|
||||
PHOENIX_SECURE_COOKIES: "{{ .Values.firezone.web.secure_cookies }}"
|
||||
# PHOENIX_HTTP_PROTOCOL_OPTIONS: "{}"
|
||||
PHOENIX_EXTERNAL_TRUSTED_PROXIES: "{{ toJson .Values.firezone.web.trusted_proxies }}"
|
||||
PHOENIX_PRIVATE_CLIENTS: "{{ toJson .Values.firezone.web.private_clients }}"
|
||||
# DB
|
||||
DATABASE_HOST:
|
||||
secretKeyRef:
|
||||
name: cnpg-main-urls
|
||||
key: host
|
||||
DATABASE_PORT: 5432
|
||||
DATABASE_NAME: "{{ .Values.cnpg.main.database }}"
|
||||
DATABASE_USER: "{{ .Values.cnpg.main.user }}"
|
||||
DATABASE_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: cnpg-main-user
|
||||
key: password
|
||||
# DATABASE_POOL_SIZE
|
||||
DATABASE_SSL_ENABLED: false
|
||||
# DATABASE_SSL_OPTS: "{}"
|
||||
# Admin
|
||||
RESET_ADMIN_ON_BOOT: "{{ .Values.firezone.admin.reset_admin_on_boot }}"
|
||||
DEFAULT_ADMIN_EMAIL: "{{ .Values.firezone.admin.default_email }}"
|
||||
DEFAULT_ADMIN_PASSWORD: "{{ .Values.firezone.admin.default_password }}"
|
||||
# Secrets and Encryption
|
||||
GUARDIAN_SECRET_KEY:
|
||||
secretKeyRef:
|
||||
name: firezone-secrets
|
||||
key: GUARDIAN_SECRET_KEY
|
||||
DATABASE_ENCRYPTION_KEY:
|
||||
secretKeyRef:
|
||||
name: firezone-secrets
|
||||
key: DATABASE_ENCRYPTION_KEY
|
||||
SECRET_KEY_BASE:
|
||||
secretKeyRef:
|
||||
name: firezone-secrets
|
||||
key: SECRET_KEY_BASE
|
||||
LIVE_VIEW_SIGNING_SALT:
|
||||
secretKeyRef:
|
||||
name: firezone-secrets
|
||||
key: LIVE_VIEW_SIGNING_SALT
|
||||
COOKIE_SIGNING_SALT:
|
||||
secretKeyRef:
|
||||
name: firezone-secrets
|
||||
key: COOKIE_SIGNING_SALT
|
||||
COOKIE_ENCRYPTION_SALT:
|
||||
secretKeyRef:
|
||||
name: firezone-secrets
|
||||
key: COOKIE_ENCRYPTION_SALT
|
||||
# Devices
|
||||
ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT: "{{ .Values.firezone.devices.allow_unprivileged_device_management }}"
|
||||
ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION: "{{ .Values.firezone.devices.allow_unprivileged_device_config }}"
|
||||
VPN_SESSION_DURATION: "{{ .Values.firezone.devices.vpn_session_duration }}"
|
||||
DEFAULT_CLIENT_PERSISTENT_KEEPALIVE: "{{ .Values.firezone.devices.client_persistent_keepalive }}"
|
||||
DEFAULT_CLIENT_MTU: "{{ .Values.firezone.devices.default_client_mtu }}"
|
||||
DEFAULT_CLIENT_ENDPOINT: "{{ .Values.firezone.devices.client_endpoint }}"
|
||||
DEFAULT_CLIENT_DNS: '{{ join "," .Values.firezone.devices.client_dns }}'
|
||||
DEFAULT_CLIENT_ALLOWED_IPS: '{{ join "," .Values.firezone.devices.client_allowed_ips }}'
|
||||
# Limits
|
||||
MAX_DEVICES_PER_USER: "{{ .Values.firezone.devices.max_devices_per_user }}"
|
||||
# Authorization
|
||||
LOCAL_AUTH_ENABLED: "{{ .Values.firezone.authorization.local_auth_enabled }}"
|
||||
DISABLE_VPN_ON_OIDC_ERROR: "{{ .Values.firezone.authorization.disable_vpn_on_oidc_error }}"
|
||||
# SAML_ENTITY_ID: "urn:firezone.dev:firezone-app"
|
||||
# SAML_KEYFILE_PATH: "/var/firezone/saml.key"
|
||||
# SAML_CERTFILE_PATH: "/var/firezone/saml.crt"
|
||||
# OPENID_CONNECT_PROVIDERS: "[]"
|
||||
# SAML_IDENTITY_PROVIDERS: "[]"
|
||||
# WireGuard
|
||||
WIREGUARD_PORT: "{{ .Values.service.wireguard.ports.wireguard.port }}"
|
||||
WIREGUARD_IPV4_ENABLED: true
|
||||
WIREGUARD_IPV4_MASQUERADE: "{{ .Values.firezone.wireguard.ipv4_masquerade_enabled }}"
|
||||
WIREGUARD_IPV6_ENABLED: false
|
||||
WIREGUARD_IPV6_MASQUERADE: false
|
||||
# Outbound Emails
|
||||
# OUTBOUND_EMAIL_FROM: ""
|
||||
# OUTBOUND_EMAIL_ADAPTER: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
|
||||
# OUTBOUND_EMAIL_ADAPTER_OPTS: "{}"
|
||||
# Connectivity Checks
|
||||
CONNECTIVITY_CHECKS_ENABLED: "{{ .Values.firezone.connectivity.checks_enabled }}"
|
||||
CONNECTIVITY_CHECKS_INTERVAL: "{{ .Values.firezone.connectivity.checks_interval }}"
|
||||
# Telemetry
|
||||
TELEMETRY_ENABLED: "{{ .Values.firezone.other.telemetry_enabled }}"
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
mountPath: "/var/firezone"
|
||||
|
||||
cnpg:
|
||||
main:
|
||||
enabled: true
|
||||
user: firezone
|
||||
database: firezone
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: true
|
|
@ -101,229 +101,6 @@ questions:
|
|||
type: dict
|
||||
attrs:
|
||||
|
||||
- variable: env
|
||||
label: Image Environment
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: EXTERNAL_URL
|
||||
label: External Url
|
||||
description: Must be a valid and public FQDN for ACME SSL issuance to function. Include https://
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: DEFAULT_ADMIN_EMAIL
|
||||
label: Default Admin Email
|
||||
description: Primary administrator email.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: DEFAULT_ADMIN_PASSWORD
|
||||
label: Default Admin Password
|
||||
description: Primary administrator password.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
private: true
|
||||
default: ""
|
||||
- variable: RESET_ADMIN_ON_BOOT
|
||||
label: Reset Admin On Boot
|
||||
description: to create or reset the admin password every time FireZone starts.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: TELEMETRY_ENABLED
|
||||
label: Telemetry Enabled
|
||||
description: Enable or disable the FireZone telemetry collection.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: devices
|
||||
label: Devices Settings
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT
|
||||
label: Allow Unprivileged Devices
|
||||
description: Enable or disable management of devices on unprivileged accounts.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION
|
||||
label: Allow Unprivileged Device Configuration
|
||||
description: Enable or disable configuration of device network settings for unprivileged users.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: VPN_SESSION_DURATION
|
||||
label: VPN Session Duration
|
||||
description: Optionally require users to periodically authenticate to the FireZone, Interval for WireGuard persistent keepalive.
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: DEFAULT_CLIENT_PERSISTENT_KEEPALIVE
|
||||
label: Default Client Persistent KeepAlive
|
||||
description: send a keepalive packet every 25 seconds. Otherwise, keep it disabled with a 0 default value.
|
||||
schema:
|
||||
type: int
|
||||
default: 25
|
||||
- variable: DEFAULT_CLIENT_MTU
|
||||
label: Default Client MTU
|
||||
description: WireGuard interface MTU for devices.
|
||||
schema:
|
||||
type: int
|
||||
default: 1280
|
||||
- variable: DEFAULT_CLIENT_ENDPOINT
|
||||
label: Default Client EndPoint
|
||||
description: IPv4, IPv6 address, or FQDN that devices will be configured to connect to. Defaults to this server's FQDN.
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: DEFAULT_CLIENT_DNS
|
||||
label: Default Client DNS
|
||||
description: Comma-separated list of DNS servers to use for devices.
|
||||
schema:
|
||||
type: string
|
||||
default: "1.1.1.1,1.0.0.1"
|
||||
- variable: DEFAULT_CLIENT_ALLOWED_IPS
|
||||
label: Default Client Allowed IPs
|
||||
description: AllowedIPs determines which destination IPs get routed through FireZone.
|
||||
schema:
|
||||
type: string
|
||||
default: "0.0.0.0/0,::/0"
|
||||
- variable: MAX_DEVICES_PER_USER
|
||||
label: Max Devices Per User
|
||||
description: Changes how many devices a user can have at a time.
|
||||
schema:
|
||||
type: int
|
||||
default: 10
|
||||
- variable: authorization
|
||||
label: Authorization Settings
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: LOCAL_AUTH_ENABLED
|
||||
label: Local Auth Enabled
|
||||
description: Enable or disable the local authentication method for all users.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: DISABLE_VPN_ON_OIDC_ERROR
|
||||
label: Disable VPN On OIDC Error
|
||||
description: Enable or disable auto disabling VPN connection on OIDC refresh error.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: wireguard
|
||||
label: Wireguard Settings
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: WIREGUARD_IPV4_ENABLED
|
||||
label: WireGuard IPV4 Enabled
|
||||
description: Enable or disable IPv4 support for WireGuard.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: WIREGUARD_IPV6_ENABLED
|
||||
label: WireGuard IPV6 Enabled
|
||||
description: Enable or disable IPv6 support for WireGuard.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: outbound
|
||||
label: OutBound Email Settings
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: OUTBOUND_EMAIL_FROM
|
||||
label: Outbound Email From
|
||||
description: From address to use for sending outbound emails.
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: OUTBOUND_EMAIL_ADAPTER
|
||||
label: Outbound Email Adapter
|
||||
description: Method to use for sending outbound email.
|
||||
schema:
|
||||
type: string
|
||||
default: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
|
||||
enum:
|
||||
- value: "Elixir.FzHttpWeb.Mailer.AmazonSES"
|
||||
description: "AmazonSES"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.CustomerIO"
|
||||
description: CustomerIO"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Dyn"
|
||||
description: Dyn
|
||||
- value: "Elixir.FzHttpWeb.Mailer.ExAwsAmazonSES"
|
||||
description: ExAwsAmazonSES"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Gmail"
|
||||
description: Gmail"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.MailPace"
|
||||
description: MailPace"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Mailgun"
|
||||
description: Mailgun"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Mailjet"
|
||||
description: MailJet"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Mandrill"
|
||||
description: Mandrill"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Postmark"
|
||||
description: Postmark"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.ProtonBridge"
|
||||
description: ProtonBridge"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.SMTP"
|
||||
description: SMTP"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.SMTP2GO"
|
||||
description: SMTP2GO"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Sendgrid"
|
||||
description: SendGrid"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Sendinblue"
|
||||
description: "SendInBlue"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Sendmail"
|
||||
description: "Sendmail"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.SocketLabs"
|
||||
description: "SocketLabs"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.SparkPost"
|
||||
description: "SparkPost"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
|
||||
description: "NoopAdapter"
|
||||
- variable: OUTBOUND_EMAIL_ADAPTER_OPTS
|
||||
label: Outbound Email Adapter OPTS
|
||||
description: Adapter configuration, see https://github.com/swoosh/swoosh#adapters.
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: connectivity
|
||||
label: Connectivity Settings
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CONNECTIVITY_CHECKS_ENABLED
|
||||
label: Connectivity Checks Enabled
|
||||
description: Enable / disable periodic checking for egress connectivity. Determines the instance's public IP to populate Endpoint fields.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: CONNECTIVITY_CHECKS_INTERVAL
|
||||
label: Connectivity Checks Interval
|
||||
description: Periodicity in seconds to check for egress connectivity.
|
||||
schema:
|
||||
type: int
|
||||
default: 43200
|
||||
|
||||
- variable: envList
|
||||
label: Extra Environment Variables
|
||||
description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
|
||||
|
@ -374,6 +151,224 @@ questions:
|
|||
schema:
|
||||
type: string
|
||||
|
||||
- variable: firezone
|
||||
group: App Configuration
|
||||
label: FireZone
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: web
|
||||
label: Web Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: external_url
|
||||
label: External Url
|
||||
description: Must be a valid and public FQDN for ACME SSL issuance to function. Include https://
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: trusted_proxies
|
||||
label: Trusted Proxies
|
||||
description: List of trusted reverse proxies.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: proxy
|
||||
label: Proxy IP
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: private_clients
|
||||
label: Private Clients
|
||||
description: List of trusted clients.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: client_ip
|
||||
label: Client IP
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: secure_cookies
|
||||
label: Secure Cookies
|
||||
description: Enable or disable requiring secure cookies. Required for HTTPS.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: admin
|
||||
label: Admin Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: reset_admin_on_boot
|
||||
label: Reset Admin On Boot
|
||||
description: to create or reset the admin password every time Firezone starts. By default, the admin password is only set when Firezone is installed.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: default_email
|
||||
label: Default Email
|
||||
description: Primary administrator email.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: default_password
|
||||
label: Default Password
|
||||
description: Default password that will be used for creating or resetting the primary administrator account.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
private: true
|
||||
default: ""
|
||||
- variable: devices
|
||||
label: Devices Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: allow_unprivileged_device_management
|
||||
label: Allow Unprivileged Device Management
|
||||
description: Enable or disable management of devices on unprivileged accounts.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: allow_unprivileged_device_config
|
||||
label: Allow Unprivileged Device Configuration
|
||||
description: Enable or disable configuration of device network settings for unprivileged users.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: vpn_session_duration
|
||||
label: VPN Session Duration
|
||||
description: Optionally require users to periodically authenticate to the Firezone web UI in order to keep their VPN sessions active.
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: client_persistent_keepalive
|
||||
label: Client Persistent KeepAlive
|
||||
description: If you experience NAT or firewall traversal problems, you can enable this to send a keepalive packet every 25 seconds, disabled by setting it to 0.
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: default_client_mtu
|
||||
label: Default Client MTU
|
||||
description: WireGuard interface MTU for devices.
|
||||
schema:
|
||||
type: int
|
||||
default: 1280
|
||||
- variable: client_endpoint
|
||||
label: Client Endpoint
|
||||
description: IPv4, IPv6 address, or FQDN that devices will be configured to connect to.
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: client_dns
|
||||
label: Client DNS
|
||||
description: List of DNS servers to use for devices.
|
||||
schema:
|
||||
type: list
|
||||
empty: false
|
||||
required: true
|
||||
default:
|
||||
- 1.1.1.1
|
||||
- 1.0.0.1
|
||||
items:
|
||||
- variable: dns
|
||||
label: DNS
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: client_allowed_ips
|
||||
label: Client Allowed Ips
|
||||
description: Configures the default AllowedIPs setting for devices.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: dns
|
||||
label: DNS
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: max_devices_per_user
|
||||
label: Max Devices Per User
|
||||
description: Changes how many devices a user can have at a time.
|
||||
schema:
|
||||
type: int
|
||||
default: 10
|
||||
- variable: authorization
|
||||
label: Authorization Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: local_auth_enabled
|
||||
label: Local Auth Enabled
|
||||
description: Enable or disable the local authentication method for all users.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: disable_vpn_on_oidc_error
|
||||
label: Disable VPN On OIDC Error
|
||||
description: Enable or disable auto disabling VPN connection on OIDC refresh error.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: wireguard
|
||||
label: Wireguard Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: ipv4_masquerade_enabled
|
||||
label: IPv4 Masquerade Enabled
|
||||
description: Enable or disable IPv4 masqeurading.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: connectivity
|
||||
label: Connectivity Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: checks_enabled
|
||||
label: Checks Enabled
|
||||
description: Enable / disable periodic checking for egress connectivity.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: checks_interval
|
||||
label: Checks Interval
|
||||
description: Periodicity in seconds to check for egress connectivity.
|
||||
schema:
|
||||
type: int
|
||||
default: 43200
|
||||
- variable: other
|
||||
label: Other Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: telemetry_enabled
|
||||
label: Telemetry Enabled
|
||||
description: Enable or disable the Firezone telemetry collection.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
- variable: TZ
|
||||
label: Timezone
|
||||
group: "General Settings"
|
|
@ -17,10 +17,12 @@
|
|||
{{- end }}
|
||||
enabled: true
|
||||
data:
|
||||
GUARDIAN_SECRET_KEY: {{ $keyGuardian }}
|
||||
DATABASE_ENCRYPTION_KEY: {{ $keyDatabase }}
|
||||
SECRET_KEY_BASE: {{ $keySecret }}
|
||||
LIVE_VIEW_SIGNING_SALT: {{ $keyLive }}
|
||||
COOKIE_SIGNING_SALT: {{ $keyCookieSigning }}
|
||||
COOKIE_ENCRYPTION_SALT: {{ $keyCookieEncrypt }}
|
||||
# firezone requires all these keys to be in base 64 format presented in the container, so this b64enc here is intentional
|
||||
# https://www.firezone.dev/docs/reference/env-vars#secrets-and-encryption
|
||||
GUARDIAN_SECRET_KEY: {{ $keyGuardian | b64enc }}
|
||||
DATABASE_ENCRYPTION_KEY: {{ $keyDatabase | b64enc }}
|
||||
SECRET_KEY_BASE: {{ $keySecret | b64enc }}
|
||||
LIVE_VIEW_SIGNING_SALT: {{ $keyLive | b64enc }}
|
||||
COOKIE_SIGNING_SALT: {{ $keyCookieSigning | b64enc }}
|
||||
COOKIE_ENCRYPTION_SALT: {{ $keyCookieEncrypt | b64enc }}
|
||||
{{- end -}}
|
|
@ -4,7 +4,7 @@
|
|||
{{/* Render secrets for firezone */}}
|
||||
{{- $secrets := include "firezone.secrets" . | fromYaml -}}
|
||||
{{- if $secrets -}}
|
||||
{{- $_ := set .Values.secret "secrets" $secrets -}}
|
||||
{{- $_ := set .Values.secret "firezone-secrets" $secrets -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Render the templates */}}
|
Loading…
Reference in New Issue