143 lines
4.2 KiB
YAML
143 lines
4.2 KiB
YAML
image:
|
|
repository: tccr.io/truecharts/firezone
|
|
pullPolicy: IfNotPresent
|
|
tag: v0.7.30@sha256:e22dc7a9be93a804bbe0e3d301c883625463a3649d856c8b41f80a2257214667
|
|
|
|
securityContext:
|
|
container:
|
|
readOnlyRootFilesystem: false
|
|
runAsNonRoot: false
|
|
PUID: 0
|
|
runAsUser: 0
|
|
runAsGroup: 0
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
|
|
workload:
|
|
main:
|
|
podSpec:
|
|
containers:
|
|
main:
|
|
probes:
|
|
liveness:
|
|
enabled: false
|
|
readiness:
|
|
enabled: false
|
|
startup:
|
|
enabled: false
|
|
env:
|
|
# web
|
|
PHOENIX_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
|
|
EXTERNAL_URL: "https://app.mydomain.com"
|
|
# PHOENIX_SECURE_COOKIES: true
|
|
# PHOENIX_HTTP_PROTOCOL_OPTIONS: "{}"
|
|
# PHOENIX_EXTERNAL_TRUSTED_PROXIES: "[]"
|
|
# PHOENIX_PRIVATE_CLIENTS: "[]"
|
|
# DB
|
|
DATABASE_HOST:
|
|
secretKeyRef:
|
|
name: cnpg-main-urls
|
|
key: host
|
|
DATABASE_PORT: 5432
|
|
DATABASE_NAME: "{{ .Values.cnpg.main.database }}"
|
|
DATABASE_USER: "{{ .Values.cnpg.main.user }}"
|
|
DATABASE_PASSWORD:
|
|
secretKeyRef:
|
|
name: cnpg-main-user
|
|
key: password
|
|
# DATABASE_POOL_SIZE
|
|
DATABASE_SSL_ENABLED: false
|
|
# DATABASE_SSL_OPTS: "{}"
|
|
# Admin
|
|
RESET_ADMIN_ON_BOOT: false
|
|
DEFAULT_ADMIN_EMAIL: "admin@email.com"
|
|
DEFAULT_ADMIN_PASSWORD: "1234567890"
|
|
# Secrets and Encryption
|
|
GUARDIAN_SECRET_KEY:
|
|
secretKeyRef:
|
|
name: secrets
|
|
key: GUARDIAN_SECRET_KEY
|
|
DATABASE_ENCRYPTION_KEY:
|
|
secretKeyRef:
|
|
name: secrets
|
|
key: DATABASE_ENCRYPTION_KEY
|
|
SECRET_KEY_BASE:
|
|
secretKeyRef:
|
|
name: secrets
|
|
key: SECRET_KEY_BASE
|
|
LIVE_VIEW_SIGNING_SALT:
|
|
secretKeyRef:
|
|
name: secrets
|
|
key: LIVE_VIEW_SIGNING_SALT
|
|
COOKIE_SIGNING_SALT:
|
|
secretKeyRef:
|
|
name: secrets
|
|
key: COOKIE_SIGNING_SALT
|
|
COOKIE_ENCRYPTION_SALT:
|
|
secretKeyRef:
|
|
name: secrets
|
|
key: COOKIE_ENCRYPTION_SALT
|
|
# Devices
|
|
ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT: true
|
|
ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION: true
|
|
VPN_SESSION_DURATION: 0
|
|
DEFAULT_CLIENT_PERSISTENT_KEEPALIVE: 25
|
|
DEFAULT_CLIENT_MTU: 1280
|
|
# DEFAULT_CLIENT_ENDPOINT: ""
|
|
DEFAULT_CLIENT_DNS: "1.1.1.1,1.0.0.1"
|
|
DEFAULT_CLIENT_ALLOWED_IPS: "0.0.0.0/0, ::/0"
|
|
# Limits
|
|
MAX_DEVICES_PER_USER: 10
|
|
# Authorization
|
|
LOCAL_AUTH_ENABLED: true
|
|
DISABLE_VPN_ON_OIDC_ERROR: false
|
|
SAML_ENTITY_ID: "urn:firezone.dev:firezone-app"
|
|
# SAML_KEYFILE_PATH: "/var/firezone/saml.key"
|
|
# SAML_CERTFILE_PATH: "/var/firezone/saml.crt"
|
|
# OPENID_CONNECT_PROVIDERS: "[]"
|
|
# SAML_IDENTITY_PROVIDERS: "[]"
|
|
# WireGuard
|
|
WIREGUARD_PORT: "{{ .Values.service.wireguard.ports.wireguard.port }}"
|
|
WIREGUARD_IPV4_ENABLED: true
|
|
WIREGUARD_IPV6_ENABLED: false
|
|
# Outbound Emails
|
|
OUTBOUND_EMAIL_FROM: ""
|
|
OUTBOUND_EMAIL_ADAPTER: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
|
|
# OUTBOUND_EMAIL_ADAPTER_OPTS: "{}"
|
|
# Connectivity Checks
|
|
CONNECTIVITY_CHECKS_ENABLED: true
|
|
CONNECTIVITY_CHECKS_INTERVAL: 43200
|
|
# Telemetry
|
|
TELEMETRY_ENABLED: false
|
|
|
|
service:
|
|
main:
|
|
ports:
|
|
main:
|
|
protocol: http
|
|
port: 13000
|
|
wireguard:
|
|
enabled: true
|
|
ports:
|
|
wireguard:
|
|
enabled: true
|
|
protocol: udp
|
|
port: 51820
|
|
|
|
persistence:
|
|
config:
|
|
enabled: true
|
|
mountPath: "/var/firezone"
|
|
|
|
cnpg:
|
|
main:
|
|
enabled: true
|
|
user: firezone
|
|
database: firezone
|
|
|
|
portal:
|
|
open:
|
|
enabled: true
|