2023-06-16 07:01:34 +00:00
# Include{groups}
portals :
open :
# Include{portalLink}
questions :
# Include{global}
# Include{workload}
# Include{workloadDeployment}
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
# Include{containerBasic}
# Include{containerAdvanced}
2023-09-07 08:27:15 +00:00
- variable : firezone
group : App Configuration
label : FireZone
schema :
additional_attrs : true
type : dict
attrs :
- variable : web
label : Web Configuration
schema :
additional_attrs : true
type : dict
attrs :
- variable : external_url
label : External Url
description : Must be a valid and public FQDN for ACME SSL issuance to function. Include https://
schema :
type : string
required : true
default : ""
- variable : trusted_proxies
label : Trusted Proxies
description : List of trusted reverse proxies.
schema :
type : list
default : [ ]
items :
- variable : proxy
label : Proxy IP
schema :
type : string
required : true
default : ""
- variable : private_clients
label : Private Clients
description : List of trusted clients.
schema :
type : list
default : [ ]
items :
- variable : client_ip
label : Client IP
schema :
type : string
required : true
default : ""
- variable : secure_cookies
label : Secure Cookies
description : Enable or disable requiring secure cookies. Required for HTTPS.
schema :
type : boolean
default : true
- variable : admin
label : Admin Configuration
schema :
additional_attrs : true
type : dict
attrs :
- variable : reset_admin_on_boot
label : Reset Admin On Boot
description : to create or reset the admin password every time Firezone starts. By default, the admin password is only set when Firezone is installed.
schema :
type : boolean
2023-09-22 22:42:16 +00:00
default : true
2023-09-07 08:27:15 +00:00
- variable : default_email
label : Default Email
description : Primary administrator email.
schema :
type : string
required : true
default : ""
- variable : default_password
label : Default Password
description : Default password that will be used for creating or resetting the primary administrator account.
schema :
type : string
required : true
private : true
default : ""
- variable : devices
label : Devices Configuration
schema :
additional_attrs : true
type : dict
attrs :
- variable : allow_unprivileged_device_management
label : Allow Unprivileged Device Management
description : Enable or disable management of devices on unprivileged accounts.
schema :
type : boolean
default : true
- variable : allow_unprivileged_device_config
label : Allow Unprivileged Device Configuration
description : Enable or disable configuration of device network settings for unprivileged users.
schema :
type : boolean
default : true
- variable : vpn_session_duration
label : VPN Session Duration
description : Optionally require users to periodically authenticate to the Firezone web UI in order to keep their VPN sessions active.
schema :
type : int
default : 0
- variable : client_persistent_keepalive
label : Client Persistent KeepAlive
description : If you experience NAT or firewall traversal problems, you can enable this to send a keepalive packet every 25 seconds, disabled by setting it to 0.
schema :
type : int
default : 0
- variable : default_client_mtu
label : Default Client MTU
description : WireGuard interface MTU for devices.
schema :
type : int
default : 1280
- variable : client_endpoint
label : Client Endpoint
2023-09-22 22:42:16 +00:00
description : IPv4 address, or FQDN that devices will be configured to connect to.
2023-09-07 08:27:15 +00:00
schema :
type : string
2023-09-22 22:42:16 +00:00
required : true
2023-09-07 08:27:15 +00:00
default : ""
- variable : client_dns
label : Client DNS
description : List of DNS servers to use for devices.
schema :
type : list
empty : false
required : true
default :
- 1.1 .1 .1
- 1.0 .0 .1
items :
- variable : dns
label : DNS
schema :
type : string
required : true
default : ""
- variable : client_allowed_ips
label : Client Allowed Ips
description : Configures the default AllowedIPs setting for devices.
schema :
type : list
2023-09-09 20:13:13 +00:00
empty : false
default :
- 0.0 .0 .0 /0
2023-09-07 08:27:15 +00:00
items :
2023-09-09 20:13:13 +00:00
- variable : ip
label : IP
2023-09-07 08:27:15 +00:00
schema :
type : string
required : true
default : ""
- variable : max_devices_per_user
label : Max Devices Per User
description : Changes how many devices a user can have at a time.
schema :
type : int
default : 10
- variable : authorization
label : Authorization Configuration
schema :
additional_attrs : true
type : dict
attrs :
- variable : local_auth_enabled
label : Local Auth Enabled
description : Enable or disable the local authentication method for all users.
schema :
type : boolean
default : true
- variable : disable_vpn_on_oidc_error
label : Disable VPN On OIDC Error
description : Enable or disable auto disabling VPN connection on OIDC refresh error.
schema :
type : boolean
default : false
- variable : wireguard
label : Wireguard Configuration
schema :
additional_attrs : true
type : dict
attrs :
- variable : ipv4_masquerade_enabled
label : IPv4 Masquerade Enabled
description : Enable or disable IPv4 masqeurading.
schema :
type : boolean
default : true
- variable : connectivity
label : Connectivity Configuration
schema :
additional_attrs : true
type : dict
attrs :
- variable : checks_enabled
label : Checks Enabled
description : Enable / disable periodic checking for egress connectivity.
schema :
type : boolean
default : true
- variable : checks_interval
label : Checks Interval
description : Periodicity in seconds to check for egress connectivity.
schema :
type : int
default : 43200
- variable : other
label : Other Configuration
schema :
additional_attrs : true
type : dict
attrs :
- variable : telemetry_enabled
label : Telemetry Enabled
description : Enable or disable the Firezone telemetry collection.
schema :
type : boolean
default : false
2023-06-16 07:01:34 +00:00
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable : main
label : Main Service
description : The Primary service on which the healthcheck runs, often the webUI
schema :
additional_attrs : true
type : dict
attrs :
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable : main
label : Main Service Port Configuration
schema :
additional_attrs : true
type : dict
attrs :
- variable : port
label : Port
description : This port exposes the container port on the service
schema :
type : int
default : 13000
required : true
- variable : wireguard
label : Wireguard Service
description : The Wireguard service
schema :
additional_attrs : true
type : dict
attrs :
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable : wireguard
label : Wireguard Service Port Configuration
schema :
additional_attrs : true
type : dict
attrs :
- variable : port
label : Port
description : This port exposes the container port on the service
schema :
type : int
default : 51820
required : true
# Include{serviceExpertRoot}
# Include{serviceExpert}
# Include{serviceList}
# Include{persistenceRoot}
- variable : config
label : App Config Storage
description : Stores the Application Config.
schema :
additional_attrs : true
type : dict
attrs :
# Include{persistenceBasic}
# Include{persistenceList}
# Include{ingressRoot}
- variable : main
label : Main Ingress
schema :
additional_attrs : true
type : dict
attrs :
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
2023-10-01 16:08:10 +00:00
# Include{ingressAdvanced}
2023-06-16 07:01:34 +00:00
# Include{ingressList}
# Include{securityContextRoot}
- variable : runAsUser
label : runAsUser
description : The UserID of the user running the application
schema :
type : int
default : 0
- variable : runAsGroup
label : runAsGroup
description : The groupID of the user running the application
schema :
type : int
default : 0
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
- variable : fsGroup
label : fsGroup
description : The group that should own ALL storage.
schema :
type : int
default : 568
# Include{resources}
# Include{advanced}
# Include{addons}
# Include{codeserver}
# Include{netshoot}
# Include{vpn}
# Include{documentation}