Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code

feat(2fauth) add 2fauth (#12669) 

**Description**
A Web app to manage your 2FA accounts and generate their security codes.
⚒️ Fixes  # <!--(issue)-->

**⚙️ Type of change**

- [X] ⚙️ Feature/App addition
- [ ] 🪛 Bugfix
- [ ] ⚠️ Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] 🔃 Refactor of current code

**🧪 How Has This Been Tested?**
<!--
Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details
for your test configuration
-->

**📃 Notes:**
<!-- Please enter any other relevant information here -->

**✔️ Checklist:**

- [X] ⚖️ My code follows the style guidelines of this project
- [X] 👀 I have performed a self-review of my own code
- [ ] #️⃣ I have commented my code, particularly in hard-to-understand
areas
- [ ] 📄 I have made corresponding changes to the documentation
- [ ] ⚠️ My changes generate no new warnings
- [ ] 🧪 I have added tests to this description that prove my fix is
effective or that my feature works
- [ ] ⬆️ I increased versions for any altered app according to semantic
versioning

** App addition**

If this PR is an app addition please make sure you have done the
following.

- [X] 🪞 I have opened a PR on
[truecharts/containers](https://github.com/truecharts/containers) adding
the container to TrueCharts mirror repo.
- [X] 🖼️ I have added an icon in the Chart's root directory called
`icon.png`

---

_Please don't blindly check all the boxes. Read them and only check
those that apply.
Those checkboxes are there for the reviewer to see what is this all
about and
the status of this PR with a quick glance._

---------

Signed-off-by: Xstar97TheNoob <9399967+xstar97@users.noreply.github.com>
Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Stavros kois <s.kois@outlook.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
This commit is contained in:
Xstar97TheNoob 2023-12-28 07:07:47 -05:00 committed by GitHub
parent d50953cc39
commit cb3350e344
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 475 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
charts/incubator/twofauth/.helmignore Normal file
View File

@ -0,0 +1,30 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# OWNERS file for Kubernetes
OWNERS
# helm-docs templates
*.gotmpl
# docs folder
/docs
# icon
icon.png

1
charts/incubator/twofauth/CHANGELOG.md Normal file
View File

@ -0,0 +1 @@
# Changelog

27
charts/incubator/twofauth/Chart.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: v2
appVersion: "4.2.4"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 17.1.4
deprecated: false
description: A Web app to manage your 2FA accounts and generate their security codes.
home: https://truecharts.org/charts/incubator/twofauth
icon: https://truecharts.org/img/hotlink-ok/chart-icons/twofauth.png
keywords:
- 2fauth
- auth
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: twofauth
sources:
- https://github.com/truecharts/charts/tree/master/charts/incubator/twofauth
- https://github.com/Bubka/2fauth
type: application
version: 0.0.1
annotations:
truecharts.org/category: auth
truecharts.org/SCALE-support: "true"

1
charts/incubator/twofauth/README.md Normal file
View File

@ -0,0 +1 @@
# README

BIN
charts/incubator/twofauth/icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 449 B

266
charts/incubator/twofauth/questions.yaml Normal file
View File

@ -0,0 +1,266 @@
# Include{groups}
portals:
open:
# Include{portalLink}
questions:
# Include{global}
# Include{workload}
# Include{workloadDeployment}
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
# Include{containerBasic}
# Include{containerAdvanced}
- variable: twofauth
group: App Configuration
label: 2fauth
schema:
additional_attrs: true
type: dict
attrs:
- variable: app
label: App Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: App Name
schema:
type: string
default: "2FAuth"
- variable: session_lifetime
label: Session Lifetime
schema:
type: int
default: 120
- variable: site_owner
label: Site Owner Email
schema:
type: string
default: ""
- variable: trusted_proxies
label: Trusted Proxies
schema:
type: list
empty: false
default: []
required: true
items:
- variable: proxy
label: Proxy
schema:
type: string
required: true
default: ""
- variable: mail
label: Mail Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: driver
label: Driver
schema:
type: string
required: true
default: log
enum:
- value: log
description: Log
- value: smtp
description: SMTP
- variable: host
label: Host
schema:
type: string
default: ""
- variable: port
label: Port
schema:
type: int
default: 587
- variable: from
label: From
schema:
type: string
default: ""
- variable: user
label: User
schema:
type: string
default: ""
- variable: pass
label: Pass
schema:
type: string
private: true
default: ""
- variable: encryption
label: encryption
schema:
type: string
default: "STARTTLS"
enum:
- value: TLS
description: TLS
- value: STARTTLS
description: STARTTLS
- value: SSL
description: SSL
- variable: from_name
label: From Name
schema:
type: string
default: "2FAuth"
- variable: from_address
label: From Address
schema:
type: string
default: ""
- variable: auth
label: Auth Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: guard
label: Guard
schema:
type: string
default: "web-guard"
enum:
- value: web-guard
description: Web Guard
- value: reverse-proxy-guard
description: Reverse Proxy Guard
- variable: proxy_header_for_user
label: Proxy Header for User
schema:
type: string
default: ""
show_if: [[guard, "=", "reverse-proxy-guard"]]
- variable: proxy_header_for_email
label: Proxy Header for Email
schema:
type: string
default: ""
show_if: [[guard, "=", "reverse-proxy-guard"]]
- variable: proxy_logout_url
label: Proxy Logout Url
schema:
type: string
default: ""
show_if: [[guard, "=", "reverse-proxy-guard"]]
- variable: webauthn
label: WebAuthn Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
default: 2FAuth
- variable: id
label: ID
schema:
type: string
default: ""
- variable: icon
label: Icon
schema:
type: string
default: ""
- variable: user_verified
label: User Verified
schema:
type: string
default: preferred
enum:
- value: required
description: Required
- value: preferred
description: Preferred
- value: discouraged
description: Discouraged
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
# Include{serviceMain}
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: main
label: "Main Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 8000
required: true
# Include{serviceExpertRoot}
# Include{serviceExpert}
# Include{serviceList}
# Include{persistenceRoot}
- variable: config
label: "App Config Storage"
description: "Stores the Application Configuration."
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceList}
# Include{ingressRoot}
- variable: main
label: "Main Ingress"
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressAdvanced}
# Include{ingressList}
# Include{securityContextRoot}
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 1000
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 1000
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 568
# Include{resources}
# Include{advanced}
# Include{addons}
# Include{codeserver}
# Include{netshoot}
# Include{vpn}
# Include{documentation}

1
charts/incubator/twofauth/templates/NOTES.txt Normal file
View File

@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}

13
charts/incubator/twofauth/templates/_secrets.tpl Normal file
View File

@ -0,0 +1,13 @@
{{/* Define the secrets */}}
{{- define "twofauth.secret" -}}
{{- $secretName := (printf "%s-twofauth-secret" (include "tc.v1.common.lib.chart.names.fullname" $)) }}
{{- $appKey := randAlphaNum 32 -}}
{{- with lookup "v1" "Secret" .Release.Namespace $secretName -}}
{{- $appKey = index .data "APP_KEY" | b64dec -}}
{{- end }}
enabled: true
data:
APP_KEY: {{ $appKey }}
{{- end -}}

10
charts/incubator/twofauth/templates/common.yaml Normal file
View File

@ -0,0 +1,10 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.v1.common.loader.init" . -}}
{{- $secret := include "twofauth.secret" . | fromYaml -}}
{{- if $secret -}}
{{- $_ := set .Values.secret "twofauth-secret" $secret -}}
{{- end -}}
{{/* Render the templates */}}
{{- include "tc.v1.common.loader.apply" . -}}

126
charts/incubator/twofauth/values.yaml Normal file
View File

@ -0,0 +1,126 @@
image:
repository: 2fauth/2fauth
pullPolicy: IfNotPresent
tag: 5.0.0@sha256:4845b8be5b6a2e40e29bb27dee36fffc746ef15b8c9e09f065dcae646c34182f
securityContext:
container:
readOnlyRootFilesystem: false
runAsUser: 1000
runAsGroup: 1000
twofauth:
app:
name: 2FAuth
site_owner: mail@example.com
url: http://localhost:8000
session_lifetime: 120
trusted_proxies: []
mail:
driver: log
host: ""
port: 587
from: ""
user: ""
pass: ""
# TLS | STARTTLS | SSL
encryption: STARTTLS
from_name: 2FAuth
from_address: changeme@example.com
auth:
# web-guard | reverse-proxy-guard
guard: web-guard
# show if guard uses reverse-proxy-guard
proxy_header_for_user: ""
proxy_header_for_email: ""
proxy_logout_url: ""
webauthn:
name: 2FAuth
id: ""
icon: ""
# required | preferred | discouraged
user_verified: preferred
workload:
main:
podSpec:
containers:
main:
probes:
liveness:
path: /infos
readiness:
path: /infos
startup:
type: tcp
env:
# APP
APP_ENV: local
APP_KEY:
secretKeyRef:
name: twofauth-secret
key: APP_KEY
APP_NAME: "{{ .Values.twofauth.app.name }}"
SITE_OWNER: "{{ .Values.twofauth.app.site_owner }}"
APP_URL: "{{ .Values.twofauth.app.url }}"
SESSION_LIFETIME: "{{ .Values.twofauth.app.session_lifetime }}"
TRUSTED_PROXIES: '{{ join "," .Values.twofauth.app.trusted_proxies }}'
# MAIL
MAIL_DRIVER: "{{ .Values.twofauth.mail.driver }}"
MAIL_HOST: "{{ .Values.twofauth.mail.host }}"
MAIL_PORT: "{{ .Values.twofauth.mail.port }}"
MAIL_FROM: "{{ .Values.twofauth.mail.from }}"
MAIL_USERNAME: "{{ .Values.twofauth.mail.user }}"
MAIL_PASSWORD: "{{ .Values.twofauth.mail.pass }}"
MAIL_ENCRYPTION: "{{ .Values.twofauth.mail.encryption }}"
MAIL_FROM_NAME: "{{ .Values.twofauth.mail.from_name }}"
MAIL_FROM_ADDRESS: "{{ .Values.twofauth.mail.from_address }}"
# AUTH
AUTHENTICATION_GUARD: "{{ .Values.twofauth.auth.guard }}"
AUTH_PROXY_HEADER_FOR_USER: "{{ .Values.twofauth.auth.proxy_header_for_user }}"
AUTH_PROXY_HEADER_FOR_EMAIL: "{{ .Values.twofauth.auth.proxy_header_for_email }}"
PROXY_LOGOUT_URL: "{{ .Values.twofauth.auth.proxy_logout_url }}"
# WebAuthn:
WEBAUTHN_NAME: "{{ .Values.twofauth.webauthn.name }}"
WEBAUTHN_ID: "{{ .Values.twofauth.webauthn.id }}"
# Optional image data in BASE64 (128 bytes maximum) or an image url
WEBAUTHN_ICON: "{{ .Values.twofauth.webauthn.icon }}"
WEBAUTHN_USER_VERIFICATION: "{{ .Values.twofauth.webauthn.user_verified }}"
# Postgres
DB_CONNECTION: pgsql
DB_DATABASE: "{{ .Values.cnpg.main.database }}"
DB_USERNAME: "{{ .Values.cnpg.main.user }}"
DB_PORT: 5432
DB_HOST:
secretKeyRef:
name: cnpg-main-urls
key: host
DB_PASSWORD:
secretKeyRef:
name: cnpg-main-user
key: password
service:
main:
ports:
main:
protocol: http
targetPort: 8000
port: 8000
persistence:
config:
enabled: true
mountPath: /2fauth
varrun:
enabled: false
cnpg:
main:
enabled: true
user: twofauth
database: twofauth
portal:
open:
enabled: true