Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code

fix(firezone) fix secrets, add probe, and custom config (#12269) 

**Description**
- Fix secrets and bump app version.
- add probe
- custom config sections
- fix icon name
⚒️ Fixes  # <!--(issue)-->

**⚙️ Type of change**

- [ ] ⚙️ Feature/App addition
- [X] 🪛 Bugfix
- [ ] ⚠️ Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [X] 🔃 Refactor of current code

**🧪 How Has This Been Tested?**
<!--
Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details
for your test configuration
-->

**📃 Notes:**
<!-- Please enter any other relevant information here -->

**✔️ Checklist:**

- [X] ⚖️ My code follows the style guidelines of this project
- [X] 👀 I have performed a self-review of my own code
- [ ] #️⃣ I have commented my code, particularly in hard-to-understand
areas
- [ ] 📄 I have made corresponding changes to the documentation
- [ ] ⚠️ My changes generate no new warnings
- [ ] 🧪 I have added tests to this description that prove my fix is
effective or that my feature works
- [X] ⬆️ I increased versions for any altered app according to semantic
versioning

** App addition**

If this PR is an app addition please make sure you have done the
following.

- [ ] 🪞 I have opened a PR on
[truecharts/containers](https://github.com/truecharts/containers) adding
the container to TrueCharts mirror repo.
- [ ] 🖼️ I have added an icon in the Chart's root directory called
`icon.png`

---

_Please don't blindly check all the boxes. Read them and only check
those that apply.
Those checkboxes are there for the reviewer to see what is this all
about and
the status of this PR with a quick glance._
This commit is contained in:
Xstar97TheNoob 2023-09-07 04:27:15 -04:00 committed by GitHub
parent a69386d845
commit cd913c96a7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 310 additions and 285 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
charts/incubator/firezone/Chart.yaml
View File

@ -1,9 +1,9 @@
apiVersion: v2 apiVersion: v2
appVersion: "0.7.30" appVersion: "0.7.35"
dependencies: dependencies:
- name: common - name: common
repository: https://library-charts.truecharts.org repository: https://library-charts.truecharts.org
version: 14.0.1 version: 14.0.3
deprecated: false deprecated: false
description: WireGuard-based VPN server and egress firewall description: WireGuard-based VPN server and egress firewall
home: https://truecharts.org/charts/incubator/firezone home: https://truecharts.org/charts/incubator/firezone
@ -22,7 +22,7 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/incubator/firezone - https://github.com/truecharts/charts/tree/master/charts/incubator/firezone
- https://github.com/firezone/firezone - https://github.com/firezone/firezone
type: application type: application
version: 0.0.8 version: 0.1.0
annotations: annotations:
truecharts.org/catagories: | truecharts.org/catagories: |
- vpn - vpn

0
charts/incubator/firezone/logo.png → charts/incubator/firezone/icon.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 12 KiB

285
charts/incubator/firezone/questions.yaml
View File

@ -11,231 +11,226 @@ questions:
# Include{podSpec} # Include{podSpec}
# Include{containerMain} # Include{containerMain}
- variable: env # Include{containerBasic}
label: Image Environment # Include{containerAdvanced}
- variable: firezone
group: App Configuration
label: FireZone
schema: schema:
additional_attrs: true additional_attrs: true
type: dict type: dict
attrs: attrs:
- variable: EXTERNAL_URL - variable: web
label: Web Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: external_url
label: External Url label: External Url
description: Must be a valid and public FQDN for ACME SSL issuance to function. Include https:// description: Must be a valid and public FQDN for ACME SSL issuance to function. Include https://
schema: schema:
type: string type: string
required: true required: true
default: "" default: ""
- variable: DEFAULT_ADMIN_EMAIL - variable: trusted_proxies
label: Default Admin Email label: Trusted Proxies
description: List of trusted reverse proxies.
schema:
type: list
default: []
items:
- variable: proxy
label: Proxy IP
schema:
type: string
required: true
default: ""
- variable: private_clients
label: Private Clients
description: List of trusted clients.
schema:
type: list
default: []
items:
- variable: client_ip
label: Client IP
schema:
type: string
required: true
default: ""
- variable: secure_cookies
label: Secure Cookies
description: Enable or disable requiring secure cookies. Required for HTTPS.
schema:
type: boolean
default: true
- variable: admin
label: Admin Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: reset_admin_on_boot
label: Reset Admin On Boot
description: to create or reset the admin password every time Firezone starts. By default, the admin password is only set when Firezone is installed.
schema:
type: boolean
default: false
- variable: default_email
label: Default Email
description: Primary administrator email. description: Primary administrator email.
schema: schema:
type: string type: string
required: true required: true
default: "" default: ""
- variable: DEFAULT_ADMIN_PASSWORD - variable: default_password
label: Default Admin Password label: Default Password
description: Primary administrator password. description: Default password that will be used for creating or resetting the primary administrator account.
schema: schema:
type: string type: string
required: true required: true
private: true private: true
default: "" default: ""
- variable: RESET_ADMIN_ON_BOOT
label: Reset Admin On Boot
description: to create or reset the admin password every time FireZone starts.
schema:
type: boolean
default: false
- variable: TELEMETRY_ENABLED
label: Telemetry Enabled
description: Enable or disable the FireZone telemetry collection.
schema:
type: boolean
default: false
- variable: devices - variable: devices
label: Devices Settings label: Devices Configuration
schema: schema:
type: boolean additional_attrs: true
default: false type: dict
show_subquestions_if: true attrs:
subquestions: - variable: allow_unprivileged_device_management
- variable: ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT label: Allow Unprivileged Device Management
label: Allow Unprivileged Devices
description: Enable or disable management of devices on unprivileged accounts. description: Enable or disable management of devices on unprivileged accounts.
schema: schema:
type: boolean type: boolean
default: true default: true
- variable: ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION - variable: allow_unprivileged_device_config
label: Allow Unprivileged Device Configuration label: Allow Unprivileged Device Configuration
description: Enable or disable configuration of device network settings for unprivileged users. description: Enable or disable configuration of device network settings for unprivileged users.
schema: schema:
type: boolean type: boolean
default: true default: true
- variable: VPN_SESSION_DURATION - variable: vpn_session_duration
label: VPN Session Duration label: VPN Session Duration
description: Optionally require users to periodically authenticate to the FireZone, Interval for WireGuard persistent keepalive. description: Optionally require users to periodically authenticate to the Firezone web UI in order to keep their VPN sessions active.
schema: schema:
type: int type: int
default: 0 default: 0
- variable: DEFAULT_CLIENT_PERSISTENT_KEEPALIVE - variable: client_persistent_keepalive
label: Default Client Persistent KeepAlive label: Client Persistent KeepAlive
description: send a keepalive packet every 25 seconds. Otherwise, keep it disabled with a 0 default value. description: If you experience NAT or firewall traversal problems, you can enable this to send a keepalive packet every 25 seconds, disabled by setting it to 0.
schema: schema:
type: int type: int
default: 25 default: 0
- variable: DEFAULT_CLIENT_MTU - variable: default_client_mtu
label: Default Client MTU label: Default Client MTU
description: WireGuard interface MTU for devices. description: WireGuard interface MTU for devices.
schema: schema:
type: int type: int
default: 1280 default: 1280
- variable: DEFAULT_CLIENT_ENDPOINT - variable: client_endpoint
label: Default Client EndPoint label: Client Endpoint
description: IPv4, IPv6 address, or FQDN that devices will be configured to connect to. Defaults to this server's FQDN. description: IPv4, IPv6 address, or FQDN that devices will be configured to connect to.
schema: schema:
type: string type: string
default: "" default: ""
- variable: DEFAULT_CLIENT_DNS - variable: client_dns
label: Default Client DNS label: Client DNS
description: Comma-separated list of DNS servers to use for devices. description: List of DNS servers to use for devices.
schema:
type: list
empty: false
required: true
default:
- 1.1.1.1
- 1.0.0.1
items:
- variable: dns
label: DNS
schema: schema:
type: string type: string
default: "1.1.1.1,1.0.0.1" required: true
- variable: DEFAULT_CLIENT_ALLOWED_IPS default: ""
label: Default Client Allowed IPs - variable: client_allowed_ips
description: AllowedIPs determines which destination IPs get routed through FireZone. label: Client Allowed Ips
description: Configures the default AllowedIPs setting for devices.
schema:
type: list
default: []
items:
- variable: dns
label: DNS
schema: schema:
type: string type: string
default: "0.0.0.0/0,::/0" required: true
- variable: MAX_DEVICES_PER_USER default: ""
- variable: max_devices_per_user
label: Max Devices Per User label: Max Devices Per User
description: Changes how many devices a user can have at a time. description: Changes how many devices a user can have at a time.
schema: schema:
type: int type: int
default: 10 default: 10
- variable: authorization - variable: authorization
label: Authorization Settings label: Authorization Configuration
schema: schema:
type: boolean additional_attrs: true
default: false type: dict
show_subquestions_if: true attrs:
subquestions: - variable: local_auth_enabled
- variable: LOCAL_AUTH_ENABLED
label: Local Auth Enabled label: Local Auth Enabled
description: Enable or disable the local authentication method for all users. description: Enable or disable the local authentication method for all users.
schema: schema:
type: boolean type: boolean
default: true default: true
- variable: DISABLE_VPN_ON_OIDC_ERROR - variable: disable_vpn_on_oidc_error
label: Disable VPN On OIDC Error label: Disable VPN On OIDC Error
description: Enable or disable auto disabling VPN connection on OIDC refresh error. description: Enable or disable auto disabling VPN connection on OIDC refresh error.
schema: schema:
type: boolean type: boolean
default: false default: false
- variable: wireguard - variable: wireguard
label: Wireguard Settings label: Wireguard Configuration
schema: schema:
type: boolean additional_attrs: true
default: false type: dict
show_subquestions_if: true attrs:
subquestions: - variable: ipv4_masquerade_enabled
- variable: WIREGUARD_IPV4_ENABLED label: IPv4 Masquerade Enabled
label: WireGuard IPV4 Enabled description: Enable or disable IPv4 masqeurading.
description: Enable or disable IPv4 support for WireGuard.
schema: schema:
type: boolean type: boolean
default: true default: true
- variable: WIREGUARD_IPV6_ENABLED
label: WireGuard IPV6 Enabled
description: Enable or disable IPv6 support for WireGuard.
schema:
type: boolean
default: false
- variable: outbound
label: OutBound Email Settings
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: OUTBOUND_EMAIL_FROM
label: Outbound Email From
description: From address to use for sending outbound emails.
schema:
type: string
default: ""
- variable: OUTBOUND_EMAIL_ADAPTER
label: Outbound Email Adapter
description: Method to use for sending outbound email.
schema:
type: string
default: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
enum:
- value: "Elixir.FzHttpWeb.Mailer.AmazonSES"
description: "AmazonSES"
- value: "Elixir.FzHttpWeb.Mailer.CustomerIO"
description: CustomerIO"
- value: "Elixir.FzHttpWeb.Mailer.Dyn"
description: Dyn
- value: "Elixir.FzHttpWeb.Mailer.ExAwsAmazonSES"
description: ExAwsAmazonSES"
- value: "Elixir.FzHttpWeb.Mailer.Gmail"
description: Gmail"
- value: "Elixir.FzHttpWeb.Mailer.MailPace"
description: MailPace"
- value: "Elixir.FzHttpWeb.Mailer.Mailgun"
description: Mailgun"
- value: "Elixir.FzHttpWeb.Mailer.Mailjet"
description: MailJet"
- value: "Elixir.FzHttpWeb.Mailer.Mandrill"
description: Mandrill"
- value: "Elixir.FzHttpWeb.Mailer.Postmark"
description: Postmark"
- value: "Elixir.FzHttpWeb.Mailer.ProtonBridge"
description: ProtonBridge"
- value: "Elixir.FzHttpWeb.Mailer.SMTP"
description: SMTP"
- value: "Elixir.FzHttpWeb.Mailer.SMTP2GO"
description: SMTP2GO"
- value: "Elixir.FzHttpWeb.Mailer.Sendgrid"
description: SendGrid"
- value: "Elixir.FzHttpWeb.Mailer.Sendinblue"
description: "SendInBlue"
- value: "Elixir.FzHttpWeb.Mailer.Sendmail"
description: "Sendmail"
- value: "Elixir.FzHttpWeb.Mailer.SocketLabs"
description: "SocketLabs"
- value: "Elixir.FzHttpWeb.Mailer.SparkPost"
description: "SparkPost"
- value: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
description: "NoopAdapter"
- variable: OUTBOUND_EMAIL_ADAPTER_OPTS
label: Outbound Email Adapter OPTS
description: Adapter configuration, see https://github.com/swoosh/swoosh#adapters.
schema:
type: string
default: ""
- variable: connectivity - variable: connectivity
label: Connectivity Settings label: Connectivity Configuration
schema: schema:
type: boolean additional_attrs: true
default: false type: dict
show_subquestions_if: true attrs:
subquestions: - variable: checks_enabled
- variable: CONNECTIVITY_CHECKS_ENABLED label: Checks Enabled
label: Connectivity Checks Enabled description: Enable / disable periodic checking for egress connectivity.
description: Enable / disable periodic checking for egress connectivity. Determines the instance's public IP to populate Endpoint fields.
schema: schema:
type: boolean type: boolean
default: true default: true
- variable: CONNECTIVITY_CHECKS_INTERVAL - variable: checks_interval
label: Connectivity Checks Interval label: Checks Interval
description: Periodicity in seconds to check for egress connectivity. description: Periodicity in seconds to check for egress connectivity.
schema: schema:
type: int type: int
default: 43200 default: 43200
- variable: other
# Include{containerBasic} label: Other Configuration
# Include{containerAdvanced} schema:
additional_attrs: true
type: dict
attrs:
- variable: telemetry_enabled
label: Telemetry Enabled
description: Enable or disable the Firezone telemetry collection.
schema:
type: boolean
default: false
# Include{containerConfig} # Include{containerConfig}
# Include{podOptions} # Include{podOptions}

14
charts/incubator/firezone/templates/_secrets.tpl
View File

@ -17,10 +17,12 @@
{{- end }} {{- end }}
enabled: true enabled: true
data: data:
GUARDIAN_SECRET_KEY: {{ $keyGuardian }} # firezone requires all these keys to be in base 64 format presented in the container, so this b64enc here is intentional
DATABASE_ENCRYPTION_KEY: {{ $keyDatabase }} # https://www.firezone.dev/docs/reference/env-vars#secrets-and-encryption
SECRET_KEY_BASE: {{ $keySecret }} GUARDIAN_SECRET_KEY: {{ $keyGuardian | b64enc }}
LIVE_VIEW_SIGNING_SALT: {{ $keyLive }} DATABASE_ENCRYPTION_KEY: {{ $keyDatabase | b64enc }}
COOKIE_SIGNING_SALT: {{ $keyCookieSigning }} SECRET_KEY_BASE: {{ $keySecret | b64enc }}
COOKIE_ENCRYPTION_SALT: {{ $keyCookieEncrypt }} LIVE_VIEW_SIGNING_SALT: {{ $keyLive | b64enc }}
COOKIE_SIGNING_SALT: {{ $keyCookieSigning | b64enc }}
COOKIE_ENCRYPTION_SALT: {{ $keyCookieEncrypt | b64enc }}
{{- end -}} {{- end -}}

2
charts/incubator/firezone/templates/common.yaml
View File

@ -4,7 +4,7 @@
{{/* Render secrets for firezone */}} {{/* Render secrets for firezone */}}
{{- $secrets := include "firezone.secrets" . | fromYaml -}} {{- $secrets := include "firezone.secrets" . | fromYaml -}}
{{- if $secrets -}} {{- if $secrets -}}
{{- $_ := set .Values.secret "secrets" $secrets -}} {{- $_ := set .Values.secret "firezone-secrets" $secrets -}}
{{- end -}} {{- end -}}
{{/* Render the templates */}} {{/* Render the templates */}}

132
charts/incubator/firezone/values.yaml
View File

@ -1,7 +1,7 @@
image: image:
repository: tccr.io/truecharts/firezone repository: tccr.io/truecharts/firezone
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: v0.7.30@sha256:e22dc7a9be93a804bbe0e3d301c883625463a3649d856c8b41f80a2257214667 tag: v0.7.35@sha256:53c08baeb65dde8689ebb3bd1fc9fbb034970dfdc9bceb005c4ffa03fe2b3e93
securityContext: securityContext:
container: container:
@ -15,26 +15,66 @@ securityContext:
- NET_ADMIN - NET_ADMIN
- SYS_MODULE - SYS_MODULE
service:
main:
ports:
main:
protocol: http
port: 13000
wireguard:
enabled: true
ports:
wireguard:
enabled: true
protocol: udp
port: 51820
firezone:
web:
external_url: "https://example.com"
trusted_proxies: []
private_clients: []
admin:
reset_admin_on_boot: false
default_email: "admin@email.com"
default_password: "1234567890"
devices:
allow_unprivileged_device_management: true
allow_unprivileged_device_config: true
vpn_session_duration: 0
client_persistent_keepalive: 25
default_client_mtu: 1280
client_endpoint: ""
client_dns:
- 1.1.1.1
- 1.0.0.1
client_allowed_ips:
- 0.0.0.0/0
max_devices_per_user: 10
authorization:
local_auth_enabled: true
disable_vpn_on_oidc_error: false
wireguard:
ipv4_masquerade_enabled: true
connectivity:
checks_enabled: true
checks_interval: 43200
other:
telemetry_enabled: false
workload: workload:
main: main:
podSpec: podSpec:
containers: containers:
main: main:
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
env: env:
# web # web
PHOENIX_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}" PHOENIX_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
EXTERNAL_URL: "https://app.mydomain.com" EXTERNAL_URL: "{{ .Values.firezone.web.external_url }}"
# PHOENIX_SECURE_COOKIES: true PHOENIX_SECURE_COOKIES: "{{ .Values.firezone.web.secure_cookies }}"
# PHOENIX_HTTP_PROTOCOL_OPTIONS: "{}" # PHOENIX_HTTP_PROTOCOL_OPTIONS: "{}"
# PHOENIX_EXTERNAL_TRUSTED_PROXIES: "[]" PHOENIX_EXTERNAL_TRUSTED_PROXIES: "{{ toJson .Values.firezone.web.trusted_proxies }}"
# PHOENIX_PRIVATE_CLIENTS: "[]" PHOENIX_PRIVATE_CLIENTS: "{{ toJson .Values.firezone.web.private_clients }}"
# DB # DB
DATABASE_HOST: DATABASE_HOST:
secretKeyRef: secretKeyRef:
@ -51,49 +91,49 @@ workload:
DATABASE_SSL_ENABLED: false DATABASE_SSL_ENABLED: false
# DATABASE_SSL_OPTS: "{}" # DATABASE_SSL_OPTS: "{}"
# Admin # Admin
RESET_ADMIN_ON_BOOT: false RESET_ADMIN_ON_BOOT: "{{ .Values.firezone.admin.reset_admin_on_boot }}"
DEFAULT_ADMIN_EMAIL: "admin@email.com" DEFAULT_ADMIN_EMAIL: "{{ .Values.firezone.admin.default_email }}"
DEFAULT_ADMIN_PASSWORD: "1234567890" DEFAULT_ADMIN_PASSWORD: "{{ .Values.firezone.admin.default_password }}"
# Secrets and Encryption # Secrets and Encryption
GUARDIAN_SECRET_KEY: GUARDIAN_SECRET_KEY:
secretKeyRef: secretKeyRef:
name: secrets name: firezone-secrets
key: GUARDIAN_SECRET_KEY key: GUARDIAN_SECRET_KEY
DATABASE_ENCRYPTION_KEY: DATABASE_ENCRYPTION_KEY:
secretKeyRef: secretKeyRef:
name: secrets name: firezone-secrets
key: DATABASE_ENCRYPTION_KEY key: DATABASE_ENCRYPTION_KEY
SECRET_KEY_BASE: SECRET_KEY_BASE:
secretKeyRef: secretKeyRef:
name: secrets name: firezone-secrets
key: SECRET_KEY_BASE key: SECRET_KEY_BASE
LIVE_VIEW_SIGNING_SALT: LIVE_VIEW_SIGNING_SALT:
secretKeyRef: secretKeyRef:
name: secrets name: firezone-secrets
key: LIVE_VIEW_SIGNING_SALT key: LIVE_VIEW_SIGNING_SALT
COOKIE_SIGNING_SALT: COOKIE_SIGNING_SALT:
secretKeyRef: secretKeyRef:
name: secrets name: firezone-secrets
key: COOKIE_SIGNING_SALT key: COOKIE_SIGNING_SALT
COOKIE_ENCRYPTION_SALT: COOKIE_ENCRYPTION_SALT:
secretKeyRef: secretKeyRef:
name: secrets name: firezone-secrets
key: COOKIE_ENCRYPTION_SALT key: COOKIE_ENCRYPTION_SALT
# Devices # Devices
ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT: true ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT: "{{ .Values.firezone.devices.allow_unprivileged_device_management }}"
ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION: true ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION: "{{ .Values.firezone.devices.allow_unprivileged_device_config }}"
VPN_SESSION_DURATION: 0 VPN_SESSION_DURATION: "{{ .Values.firezone.devices.vpn_session_duration }}"
DEFAULT_CLIENT_PERSISTENT_KEEPALIVE: 25 DEFAULT_CLIENT_PERSISTENT_KEEPALIVE: "{{ .Values.firezone.devices.client_persistent_keepalive }}"
DEFAULT_CLIENT_MTU: 1280 DEFAULT_CLIENT_MTU: "{{ .Values.firezone.devices.default_client_mtu }}"
# DEFAULT_CLIENT_ENDPOINT: "" DEFAULT_CLIENT_ENDPOINT: "{{ .Values.firezone.devices.client_endpoint }}"
DEFAULT_CLIENT_DNS: "1.1.1.1,1.0.0.1" DEFAULT_CLIENT_DNS: '{{ join "," .Values.firezone.devices.client_dns }}'
DEFAULT_CLIENT_ALLOWED_IPS: "0.0.0.0/0, ::/0" DEFAULT_CLIENT_ALLOWED_IPS: '{{ join "," .Values.firezone.devices.client_allowed_ips }}'
# Limits # Limits
MAX_DEVICES_PER_USER: 10 MAX_DEVICES_PER_USER: "{{ .Values.firezone.devices.max_devices_per_user }}"
# Authorization # Authorization
LOCAL_AUTH_ENABLED: true LOCAL_AUTH_ENABLED: "{{ .Values.firezone.authorization.local_auth_enabled }}"
DISABLE_VPN_ON_OIDC_ERROR: false DISABLE_VPN_ON_OIDC_ERROR: "{{ .Values.firezone.authorization.disable_vpn_on_oidc_error }}"
SAML_ENTITY_ID: "urn:firezone.dev:firezone-app" # SAML_ENTITY_ID: "urn:firezone.dev:firezone-app"
# SAML_KEYFILE_PATH: "/var/firezone/saml.key" # SAML_KEYFILE_PATH: "/var/firezone/saml.key"
# SAML_CERTFILE_PATH: "/var/firezone/saml.crt" # SAML_CERTFILE_PATH: "/var/firezone/saml.crt"
# OPENID_CONNECT_PROVIDERS: "[]" # OPENID_CONNECT_PROVIDERS: "[]"
@ -101,30 +141,18 @@ workload:
# WireGuard # WireGuard
WIREGUARD_PORT: "{{ .Values.service.wireguard.ports.wireguard.port }}" WIREGUARD_PORT: "{{ .Values.service.wireguard.ports.wireguard.port }}"
WIREGUARD_IPV4_ENABLED: true WIREGUARD_IPV4_ENABLED: true
WIREGUARD_IPV4_MASQUERADE: "{{ .Values.firezone.wireguard.ipv4_masquerade_enabled }}"
WIREGUARD_IPV6_ENABLED: false WIREGUARD_IPV6_ENABLED: false
WIREGUARD_IPV6_MASQUERADE: false
# Outbound Emails # Outbound Emails
OUTBOUND_EMAIL_FROM: "" # OUTBOUND_EMAIL_FROM: ""
OUTBOUND_EMAIL_ADAPTER: "Elixir.FzHttpWeb.Mailer.NoopAdapter" # OUTBOUND_EMAIL_ADAPTER: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
# OUTBOUND_EMAIL_ADAPTER_OPTS: "{}" # OUTBOUND_EMAIL_ADAPTER_OPTS: "{}"
# Connectivity Checks # Connectivity Checks
CONNECTIVITY_CHECKS_ENABLED: true CONNECTIVITY_CHECKS_ENABLED: "{{ .Values.firezone.connectivity.checks_enabled }}"
CONNECTIVITY_CHECKS_INTERVAL: 43200 CONNECTIVITY_CHECKS_INTERVAL: "{{ .Values.firezone.connectivity.checks_interval }}"
# Telemetry # Telemetry
TELEMETRY_ENABLED: false TELEMETRY_ENABLED: "{{ .Values.firezone.other.telemetry_enabled }}"
service:
main:
ports:
main:
protocol: http
port: 13000
wireguard:
enabled: true
ports:
wireguard:
enabled: true
protocol: udp
port: 51820
persistence: persistence:
config: config: