# Include{groups} portals: open: # Include{portalLink} questions: # Include{global} # Include{controller} # Include{controllerDeployment} # Include{replicas} # Include{replica1} # Include{strategy} # Include{recreate} # Include{controllerExpert} # Include{controllerExpertExtraArgs} - variable: env group: "Container Configuration" label: "Image Environment" schema: additional_attrs: true type: dict attrs: - variable: generalsettings label: "General Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_FORBIDDEN_NOTE_IDS label: "CMD_FORBIDDEN_NOTE_IDS" description: "disallow creation of notes, even if allowFreeUrl or CMD_ALLOW_FREEURL is true" schema: type: string default: "robots.txt, favicon.ico, api, build, css, docs, fonts, js, uploads, vendor, views" - variable: CMD_IMAGE_UPLOAD_TYPE label: "CMD_IMAGE_UPLOAD_TYPE" description: "Where to upload images." schema: type: string default: "filesystem" enum: - value: "filesystem" description: "filesystem" - value: "imgur" description: "imgur" - value: "s3" description: "s3" - value: "minio" description: "minio" - value: "azure" description: "azure" - value: "lutim" description: "lutim" - variable: CMD_SOURCE_URL label: "CMD_SOURCE_URL" description: "Provides the link to the source code of HedgeDoc on the entry page" schema: type: string default: "" - variable: CMD_TOOBUSY_LAG label: "CMD_TOOBUSY_LAG" description: "CPU time for one event loop tick until node throttles connections. (milliseconds)" schema: type: int default: 70 - variable: CMD_ALLOW_GRAVATAR label: "CMD_ALLOW_GRAVATAR" description: "Set to false to disable Libravatar as profile picture source on your instance." schema: type: boolean default: true - variable: httpsettings label: "HTTP Settings" schema: type: boolean default: true show_subquestions_if: true subquestions: - variable: CMD_DOMAIN label: "CMD_DOMAIN" description: "Domain name (eg. hedgedoc.org)" schema: type: string default: "" - variable: CMD_PROTOCOL_USESSL label: "CMD_PROTOCOL_USESSL" description: "Set to use SSL protocol for resources path (only applied when domain is set)" schema: type: boolean default: false - variable: CMD_URL_ADDPORT label: "CMD_URL_ADDPORT" description: "Set to add port on callback URL (ports 80 or 443 won't be applied) (only applied when domain is set)" schema: type: boolean default: false - variable: CMD_ALLOW_ORIGIN label: "CMD_ALLOW_ORIGIN" description: "Domain name whitelist (use comma to separate)" schema: type: string default: "localhost" - variable: websecsettings label: "Web Security Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_HSTS_ENABLE label: "CMD_HSTS_ENABLE" description: "Set to enable HSTS if HTTPS is also enabled" schema: type: boolean default: true - variable: CMD_HSTS_INCLUDE_SUBDOMAINS label: "CMD_HSTS_INCLUDE_SUBDOMAINS" description: "Set to include subdomains in HSTS" schema: type: boolean default: true - variable: CMD_HSTS_MAX_AGE label: "CMD_HSTS_MAX_AGE" description: "Max duration in seconds to tell clients to keep HSTS status" schema: type: int default: 31536000 - variable: CMD_HSTS_PRELOAD label: "CMD_HSTS_PRELOAD" description: "Whether to allow preloading of the site's HSTS status" schema: type: boolean default: true - variable: CMD_CSP_ENABLE label: "CMD_CSP_ENABLE" description: "Whether to apply a Content-Security-Policy header to responses" schema: type: boolean default: true - variable: CMD_CSP_ADD_DISQUS label: "CMD_CSP_ADD_DISQUS" description: "Enable to allow users to add Disqus comments to their notes or presentations." schema: type: boolean default: false - variable: CMD_CSP_ADD_GOOGLE_ANALYTICS label: "CMD_CSP_ADD_GOOGLE_ANALYTICS" description: "Enable to allow users to add Google Analytics to their notes." schema: type: boolean default: false - variable: CMD_CSP_REPORTURI label: "CMD_CSP_REPORTURI" description: "Allows to add a URL for CSP reports in case of violations." schema: type: string default: "" - variable: CMD_CSP_ALLOW_FRAMING label: "CMD_CSP_ALLOW_FRAMING" description: "Disable to disallow embedding of the instance via iframe." schema: type: boolean default: true - variable: CMD_CSP_ALLOW_PDF_EMBED label: "CMD_CSP_ALLOW_PDF_EMBED" description: "Disable to disallow embedding PDFs." schema: type: boolean default: true - variable: CMD_COOKIE_POLICY label: "CMD_COOKIE_POLICY" description: "Set a SameSite policy whether cookies are send from cross-origin" schema: type: string default: "lax" enum: - value: "lax" description: "lax" - value: "strict" description: "strict" - value: "none" description: "none" - variable: userprivillegesettings label: "Users and Privileges Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_ALLOW_ANONYMOUS label: "CMD_ALLOW_ANONYMOUS" description: "Set to allow anonymous usage" schema: type: boolean default: false - variable: CMD_ALLOW_ANONYMOUS_EDITS label: "CMD_ALLOW_ANONYMOUS_EDITS" description: "If allowAnonymous is false: allow users to select freely permission, allowing guests to edit existing notes" schema: type: boolean default: false - variable: CMD_ALLOW_FREEURL label: "CMD_ALLOW_FREEURL" description: "Set to allow new note creation by accessing a nonexistent note URL" schema: type: boolean default: false - variable: CMD_REQUIRE_FREEURL_AUTHENTICATION label: "CMD_REQUIRE_FREEURL_AUTHENTICATION" description: "Set to require authentication for FreeURL mode style note creation" schema: type: boolean default: true - variable: CMD_DEFAULT_PERMISSION label: "CMD_DEFAULT_PERMISSION" description: "Set notes default permission (only applied on signed-in users)" schema: type: string default: "editable" enum: - value: "editable" description: "editable" - value: "freely" description: "freely" - value: "limited" description: "limited" - value: "locked" description: "locked" - value: "protected" description: "protected" - value: "private" description: "private" - variable: CMD_SESSION_LIFE label: "CMD_SESSION_LIFE" description: "Cookie session life time in milliseconds." schema: type: int default: 1209600000 - variable: loginsettings label: "Login Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_EMAIL label: "CMD_EMAIL" description: "Set to allow email sign-in" schema: type: boolean default: true - variable: CMD_ALLOW_EMAIL_REGISTER label: "CMD_ALLOW_EMAIL_REGISTER" description: "Set to allow registration of new accounts using an email address." schema: type: boolean default: true - variable: dropboxsettings label: "Dropbox Login Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_DROPBOX_CLIENTID label: "CMD_DROPBOX_CLIENTID" description: "Dropbox API client id" schema: type: string private: true default: "" - variable: CMD_DROPBOX_CLIENTSECRET label: "CMD_DROPBOX_CLIENTSECRET" description: "Dropbox API client secret" schema: type: string private: true default: "" - variable: facebooksettings label: "Facebook Login Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_FACEBOOK_CLIENTID label: "CMD_FACEBOOK_CLIENTID" description: "Facebook API client id" schema: type: string private: true default: "" - variable: CMD_FACEBOOK_CLIENTSECRET label: "CMD_FACEBOOK_CLIENTSECRET" description: "Facebook API client secret" schema: type: string private: true default: "" - variable: githubsettings label: "Github Login Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_GITHUB_CLIENTID label: "CMD_GITHUB_CLIENTID" description: "Github API client id" schema: type: string private: true default: "" - variable: CMD_GITHUB_CLIENTSECRET label: "CMD_GITHUB_CLIENTSECRET" description: "Github API client secret" schema: type: string private: true default: "" - variable: gitlabsettings label: "GitLab Login Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_GITLAB_SCOPE label: "CMD_GITLAB_SCOPE" description: "GitLab API requested scope" schema: type: string default: "api" enum: - value: "api" description: "api" - value: "read_user" description: "read_user" - variable: CMD_GITLAB_BASEURL label: "CMD_GITLAB_BASEURL" description: "GitLab authentication endpoint" schema: type: string default: "" - variable: CMD_GITLAB_CLIENTID label: "CMD_GITLAB_CLIENTID" description: "GitLab API client id" schema: type: string private: true default: "" - variable: CMD_GITLAB_CLIENTSECRET label: "CMD_GITLAB_CLIENTSECRET" description: "GitLab API client secret" schema: type: string private: true default: "" - variable: CMD_GITLAB_VERSION label: "CMD_GITLAB_VERSION" description: "GitLab API version" schema: type: string default: "v4" enum: - value: "v4" description: "v4" - value: "v3" description: "v3" - variable: googlesettings label: "Google Login Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_GOOGLE_CLIENTID label: "CMD_GOOGLE_CLIENTID" description: "Google API client id" schema: type: string private: true default: "" - variable: CMD_GOOGLE_CLIENTSECRET label: "CMD_GOOGLE_CLIENTSECRET" description: "Google API client secret" schema: type: string private: true default: "" - variable: CMD_GOOGLE_HOSTEDDOMAIN label: "CMD_GOOGLE_HOSTEDDOMAIN" description: "Provided only if the user belongs to a hosted domain" schema: type: string default: "" - variable: twittersettings label: "Twitter Login Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_TWITTER_CONSUMERKEY label: "CMD_TWITTER_CONSUMERKEY" description: "Twitter API consumer key" schema: type: string private: true default: "" - variable: CMD_TWITTER_CONSUMERSECRET label: "CMD_TWITTER_CONSUMERSECRET" description: "Twitter API consumer secret" schema: type: string private: true default: "" - variable: mattermostsettings label: "Mattermost Login Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_MATTERMOST_BASEURL label: "CMD_MATTERMOST_BASEURL" description: "Mattermost authentication endpoint for versions below 5.0" schema: type: string default: "" - variable: CMD_MATTERMOST_CLIENTID label: "CMD_MATTERMOST_CLIENTID" description: "Mattermost API client id" schema: type: string private: true default: "" - variable: CMD_MATTERMOST_CLIENTSECRET label: "CMD_MATTERMOST_CLIENTSECRET" description: "Mattermost API client secret" schema: type: string private: true default: "" - variable: oauthsettings label: "OAuth2 Login Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_OAUTH2_USER_PROFILE_URL label: "CMD_OAUTH2_USER_PROFILE_URL" description: "Where to retrieve information about a user after successful login" schema: type: string default: "" - variable: CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR label: "CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR" description: "Where to find the username in the JSON from the user profile URL" schema: type: string default: "" - variable: CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR label: "CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR" description: "Where to find the display-name in the JSON from the user profile URL" schema: type: string default: "" - variable: CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR label: "CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" description: "Where to find the email address in the JSON from the user profile URL" schema: type: string default: "" - variable: CMD_OAUTH2_USER_PROFILE_ID_ATTR label: "CMD_OAUTH2_USER_PROFILE_ID_ATTR" description: "Where to find the dedicated user ID (optional, overrides CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR)" schema: type: string default: "" - variable: CMD_OAUTH2_TOKEN_URL label: "CMD_OAUTH2_TOKEN_URL" description: "Sometimes called token endpoint, please refer to the documentation of your OAuth2 provider" schema: type: string default: "" - variable: CMD_OAUTH2_AUTHORIZATION_URL label: "CMD_OAUTH2_AUTHORIZATION_URL" description: "Authorization URL of your provider, please refer to the documentation of your OAuth2 provider" schema: type: string default: "" - variable: CMD_OAUTH2_CLIENT_ID label: "CMD_OAUTH2_CLIENT_ID" description: "You will get this from your OAuth2 provider when you register HedgeDoc as OAuth2-client" schema: type: string private: true default: "" - variable: CMD_OAUTH2_CLIENT_SECRET label: "CMD_OAUTH2_CLIENT_SECRET" description: "You will get this from your OAuth2 provider when you register HedgeDoc as OAuth2-client" schema: type: string default: "" - variable: CMD_OAUTH2_PROVIDERNAME label: "CMD_OAUTH2_PROVIDERNAME" description: "Optional name to be displayed at login form indicating the oAuth2 provider" schema: type: string default: "" - variable: CMD_OAUTH2_SCOPE label: "CMD_OAUTH2_SCOPE" description: "Scope to request for OIDC (OpenID Connect) providers" schema: type: string default: "" - variable: CMD_OAUTH2_ROLES_CLAIM label: "CMD_OAUTH2_ROLES_CLAIM" description: "ID token claim, which is supposed to provide an array of strings of roles" schema: type: string default: "" - variable: CMD_OAUTH2_ACCESS_ROLE label: "CMD_OAUTH2_ACCESS_ROLE" description: "The role which should be included in the ID token roles claim to grant access" schema: type: string default: "" - variable: ldapsettings label: "LDAP Login Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_LDAP_URL label: "CMD_LDAP_URL" description: "URL of LDAP server" schema: type: string default: "" - variable: CMD_LDAP_BINDDN label: "CMD_LDAP_BINDDN" description: "bindDn for LDAP access" schema: type: string default: "" - variable: CMD_LDAP_BINDCREDENTIALS label: "CMD_LDAP_BINDCREDENTIALS" description: "bindCredentials for LDAP access" schema: type: string default: "" - variable: CMD_LDAP_SEARCHBASE label: "CMD_LDAP_SEARCHBASE" description: "LDAP directory to begin search from" schema: type: string default: "" - variable: CMD_LDAP_SEARCHFILTER label: "CMD_LDAP_SEARCHFILTER" description: "LDAP filter to search with" schema: type: string default: "" - variable: CMD_LDAP_SEARCHATTRIBUTES label: "CMD_LDAP_SEARCHATTRIBUTES" description: "LDAP attributes to search with (use comma to separate)" schema: type: string default: "" - variable: CMD_LDAP_USERIDFIELD label: "CMD_LDAP_USERIDFIELD" description: "The LDAP field which is used uniquely identify a user on HedgeDoc" schema: type: string default: "" - variable: CMD_LDAP_USERNAMEFIELD label: "CMD_LDAP_USERNAMEFIELD" description: "The LDAP field which is used as the username on HedgeDoc" schema: type: string default: "" - variable: CMD_LDAP_TLS_CA label: "CMD_LDAP_TLS_CA" description: "Root CA for LDAP TLS in PEM format (use comma to separate)" schema: type: string default: "" - variable: CMD_LDAP_PROVIDERNAME label: "CMD_LDAP_PROVIDERNAME" description: "CMD_LDAP_PROVIDERNAME" schema: type: string default: "" - variable: samlsettings label: "SAML Login Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_SAML_IDPSSOURL label: "CMD_SAML_IDPSSOURL" description: "Authentication endpoint of IdP. for details" schema: type: string default: "" - variable: CMD_SAML_IDPCERT label: "CMD_SAML_IDPCERT" description: "Certificate file path of IdP in PEM format" schema: type: string default: "" - variable: CMD_SAML_CLIENTCERT label: "CMD_SAML_CLIENTCERT" description: "Certificate file path for the client in PEM format" schema: type: string default: "" - variable: CMD_SAML_ISSUER label: "CMD_SAML_ISSUER" description: "Issuer to supply to identity provider" schema: type: string default: "" - variable: CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT label: "CMD_SAML_DISABLEREQUESTEDAUTHNCONTEXT" description: "True to allow any authentication method, false restricts to password authentication" schema: type: boolean default: false - variable: CMD_SAML_IDENTIFIERFORMAT label: "CMD_SAML_IDENTIFIERFORMAT" description: "Name identifier format" schema: type: string default: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" - variable: CMD_SAML_GROUPATTRIBUTE label: "CMD_SAML_GROUPATTRIBUTE" description: "Attribute name for group list" schema: type: string default: "" - variable: CMD_SAML_REQUIREDGROUPS label: "CMD_SAML_REQUIREDGROUPS" description: "Group names that allowed (use vertical bar to separate)" schema: type: string default: "" - variable: CMD_SAML_EXTERNALGROUPS label: "CMD_SAML_EXTERNALGROUPS" description: "Group names that not allowed (use vertical bar to separate) " schema: type: string default: "" - variable: CMD_SAML_ATTRIBUTE_ID label: "CMD_SAML_ATTRIBUTE_ID" description: "Attribute map for id" schema: type: string default: "" - variable: CMD_SAML_ATTRIBUTE_USERNAME label: "CMD_SAML_ATTRIBUTE_USERNAME" description: "Attribute map for username" schema: type: string default: "" - variable: CMD_SAML_ATTRIBUTE_EMAIL label: "CMD_SAML_ATTRIBUTE_EMAIL" description: "Attribute map for email" schema: type: string default: "" - variable: CMD_SAML_PROVIDERNAME label: "CMD_SAML_PROVIDERNAME" description: "Optional name to be displayed at login form indicating the SAML provider" schema: type: string default: "" - variable: amazonsettings label: "Amazon S3 Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_S3_ACCESS_KEY_ID label: "CMD_S3_ACCESS_KEY_ID" description: "AWS access key id" schema: type: string private: true default: "" - variable: CMD_S3_SECRET_ACCESS_KEY label: "CMD_S3_SECRET_ACCESS_KEY" description: "AWS secret key" schema: type: string private: true default: "" - variable: CMD_S3_REGION label: "CMD_S3_REGION" description: "AWS S3 region" schema: type: string default: "" - variable: CMD_S3_BUCKET label: "CMD_S3_BUCKET" description: "AWS S3 bucket name" schema: type: string default: "" - variable: CMD_S3_ENDPOINT label: "CMD_S3_ENDPOINT " description: "S3 API endpoint if you don't use AWS name" schema: type: string default: "" - variable: azuresettings label: "Azure Blob Storage Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_AZURE_CONNECTION_STRING label: "CMD_AZURE_CONNECTION_STRING" description: "Azure Blob Storage connection string" schema: type: string default: "" - variable: CMD_AZURE_CONTAINER label: "CMD_AZURE_CONTAINER" description: "Azure Blob Storage container name (automatically created if non existent)" schema: type: string default: "" - variable: miniosettings label: "Minio Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_MINIO_ACCESS_KEY label: "CMD_MINIO_ACCESS_KEY" description: "Minio access key" schema: type: string private: true default: "" - variable: CMD_MINIO_SECRET_KEY label: "CMD_MINIO_SECRET_KEY" description: "Minio secret key" schema: type: string private: true default: "" - variable: CMD_MINIO_ENDPOINT label: "CMD_MINIO_ENDPOINT" description: "Address of your Minio endpoint/instance" schema: type: string default: "" - variable: CMD_MINIO_PORT label: "CMD_MINIO_ACCESS_KEY" description: "Port that is used for your Minio instance" schema: type: string default: "" - variable: CMD_MINIO_SECURE label: "CMD_MINIO_SECURE" description: "If set to true HTTPS is used for Minio" schema: type: boolean default: true - variable: imgursettings label: "Imgur Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_IMGUR_CLIENTID label: "CMD_IMGUR_CLIENTID" description: "Imgur API client id" schema: type: string private: true default: "" - variable: lutimsettings label: "Lutim Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: CMD_LUTIM_URL label: "CMD_LUTIM_URL" description: "When CMD_IMAGE_UPLOAD_TYPE is set to lutim, you can setup the lutim url" schema: type: string default: "" - variable: logsettings label: "Logs Settings" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: DEBUG label: "DEBUG" description: "Set debug mode, show more logs" schema: type: boolean default: false - variable: CMD_LOGLEVEL label: "CMD_LOGLEVEL" description: "Defines what kind of logs are provided to stdout." schema: type: string default: "info" enum: - value: "info" description: "info" - value: "warn" description: "warn" - value: "error" description: "error" - value: "verbose" description: "verbose" - value: "debug" description: "debug" # Include{containerConfig} # Include{serviceRoot} - variable: main label: "Main Service" description: "The Primary service on which the healthcheck runs, often the webUI" schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main label: "Main Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 10132 required: true # Include{advancedPortHTTP} - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 10132 # Include{serviceExpertRoot} default: false # Include{serviceExpert} # Include{serviceList} # Include{persistenceRoot} - variable: uploads label: "App Uploads Storage" description: "Stores the Application Uploads." schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} # Include{persistenceAdvanced} # Include{persistenceList} # Include{ingressRoot} - variable: main label: "Main Ingress" schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} # Include{ingressExpert} # Include{ingressList} # Include{security} # Include{securityContextAdvancedRoot} - variable: privileged label: "Privileged mode" schema: type: boolean default: false - variable: readOnlyRootFilesystem label: "ReadOnly Root Filesystem" schema: type: boolean default: true - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: type: boolean default: false - variable: runAsNonRoot label: "runAsNonRoot" schema: type: boolean default: true # Include{securityContextAdvanced} # Include{podSecurityContextRoot} - variable: runAsUser label: "runAsUser" description: "The UserID of the user running the application" schema: type: int default: 568 - variable: runAsGroup label: "runAsGroup" description: "The groupID this App of the user running the application" schema: type: int default: 568 - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage." schema: type: int default: 568 # Include{podSecurityContextAdvanced} # Include{resources} # Include{advanced} # Include{addons} # Include{documentation}