groups: - name: "Container Image" description: "Image to be used for container" - name: "Workload Configuration" description: "Configure workload deployment" - name: "Configuration" description: "additional container configuration" - name: "Networking" description: "Configure / service for container" - name: "Storage" description: "Persist and share data that is separate from the lifecycle of the container" - name: "Resources and Devices" description: "Specify resources/devices to be allocated to workload" - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" - name: "Advanced" description: "Advanced Configuration" - name: "WARNING" description: "WARNING" portals: web_portal: protocols: - "$kubernetes-resource_configmap_portal_protocol" host: - "$kubernetes-resource_configmap_portal_host" ports: - "$kubernetes-resource_configmap_portal_port" questions: - variable: portal group: "Container Image" label: "Configure Portal Button" schema: type: dict hidden: true attrs: - variable: enabled label: "Enable" description: "enable the portal button" schema: hidden: true editable: false type: boolean default: true # Update Policy - variable: strategyType group: "Container Image" label: "Update Strategy" schema: type: string default: "Recreate" enum: - value: "RollingUpdate" description: "Create new pods and then kill old ones" - value: "Recreate" description: "Kill existing pods before creating new ones" # Configure Time Zone - variable: timezone group: "Container Image" label: "Timezone" schema: type: string default: "Etc/UTC" $ref: - "definitions/timezone" # Configure Bitwarden: - variable: bitwardenrs label: "" group: "Configuration" schema: type: dict attrs: - variable: yubico label: "Yubico OPT authentication" schema: type: dict attrs: - variable: enabled label: "Enable Yubico OPT authentication" description: "Please refer to the manual at: https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: server label: "Yubico server" description: "Defaults to YubiCloud" schema: type: string default: "" - variable: clientId label: "Yubico ID" schema: type: string default: "" - variable: secretKey label: "Yubico Secret Key" schema: type: string default: "" - variable: admin label: "Admin Portal" schema: type: dict attrs: - variable: enabled label: "Enable Admin Portal" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: disableAdminToken label: "Make Accessible Without Password/Token" schema: type: boolean default: false - variable: token label: "Admin Portal Password/Token" description: "Will be automatically generated if not defined" schema: type: string default: "" - variable: icons label: "Icon Download Settings" schema: type: dict attrs: - variable: disableDownload label: "Disable Icon Download" description: "Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache)" schema: type: boolean default: false - variable: cache label: "Cache time-to-live" description: "Cache time-to-live for icons fetched. 0 means no purging" schema: type: int default: 2592000 - variable: token label: "Failed Downloads Cache time-to-live" description: "Cache time-to-live for icons that were not available. 0 means no purging." schema: type: int default: 2592000 - variable: log label: "Logging" schema: type: dict attrs: - variable: level label: "Log level" schema: type: string default: "info" required: true enum: - value: "trace" description: "trace" - value: "debug" description: "debug" - value: "info" description: "info" - value: "warn" description: "warn" - value: "error" description: "error" - value: "off" description: "off" - variable: file label: "Log-File Location" schema: type: string default: "" - variable: smtp label: "SMTP Settings (Email)" schema: type: dict attrs: - variable: enabled label: "Enable SMTP Support" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: host label: "SMTP hostname" schema: type: string required: true default: "" - variable: from label: "SMTP sender e-mail address" schema: type: string required: true default: "" - variable: fromName label: "SMTP sender name" schema: type: string required: true default: "" - variable: user label: "SMTP username" schema: type: string required: true default: "" - variable: password label: "SMTP password" description: "Required is user is specified, ignored if no user provided" schema: type: string default: "" - variable: ssl label: "Enable SSL connection" schema: type: boolean default: true - variable: port label: "SMTP port" description: "Usually: 25 without SSL, 587 with SSL" schema: type: int default: 587 - variable: authMechanism label: "SMTP Authentication Mechanisms" description: "Comma-separated options: Plain, Login and Xoauth2" schema: type: string default: "Plain" - variable: heloName label: "SMTP HELO - Hostname" description: "Hostname to be sent for SMTP HELO. Defaults to pod name" schema: type: string default: "" - variable: port label: "SMTP timeout" schema: type: int default: 15 - variable: invalidHostname label: "Accept Invalid Hostname" description: "Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!" schema: type: boolean default: false - variable: invalidCertificate label: "Accept Invalid Certificate" description: "Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!" schema: type: boolean default: false - variable: allowSignups label: "Allow Signup" description: "Allow any user to sign-up: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users" schema: type: boolean default: true - variable: allowInvitation label: "Always allow Invitation" description: "Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations" schema: type: boolean default: true - variable: defaultInviteName label: "Default Invite Organisation Name" description: "Default organization name in invitation e-mails that are not coming from a specific organization." schema: type: string default: "" - variable: showPasswordHint label: "Show password hints" description: "https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display" schema: type: boolean default: true - variable: signupwhitelistenable label: "Enable Signup Whitelist" description: "allowSignups is ignored if set" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: signupDomains label: "Signup Whitelist Domains" schema: type: list default: [] items: - variable: domain label: "Domain" schema: type: string default: "" - variable: verifySignup label: "Verifiy Signup" description: "Verify e-mail before login is enabled. SMTP must be enabled" schema: type: boolean default: false - variable: requireEmail label: "Block Login if email fails" description: "When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled" schema: type: boolean default: false - variable: emailAttempts label: "Email token reset attempts" description: "Maximum attempts before an email token is reset and a new email will need to be sent" schema: type: int default: 3 - variable: emailTokenExpiration label: "Email token validity in seconds" schema: type: int default: 600 - variable: enableWebsockets label: "Enable Websocket Connections" description: "Enable Websockets for notification. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications" schema: type: boolean default: true hidden: true - variable: enableWebVault label: "Enable Webvault" description: "Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting" schema: type: boolean default: true - variable: orgCreationUsers label: "Limit Organisation Creation to (users)" description: "Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users." schema: type: string default: "all" - variable: attachmentLimitOrg label: "Limit Attachment Disk Usage per Organisation" schema: type: string default: "" - variable: attachmentLimitUser label: "Limit Attachment Disk Usage per User" schema: type: string default: "" - variable: hibpApiKey label: "HaveIBeenPwned API Key" description: "Can be purchased at https://haveibeenpwned.com/API/Key" schema: type: string default: "" # Configure Enviroment Variables - variable: environmentVariables label: "Image environment" group: "Configuration" schema: type: list default: [] items: - variable: environmentVariable label: "Environment Variable" schema: type: dict attrs: - variable: name label: "Name" schema: type: string - variable: value label: "Value" schema: type: string # Enable Host Networking - variable: hostNetwork group: "Networking" label: "Enable Host Networking" schema: type: boolean default: false hidden: true - variable: services group: "Networking" label: "Configure Service" schema: type: dict hidden: true attrs: - variable: main label: "Main service" description: "The Primary service on which the healthcheck runs, often the webUI" schema: type: dict hidden: true attrs: - variable: enabled label: "Enable the service" schema: type: boolean default: true hidden: true - variable: type label: "Service type" description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System" schema: type: string default: "ClusterIP" hidden: true enum: - value: "ClusterIP" description: "ClusterIP" - variable: port label: "Port configuration" schema: type: dict attrs: - variable: protocol label: "Port Type" schema: type: string default: "HTTP" hidden: true enum: - value: HTTP description: "HTTP" - variable: port label: "container port" schema: type: int default: 8080 editable: false hidden: true - variable: targetport label: "Internal Service port" description: "When connecting internally to this App, you'll need this port" schema: type: int default: 8080 editable: false hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" schema: type: int min: 9000 max: 65535 default: 36000 required: true hidden: true - variable: ws label: "Websocket service" description: "Websocket Service" schema: type: dict hidden: true attrs: - variable: enabled label: "Enable the service" schema: type: boolean default: true hidden: true - variable: type label: "Service type" description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System" schema: type: string default: "ClusterIP" hidden: true enum: - value: "ClusterIP" description: "ClusterIP" - variable: port label: "Port configuration" schema: type: dict attrs: - variable: protocol label: "Port Type" schema: type: string default: "HTTP" hidden: true enum: - value: HTTP description: "HTTP" - variable: port label: "container port" schema: type: int default: 3012 editable: false hidden: true - variable: targetport label: "Internal Service port" description: "When connecting internally to this App, you'll need this port" schema: type: int default: 3012 editable: false hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" schema: type: int min: 9000 max: 65535 default: 36001 required: true hidden: true ## TrueCharts Specific - variable: persistence label: "Integrated Persistent Storage" description: "Websocket Service" group: "Storage" schema: type: dict attrs: - variable: data label: "App Config Storage" description: "Stores the Application Configuration." schema: type: dict attrs: - variable: enabled label: "Enable the storage" schema: type: boolean default: true hidden: true - variable: storageClass label: "Type of Storage" description: " Warning: Anything other than Internal will break rollback!" schema: type: string default: "" enum: - value: "" description: "Internal" - variable: mountPath label: "mountPath" description: "Path inside the container the storage is mounted" schema: type: string default: "/data" hidden: true - variable: emptyDir label: "Mount a ramdisk instead of actual storage" schema: type: boolean default: false hidden: true - variable: accessMode label: "Access Mode (Advanced)" description: "Allow or disallow multiple PVC's writhing to the same PVC" schema: type: string default: "ReadWriteOnce" enum: - value: "ReadWriteOnce" description: "ReadWriteOnce" - value: "ReadOnlyMany" description: "ReadOnlyMany" - value: "ReadWriteMany" description: "ReadWriteMany" - variable: size label: "Size quotum of storage" schema: type: string default: "100Gi" - variable: db label: "Database Storage" description: "Stores the Application database." schema: type: dict attrs: - variable: enabled label: "Enable the storage" schema: type: boolean default: true hidden: true - variable: nameOverride label: "Override PVC Name (advanced)" description: "Forces a certain name for the PVC" schema: type: string default: "db" hidden: true - variable: storageClass label: "Type of Storage" description: " Warning: Anything other than Internal will break rollback!" schema: type: string default: "" enum: - value: "" description: "Internal" - variable: mountPath label: "mountPath" description: "Path inside the container the storage is mounted" schema: type: string default: "" hidden: true - variable: emptyDir label: "Mount a ramdisk instead of actual storage" schema: type: boolean default: false hidden: true - variable: accessMode label: "Access Mode (Advanced)" description: "Allow or disallow multiple PVC's writhing to the same PVC" schema: type: string default: "ReadWriteOnce" enum: - value: "ReadWriteOnce" description: "ReadWriteOnce" - value: "ReadOnlyMany" description: "ReadOnlyMany" - value: "ReadWriteMany" description: "ReadWriteMany" - variable: size label: "Size quotum of storage" schema: type: string default: "100Gi" - variable: dbbackup label: "Database Backup Storage" description: "Stores the Application database backups." schema: type: dict attrs: - variable: enabled label: "Enable the storage" schema: type: boolean default: true hidden: true - variable: storageClass label: "Type of Storage" description: " Warning: Anything other than Internal will break rollback!" schema: type: string default: "" enum: - value: "" description: "Internal" - variable: mountPath label: "mountPath" description: "Path inside the container the storage is mounted" schema: type: string default: "" hidden: true - variable: emptyDir label: "Mount a ramdisk instead of actual storage" schema: type: boolean default: false hidden: true - variable: accessMode label: "Access Mode (Advanced)" description: "Allow or disallow multiple PVC's writhing to the same PVC" schema: type: string default: "ReadWriteOnce" enum: - value: "ReadWriteOnce" description: "ReadWriteOnce" - value: "ReadOnlyMany" description: "ReadOnlyMany" - value: "ReadWriteMany" description: "ReadWriteMany" - variable: size label: "Size quotum of storage" schema: type: string default: "100Gi" - variable: customStorage label: "Custom app storage" group: "Storage" schema: type: list default: [] items: - variable: volumeMount label: "Custom Storage" schema: type: dict attrs: - variable: enabled label: "Enabled" schema: type: boolean default: true required: true hidden: true editable: false - variable: setPermissions label: "Automatic Permissions" description: "Automatically set permissions on install" schema: type: boolean default: true hidden: false - variable: readOnly label: "Mount as ReadOnly" description: "prevent any write from being done to the mounted volume" schema: type: boolean default: false hidden: false - variable: emptyDir label: "emptyDir" schema: type: boolean default: false hidden: true editable: false - variable: mountPath label: "Mount Path" description: "Path to mount inside the pod" schema: type: path required: true default: "" editable: true - variable: hostPath label: "Host Path" schema: type: hostpath required: true - variable: ingress label: "" group: "Reverse Proxy Configuration" schema: type: dict attrs: - variable: main label: "WebUI" schema: type: dict attrs: - variable: certType label: "Select Reverse-Proxy Type" schema: type: string default: "disabled" enum: - value: "disabled" description: "Disabled" - value: "" description: "No Encryption/TLS/Certificates" - value: "selfsigned" description: "Self-Signed Certificate" - value: "ixcert" description: "TrueNAS SCALE Certificate" - variable: type label: "Reverse Proxy Type" schema: type: string default: "HTTP" hidden: true editable: false required: true - variable: serviceName label: "Service name to proxy to" schema: hidden: true editable: false type: string default: "" - variable: entrypoint label: "Select Entrypoint" schema: show_if: [["certType", "!=", "disabled"]] type: string default: "websecure" required: true enum: - value: "websecure" description: "Websecure: HTTPS/TLS port 443" - variable: hosts label: "Hosts" schema: show_if: [["certType", "!=", "disabled"]] type: list default: [] items: - variable: host label: "Host" schema: type: dict attrs: - variable: host label: "Domain Name" required: true schema: type: string - variable: path label: "path" schema: type: string required: true hidden: true default: "/" - variable: certificate label: "Select TrueNAS SCALE Certificate" schema: type: int show_if: [["certType", "=", "ixcert"]] $ref: - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: show_if: [["certType", "!=", "disabled"]] type: string default: "" - variable: UMASK group: "Advanced" label: "UMASK" description: "Sets the UMASK env var for LinuxServer.io (compatible) containers" schema: type: string default: "002" # Enable privileged - variable: securityContext group: "Advanced" label: "Security Context" schema: type: dict attrs: - variable: privileged label: "Enable privileged mode for Common-Chart based charts" schema: type: boolean default: false # Set Pod Security Policy - variable: podSecurityContext group: "Advanced" label: "Pod Security Context" schema: type: dict attrs: - variable: runAsNonRoot label: "runAsNonRoot" schema: type: boolean default: true - variable: runAsUser label: "runAsUser" description: "The UserID of the user running the application" schema: type: int default: 568 - variable: runAsGroup label: "runAsGroup" description: The groupID this App of the user running the application" schema: type: int default: 568 - variable: supplementalGroups label: "supplementalGroups" description: "Additional groups this App needs access to" schema: type: list default: [] items: - variable: Group label: "Group" schema: type: int default: 568 - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage." schema: type: int default: 568 - variable: fsGroupChangePolicy label: "When should we take ownership?" schema: type: string default: "OnRootMismatch" enum: - value: "OnRootMismatch" description: "OnRootMismatch" - value: "Always" description: "Always"