# Include{groups} portals: open: # Include{portalLink} questions: # Include{global} # Include{workload} # Include{workloadDeployment} # Include{replicas1} # Include{podSpec} # Include{containerMain} # Include{containerBasic} # Include{containerAdvanced} - variable: firezone group: App Configuration label: FireZone schema: additional_attrs: true type: dict attrs: - variable: web label: Web Configuration schema: additional_attrs: true type: dict attrs: - variable: external_url label: External Url description: Must be a valid and public FQDN for ACME SSL issuance to function. Include https:// schema: type: string required: true default: "" - variable: trusted_proxies label: Trusted Proxies description: List of trusted reverse proxies. schema: type: list default: [] items: - variable: proxy label: Proxy IP schema: type: string required: true default: "" - variable: private_clients label: Private Clients description: List of trusted clients. schema: type: list default: [] items: - variable: client_ip label: Client IP schema: type: string required: true default: "" - variable: secure_cookies label: Secure Cookies description: Enable or disable requiring secure cookies. Required for HTTPS. schema: type: boolean default: true - variable: admin label: Admin Configuration schema: additional_attrs: true type: dict attrs: - variable: reset_admin_on_boot label: Reset Admin On Boot description: to create or reset the admin password every time Firezone starts. By default, the admin password is only set when Firezone is installed. schema: type: boolean default: true - variable: default_email label: Default Email description: Primary administrator email. schema: type: string required: true default: "" - variable: default_password label: Default Password description: Default password that will be used for creating or resetting the primary administrator account. schema: type: string required: true private: true default: "" - variable: devices label: Devices Configuration schema: additional_attrs: true type: dict attrs: - variable: allow_unprivileged_device_management label: Allow Unprivileged Device Management description: Enable or disable management of devices on unprivileged accounts. schema: type: boolean default: true - variable: allow_unprivileged_device_config label: Allow Unprivileged Device Configuration description: Enable or disable configuration of device network settings for unprivileged users. schema: type: boolean default: true - variable: vpn_session_duration label: VPN Session Duration description: Optionally require users to periodically authenticate to the Firezone web UI in order to keep their VPN sessions active. schema: type: int default: 0 - variable: client_persistent_keepalive label: Client Persistent KeepAlive description: If you experience NAT or firewall traversal problems, you can enable this to send a keepalive packet every 25 seconds, disabled by setting it to 0. schema: type: int default: 0 - variable: default_client_mtu label: Default Client MTU description: WireGuard interface MTU for devices. schema: type: int default: 1280 - variable: client_endpoint label: Client Endpoint description: IPv4 address, or FQDN that devices will be configured to connect to. schema: type: string required: true default: "" - variable: client_dns label: Client DNS description: List of DNS servers to use for devices. schema: type: list empty: false required: true default: - 1.1.1.1 - 1.0.0.1 items: - variable: dns label: DNS schema: type: string required: true default: "" - variable: client_allowed_ips label: Client Allowed Ips description: Configures the default AllowedIPs setting for devices. schema: type: list empty: false default: - 0.0.0.0/0 items: - variable: ip label: IP schema: type: string required: true default: "" - variable: max_devices_per_user label: Max Devices Per User description: Changes how many devices a user can have at a time. schema: type: int default: 10 - variable: authorization label: Authorization Configuration schema: additional_attrs: true type: dict attrs: - variable: local_auth_enabled label: Local Auth Enabled description: Enable or disable the local authentication method for all users. schema: type: boolean default: true - variable: disable_vpn_on_oidc_error label: Disable VPN On OIDC Error description: Enable or disable auto disabling VPN connection on OIDC refresh error. schema: type: boolean default: false - variable: wireguard label: Wireguard Configuration schema: additional_attrs: true type: dict attrs: - variable: ipv4_masquerade_enabled label: IPv4 Masquerade Enabled description: Enable or disable IPv4 masqeurading. schema: type: boolean default: true - variable: connectivity label: Connectivity Configuration schema: additional_attrs: true type: dict attrs: - variable: checks_enabled label: Checks Enabled description: Enable / disable periodic checking for egress connectivity. schema: type: boolean default: true - variable: checks_interval label: Checks Interval description: Periodicity in seconds to check for egress connectivity. schema: type: int default: 43200 - variable: other label: Other Configuration schema: additional_attrs: true type: dict attrs: - variable: telemetry_enabled label: Telemetry Enabled description: Enable or disable the Firezone telemetry collection. schema: type: boolean default: false # Include{containerConfig} # Include{podOptions} # Include{serviceRoot} - variable: main label: Main Service description: The Primary service on which the healthcheck runs, often the webUI schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main label: Main Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port label: Port description: This port exposes the container port on the service schema: type: int default: 13000 required: true - variable: wireguard label: Wireguard Service description: The Wireguard service schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: wireguard label: Wireguard Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port label: Port description: This port exposes the container port on the service schema: type: int default: 51820 required: true # Include{serviceExpertRoot} # Include{serviceExpert} # Include{serviceList} # Include{persistenceRoot} - variable: config label: App Config Storage description: Stores the Application Config. schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} # Include{persistenceList} # Include{ingressRoot} - variable: main label: Main Ingress schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressAdvanced} # Include{ingressList} # Include{securityContextRoot} - variable: runAsUser label: runAsUser description: The UserID of the user running the application schema: type: int default: 0 - variable: runAsGroup label: runAsGroup description: The groupID of the user running the application schema: type: int default: 0 # Include{securityContextContainer} # Include{securityContextAdvanced} # Include{securityContextPod} - variable: fsGroup label: fsGroup description: The group that should own ALL storage. schema: type: int default: 568 # Include{resources} # Include{postgresql} # Include{advanced} # Include{addons} # Include{codeserver} # Include{netshoot} # Include{vpn} # Include{documentation}