582 lines
22 KiB
YAML
582 lines
22 KiB
YAML
# Include{groups}
|
|
portals:
|
|
open:
|
|
protocols:
|
|
- "$kubernetes-resource_configmap_portal_protocol"
|
|
host:
|
|
- "$kubernetes-resource_configmap_portal_host"
|
|
ports:
|
|
- "$kubernetes-resource_configmap_portal_port"
|
|
path: "/app"
|
|
questions:
|
|
- variable: portal
|
|
group: "Container Image"
|
|
label: "Configure Portal Button"
|
|
schema:
|
|
type: dict
|
|
hidden: true
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable"
|
|
description: "enable the portal button"
|
|
schema:
|
|
hidden: true
|
|
editable: false
|
|
type: boolean
|
|
default: true
|
|
# Include{global}
|
|
- variable: controller
|
|
group: "Controller"
|
|
label: ""
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: advanced
|
|
label: "Show Advanced Controller Settings"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: type
|
|
description: "Please specify type of workload to deploy"
|
|
label: "(Advanced) Controller Type"
|
|
schema:
|
|
type: string
|
|
default: "deployment"
|
|
required: true
|
|
enum:
|
|
- value: "deployment"
|
|
description: "Deployment"
|
|
- value: "statefulset"
|
|
description: "Statefulset"
|
|
- value: "daemonset"
|
|
description: "Daemonset"
|
|
- variable: replicas
|
|
description: "Number of desired pod replicas"
|
|
label: "Desired Replicas"
|
|
schema:
|
|
type: int
|
|
default: 1
|
|
required: true
|
|
- variable: strategy
|
|
description: "Please specify type of workload to deploy"
|
|
label: "(Advanced) Update Strategy"
|
|
schema:
|
|
type: string
|
|
default: "Recreate"
|
|
required: true
|
|
enum:
|
|
- value: "Recreate"
|
|
description: "Recreate: Kill existing pods before creating new ones"
|
|
- value: "RollingUpdate"
|
|
description: "RollingUpdate: Create new pods and then kill old ones"
|
|
- value: "OnDelete"
|
|
description: "(Legacy) OnDelete: ignore .spec.template changes"
|
|
# Include{controllerExpert}
|
|
- variable: env
|
|
group: "Container Configuration"
|
|
label: "Image Environment"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: NTFY_BASE_URL
|
|
label: "Base URL"
|
|
description: "Public facing base URL of the service (e.g. https://ntfy.sh)"
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: NTFY_BEHIND_PROXY
|
|
label: "Behind Proxy"
|
|
description: "If set, the X-Forwarded-For header is used to determine the visitor IP address instead of the remote address of the connection."
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: ENABLE_CACHE_FILE
|
|
label: "Enable Firebase File"
|
|
description: "If set to true, it enables the firebase file by setting the NTFY_FIREBASE_KEY_FILE to \"/etc/ntfy/firebase-key.json\""
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: ENABLE_CACHE_FILE
|
|
label: "Enable Cache File"
|
|
description: "If set to true, it enables the cache file by setting the NTFY_CACHE_FILE to \"/var/cache/ntfy/cache.db\""
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: NTFY_CACHE_DURATION
|
|
label: "Cache Duration"
|
|
description: "Duration for which messages will be buffered before they are deleted. This is required to support the since=... and poll=1 parameter. Set this to 0 to disable the cache entirely."
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "12h"
|
|
- variable: NTFY_KEEPALIVE_INTERVAL
|
|
label: "Keepalive interval"
|
|
description: "Interval in which keepalive messages are sent to the client. This is to prevent intermediaries closing the connection for inactivity. Note that the Android app has a hardcoded timeout at 77s, so it should be less than that."
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "45s"
|
|
- variable: NTFY_MANAGER_INTERVAL
|
|
label: "Manager Interval"
|
|
description: "Interval in which the manager prunes old messages, deletes topics and prints the stats."
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "1m"
|
|
- variable: NTFY_GLOBAL_TOPIC_LIMIT
|
|
label: "Global Topic Limit"
|
|
description: "Rate limiting: Total number of topics before the server rejects new topics."
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 15000
|
|
- variable: ENABLE_VISITOR_SETTINGS
|
|
label: "Enable Visitor Settings"
|
|
description: "If set to true, it enables the visitor settings"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: NTFY_VISITOR_SUBSCRIPTION_LIMIT
|
|
label: "Visitor Ssubscription Limit"
|
|
description: "Rate limiting: Number of subscriptions per visitor (IP address)"
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 30
|
|
- variable: NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT
|
|
label: "Visitor Attachment Total Size Limit"
|
|
description: "Rate limiting: Total storage limit used for attachments per visitor, for all attachments combined. Storage is freed after attachments expire. See NTFY_ATTACHMENT_EXPIRY_DURATION"
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "100M"
|
|
- variable: NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT
|
|
label: "Visitor Attachment Daily Bandwidth Limit"
|
|
description: "Rate limiting: Total daily attachment download/upload traffic limit per visitor. This is to protect your bandwidth costs from exploding."
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "500M"
|
|
- variable: NTFY_VISITOR_REQUEST_LIMIT_BURST
|
|
label: "Visitor Request Limit Burst"
|
|
description: "Rate limiting: Allowed GET/PUT/POST requests per second, per visitor. This setting is the initial bucket of requests each visitor has"
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 60
|
|
- variable: NTFY_VISITOR_REQUEST_LIMIT_REPLENISH
|
|
label: "Visitor Request Limit Replenish"
|
|
description: "Rate limiting: Strongly related to NTFY_VISITOR_REQUEST_LIMIT_BURST: The rate at which the bucket is refilled."
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "5s"
|
|
- variable: NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS
|
|
label: "Visitor Request Limit Exempt Hosts"
|
|
description: "Rate limiting: List of hostnames and IPs to be exempt from request rate limiting."
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: NTFY_VISITOR_EMAIL_LIMIT_BURST
|
|
label: "Visitor Email Limit Burst"
|
|
description: "Rate limiting:Initial limit of e-mails per visitor"
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 16
|
|
- variable: NTFY_VISITOR_EMAIL_LIMIT_REPLENISH
|
|
label: "Visitor Email Limit Replenish"
|
|
description: "Rate limiting: Strongly related to NTFY_VISITOR_EMAIL_LIMIT_BURST: The rate at which the bucket is refilled."
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "1h"
|
|
- variable: ENABLE_ATTACHMENT_CACHE_DIR
|
|
label: "Enable Attachment Cache Directory"
|
|
description: "If set to true, it enables the attachment dir by setting the NTFY_ATTACHMENT_CACHE_DIR to \"/var/cache/ntfy/attachments\""
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT
|
|
label: "Attachment Total Size Limit"
|
|
description: "Limit of the on-disk attachment cache directory. If the limits is exceeded, new attachments will be rejected."
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "5G"
|
|
- variable: NTFY_ATTACHMENT_FILE_SIZE_LIMIT
|
|
label: "Attachment File Size Limit"
|
|
description: "Per-file attachment size limit (e.g. 300k, 2M, 100M). Larger attachment will be rejected."
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "15M"
|
|
- variable: NTFY_ATTACHMENT_EXPIRY_DURATION
|
|
label: "Attachment Expiry Duration"
|
|
description: "Duration after which uploaded attachments will be deleted (e.g. 3h, 20h). Strongly affects NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT."
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "3h"
|
|
- variable: ENABLE_AUTH_FILE
|
|
label: "Enable Auth File"
|
|
description: "If set to true, it enables the auth file by setting the NTFY_AUTH_FILE to \"/etc/ntfy/user.db\""
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: NTFY_AUTH_DEFAULT_ACCESS
|
|
label: "Auth Default Access"
|
|
description: "Default permissions if no matching entries in the auth database are found."
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "read-write"
|
|
enum:
|
|
- value: "read-write"
|
|
description: "read-write"
|
|
- value: "read-only"
|
|
description: "read-only"
|
|
- value: "write-only"
|
|
description: "write-only"
|
|
- value: "deny-all"
|
|
description: "deny-all"
|
|
- variable: ENABLE_SMTP_SETTINGS
|
|
label: "Enable SMTP Settings"
|
|
description: "If set to true, it enables the SMTP settings"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: NTFY_SMTP_SENDER_ADDR
|
|
label: "SMTP Sender Address"
|
|
description: "SMTP server address to allow email sending"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: NTFY_SMTP_SENDER_USER
|
|
label: "SMTP Sender User"
|
|
description: "SMTP user. Only used if e-mail sending is enabled"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: NTFY_SMTP_SENDER_PASS
|
|
label: "SMTP Sender Password"
|
|
description: SMTP password. Only used if e-mail sending is enabled"
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: NTFY_SMTP_SENDER_FROM
|
|
label: "SMTP Sender From Address"
|
|
description: "SMTP sender e-mail address. Only used if e-mail sending is enabled"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: NTFY_SMTP_SERVER_LISTEN
|
|
label: "SMTP Server Listen"
|
|
description: "Defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: NTFY_SMTP_SERVER_DOMAIN
|
|
label: "SMTP Server Domain"
|
|
description: "SMTP server e-mail domain, e.g. ntfy.sh"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: NTFY_SMTP_SERVER_ADDR_PREFIX
|
|
label: "SMTP Server Address Prefix"
|
|
description: "Optional prefix for the e-mail addresses to prevent spam, e.g. ntfy-"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
|
|
# Include{containerConfig}
|
|
|
|
- variable: service
|
|
group: "Networking and Services"
|
|
label: "Configure Service(s)"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: main
|
|
label: "Main Service"
|
|
description: "The Primary service on which the healthcheck runs, often the webUI"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelector}
|
|
- variable: main
|
|
label: "Main Service Port Configuration"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: "Port"
|
|
description: "This port exposes the container port on the service"
|
|
schema:
|
|
type: int
|
|
default: 10222
|
|
required: true
|
|
- variable: advanced
|
|
label: "Show Advanced settings"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: protocol
|
|
label: "Port Type"
|
|
schema:
|
|
type: string
|
|
default: "HTTP"
|
|
enum:
|
|
- value: HTTP
|
|
description: "HTTP"
|
|
- value: "HTTPS"
|
|
description: "HTTPS"
|
|
- value: TCP
|
|
description: "TCP"
|
|
- value: "UDP"
|
|
description: "UDP"
|
|
- variable: nodePort
|
|
label: "Node Port (Optional)"
|
|
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
|
|
schema:
|
|
type: int
|
|
min: 9000
|
|
max: 65535
|
|
- variable: targetPort
|
|
label: "Target Port"
|
|
description: "The internal(!) port on the container the Application runs on"
|
|
schema:
|
|
type: int
|
|
default: 10222
|
|
|
|
- variable: serviceexpert
|
|
group: "Networking and Services"
|
|
label: "Show Expert Config"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: hostNetwork
|
|
group: "Networking and Services"
|
|
label: "Host-Networking (Complicated)"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
|
|
# Include{serviceExpert}
|
|
|
|
# Include{serviceList}
|
|
|
|
- variable: persistence
|
|
label: "Integrated Persistent Storage"
|
|
description: "Integrated Persistent Storage"
|
|
group: "Storage and Persistence"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: config
|
|
label: "App Config Storage"
|
|
description: "Stores the Application Configuration."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: type
|
|
label: "Type of Storage"
|
|
description: "Sets the persistence type, Anything other than PVC could break rollback!"
|
|
schema:
|
|
type: string
|
|
default: "simplePVC"
|
|
enum:
|
|
- value: "simplePVC"
|
|
description: "PVC (simple)"
|
|
- value: "simpleHP"
|
|
description: "HostPath (simple)"
|
|
- value: "emptyDir"
|
|
description: "emptyDir"
|
|
- value: "pvc"
|
|
description: "pvc"
|
|
- value: "hostPath"
|
|
description: "hostPath"
|
|
# Include{persistenceBasic}
|
|
- variable: hostPath
|
|
label: "hostPath"
|
|
description: "Path inside the container the storage is mounted"
|
|
schema:
|
|
show_if: [["type", "=", "hostPath"]]
|
|
type: hostpath
|
|
- variable: medium
|
|
label: "EmptyDir Medium"
|
|
schema:
|
|
show_if: [["type", "=", "emptyDir"]]
|
|
type: string
|
|
default: ""
|
|
enum:
|
|
- value: ""
|
|
description: "Default"
|
|
- value: "Memory"
|
|
description: "Memory"
|
|
# Include{persistenceAdvanced}
|
|
- variable: cache
|
|
label: "App Cache Storage"
|
|
description: "Stores the Application Cache."
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: type
|
|
label: "Type of Storage"
|
|
description: "Sets the persistence type, Anything other than PVC could break rollback!"
|
|
schema:
|
|
type: string
|
|
default: "simplePVC"
|
|
enum:
|
|
- value: "simplePVC"
|
|
description: "PVC (simple)"
|
|
- value: "simpleHP"
|
|
description: "HostPath (simple)"
|
|
- value: "emptyDir"
|
|
description: "emptyDir"
|
|
- value: "pvc"
|
|
description: "pvc"
|
|
- value: "hostPath"
|
|
description: "hostPath"
|
|
# Include{persistenceBasic}
|
|
- variable: hostPath
|
|
label: "hostPath"
|
|
description: "Path inside the container the storage is mounted"
|
|
schema:
|
|
show_if: [["type", "=", "hostPath"]]
|
|
type: hostpath
|
|
- variable: medium
|
|
label: "EmptyDir Medium"
|
|
schema:
|
|
show_if: [["type", "=", "emptyDir"]]
|
|
type: string
|
|
default: ""
|
|
enum:
|
|
- value: ""
|
|
description: "Default"
|
|
- value: "Memory"
|
|
description: "Memory"
|
|
# Include{persistenceAdvanced}
|
|
|
|
# Include{persistenceList}
|
|
|
|
- variable: ingress
|
|
label: ""
|
|
group: "Ingress"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: main
|
|
label: "Main Ingress"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
|
|
# Include{ingressTLS}
|
|
|
|
# Include{ingressTraefik}
|
|
|
|
# Include{ingressExpert}
|
|
|
|
# Include{ingressList}
|
|
|
|
# Include{security}
|
|
|
|
- variable: advancedSecurity
|
|
label: "Show Advanced Security Settings"
|
|
group: "Security and Permissions"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: securityContext
|
|
label: "Security Context"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: privileged
|
|
label: "Privileged mode"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: readOnlyRootFilesystem
|
|
label: "ReadOnly Root Filesystem"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allowPrivilegeEscalation
|
|
label: "Allow Privilege Escalation"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: runAsNonRoot
|
|
label: "runAsNonRoot"
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
# Include{securityContextAdvanced}
|
|
|
|
- variable: podSecurityContext
|
|
group: "Security and Permissions"
|
|
label: "Pod Security Context"
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: runAsUser
|
|
label: "runAsUser"
|
|
description: "The UserID of the user running the application"
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
- variable: runAsGroup
|
|
label: "runAsGroup"
|
|
description: "The groupID this App of the user running the application"
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
- variable: fsGroup
|
|
label: "fsGroup"
|
|
description: "The group that should own ALL storage."
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
# Include{podSecurityContextAdvanced}
|
|
|
|
# Include{resources}
|
|
|
|
# Include{advanced}
|
|
|
|
# Include{addons}
|