TrueChartsClone/charts/enterprise/authelia/questions.yaml

1001 lines
41 KiB
YAML

# Include{groups}
portals:
open:
# Include{portalLink}
questions:
# Include{global}
# Include{workload}
# Include{workloadDeployment}
# Include{replicas2}
# Include{podSpec}
# Include{containerMain}
# Include{containerBasic}
# Include{containerAdvanced}
# Include{containerConfig}
- variable: domain
group: "App Configuration"
label: "Domain"
description: "The highest domain level possible, for example: domain.com when using app.domain.com"
schema:
type: string
default: ""
required: true
- variable: default_redirection_url
group: "App Configuration"
label: "Default Redirection URL"
description: "If user tries to authenticate without any referrer, this is used"
schema:
type: string
default: ""
- variable: theme
group: "App Configuration"
label: "Theme"
schema:
type: string
default: "auto"
enum:
- value: "auto"
description: "auto"
- value: "light"
description: "light"
- value: "grey"
description: "grey"
- value: "dark"
description: "dark"
- variable: log
group: "App Configuration"
label: "Log Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: level
label: "Log Level"
schema:
type: string
default: "info"
enum:
- value: "info"
description: "info"
- value: "debug"
description: "debug"
- value: "trace"
description: "trace"
- variable: format
label: "Log Format"
schema:
type: string
default: "text"
enum:
- value: "json"
description: "json"
- value: "text"
description: "text"
- variable: totp
group: "App Configuration"
label: "TOTP Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: issuer
label: "Issuer"
description: "The issuer name displayed in the Authenticator application of your choice"
schema:
type: string
default: ""
- variable: period
label: "Period"
description: "The period in seconds a one-time password is current for"
schema:
type: int
default: 30
- variable: skew
label: "skew"
description: "Controls number of one-time passwords either side of the current one that are valid."
schema:
type: int
default: 1
- variable: duo_api
group: "App Configuration"
label: "DUO API Configuration"
description: "Parameters used to contact the Duo API."
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "Enable"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostname
label: "Hostname"
schema:
type: string
required: true
default: ""
- variable: integration_key
label: "integration_key"
schema:
type: string
default: ""
required: true
- variable: plain_api_key
label: "plain_api_key"
schema:
type: string
default: ""
required: true
- variable: session
group: "App Configuration"
label: "Session Provider"
description: "The session cookies identify the user once logged in."
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: "Cookie Name"
description: "The name of the session cookie."
schema:
type: string
required: true
default: "authelia_session"
- variable: same_site
label: "SameSite Value"
description: "Sets the Cookie SameSite value"
schema:
type: string
default: "lax"
enum:
- value: "lax"
description: "lax"
- value: "strict"
description: "strict"
- variable: expiration
label: "Expiration Time"
description: "The time in seconds before the cookie expires and session is reset."
schema:
type: string
default: "1h"
required: true
- variable: inactivity
label: "Inactivity Time"
description: "The inactivity time in seconds before the session is reset."
schema:
type: string
default: "5m"
required: true
- variable: remember_me_duration
label: "Remember-Me duration"
description: "The remember me duration"
schema:
type: string
default: "5M"
required: true
- variable: regulation
group: "App Configuration"
label: "Regulation Configuration"
description: "This mechanism prevents attackers from brute forcing the first factor."
schema:
additional_attrs: true
type: dict
attrs:
- variable: max_retries
label: "Maximum Retries"
description: "The number of failed login attempts before user is banned. Set it to 0 to disable regulation."
schema:
type: int
default: 3
- variable: find_time
label: "Find Time"
description: "The time range during which the user can attempt login before being banned."
schema:
type: string
default: "2m"
required: true
- variable: ban_time
label: "Ban Duration"
description: "The length of time before a banned user can login again"
schema:
type: string
default: "5m"
required: true
- variable: authentication_backend
group: "App Configuration"
label: "Authentication Backend Provider"
description: "sed for verifying user passwords and retrieve information such as email address and groups users belong to."
schema:
additional_attrs: true
type: dict
attrs:
- variable: disable_reset_password
label: "Disable Reset Password"
description: "Disable both the HTML element and the API for reset password functionality"
schema:
type: boolean
default: false
- variable: refresh_interval
label: "Reset Interval"
description: "The amount of time to wait before we refresh data from the authentication backend"
schema:
type: string
default: "5m"
required: true
- variable: ldap
label: "LDAP backend configuration"
description: "Used for verifying user passwords and retrieve information such as email address and groups users belong to"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "Enable"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: implementation
label: "Implementation"
description: "The LDAP implementation, this affects elements like the attribute utilized for resetting a password"
schema:
type: string
default: "custom"
enum:
- value: "activedirectory"
description: "Active Directory"
- value: "custom"
description: "Custom"
- variable: url
label: "URL"
description: "The url to the ldap server. Format: <scheme>://<address>[:<port>]"
schema:
type: string
default: "ldap://openldap.default.svc.cluster.local"
required: true
- variable: timeout
label: "Connection Timeout"
schema:
type: string
default: "5s"
required: true
- variable: start_tls
label: "Start TLS"
description: "Use StartTLS with the LDAP connection"
schema:
type: boolean
default: false
- variable: tls
label: "TLS Settings"
schema:
additional_attrs: true
type: dict
attrs:
- variable: server_name
label: "Server Name"
description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
schema:
type: string
default: ""
- variable: skip_verify
label: "Skip Certificate Verification"
description: "Skip verifying the server certificate (to allow a self-signed certificate)"
schema:
type: boolean
default: false
- variable: minimum_version
label: "Minimum TLS version"
description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
schema:
type: string
default: "TLS1.2"
enum:
- value: "TLS1.0"
description: "TLS1.0"
- value: "TLS1.1"
description: "TLS1.1"
- value: "TLS1.2"
description: "TLS1.2"
- value: "TLS1.3"
description: "TLS1.3"
- variable: base_dn
label: "Base DN"
description: "The base dn for every LDAP query."
schema:
type: string
default: "DC=example,DC=com"
required: true
- variable: username_attribute
label: "Username Attribute"
description: "The attribute holding the username of the user"
schema:
type: string
default: ""
required: true
- variable: additional_users_dn
label: "Additional Users DN"
description: "An additional dn to define the scope to all users."
schema:
type: string
default: "OU=Users"
required: true
- variable: users_filter
label: "Users Filter"
description: "The groups filter used in search queries to find the groups of the user."
schema:
type: string
default: ""
required: true
- variable: additional_groups_dn
label: "Additional Groups DN"
description: "An additional dn to define the scope of groups."
schema:
type: string
default: "OU=Groups"
required: true
- variable: groups_filter
label: "Groups Filter"
description: "The groups filter used in search queries to find the groups of the user."
schema:
type: string
default: ""
required: true
- variable: group_name_attribute
label: "Group name Attribute"
description: "The attribute holding the name of the group"
schema:
type: string
default: ""
required: true
- variable: mail_attribute
label: "Mail Attribute"
description: "The attribute holding the primary mail address of the user"
schema:
type: string
default: ""
required: true
- variable: display_name_attribute
label: "Display Name Attribute"
description: "he attribute holding the display name of the user. This will be used to greet an authenticated user."
schema:
type: string
default: ""
- variable: user
label: "Admin User"
description: "The username of the admin user used to connect to LDAP."
schema:
type: string
default: "CN=Authelia,DC=example,DC=com"
required: true
- variable: plain_password
label: "Password"
schema:
type: string
default: ""
required: true
- variable: file
label: "File backend configuration"
description: "With this backend, the users database is stored in a file which is updated when users reset their passwords."
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "Enable"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: path
label: "Path"
schema:
type: string
default: "/config/users_database.yml"
required: true
- variable: password
label: "Password Settings"
schema:
additional_attrs: true
type: dict
attrs:
- variable: algorithm
label: "Algorithm"
schema:
type: string
default: "argon2id"
enum:
- value: "argon2id"
description: "argon2id"
- value: "sha512"
description: "sha512"
- variable: iterations
label: "Iterations"
schema:
type: int
default: 1
required: true
- variable: key_length
label: "Key Length"
schema:
type: int
default: 32
required: true
- variable: salt_length
label: "Salt Length"
schema:
type: int
default: 16
required: true
- variable: memory
label: "Memory"
schema:
type: int
default: 1024
required: true
- variable: parallelism
label: "Parallelism"
schema:
type: int
default: 8
required: true
- variable: notifier
group: "App Configuration"
label: "Notifier Configuration"
description: "Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration."
schema:
additional_attrs: true
type: dict
attrs:
- variable: disable_startup_check
label: "Disable Startup Check"
schema:
type: boolean
default: false
- variable: filesystem
label: "Filesystem Provider"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "Enable"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: filename
label: "File Path"
schema:
type: string
default: "/config/notification.txt"
required: true
- variable: smtp
label: "SMTP Provider"
description: "Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate."
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "Enable"
schema:
type: boolean
default: true
show_subquestions_if: true
subquestions:
- variable: host
label: "Host"
schema:
type: string
default: "smtp.mail.svc.cluster.local"
required: true
- variable: port
label: "Port"
schema:
type: int
default: 25
required: true
- variable: timeout
label: "Timeout"
schema:
type: string
default: "5s"
required: true
- variable: username
label: "Username"
schema:
type: string
default: ""
- variable: plain_password
label: "Password"
schema:
type: string
default: ""
- variable: sender
label: "Sender"
schema:
type: string
default: ""
required: true
- variable: identifier
label: "Identifier"
description: "HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost."
schema:
type: string
default: "localhost"
required: true
- variable: subject
label: "Subject"
description: "Subject configuration of the emails sent, {title} is replaced by the text from the notifier"
schema:
type: string
default: "[Authelia] {title}"
required: true
- variable: startup_check_address
label: "Startup Check Address"
description: "This address is used during the startup check to verify the email configuration is correct."
schema:
type: string
default: "test@authelia.com"
required: true
- variable: disable_require_tls
label: "Disable Require TLS"
schema:
type: boolean
default: false
- variable: disable_html_emails
label: "Disable HTML emails"
schema:
type: boolean
default: false
- variable: tls
label: "TLS Settings"
schema:
additional_attrs: true
type: dict
attrs:
- variable: server_name
label: "Server Name"
description: "Server Name for certificate validation (in case it's not set correctly in the URL)."
schema:
type: string
default: ""
- variable: skip_verify
label: "Skip Certificate Verification"
description: "Skip verifying the server certificate (to allow a self-signed certificate)"
schema:
type: boolean
default: false
- variable: minimum_version
label: "Minimum TLS version"
description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS."
schema:
type: string
default: "TLS1.2"
enum:
- value: "TLS1.0"
description: "TLS1.0"
- value: "TLS1.1"
description: "TLS1.1"
- value: "TLS1.2"
description: "TLS1.2"
- value: "TLS1.3"
description: "TLS1.3"
- variable: access_control
group: "App Configuration"
label: "Access Control Configuration"
description: "Access control is a list of rules defining the authorizations applied for one resource to users or group of users."
schema:
additional_attrs: true
type: dict
attrs:
- variable: default_policy
label: "Default Policy"
description: "Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'."
schema:
type: string
default: "two_factor"
enum:
- value: "bypass"
description: "bypass"
- value: "one_factor"
description: "one_factor"
- value: "two_factor"
description: "two_factor"
- value: "deny"
description: "deny"
- variable: networks
label: "Networks"
schema:
type: list
default: []
items:
- variable: networkItem
label: "Network Item"
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: "Name"
schema:
type: string
default: ""
required: true
- variable: networks
label: "Networks"
schema:
type: list
default: []
items:
- variable: network
label: "network"
schema:
type: string
default: ""
required: true
- variable: rules
label: "Rules"
schema:
type: list
default: []
items:
- variable: rulesItem
label: "Rule"
schema:
additional_attrs: true
type: dict
attrs:
- variable: domain
label: "Domains"
description: "defines which domain or set of domains the rule applies to."
schema:
type: list
default: []
items:
- variable: domainEntry
label: "Domain"
schema:
type: string
default: ""
required: true
- variable: policy
label: "Policy"
description: "The policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'."
schema:
type: string
default: "two_factor"
enum:
- value: "bypass"
description: "bypass"
- value: "one_factor"
description: "one_factor"
- value: "two_factor"
description: "two_factor"
- value: "deny"
description: "deny"
- variable: subject
label: "Subject"
description: "defines the subject to apply authorizations to. This parameter is optional and matching any user if not provided"
schema:
type: list
default: []
items:
- variable: subjectitem
label: "Subject"
schema:
type: string
default: ""
required: true
- variable: networks
label: "Networks"
schema:
type: list
default: []
items:
- variable: network
label: "Network"
schema:
type: string
default: ""
required: true
- variable: resources
label: "Resources"
description: "is a list of regular expressions that matches a set of resources to apply the policy to"
schema:
type: list
default: []
items:
- variable: resource
label: "Resource"
schema:
type: string
default: ""
required: true
# Include{serviceRoot}
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: main
label: "Main Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 9091
required: true
# Include{serviceExpertRoot}
default: false
# Include{serviceExpert}
# Include{serviceList}
# Include{persistenceRoot}
- variable: config
label: "App Config Storage"
description: "Stores the Application Configuration."
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceList}
# Include{ingressRoot}
- variable: main
label: "Main Ingress"
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressList}
# Include{securityContextRoot}
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 568
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 568
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 568
# Include{resources}
# Include{advanced}
- variable: identity_providers
group: "Advanced"
label: "Authelia Identity Providers (BETA)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: oidc
label: "OpenID Connect(BETA)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: "Enabled"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: access_token_lifespan
label: "Access Token Lifespan"
schema:
type: string
default: "1h"
required: true
- variable: authorize_code_lifespan
label: "Authorize Code Lifespan"
schema:
type: string
default: "1m"
required: true
- variable: id_token_lifespan
label: "ID Token Lifespan"
schema:
type: string
default: "1h"
required: true
- variable: refresh_token_lifespan
label: "Refresh Token Lifespan"
schema:
type: string
default: "90m"
required: true
- variable: enable_client_debug_messages
label: "Enable Client Debug Messages"
schema:
type: boolean
default: false
- variable: clients
label: "Clients"
schema:
type: list
default: []
items:
- variable: clientEntry
label: "Client"
schema:
additional_attrs: true
type: dict
attrs:
- variable: id
label: "ID/Name"
description: "The ID is the OpenID Connect ClientID which is used to link an application to a configuration."
schema:
type: string
default: "myapp"
required: true
- variable: description
label: "Description"
description: "The description to show to users when they end up on the consent screen. Defaults to the ID above."
schema:
type: string
default: "My Application"
required: true
- variable: secret
label: "Secret"
description: "The client secret is a shared secret between Authelia and the consumer of this client."
schema:
type: string
default: ""
required: true
- variable: public
label: "public"
description: "Sets the client to public. This should typically not be set, please see the documentation for usage."
schema:
type: boolean
default: false
- variable: authorization_policy
label: "Authorization Policy"
description: "The policy to require for this client; one_factor or two_factor."
schema:
type: string
default: "two_factor"
enum:
- value: "one_factor"
description: "one_factor"
- value: "two_factor"
description: "two_factor"
- variable: consent_mode
label: "Consent Mode"
description: "Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.)"
schema:
type: string
default: "auto"
enum:
- value: "auto"
description: "auto"
- value: "explicit"
description: "explicit"
- value: "implicit"
description: "implicit"
- variable: userinfo_signing_algorithm
label: "Userinfo Signing Algorithm"
description: "The algorithm used to sign userinfo endpoint responses for this client, either none or RS256."
schema:
type: string
default: "none"
enum:
- value: "none"
description: "none"
- value: "RS256"
description: "RS256"
- variable: audience
label: "Audience"
description: "Audience this client is allowed to request."
schema:
type: list
default: []
items:
- variable: audienceEntry
label: ""
schema:
type: string
default: ""
required: true
- variable: scopes
label: "Scopes"
description: "Scopes this client is allowed to request."
schema:
type: list
default: []
items:
- variable: ScopeEntry
label: "Scope"
schema:
type: string
default: "openid"
required: true
- variable: redirect_uris
label: "redirect_uris"
description: "Redirect URI's specifies a list of valid case-sensitive callbacks for this client."
schema:
type: list
default: []
items:
- variable: uriEntry
label: "Url"
schema:
type: string
default: "https://oidc.example.com/oauth2/callback"
required: true
- variable: grant_types
description: "Grant Types configures which grants this client can obtain."
label: "grant_types"
schema:
type: list
default: []
items:
- variable: grantEntry
label: "Grant"
schema:
type: string
default: "refresh_token"
required: true
- variable: response_types
description: "Response Types configures which responses this client can be sent."
label: "response_types"
schema:
type: list
default: []
items:
- variable: responseEntry
label: "type"
schema:
type: string
default: "code"
required: true
- variable: response_modes
description: "Response Modes configures which response modes this client supports."
label: "response_modes"
schema:
type: list
default: []
items:
- variable: modeEntry
label: "Mode"
schema:
type: string
default: "form_post"
required: true
# Include{postgresql}
# Include{postgresqlBasics}
# Include{addons}
# Include{codeserver}
# Include{vpn}
# Include{netshoot}
# Include{documentation}