340 lines
20 KiB
YAML
340 lines
20 KiB
YAML
# Include{groups}
|
|
portals:
|
|
open:
|
|
# Include{portalLink}
|
|
questions:
|
|
# Include{global}
|
|
# Include{workload}
|
|
# Include{workloadDeployment}
|
|
|
|
# Include{replicas1}
|
|
# Include{podSpec}
|
|
# Include{containerMain}
|
|
|
|
- variable: env
|
|
label: Image Environment
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: EXTERNAL_URL
|
|
label: External Url
|
|
description: Must be a valid and public FQDN for ACME SSL issuance to function.
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: DEFAULT_ADMIN_EMAIL
|
|
label: Default Admin Email
|
|
description: Primary administrator email.
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: DEFAULT_ADMIN_PASSWORD
|
|
label: Default Admin Password
|
|
description: Primary administrator password.
|
|
schema:
|
|
type: string
|
|
required: true
|
|
private: true
|
|
default: ""
|
|
- variable: RESET_ADMIN_ON_BOOT
|
|
label: Reset Admin On Boot
|
|
description: to create or reset the admin password every time FireZone starts.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: TELEMETRY_ENABLED
|
|
label: Telemetry Enabled
|
|
description: Enable or disable the FireZone telemetry collection.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: devices
|
|
label: Devices Settings
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT
|
|
label: Allow Unprivileged Devices
|
|
description: Enable or disable management of devices on unprivileged accounts.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION
|
|
label: Allow Unprivileged Device Configuration
|
|
description: Enable or disable configuration of device network settings for unprivileged users.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: VPN_SESSION_DURATION
|
|
label: VPN Session Duration
|
|
description: Optionally require users to periodically authenticate to the FireZone, Interval for WireGuard persistent keepalive.
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
- variable: DEFAULT_CLIENT_PERSISTENT_KEEPALIVE
|
|
label: Default Client Persistent KeepAlive
|
|
description: send a keepalive packet every 25 seconds. Otherwise, keep it disabled with a 0 default value.
|
|
schema:
|
|
type: int
|
|
default: 25
|
|
- variable: DEFAULT_CLIENT_MTU
|
|
label: Default Client MTU
|
|
description: WireGuard interface MTU for devices.
|
|
schema:
|
|
type: int
|
|
default: 1280
|
|
- variable: DEFAULT_CLIENT_ENDPOINT
|
|
label: Default Client EndPoint
|
|
description: IPv4, IPv6 address, or FQDN that devices will be configured to connect to. Defaults to this server's FQDN.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: DEFAULT_CLIENT_DNS
|
|
label: Default Client DNS
|
|
description: Comma-separated list of DNS servers to use for devices.
|
|
schema:
|
|
type: string
|
|
default: "1.1.1.1,1.0.0.1"
|
|
- variable: DEFAULT_CLIENT_ALLOWED_IPS
|
|
label: Default Client Allowed IPs
|
|
description: AllowedIPs determines which destination IPs get routed through FireZone.
|
|
schema:
|
|
type: string
|
|
default: "0.0.0.0/0,::/0"
|
|
- variable: MAX_DEVICES_PER_USER
|
|
label: Max Devices Per User
|
|
description: Changes how many devices a user can have at a time.
|
|
schema:
|
|
type: int
|
|
default: 10
|
|
- variable: authorization
|
|
label: Authorization Settings
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: LOCAL_AUTH_ENABLED
|
|
label: Local Auth Enabled
|
|
description: Enable or disable the local authentication method for all users.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: DISABLE_VPN_ON_OIDC_ERROR
|
|
label: Disable VPN On OIDC Error
|
|
description: Enable or disable auto disabling VPN connection on OIDC refresh error.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: wireguard
|
|
label: Wireguard Settings
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: WIREGUARD_IPV4_ENABLED
|
|
label: WireGuard IPV4 Enabled
|
|
description: Enable or disable IPv4 support for WireGuard.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: WIREGUARD_IPV6_ENABLED
|
|
label: WireGuard IPV6 Enabled
|
|
description: Enable or disable IPv6 support for WireGuard.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: outbound
|
|
label: OutBound Email Settings
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: OUTBOUND_EMAIL_FROM
|
|
label: Outbound Email From
|
|
description: From address to use for sending outbound emails.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: OUTBOUND_EMAIL_ADAPTER
|
|
label: Outbound Email Adapter
|
|
description: Method to use for sending outbound email.
|
|
schema:
|
|
type: string
|
|
default: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
|
|
enum:
|
|
- value: "Elixir.FzHttpWeb.Mailer.AmazonSES"
|
|
description: "AmazonSES"
|
|
- value: "Elixir.FzHttpWeb.Mailer.CustomerIO"
|
|
description: CustomerIO"
|
|
- value: "Elixir.FzHttpWeb.Mailer.Dyn"
|
|
description: Dyn
|
|
- value: "Elixir.FzHttpWeb.Mailer.ExAwsAmazonSES"
|
|
description: ExAwsAmazonSES"
|
|
- value: "Elixir.FzHttpWeb.Mailer.Gmail"
|
|
description: Gmail"
|
|
- value: "Elixir.FzHttpWeb.Mailer.MailPace"
|
|
description: MailPace"
|
|
- value: "Elixir.FzHttpWeb.Mailer.Mailgun"
|
|
description: Mailgun"
|
|
- value: "Elixir.FzHttpWeb.Mailer.Mailjet"
|
|
description: MailJet"
|
|
- value: "Elixir.FzHttpWeb.Mailer.Mandrill"
|
|
description: Mandrill"
|
|
- value: "Elixir.FzHttpWeb.Mailer.Postmark"
|
|
description: Postmark"
|
|
- value: "Elixir.FzHttpWeb.Mailer.ProtonBridge"
|
|
description: ProtonBridge"
|
|
- value: "Elixir.FzHttpWeb.Mailer.SMTP"
|
|
description: SMTP"
|
|
- value: "Elixir.FzHttpWeb.Mailer.SMTP2GO"
|
|
description: SMTP2GO"
|
|
- value: "Elixir.FzHttpWeb.Mailer.Sendgrid"
|
|
description: SendGrid"
|
|
- value: "Elixir.FzHttpWeb.Mailer.Sendinblue"
|
|
description: "SendInBlue"
|
|
- value: "Elixir.FzHttpWeb.Mailer.Sendmail"
|
|
description: "Sendmail"
|
|
- value: "Elixir.FzHttpWeb.Mailer.SocketLabs"
|
|
description: "SocketLabs"
|
|
- value: "Elixir.FzHttpWeb.Mailer.SparkPost"
|
|
description: "SparkPost"
|
|
- value: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
|
|
description: "NoopAdapter"
|
|
- variable: OUTBOUND_EMAIL_ADAPTER_OPTS
|
|
label: Outbound Email Adapter OPTS
|
|
description: Adapter configuration, see https://github.com/swoosh/swoosh#adapters.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: connectivity
|
|
label: Connectivity Settings
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: CONNECTIVITY_CHECKS_ENABLED
|
|
label: Connectivity Checks Enabled
|
|
description: Enable / disable periodic checking for egress connectivity. Determines the instance's public IP to populate Endpoint fields.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: CONNECTIVITY_CHECKS_INTERVAL
|
|
label: Connectivity Checks Interval
|
|
description: Periodicity in seconds to check for egress connectivity.
|
|
schema:
|
|
type: int
|
|
default: 43200
|
|
|
|
# Include{containerBasic}
|
|
# Include{containerAdvanced}
|
|
|
|
# Include{containerConfig}
|
|
# Include{podOptions}
|
|
# Include{serviceRoot}
|
|
- variable: main
|
|
label: Main Service
|
|
description: The Primary service on which the healthcheck runs, often the webUI
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: main
|
|
label: Main Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 13000
|
|
required: true
|
|
- variable: wireguard
|
|
label: Wireguard Service
|
|
description: The Wireguard service
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: wireguard
|
|
label: Wireguard Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 51820
|
|
required: true
|
|
# Include{serviceExpertRoot}
|
|
# Include{serviceExpert}
|
|
# Include{serviceList}
|
|
# Include{persistenceRoot}
|
|
- variable: config
|
|
label: App Config Storage
|
|
description: Stores the Application Config.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceList}
|
|
# Include{ingressRoot}
|
|
- variable: main
|
|
label: Main Ingress
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
# Include{ingressTLS}
|
|
# Include{ingressTraefik}
|
|
# Include{ingressList}
|
|
# Include{securityContextRoot}
|
|
- variable: runAsUser
|
|
label: runAsUser
|
|
description: The UserID of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
- variable: runAsGroup
|
|
label: runAsGroup
|
|
description: The groupID of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
# Include{securityContextContainer}
|
|
# Include{securityContextAdvanced}
|
|
# Include{securityContextPod}
|
|
- variable: fsGroup
|
|
label: fsGroup
|
|
description: The group that should own ALL storage.
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
# Include{resources}
|
|
# Include{advanced}
|
|
# Include{addons}
|
|
# Include{codeserver}
|
|
# Include{netshoot}
|
|
# Include{vpn}
|
|
# Include{documentation}
|