746 lines
33 KiB
YAML
746 lines
33 KiB
YAML
# Include{groups}
|
|
portals:
|
|
open:
|
|
# Include{portalLink}
|
|
questions:
|
|
# Include{global}
|
|
# Include{controller}
|
|
# Include{replicas}
|
|
# Include{replica1}
|
|
# Include{controllerExpertExtraArgs}
|
|
- variable: meshcentral
|
|
group: App Configuration
|
|
label: MeshCentral Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: settings
|
|
label: Section <settings>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: aliasPort
|
|
label: aliasPort
|
|
description: The actual main port as seen externally on the Internet, this setting is often used when a reverse-proxy is used.
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 443
|
|
- variable: cert
|
|
label: cert
|
|
description: Set this to the primary DNS name of this MeshCentral server.
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: tlsOffload
|
|
label: tlsOffload
|
|
description: When true, indicates that a TLS offloader is in front of the MeshCentral server. More typically, set this to the IP address of the reverse proxy or TLS offloader so that IP forwarding headers will be trusted. For example 172.16.0.0/16
|
|
schema:
|
|
type: string
|
|
default: "172.16.0.0/16"
|
|
- variable: trustedProxy
|
|
label: trustedProxy
|
|
description: Trust forwarded headers from these IPs or domains. Providing the magic string "CloudFlare" will cause the server to download the IP address list of trusted CloudFlare proxies directly from CloudFlare on each server start. For example 172.16.0.0/16. This should be left empty if traefik is used.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: WANonly
|
|
label: WANonly
|
|
description: When enabled, only MeshCentral WAN features are enabled and agents will connect to the server using a well known DNS name.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: LANonly
|
|
label: LANonly
|
|
description: When enabled, only MeshCentral LAN features are enabled and agents will find the server using multicast LAN packets.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: webRTC
|
|
label: webRTC
|
|
description: When enabled, allows use of WebRTC to allow direct network traffic between the agent and browser.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: compression
|
|
label: compression
|
|
description: Enables GZIP compression for web requests.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: wsCompression
|
|
label: wsCompression
|
|
description: Enables server-side, websocket per-message deflate compression.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: agentWsCompression
|
|
label: agentWsCompression
|
|
description: Enables agent-side, websocket per-message deflate compression. wscompression must also be true for this to work.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: allowFraming
|
|
label: allowFraming
|
|
description: When enabled, the MeshCentral web site can be embedded within another website's iframe.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: newAccounts
|
|
label: newAccounts
|
|
description: When set to true, allow new user accounts to be created from the login page.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: allowHighQualityDesktop
|
|
label: allowHighQualityDesktop
|
|
description: When false, users will only be able to set remote desktop image quality to 60%, this can reduce server bandwidth usage.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: agentLogDump
|
|
label: agentLogDump
|
|
description: Automatically downloads all agent error logs into meshcentral-data/agenterrorlogs.txt.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: agentCoreDump
|
|
label: agentCoreDump
|
|
description: Automatically activates and transfers any agent crash dump files to the server in meshcentral-data/coredumps.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: browserPing
|
|
label: browserPing
|
|
description: When specified, sends data to the browser at x seconds interval and expects a response from the browser.
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: -99
|
|
- variable: browserPong
|
|
label: browserPong
|
|
description: When specified, sends data to the browser at x seconds interval.
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: -99
|
|
- variable: agentPing
|
|
label: agentPing
|
|
description: When specified, sends data to the agent at x seconds interval and expects a response from the agent.
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: -99
|
|
- variable: agentPong
|
|
label: agentPong
|
|
description: When specified, sends data to the agent at x seconds interval.
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: -99
|
|
- variable: agentIdleTimeout
|
|
label: agentIdleTimeout
|
|
description: How much time in seconds with no traffic from an agent before dropping the agent connection.
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: -99
|
|
- variable: maxInvalidLogin
|
|
label: Section <maxInvalidLogin>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: time
|
|
label: time
|
|
description: Time in minutes over which the a maximum number of invalid login attempts is allowed from an IP address.
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 10
|
|
- variable: count
|
|
label: count
|
|
description: Maximum number of invalid login attempts from an IP address in the time period.
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 10
|
|
- variable: coolofftime
|
|
label: coolofftime
|
|
description: Additional time in minute that login attempts will be denied once the invalid login limit is reached.
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 30
|
|
- variable: exclude
|
|
label: exclude
|
|
description: Ranges of IP addresses that are not subject to invalid login limitations. For example 192.168.1.0/24,172.16.0.1
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: maxInvalid2fa
|
|
label: Section <maxInvalid2fa>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: time
|
|
label: time
|
|
description: Time in minutes over which the a maximum number of invalid 2FA attempts is allowed from an IP address.
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 10
|
|
- variable: count
|
|
label: count
|
|
description: Maximum number of invalid 2FA attempts from an IP address in the time period.
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 10
|
|
- variable: coolofftime
|
|
label: coolofftime
|
|
description: Additional time in minute that 2FA attempts will be denied once the invalid login limit is reached.
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 30
|
|
- variable: exclude
|
|
label: exclude
|
|
description: Ranges of IP addresses that are not subject to invalid 2FA limitations. For example 192.168.1.0/24,172.16.0.1
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: autobackup
|
|
label: Section <autobackup>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: backupIntervalHours
|
|
label: backupIntervalHours
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 24
|
|
- variable: keepLastDaysBackup
|
|
label: keepLastDaysBackup
|
|
schema:
|
|
type: int
|
|
required: true
|
|
default: 10
|
|
- variable: zipPassword
|
|
label: zipPassword
|
|
description: Leave empty for no password
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: _setupWebDav
|
|
label: Backup to Web DAV
|
|
description: Enabled automated upload of the server backups to a WebDAV account.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: webdav
|
|
label: Section <webdav>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: url
|
|
label: url
|
|
description: WebDAV account URL.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: username
|
|
label: username
|
|
description: WebDAV account username.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: password
|
|
label: password
|
|
description: WebDAV account password.
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: folderName
|
|
label: folderName
|
|
description: The name of the folder to create in the WebDAV account.
|
|
schema:
|
|
type: string
|
|
default: MeshCentral-Backups
|
|
- variable: maxFiles
|
|
label: maxFiles
|
|
description: The maximum number of files to keep in the WebDAV folder, older files will be removed if needed.
|
|
schema:
|
|
type: int
|
|
default: 10
|
|
- variable: relayDNS
|
|
label: relayDNS
|
|
description: When set, relayPort value is ignored. Set this to a DNS name the points to this server. When the server is accessed using the DNS name, the main web server port is used as a web relay port.
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: relayDNSEntry
|
|
label: relayDNS Entry
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: plugins
|
|
label: Section <plugins>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: enabled
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: _setupMessaging
|
|
label: Setup Messaging
|
|
description: This section allow MeshCentral to send messages over user messaging networks like Discord
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: messaging
|
|
label: Section <messaging>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: _setupTelegram
|
|
label: Setup Telegram
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: telegram
|
|
label: telegram
|
|
description: Configure Telegram messaging system
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: apiid
|
|
label: apiid
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: apihash
|
|
label: apihash
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: session
|
|
label: session
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: _setupDiscord
|
|
label: Setup Discord
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: discord
|
|
label: discord
|
|
description: Configure Discord messaging system
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: serverurl
|
|
label: serverurl
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: token
|
|
label: token
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: _setupXMPP
|
|
label: Setup XMPP
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: xmpp
|
|
label: xmpp
|
|
description: Configure XMPP messaging system
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: service
|
|
label: service
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: credentials
|
|
label: credentials
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: username
|
|
label: username
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: password
|
|
label: password
|
|
schema:
|
|
type: string
|
|
private: true
|
|
default: ""
|
|
- variable: domains
|
|
label: Section <domains>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: tcdefaultdomain
|
|
label: 'Section <"">'
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: certUrl
|
|
label: certUrl
|
|
description: HTTPS URL when to get the TLS certificate that MeshAgent's will see when connecting to this server. This setting is used when a reverse proxy like Traefik is used in front of MeshCentral.
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: title
|
|
label: title
|
|
description: The title of this web site. All web pages will have this title.
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: MeshCentral
|
|
- variable: title2
|
|
label: title2
|
|
description: Secondary title text that is placed on the upper right on the title on many web pages.
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: TrueCharts
|
|
- variable: welcomeText
|
|
label: welcomeText
|
|
description: Text that will be shown on the login screen.
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: Welcome to TrueCharts MeshCentral
|
|
- variable: minify
|
|
label: minify
|
|
description: When enabled, the server will send reduced sized web pages.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: localSessionRecording
|
|
label: localSessionRecording
|
|
description: When false, removes the local recording feature on remote desktop.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: mstsc
|
|
label: mstsc
|
|
description: When enabled, activates the built-in web-based RDP client.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: ssh
|
|
label: ssh
|
|
description: When enabled, activates the built-in web-based SSH client.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: novnc
|
|
label: novnc
|
|
description: When enabled, activates the built-in web-based VNC client.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: geoLocation
|
|
label: geoLocation
|
|
description: Enables the geo-location feature and device location map in the user interface, this feature is not being worked on.
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: nightMode
|
|
label: nightMode
|
|
description: 0 = User selects day/night mode, 1 = Always night mode, 2 = Always day mode
|
|
schema:
|
|
type: int
|
|
min: 0
|
|
max: 2
|
|
requited: true
|
|
default: 0
|
|
- variable: siteStyle
|
|
label: siteStyle
|
|
description: Valid numbers are 1 and 2, changes the style of the login page and some secondary pages.
|
|
schema:
|
|
type: int
|
|
min: 1
|
|
max: 2
|
|
requited: true
|
|
default: 2
|
|
- variable: deviceMeshRouterLinks
|
|
label: Section <deviceMeshRouterLinks>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: rdp
|
|
label: rdp
|
|
description: Display a RDP link in the device tab when supported
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: ssh
|
|
label: ssh
|
|
description: Display a SSH link in the device tab when supported
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: scp
|
|
label: scp
|
|
description: Display a SCP link in the device tab when supported
|
|
schema:
|
|
type: boolean
|
|
default: true
|
|
- variable: _setupAgentCustomization
|
|
label: Setup Agent Customization
|
|
description: Use this section to customize the agent branding.
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: agentCustomization
|
|
label: Section <agentCustomization>
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: displayName
|
|
label: displayName
|
|
description: The name of the agent as displayed to the user.
|
|
schema:
|
|
type: string
|
|
default: MeshCentral Agent
|
|
- variable: description
|
|
label: description
|
|
description: The description of the agent as displayed to the user.
|
|
schema:
|
|
type: string
|
|
default: Mesh Agent Background Service
|
|
- variable: companyName
|
|
label: companyName
|
|
description: This will be used as the path to install the agent, by default this is 'Mesh Agent' in Windows and 'meshagent' in other OS's.
|
|
schema:
|
|
type: string
|
|
default: Mesh Agent
|
|
- variable: serviceName
|
|
label: serviceName
|
|
description: The name of the background service, by default this is 'Mesh Agent' in Windows and 'meshagent' in other OS's but should be set to an all lower case, no space string.
|
|
schema:
|
|
type: string
|
|
default: Mesh Agent
|
|
- variable: installText
|
|
label: installText
|
|
description: Text string to show in the agent installation dialog box.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: image
|
|
label: image
|
|
description: The filename of a image file in .png format located in meshcentral-data to display in the MeshCentral Agent installation dialog, image should be square and from 64x64 to 200x200.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: fileName
|
|
label: fileName
|
|
description: The agent filename.
|
|
schema:
|
|
type: string
|
|
default: meshagent
|
|
- variable: foregroundColor
|
|
label: foregroundColor
|
|
description: 'Foreground text color, valid values are RBG in format 0,0,0 to 255,255,255 or format "#000000" to "#FFFFFF".'
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: backgroundColor
|
|
label: backgroundColor
|
|
description: 'Background color, valid values are RBG in format 0,0,0 to 255,255,255 or format "#000000" to "#FFFFFF".'
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
- variable: additional_meshcentral
|
|
group: App Configuration
|
|
label: Additional MeshCentral Configuration
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: entry
|
|
label: Key - Value Pair
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: key
|
|
label: Key
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
- variable: value
|
|
label: Value
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: ""
|
|
# Include{containerConfig}
|
|
# Include{serviceRoot}
|
|
- variable: main
|
|
label: Main Service
|
|
description: The Primary service on which the healthcheck runs, often the webUI
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{serviceSelectorLoadBalancer}
|
|
# Include{serviceSelectorExtras}
|
|
- variable: main
|
|
label: Main Service Port Configuration
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
- variable: port
|
|
label: Port
|
|
description: This port exposes the container port on the service
|
|
schema:
|
|
type: int
|
|
default: 10205
|
|
required: true
|
|
# Include{serviceExpertRoot}
|
|
default: false
|
|
# Include{serviceExpert}
|
|
# Include{serviceList}
|
|
# Include{persistenceRoot}
|
|
- variable: data
|
|
label: App Data Storage
|
|
description: Stores the Application Data.
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: files
|
|
label: Files Storage
|
|
description: Stores the Files
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: web
|
|
label: Web Storage
|
|
description: Stores the Web Files. Used for web customization
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
- variable: backups
|
|
label: Backups Storage
|
|
description: Stores the Backups
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{persistenceBasic}
|
|
# Include{persistenceList}
|
|
# Include{ingressRoot}
|
|
- variable: main
|
|
label: Main Ingress
|
|
schema:
|
|
additional_attrs: true
|
|
type: dict
|
|
attrs:
|
|
# Include{ingressDefault}
|
|
# Include{ingressTLS}
|
|
# Include{ingressTraefik}
|
|
# Include{ingressList}
|
|
# Include{security}
|
|
# Include{securityContextAdvancedRoot}
|
|
- variable: privileged
|
|
label: Privileged mode
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: readOnlyRootFilesystem
|
|
label: ReadOnly Root Filesystem
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: allowPrivilegeEscalation
|
|
label: Allow Privilege Escalation
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
- variable: runAsNonRoot
|
|
label: runAsNonRoot
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
# Include{podSecurityContextRoot}
|
|
- variable: runAsUser
|
|
label: runAsUser
|
|
description: The UserID of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
- variable: runAsGroup
|
|
label: runAsGroup
|
|
description: The groupID this App of the user running the application
|
|
schema:
|
|
type: int
|
|
default: 0
|
|
- variable: fsGroup
|
|
label: fsGroup
|
|
description: The group that should own ALL storage.
|
|
schema:
|
|
type: int
|
|
default: 568
|
|
# Include{podSecurityContextAdvanced}
|
|
# Include{resources}
|
|
# Include{advanced}
|
|
# Include{addons}
|
|
# Include{codeserver}
|
|
# Include{vpn}
|
|
# Include{documentation}
|