TrueChartsClone/charts/stable/firezone/questions.yaml

339 lines
12 KiB
YAML

# Include{groups}
portals:
open:
# Include{portalLink}
questions:
# Include{global}
# Include{workload}
# Include{workloadDeployment}
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
# Include{containerBasic}
# Include{containerAdvanced}
- variable: firezone
group: App Configuration
label: FireZone
schema:
additional_attrs: true
type: dict
attrs:
- variable: web
label: Web Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: external_url
label: External Url
description: Must be a valid and public FQDN for ACME SSL issuance to function. Include https://
schema:
type: string
required: true
default: ""
- variable: trusted_proxies
label: Trusted Proxies
description: List of trusted reverse proxies.
schema:
type: list
default: []
items:
- variable: proxy
label: Proxy IP
schema:
type: string
required: true
default: ""
- variable: private_clients
label: Private Clients
description: List of trusted clients.
schema:
type: list
default: []
items:
- variable: client_ip
label: Client IP
schema:
type: string
required: true
default: ""
- variable: secure_cookies
label: Secure Cookies
description: Enable or disable requiring secure cookies. Required for HTTPS.
schema:
type: boolean
default: true
- variable: admin
label: Admin Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: reset_admin_on_boot
label: Reset Admin On Boot
description: to create or reset the admin password every time Firezone starts. By default, the admin password is only set when Firezone is installed.
schema:
type: boolean
default: true
- variable: default_email
label: Default Email
description: Primary administrator email.
schema:
type: string
required: true
default: ""
- variable: default_password
label: Default Password
description: Default password that will be used for creating or resetting the primary administrator account.
schema:
type: string
required: true
private: true
default: ""
- variable: devices
label: Devices Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: allow_unprivileged_device_management
label: Allow Unprivileged Device Management
description: Enable or disable management of devices on unprivileged accounts.
schema:
type: boolean
default: true
- variable: allow_unprivileged_device_config
label: Allow Unprivileged Device Configuration
description: Enable or disable configuration of device network settings for unprivileged users.
schema:
type: boolean
default: true
- variable: vpn_session_duration
label: VPN Session Duration
description: Optionally require users to periodically authenticate to the Firezone web UI in order to keep their VPN sessions active.
schema:
type: int
default: 0
- variable: client_persistent_keepalive
label: Client Persistent KeepAlive
description: If you experience NAT or firewall traversal problems, you can enable this to send a keepalive packet every 25 seconds, disabled by setting it to 0.
schema:
type: int
default: 0
- variable: default_client_mtu
label: Default Client MTU
description: WireGuard interface MTU for devices.
schema:
type: int
default: 1280
- variable: client_endpoint
label: Client Endpoint
description: IPv4 address, or FQDN that devices will be configured to connect to.
schema:
type: string
required: true
default: ""
- variable: client_dns
label: Client DNS
description: List of DNS servers to use for devices.
schema:
type: list
empty: false
required: true
default:
- 1.1.1.1
- 1.0.0.1
items:
- variable: dns
label: DNS
schema:
type: string
required: true
default: ""
- variable: client_allowed_ips
label: Client Allowed Ips
description: Configures the default AllowedIPs setting for devices.
schema:
type: list
empty: false
default:
- 0.0.0.0/0
items:
- variable: ip
label: IP
schema:
type: string
required: true
default: ""
- variable: max_devices_per_user
label: Max Devices Per User
description: Changes how many devices a user can have at a time.
schema:
type: int
default: 10
- variable: authorization
label: Authorization Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: local_auth_enabled
label: Local Auth Enabled
description: Enable or disable the local authentication method for all users.
schema:
type: boolean
default: true
- variable: disable_vpn_on_oidc_error
label: Disable VPN On OIDC Error
description: Enable or disable auto disabling VPN connection on OIDC refresh error.
schema:
type: boolean
default: false
- variable: wireguard
label: Wireguard Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: ipv4_masquerade_enabled
label: IPv4 Masquerade Enabled
description: Enable or disable IPv4 masqeurading.
schema:
type: boolean
default: true
- variable: connectivity
label: Connectivity Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: checks_enabled
label: Checks Enabled
description: Enable / disable periodic checking for egress connectivity.
schema:
type: boolean
default: true
- variable: checks_interval
label: Checks Interval
description: Periodicity in seconds to check for egress connectivity.
schema:
type: int
default: 43200
- variable: other
label: Other Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: telemetry_enabled
label: Telemetry Enabled
description: Enable or disable the Firezone telemetry collection.
schema:
type: boolean
default: false
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: Main Service
description: The Primary service on which the healthcheck runs, often the webUI
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: main
label: Main Service Port Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: Port
description: This port exposes the container port on the service
schema:
type: int
default: 13000
required: true
- variable: wireguard
label: Wireguard Service
description: The Wireguard service
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras}
- variable: wireguard
label: Wireguard Service Port Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: Port
description: This port exposes the container port on the service
schema:
type: int
default: 51820
required: true
# Include{serviceExpertRoot}
# Include{serviceExpert}
# Include{serviceList}
# Include{persistenceRoot}
- variable: config
label: App Config Storage
description: Stores the Application Config.
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceList}
# Include{ingressRoot}
- variable: main
label: Main Ingress
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressAdvanced}
# Include{ingressList}
# Include{securityContextRoot}
- variable: runAsUser
label: runAsUser
description: The UserID of the user running the application
schema:
type: int
default: 0
- variable: runAsGroup
label: runAsGroup
description: The groupID of the user running the application
schema:
type: int
default: 0
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
- variable: fsGroup
label: fsGroup
description: The group that should own ALL storage.
schema:
type: int
default: 568
# Include{resources}
# Include{advanced}
# Include{addons}
# Include{codeserver}
# Include{netshoot}
# Include{vpn}
# Include{documentation}