truecharts.local
/
catalog
mirror of https://github.com/truecharts/catalog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit new Chart releases for TrueCharts 

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2023-09-07 08:32:10 +00:00
parent 606eeb56a0
commit 17af18d86e
16 changed files with 409 additions and 384 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
incubator/firezone/0.0.8/app-changelog.md
View File

@ -1,9 +0,0 @@
## [firezone-0.0.8](https://github.com/truecharts/charts/compare/firezone-1.0.0...firezone-0.0.8) (2023-08-16)
### Fix
- Update common / questions ([#11584](https://github.com/truecharts/charts/issues/11584))

BIN
incubator/firezone/0.0.8/charts/common-14.0.1.tgz
View File

Binary file not shown.

142
incubator/firezone/0.0.8/ix_values.yaml
View File

@ -1,142 +0,0 @@
image:
repository: tccr.io/truecharts/firezone
pullPolicy: IfNotPresent
tag: v0.7.30@sha256:e22dc7a9be93a804bbe0e3d301c883625463a3649d856c8b41f80a2257214667
securityContext:
container:
readOnlyRootFilesystem: false
runAsNonRoot: false
PUID: 0
runAsUser: 0
runAsGroup: 0
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
workload:
main:
podSpec:
containers:
main:
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
env:
# web
PHOENIX_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
EXTERNAL_URL: "https://app.mydomain.com"
# PHOENIX_SECURE_COOKIES: true
# PHOENIX_HTTP_PROTOCOL_OPTIONS: "{}"
# PHOENIX_EXTERNAL_TRUSTED_PROXIES: "[]"
# PHOENIX_PRIVATE_CLIENTS: "[]"
# DB
DATABASE_HOST:
secretKeyRef:
name: cnpg-main-urls
key: host
DATABASE_PORT: 5432
DATABASE_NAME: "{{ .Values.cnpg.main.database }}"
DATABASE_USER: "{{ .Values.cnpg.main.user }}"
DATABASE_PASSWORD:
secretKeyRef:
name: cnpg-main-user
key: password
# DATABASE_POOL_SIZE
DATABASE_SSL_ENABLED: false
# DATABASE_SSL_OPTS: "{}"
# Admin
RESET_ADMIN_ON_BOOT: false
DEFAULT_ADMIN_EMAIL: "admin@email.com"
DEFAULT_ADMIN_PASSWORD: "1234567890"
# Secrets and Encryption
GUARDIAN_SECRET_KEY:
secretKeyRef:
name: secrets
key: GUARDIAN_SECRET_KEY
DATABASE_ENCRYPTION_KEY:
secretKeyRef:
name: secrets
key: DATABASE_ENCRYPTION_KEY
SECRET_KEY_BASE:
secretKeyRef:
name: secrets
key: SECRET_KEY_BASE
LIVE_VIEW_SIGNING_SALT:
secretKeyRef:
name: secrets
key: LIVE_VIEW_SIGNING_SALT
COOKIE_SIGNING_SALT:
secretKeyRef:
name: secrets
key: COOKIE_SIGNING_SALT
COOKIE_ENCRYPTION_SALT:
secretKeyRef:
name: secrets
key: COOKIE_ENCRYPTION_SALT
# Devices
ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT: true
ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION: true
VPN_SESSION_DURATION: 0
DEFAULT_CLIENT_PERSISTENT_KEEPALIVE: 25
DEFAULT_CLIENT_MTU: 1280
# DEFAULT_CLIENT_ENDPOINT: ""
DEFAULT_CLIENT_DNS: "1.1.1.1,1.0.0.1"
DEFAULT_CLIENT_ALLOWED_IPS: "0.0.0.0/0, ::/0"
# Limits
MAX_DEVICES_PER_USER: 10
# Authorization
LOCAL_AUTH_ENABLED: true
DISABLE_VPN_ON_OIDC_ERROR: false
SAML_ENTITY_ID: "urn:firezone.dev:firezone-app"
# SAML_KEYFILE_PATH: "/var/firezone/saml.key"
# SAML_CERTFILE_PATH: "/var/firezone/saml.crt"
# OPENID_CONNECT_PROVIDERS: "[]"
# SAML_IDENTITY_PROVIDERS: "[]"
# WireGuard
WIREGUARD_PORT: "{{ .Values.service.wireguard.ports.wireguard.port }}"
WIREGUARD_IPV4_ENABLED: true
WIREGUARD_IPV6_ENABLED: false
# Outbound Emails
OUTBOUND_EMAIL_FROM: ""
OUTBOUND_EMAIL_ADAPTER: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
# OUTBOUND_EMAIL_ADAPTER_OPTS: "{}"
# Connectivity Checks
CONNECTIVITY_CHECKS_ENABLED: true
CONNECTIVITY_CHECKS_INTERVAL: 43200
# Telemetry
TELEMETRY_ENABLED: false
service:
main:
ports:
main:
protocol: http
port: 13000
wireguard:
enabled: true
ports:
wireguard:
enabled: true
protocol: udp
port: 51820
persistence:
config:
enabled: true
mountPath: "/var/firezone"
cnpg:
main:
enabled: true
user: firezone
database: firezone
portal:
open:
enabled: true

BIN
incubator/firezone/0.0.8/logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

5
incubator/firezone/0.0.8/CHANGELOG.md → incubator/firezone/0.1.0/CHANGELOG.md
View File

@ -4,6 +4,11 @@
## [firezone-0.1.0](https://github.com/truecharts/charts/compare/firezone-0.0.8...firezone-0.1.0) (2023-09-07)
## [firezone-0.0.8](https://github.com/truecharts/charts/compare/firezone-1.0.0...firezone-0.0.8) (2023-08-16)
### Fix

6
incubator/firezone/0.0.8/Chart.yaml → incubator/firezone/0.1.0/Chart.yaml
View File

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: "0.7.30"
appVersion: "0.7.35"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 14.0.1
version: 14.0.3
deprecated: false
description: WireGuard-based VPN server and egress firewall
home: https://truecharts.org/charts/incubator/firezone
@ -22,7 +22,7 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/incubator/firezone
- https://github.com/firezone/firezone
type: application
version: 0.0.8
version: 0.1.0
annotations:
truecharts.org/catagories: |
- vpn

0
incubator/firezone/0.0.8/README.md → incubator/firezone/0.1.0/README.md
View File

4
incubator/firezone/0.1.0/app-changelog.md Normal file
View File

@ -0,0 +1,4 @@
## [firezone-0.1.0](https://github.com/truecharts/charts/compare/firezone-0.0.8...firezone-0.1.0) (2023-09-07)

0
incubator/firezone/0.0.8/app-readme.md → incubator/firezone/0.1.0/app-readme.md
View File

BIN
incubator/firezone/0.1.0/charts/common-14.0.3.tgz Normal file
View File

Binary file not shown.

170
incubator/firezone/0.1.0/ix_values.yaml Normal file
View File

@ -0,0 +1,170 @@
image:
repository: tccr.io/truecharts/firezone
pullPolicy: IfNotPresent
tag: v0.7.35@sha256:53c08baeb65dde8689ebb3bd1fc9fbb034970dfdc9bceb005c4ffa03fe2b3e93
securityContext:
container:
readOnlyRootFilesystem: false
runAsNonRoot: false
PUID: 0
runAsUser: 0
runAsGroup: 0
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
service:
main:
ports:
main:
protocol: http
port: 13000
wireguard:
enabled: true
ports:
wireguard:
enabled: true
protocol: udp
port: 51820
firezone:
web:
external_url: "https://example.com"
trusted_proxies: []
private_clients: []
admin:
reset_admin_on_boot: false
default_email: "admin@email.com"
default_password: "1234567890"
devices:
allow_unprivileged_device_management: true
allow_unprivileged_device_config: true
vpn_session_duration: 0
client_persistent_keepalive: 25
default_client_mtu: 1280
client_endpoint: ""
client_dns:
- 1.1.1.1
- 1.0.0.1
client_allowed_ips:
- 0.0.0.0/0
max_devices_per_user: 10
authorization:
local_auth_enabled: true
disable_vpn_on_oidc_error: false
wireguard:
ipv4_masquerade_enabled: true
connectivity:
checks_enabled: true
checks_interval: 43200
other:
telemetry_enabled: false
workload:
main:
podSpec:
containers:
main:
env:
# web
PHOENIX_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
EXTERNAL_URL: "{{ .Values.firezone.web.external_url }}"
PHOENIX_SECURE_COOKIES: "{{ .Values.firezone.web.secure_cookies }}"
# PHOENIX_HTTP_PROTOCOL_OPTIONS: "{}"
PHOENIX_EXTERNAL_TRUSTED_PROXIES: "{{ toJson .Values.firezone.web.trusted_proxies }}"
PHOENIX_PRIVATE_CLIENTS: "{{ toJson .Values.firezone.web.private_clients }}"
# DB
DATABASE_HOST:
secretKeyRef:
name: cnpg-main-urls
key: host
DATABASE_PORT: 5432
DATABASE_NAME: "{{ .Values.cnpg.main.database }}"
DATABASE_USER: "{{ .Values.cnpg.main.user }}"
DATABASE_PASSWORD:
secretKeyRef:
name: cnpg-main-user
key: password
# DATABASE_POOL_SIZE
DATABASE_SSL_ENABLED: false
# DATABASE_SSL_OPTS: "{}"
# Admin
RESET_ADMIN_ON_BOOT: "{{ .Values.firezone.admin.reset_admin_on_boot }}"
DEFAULT_ADMIN_EMAIL: "{{ .Values.firezone.admin.default_email }}"
DEFAULT_ADMIN_PASSWORD: "{{ .Values.firezone.admin.default_password }}"
# Secrets and Encryption
GUARDIAN_SECRET_KEY:
secretKeyRef:
name: firezone-secrets
key: GUARDIAN_SECRET_KEY
DATABASE_ENCRYPTION_KEY:
secretKeyRef:
name: firezone-secrets
key: DATABASE_ENCRYPTION_KEY
SECRET_KEY_BASE:
secretKeyRef:
name: firezone-secrets
key: SECRET_KEY_BASE
LIVE_VIEW_SIGNING_SALT:
secretKeyRef:
name: firezone-secrets
key: LIVE_VIEW_SIGNING_SALT
COOKIE_SIGNING_SALT:
secretKeyRef:
name: firezone-secrets
key: COOKIE_SIGNING_SALT
COOKIE_ENCRYPTION_SALT:
secretKeyRef:
name: firezone-secrets
key: COOKIE_ENCRYPTION_SALT
# Devices
ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT: "{{ .Values.firezone.devices.allow_unprivileged_device_management }}"
ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION: "{{ .Values.firezone.devices.allow_unprivileged_device_config }}"
VPN_SESSION_DURATION: "{{ .Values.firezone.devices.vpn_session_duration }}"
DEFAULT_CLIENT_PERSISTENT_KEEPALIVE: "{{ .Values.firezone.devices.client_persistent_keepalive }}"
DEFAULT_CLIENT_MTU: "{{ .Values.firezone.devices.default_client_mtu }}"
DEFAULT_CLIENT_ENDPOINT: "{{ .Values.firezone.devices.client_endpoint }}"
DEFAULT_CLIENT_DNS: '{{ join "," .Values.firezone.devices.client_dns }}'
DEFAULT_CLIENT_ALLOWED_IPS: '{{ join "," .Values.firezone.devices.client_allowed_ips }}'
# Limits
MAX_DEVICES_PER_USER: "{{ .Values.firezone.devices.max_devices_per_user }}"
# Authorization
LOCAL_AUTH_ENABLED: "{{ .Values.firezone.authorization.local_auth_enabled }}"
DISABLE_VPN_ON_OIDC_ERROR: "{{ .Values.firezone.authorization.disable_vpn_on_oidc_error }}"
# SAML_ENTITY_ID: "urn:firezone.dev:firezone-app"
# SAML_KEYFILE_PATH: "/var/firezone/saml.key"
# SAML_CERTFILE_PATH: "/var/firezone/saml.crt"
# OPENID_CONNECT_PROVIDERS: "[]"
# SAML_IDENTITY_PROVIDERS: "[]"
# WireGuard
WIREGUARD_PORT: "{{ .Values.service.wireguard.ports.wireguard.port }}"
WIREGUARD_IPV4_ENABLED: true
WIREGUARD_IPV4_MASQUERADE: "{{ .Values.firezone.wireguard.ipv4_masquerade_enabled }}"
WIREGUARD_IPV6_ENABLED: false
WIREGUARD_IPV6_MASQUERADE: false
# Outbound Emails
# OUTBOUND_EMAIL_FROM: ""
# OUTBOUND_EMAIL_ADAPTER: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
# OUTBOUND_EMAIL_ADAPTER_OPTS: "{}"
# Connectivity Checks
CONNECTIVITY_CHECKS_ENABLED: "{{ .Values.firezone.connectivity.checks_enabled }}"
CONNECTIVITY_CHECKS_INTERVAL: "{{ .Values.firezone.connectivity.checks_interval }}"
# Telemetry
TELEMETRY_ENABLED: "{{ .Values.firezone.other.telemetry_enabled }}"
persistence:
config:
enabled: true
mountPath: "/var/firezone"
cnpg:
main:
enabled: true
user: firezone
database: firezone
portal:
open:
enabled: true

441
incubator/firezone/0.0.8/questions.yaml → incubator/firezone/0.1.0/questions.yaml
View File

@ -101,229 +101,6 @@ questions:
type: dict
attrs:
- variable: env
label: Image Environment
schema:
additional_attrs: true
type: dict
attrs:
- variable: EXTERNAL_URL
label: External Url
description: Must be a valid and public FQDN for ACME SSL issuance to function. Include https://
schema:
type: string
required: true
default: ""
- variable: DEFAULT_ADMIN_EMAIL
label: Default Admin Email
description: Primary administrator email.
schema:
type: string
required: true
default: ""
- variable: DEFAULT_ADMIN_PASSWORD
label: Default Admin Password
description: Primary administrator password.
schema:
type: string
required: true
private: true
default: ""
- variable: RESET_ADMIN_ON_BOOT
label: Reset Admin On Boot
description: to create or reset the admin password every time FireZone starts.
schema:
type: boolean
default: false
- variable: TELEMETRY_ENABLED
label: Telemetry Enabled
description: Enable or disable the FireZone telemetry collection.
schema:
type: boolean
default: false
- variable: devices
label: Devices Settings
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT
label: Allow Unprivileged Devices
description: Enable or disable management of devices on unprivileged accounts.
schema:
type: boolean
default: true
- variable: ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION
label: Allow Unprivileged Device Configuration
description: Enable or disable configuration of device network settings for unprivileged users.
schema:
type: boolean
default: true
- variable: VPN_SESSION_DURATION
label: VPN Session Duration
description: Optionally require users to periodically authenticate to the FireZone, Interval for WireGuard persistent keepalive.
schema:
type: int
default: 0
- variable: DEFAULT_CLIENT_PERSISTENT_KEEPALIVE
label: Default Client Persistent KeepAlive
description: send a keepalive packet every 25 seconds. Otherwise, keep it disabled with a 0 default value.
schema:
type: int
default: 25
- variable: DEFAULT_CLIENT_MTU
label: Default Client MTU
description: WireGuard interface MTU for devices.
schema:
type: int
default: 1280
- variable: DEFAULT_CLIENT_ENDPOINT
label: Default Client EndPoint
description: IPv4, IPv6 address, or FQDN that devices will be configured to connect to. Defaults to this server's FQDN.
schema:
type: string
default: ""
- variable: DEFAULT_CLIENT_DNS
label: Default Client DNS
description: Comma-separated list of DNS servers to use for devices.
schema:
type: string
default: "1.1.1.1,1.0.0.1"
- variable: DEFAULT_CLIENT_ALLOWED_IPS
label: Default Client Allowed IPs
description: AllowedIPs determines which destination IPs get routed through FireZone.
schema:
type: string
default: "0.0.0.0/0,::/0"
- variable: MAX_DEVICES_PER_USER
label: Max Devices Per User
description: Changes how many devices a user can have at a time.
schema:
type: int
default: 10
- variable: authorization
label: Authorization Settings
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: LOCAL_AUTH_ENABLED
label: Local Auth Enabled
description: Enable or disable the local authentication method for all users.
schema:
type: boolean
default: true
- variable: DISABLE_VPN_ON_OIDC_ERROR
label: Disable VPN On OIDC Error
description: Enable or disable auto disabling VPN connection on OIDC refresh error.
schema:
type: boolean
default: false
- variable: wireguard
label: Wireguard Settings
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: WIREGUARD_IPV4_ENABLED
label: WireGuard IPV4 Enabled
description: Enable or disable IPv4 support for WireGuard.
schema:
type: boolean
default: true
- variable: WIREGUARD_IPV6_ENABLED
label: WireGuard IPV6 Enabled
description: Enable or disable IPv6 support for WireGuard.
schema:
type: boolean
default: false
- variable: outbound
label: OutBound Email Settings
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: OUTBOUND_EMAIL_FROM
label: Outbound Email From
description: From address to use for sending outbound emails.
schema:
type: string
default: ""
- variable: OUTBOUND_EMAIL_ADAPTER
label: Outbound Email Adapter
description: Method to use for sending outbound email.
schema:
type: string
default: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
enum:
- value: "Elixir.FzHttpWeb.Mailer.AmazonSES"
description: "AmazonSES"
- value: "Elixir.FzHttpWeb.Mailer.CustomerIO"
description: CustomerIO"
- value: "Elixir.FzHttpWeb.Mailer.Dyn"
description: Dyn
- value: "Elixir.FzHttpWeb.Mailer.ExAwsAmazonSES"
description: ExAwsAmazonSES"
- value: "Elixir.FzHttpWeb.Mailer.Gmail"
description: Gmail"
- value: "Elixir.FzHttpWeb.Mailer.MailPace"
description: MailPace"
- value: "Elixir.FzHttpWeb.Mailer.Mailgun"
description: Mailgun"
- value: "Elixir.FzHttpWeb.Mailer.Mailjet"
description: MailJet"
- value: "Elixir.FzHttpWeb.Mailer.Mandrill"
description: Mandrill"
- value: "Elixir.FzHttpWeb.Mailer.Postmark"
description: Postmark"
- value: "Elixir.FzHttpWeb.Mailer.ProtonBridge"
description: ProtonBridge"
- value: "Elixir.FzHttpWeb.Mailer.SMTP"
description: SMTP"
- value: "Elixir.FzHttpWeb.Mailer.SMTP2GO"
description: SMTP2GO"
- value: "Elixir.FzHttpWeb.Mailer.Sendgrid"
description: SendGrid"
- value: "Elixir.FzHttpWeb.Mailer.Sendinblue"
description: "SendInBlue"
- value: "Elixir.FzHttpWeb.Mailer.Sendmail"
description: "Sendmail"
- value: "Elixir.FzHttpWeb.Mailer.SocketLabs"
description: "SocketLabs"
- value: "Elixir.FzHttpWeb.Mailer.SparkPost"
description: "SparkPost"
- value: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
description: "NoopAdapter"
- variable: OUTBOUND_EMAIL_ADAPTER_OPTS
label: Outbound Email Adapter OPTS
description: Adapter configuration, see https://github.com/swoosh/swoosh#adapters.
schema:
type: string
default: ""
- variable: connectivity
label: Connectivity Settings
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: CONNECTIVITY_CHECKS_ENABLED
label: Connectivity Checks Enabled
description: Enable / disable periodic checking for egress connectivity. Determines the instance's public IP to populate Endpoint fields.
schema:
type: boolean
default: true
- variable: CONNECTIVITY_CHECKS_INTERVAL
label: Connectivity Checks Interval
description: Periodicity in seconds to check for egress connectivity.
schema:
type: int
default: 43200
- variable: envList
label: Extra Environment Variables
description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
@ -374,6 +151,224 @@ questions:
schema:
type: string
- variable: firezone
group: App Configuration
label: FireZone
schema:
additional_attrs: true
type: dict
attrs:
- variable: web
label: Web Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: external_url
label: External Url
description: Must be a valid and public FQDN for ACME SSL issuance to function. Include https://
schema:
type: string
required: true
default: ""
- variable: trusted_proxies
label: Trusted Proxies
description: List of trusted reverse proxies.
schema:
type: list
default: []
items:
- variable: proxy
label: Proxy IP
schema:
type: string
required: true
default: ""
- variable: private_clients
label: Private Clients
description: List of trusted clients.
schema:
type: list
default: []
items:
- variable: client_ip
label: Client IP
schema:
type: string
required: true
default: ""
- variable: secure_cookies
label: Secure Cookies
description: Enable or disable requiring secure cookies. Required for HTTPS.
schema:
type: boolean
default: true
- variable: admin
label: Admin Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: reset_admin_on_boot
label: Reset Admin On Boot
description: to create or reset the admin password every time Firezone starts. By default, the admin password is only set when Firezone is installed.
schema:
type: boolean
default: false
- variable: default_email
label: Default Email
description: Primary administrator email.
schema:
type: string
required: true
default: ""
- variable: default_password
label: Default Password
description: Default password that will be used for creating or resetting the primary administrator account.
schema:
type: string
required: true
private: true
default: ""
- variable: devices
label: Devices Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: allow_unprivileged_device_management
label: Allow Unprivileged Device Management
description: Enable or disable management of devices on unprivileged accounts.
schema:
type: boolean
default: true
- variable: allow_unprivileged_device_config
label: Allow Unprivileged Device Configuration
description: Enable or disable configuration of device network settings for unprivileged users.
schema:
type: boolean
default: true
- variable: vpn_session_duration
label: VPN Session Duration
description: Optionally require users to periodically authenticate to the Firezone web UI in order to keep their VPN sessions active.
schema:
type: int
default: 0
- variable: client_persistent_keepalive
label: Client Persistent KeepAlive
description: If you experience NAT or firewall traversal problems, you can enable this to send a keepalive packet every 25 seconds, disabled by setting it to 0.
schema:
type: int
default: 0
- variable: default_client_mtu
label: Default Client MTU
description: WireGuard interface MTU for devices.
schema:
type: int
default: 1280
- variable: client_endpoint
label: Client Endpoint
description: IPv4, IPv6 address, or FQDN that devices will be configured to connect to.
schema:
type: string
default: ""
- variable: client_dns
label: Client DNS
description: List of DNS servers to use for devices.
schema:
type: list
empty: false
required: true
default:
- 1.1.1.1
- 1.0.0.1
items:
- variable: dns
label: DNS
schema:
type: string
required: true
default: ""
- variable: client_allowed_ips
label: Client Allowed Ips
description: Configures the default AllowedIPs setting for devices.
schema:
type: list
default: []
items:
- variable: dns
label: DNS
schema:
type: string
required: true
default: ""
- variable: max_devices_per_user
label: Max Devices Per User
description: Changes how many devices a user can have at a time.
schema:
type: int
default: 10
- variable: authorization
label: Authorization Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: local_auth_enabled
label: Local Auth Enabled
description: Enable or disable the local authentication method for all users.
schema:
type: boolean
default: true
- variable: disable_vpn_on_oidc_error
label: Disable VPN On OIDC Error
description: Enable or disable auto disabling VPN connection on OIDC refresh error.
schema:
type: boolean
default: false
- variable: wireguard
label: Wireguard Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: ipv4_masquerade_enabled
label: IPv4 Masquerade Enabled
description: Enable or disable IPv4 masqeurading.
schema:
type: boolean
default: true
- variable: connectivity
label: Connectivity Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: checks_enabled
label: Checks Enabled
description: Enable / disable periodic checking for egress connectivity.
schema:
type: boolean
default: true
- variable: checks_interval
label: Checks Interval
description: Periodicity in seconds to check for egress connectivity.
schema:
type: int
default: 43200
- variable: other
label: Other Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: telemetry_enabled
label: Telemetry Enabled
description: Enable or disable the Firezone telemetry collection.
schema:
type: boolean
default: false
- variable: TZ
label: Timezone
group: "General Settings"

0
incubator/firezone/0.0.8/templates/NOTES.txt → incubator/firezone/0.1.0/templates/NOTES.txt
View File

14
incubator/firezone/0.0.8/templates/_secrets.tpl → incubator/firezone/0.1.0/templates/_secrets.tpl
View File

@ -17,10 +17,12 @@
{{- end }}
enabled: true
data:
GUARDIAN_SECRET_KEY: {{ $keyGuardian }}
DATABASE_ENCRYPTION_KEY: {{ $keyDatabase }}
SECRET_KEY_BASE: {{ $keySecret }}
LIVE_VIEW_SIGNING_SALT: {{ $keyLive }}
COOKIE_SIGNING_SALT: {{ $keyCookieSigning }}
COOKIE_ENCRYPTION_SALT: {{ $keyCookieEncrypt }}
# firezone requires all these keys to be in base 64 format presented in the container, so this b64enc here is intentional
# https://www.firezone.dev/docs/reference/env-vars#secrets-and-encryption
GUARDIAN_SECRET_KEY: {{ $keyGuardian | b64enc }}
DATABASE_ENCRYPTION_KEY: {{ $keyDatabase | b64enc }}
SECRET_KEY_BASE: {{ $keySecret | b64enc }}
LIVE_VIEW_SIGNING_SALT: {{ $keyLive | b64enc }}
COOKIE_SIGNING_SALT: {{ $keyCookieSigning | b64enc }}
COOKIE_ENCRYPTION_SALT: {{ $keyCookieEncrypt | b64enc }}
{{- end -}}

2
incubator/firezone/0.0.8/templates/common.yaml → incubator/firezone/0.1.0/templates/common.yaml
View File

@ -4,7 +4,7 @@
{{/* Render secrets for firezone */}}
{{- $secrets := include "firezone.secrets" . | fromYaml -}}
{{- if $secrets -}}
{{- $_ := set .Values.secret "secrets" $secrets -}}
{{- $_ := set .Values.secret "firezone-secrets" $secrets -}}
{{- end -}}
{{/* Render the templates */}}

0
incubator/firezone/0.0.8/values.yaml → incubator/firezone/0.1.0/values.yaml
View File