diff --git a/enterprise/vaultwarden/20.1.0/CHANGELOG.md b/enterprise/vaultwarden/20.1.0/CHANGELOG.md
new file mode 100644
index 00000000000..d3d53375b72
--- /dev/null
+++ b/enterprise/vaultwarden/20.1.0/CHANGELOG.md
@@ -0,0 +1,99 @@
+**Important:**
+*for the complete changelog, please refer to the website*
+
+
+
+
+## [vaultwarden-20.1.0](https://github.com/truecharts/charts/compare/vaultwarden-20.0.34...vaultwarden-20.1.0) (2023-07-15)
+
+### Feat
+
+- remove redundant websocket service ([#10491](https://github.com/truecharts/charts/issues/10491))
+
+
+
+
+## [vaultwarden-20.0.34](https://github.com/truecharts/charts/compare/vaultwarden-20.0.33...vaultwarden-20.0.34) (2023-07-01)
+
+### Chore
+
+- update helm general non-major ([#10069](https://github.com/truecharts/charts/issues/10069))
+
+
+
+
+## [vaultwarden-20.0.33](https://github.com/truecharts/charts/compare/vaultwarden-20.0.32...vaultwarden-20.0.33) (2023-06-13)
+
+### Chore
+
+- update helm chart common to 12.14.2 ([#9599](https://github.com/truecharts/charts/issues/9599))
+
+
+
+
+## [vaultwarden-20.0.32](https://github.com/truecharts/charts/compare/vaultwarden-20.0.31...vaultwarden-20.0.32) (2023-06-11)
+
+### Chore
+
+- update helm general non-major ([#9558](https://github.com/truecharts/charts/issues/9558))
+
+
+
+
+## [vaultwarden-20.0.31](https://github.com/truecharts/charts/compare/vaultwarden-20.0.30...vaultwarden-20.0.31) (2023-06-07)
+
+### Chore
+
+- update helm general non-major ([#9457](https://github.com/truecharts/charts/issues/9457))
+
+
+
+
+## [vaultwarden-20.0.30](https://github.com/truecharts/charts/compare/vaultwarden-20.0.29...vaultwarden-20.0.30) (2023-06-07)
+
+### Chore
+
+- update helm general non-major ([#9423](https://github.com/truecharts/charts/issues/9423))
+
+
+
+
+## [vaultwarden-20.0.29](https://github.com/truecharts/charts/compare/vaultwarden-20.0.28...vaultwarden-20.0.29) (2023-06-04)
+
+### Chore
+
+- update helm general non-major ([#9393](https://github.com/truecharts/charts/issues/9393))
+
+ ### Feat
+
+- hide advanced ingress options behind checbox ([#9203](https://github.com/truecharts/charts/issues/9203))
+
+
+
+
+## [vaultwarden-20.0.28](https://github.com/truecharts/charts/compare/vaultwarden-20.0.27...vaultwarden-20.0.28) (2023-05-27)
+
+### Chore
+
+- update helm general non-major ([#9197](https://github.com/truecharts/charts/issues/9197))
+
+
+
+
+## [vaultwarden-20.0.27](https://github.com/truecharts/charts/compare/vaultwarden-20.0.26...vaultwarden-20.0.27) (2023-05-26)
+
+### Chore
+
+- update helm general non-major ([#9156](https://github.com/truecharts/charts/issues/9156))
+
+
+
+
+## [vaultwarden-20.0.26](https://github.com/truecharts/charts/compare/vaultwarden-20.0.25...vaultwarden-20.0.26) (2023-05-24)
+
+### Chore
+
+- update helm general non-major ([#9125](https://github.com/truecharts/charts/issues/9125))
+
+
+
diff --git a/enterprise/vaultwarden/20.1.0/Chart.yaml b/enterprise/vaultwarden/20.1.0/Chart.yaml
new file mode 100644
index 00000000000..5bee4a04abb
--- /dev/null
+++ b/enterprise/vaultwarden/20.1.0/Chart.yaml
@@ -0,0 +1,33 @@
+apiVersion: v2
+appVersion: "1.28.1"
+dependencies:
+ - name: common
+ repository: https://library-charts.truecharts.org
+ version: 12.14.6
+deprecated: false
+description: Unofficial Bitwarden compatible server written in Rust
+home: https://truecharts.org/charts/enterprise/vaultwarden
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/vaultwarden.png
+keywords:
+ - bitwarden
+ - bitwardenrs
+ - bitwarden_rs
+ - vaultwarden
+ - password
+ - rust
+kubeVersion: ">=1.16.0-0"
+maintainers:
+ - email: info@truecharts.org
+ name: TrueCharts
+ url: https://truecharts.org
+name: vaultwarden
+sources:
+ - https://github.com/truecharts/charts/tree/master/charts/enterprise/vaultwarden
+ - https://github.com/dani-garcia/vaultwarden
+type: application
+version: 20.1.0
+annotations:
+ truecharts.org/catagories: |
+ - security
+ truecharts.org/SCALE-support: "true"
+ truecharts.org/grade: U
diff --git a/enterprise/vaultwarden/20.1.0/LICENSE b/enterprise/vaultwarden/20.1.0/LICENSE
new file mode 100644
index 00000000000..80e4ab93f92
--- /dev/null
+++ b/enterprise/vaultwarden/20.1.0/LICENSE
@@ -0,0 +1,106 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor: The TrueCharts Project, it's owner and it's contributors
+Licensed Work: The TrueCharts "Cert-Manager" Helm Chart
+Additional Use Grant: You may use the licensed work in production, as long
+ as it is directly sourced from a TrueCharts provided
+ official repository, catalog or source. You may also make private
+ modification to the directly sourced licenced work,
+ when used in production.
+
+ The following cases are, due to their nature, also
+ defined as 'production use' and explicitly prohibited:
+ - Bundling, including or displaying the licensed work
+ with(in) another work intended for production use,
+ with the apparent intend of facilitating and/or
+ promoting production use by third parties in
+ violation of this license.
+
+Change Date: 2050-01-01
+
+Change License: 3-clause BSD license
+
+For information about alternative licensing arrangements for the Software,
+please contact: legal@truecharts.org
+
+Notice
+
+The Business Source License (this document, or the “License”) is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+“Business Source License” is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+MariaDB hereby grants you permission to use this License’s text to license
+your works, and to refer to it using the trademark “Business Source License”,
+as long as you comply with the Covenants of Licensor below.
+
+Covenants of Licensor
+
+In consideration of the right to use this License’s text and the “Business
+Source License” name and trademark, Licensor covenants to MariaDB, and to all
+other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version,
+ or a license that is compatible with GPL Version 2.0 or a later version,
+ where “compatible” means that software provided under the Change License can
+ be included in a program with software provided under GPL Version 2.0 or a
+ later version. Licensor may specify additional Change Licenses without
+ limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not
+ impose any additional restriction on the right granted in this License, as
+ the Additional Use Grant; or (b) insert the text “None”.
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.
diff --git a/enterprise/vaultwarden/20.1.0/README.md b/enterprise/vaultwarden/20.1.0/README.md
new file mode 100644
index 00000000000..f8a41e479fe
--- /dev/null
+++ b/enterprise/vaultwarden/20.1.0/README.md
@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*
diff --git a/enterprise/vaultwarden/20.1.0/app-changelog.md b/enterprise/vaultwarden/20.1.0/app-changelog.md
new file mode 100644
index 00000000000..999a110088a
--- /dev/null
+++ b/enterprise/vaultwarden/20.1.0/app-changelog.md
@@ -0,0 +1,9 @@
+
+
+## [vaultwarden-20.1.0](https://github.com/truecharts/charts/compare/vaultwarden-20.0.34...vaultwarden-20.1.0) (2023-07-15)
+
+### Feat
+
+- remove redundant websocket service ([#10491](https://github.com/truecharts/charts/issues/10491))
+
+
\ No newline at end of file
diff --git a/enterprise/vaultwarden/20.1.0/app-readme.md b/enterprise/vaultwarden/20.1.0/app-readme.md
new file mode 100644
index 00000000000..08d9cc8b1dd
--- /dev/null
+++ b/enterprise/vaultwarden/20.1.0/app-readme.md
@@ -0,0 +1,8 @@
+Unofficial Bitwarden compatible server written in Rust
+
+This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/vaultwarden](https://truecharts.org/charts/enterprise/vaultwarden)
+
+---
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
diff --git a/enterprise/vaultwarden/20.1.0/charts/common-12.14.6.tgz b/enterprise/vaultwarden/20.1.0/charts/common-12.14.6.tgz
new file mode 100644
index 00000000000..3ba864cf35f
Binary files /dev/null and b/enterprise/vaultwarden/20.1.0/charts/common-12.14.6.tgz differ
diff --git a/enterprise/vaultwarden/20.1.0/ix_values.yaml b/enterprise/vaultwarden/20.1.0/ix_values.yaml
new file mode 100644
index 00000000000..2cbabc11bbd
--- /dev/null
+++ b/enterprise/vaultwarden/20.1.0/ix_values.yaml
@@ -0,0 +1,155 @@
+image:
+ repository: tccr.io/truecharts/vaultwarden
+ pullPolicy: IfNotPresent
+ tag: 1.29.0@sha256:df6f1c44282c46dfc276a0628000344100b41c0e4fcbdd2e904caeb24a057e71
+manifestManager:
+ enabled: true
+service:
+ main:
+ ports:
+ main:
+ port: 10102
+ targetPort: 8080
+
+workload:
+ main:
+ podSpec:
+ containers:
+ main:
+ env:
+ DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}"
+ DATABASE_URL:
+ secretKeyRef:
+ name: cnpg-main-urls
+ key: std
+
+ envFrom:
+ - configMapRef:
+ name: vaultwardenconfig
+ - secretRef:
+ name: vaultwardensecret
+
+database:
+ # -- Database type,
+ # must be one of: 'sqlite', 'mysql' or 'postgresql'.
+ type: postgresql
+ # -- Enable DB Write-Ahead-Log for SQLite,
+ # disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled
+ wal: true
+ ## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port).
+ # url: ""
+ ## Set the size of the database connection pool.
+ # maxConnections: 10
+ ## Connection retries during startup, 0 for infinite. 1 second between retries.
+ # retries: 15
+
+# Set Bitwarden_rs application variables
+vaultwarden:
+ # -- Allow any user to sign-up
+ # see: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users
+ allowSignups: true
+ ## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set.
+ # signupDomains:
+ # - domain.tld
+ # -- Verify e-mail before login is enabled.
+ # SMTP must be enabled.
+ verifySignup: false
+ # When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled.
+ requireEmail: false
+ ## Maximum attempts before an email token is reset and a new email will need to be sent.
+ # emailAttempts: 3
+ ## Email token validity in seconds.
+ # emailTokenExpiration: 600
+ # Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations
+ allowInvitation: true
+ # Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display
+ ## Default organization name in invitation e-mails that are not coming from a specific organization.
+ # defaultInviteName: ""
+ showPasswordHint: true
+ # Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting
+ enableWebVault: true
+ # Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users.
+ orgCreationUsers: all
+ ## Limit attachment disk usage per organization.
+ # attachmentLimitOrg:
+ ## Limit attachment disk usage per user.
+ # attachmentLimitUser:
+ ## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key.
+ # hibpApiKey:
+
+ admin:
+ # Enable admin portal.
+ enabled: false
+ # Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token
+ disableAdminToken: false
+ ## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
+ # token:
+
+ # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
+ smtp:
+ enabled: false
+ # SMTP hostname, required if SMTP is enabled.
+ host: ""
+ # SMTP sender e-mail address, required if SMTP is enabled.
+ from: ""
+ ## SMTP sender name, defaults to 'Bitwarden_RS'.
+ # fromName: ""
+ ## Enable SSL connection.
+ # ssl: true
+ ## SMTP port. Defaults to 25 without SSL, 587 with SSL.
+ # port: 587
+ ## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'.
+ # authMechanism: Plain
+ ## Hostname to be sent for SMTP HELO. Defaults to pod name.
+ # heloName: ""
+ ## SMTP timeout.
+ # timeout: 15
+ ## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!
+ # invalidHostname: false
+ ## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!
+ # invalidCertificate: false
+ ## SMTP username.
+ # user: ""
+ ## SMTP password. Required is user is specified, ignored if no user provided.
+ # password: ""
+
+ ## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
+ yubico:
+ enabled: false
+ ## Yubico server. Defaults to YubiCloud.
+ # server:
+ ## Yubico ID and Secret Key.
+ # clientId:
+ # secretKey:
+
+ ## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging
+ log:
+ # Log to file.
+ file: ""
+ # Log level. Options are "trace", "debug", "info", "warn", "error" or "off".
+ level: "trace"
+ ## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds.
+ # timeFormat: ""
+
+ icons:
+ # Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero.
+ disableDownload: false
+ ## Cache time-to-live for icons fetched. 0 means no purging.
+ # cache: 2592000
+ ## Cache time-to-live for icons that were not available. 0 means no purging.
+ # cacheFailed: 259200
+
+persistence:
+ data:
+ enabled: true
+ mountPath: "/data"
+
+cnpg:
+ main:
+ enabled: true
+ user: vaultwarden
+ database: vaultwarden
+
+portal:
+ open:
+ enabled: true
diff --git a/enterprise/vaultwarden/20.1.0/questions.yaml b/enterprise/vaultwarden/20.1.0/questions.yaml
new file mode 100644
index 00000000000..189c0fab71c
--- /dev/null
+++ b/enterprise/vaultwarden/20.1.0/questions.yaml
@@ -0,0 +1,2361 @@
+groups:
+ - name: Container Image
+ description: Image to be used for container
+ - name: General Settings
+ description: General Deployment Settings
+ - name: Workload Settings
+ description: Workload Settings
+ - name: App Configuration
+ description: App Specific Config Options
+ - name: Networking and Services
+ description: Configure Network and Services for Container
+ - name: Storage and Persistence
+ description: Persist and Share Data that is Separate from the Container
+ - name: Ingress
+ description: Ingress Configuration
+ - name: Security and Permissions
+ description: Configure Security Context and Permissions
+ - name: Resources and Devices
+ description: "Specify Resources/Devices to be Allocated to Workload"
+ - name: Middlewares
+ description: Traefik Middlewares
+ - name: Metrics
+ description: Metrics
+ - name: Addons
+ description: Addon Configuration
+ - name: Advanced
+ description: Advanced Configuration
+ - name: Postgresql
+ description: Postgresql
+ - name: Documentation
+ description: Documentation
+portals:
+ open:
+ protocols:
+ - "$kubernetes-resource_configmap_tcportal-open_protocol"
+ host:
+ - "$kubernetes-resource_configmap_tcportal-open_host"
+ ports:
+ - "$kubernetes-resource_configmap_tcportal-open_port"
+ admin:
+ protocols:
+ - "$kubernetes-resource_configmap_tcportal-open_protocol"
+ host:
+ - "$kubernetes-resource_configmap_tcportal-open_host"
+ ports:
+ - "$kubernetes-resource_configmap_tcportal-open_port"
+ path: "/admin/"
+questions:
+ - variable: global
+ group: General Settings
+ label: "Global Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: stopAll
+ label: Stop All
+ description: "Stops All Running pods and hibernates cnpg"
+ schema:
+ type: boolean
+ default: false
+ - variable: workload
+ group: "Workload Settings"
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type (Advanced)
+ schema:
+ type: string
+ default: Deployment
+ enum:
+ - value: Deployment
+ description: Deployment
+ - value: DaemonSet
+ description: DaemonSet
+ - variable: replicas
+ label: Replicas (Advanced)
+ description: Set the number of Replicas
+ schema:
+ type: int
+ show_if: [["type", "!=", "DaemonSet"]]
+ default: 1
+ - variable: podSpec
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: containers
+ label: Containers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: envList
+ label: Extra Environment Variables
+ description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ - variable: extraArgs
+ label: Extra Args
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: arg
+ label: Arg
+ schema:
+ type: string
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: command
+ label: Command
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: param
+ label: Param
+ schema:
+ type: string
+ - variable: TZ
+ label: Timezone
+ group: "General Settings"
+ schema:
+ type: string
+ default: "Etc/UTC"
+ $ref:
+ - "definitions/timezone"
+ - variable: podOptions
+ group: "General Settings"
+ label: "Global Pod Options (Advanced)"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: expertPodOpts
+ label: "Expert - Pod Options"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hostNetwork
+ label: "Host Networking"
+ schema:
+ type: boolean
+ default: false
+ - variable: dnsConfig
+ label: "DNS Configuration"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: options
+ label: "Options"
+ schema:
+ type: list
+ default: [{"name": "ndots", "value": "1"}]
+ items:
+ - variable: optionsEntry
+ label: "Option Entry"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: nameservers
+ label: "Nameservers"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: nsEntry
+ label: "Nameserver Entry"
+ schema:
+ type: string
+ required: true
+ - variable: searches
+ label: "Searches"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: searchEntry
+ label: "Search Entry"
+ schema:
+ type: string
+ required: true
+ - variable: vaultwarden
+ label: ""
+ group: "App Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: yubico
+ label: "Yubico OTP authentication"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable Yubico OTP authentication"
+ description: "Please refer to the manual at: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Yubikey-OTP-authentication"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: server
+ label: "Yubico server"
+ description: "Defaults to YubiCloud"
+ schema:
+ type: string
+ default: ""
+ - variable: clientId
+ label: "Yubico ID"
+ schema:
+ type: string
+ default: ""
+ - variable: secretKey
+ label: "Yubico Secret Key"
+ schema:
+ type: string
+ default: ""
+ - variable: admin
+ label: "Admin Portal"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable Admin Portal"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: disableAdminToken
+ label: "Make Accessible Without Password/Token"
+ schema:
+ type: boolean
+ default: false
+ - variable: token
+ label: "Admin Portal Password/Token"
+ description: "Will be automatically generated if not defined"
+ schema:
+ type: string
+ default: ""
+ - variable: icons
+ label: "Icon Download Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: disableDownload
+ label: "Disable Icon Download"
+ description: "Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache)"
+ schema:
+ type: boolean
+ default: false
+ - variable: cache
+ label: "Cache time-to-live"
+ description: "Cache time-to-live for icons fetched. 0 means no purging"
+ schema:
+ type: int
+ default: 2592000
+ - variable: token
+ label: "Failed Downloads Cache time-to-live"
+ description: "Cache time-to-live for icons that were not available. 0 means no purging."
+ schema:
+ type: int
+ default: 2592000
+ - variable: log
+ label: "Logging"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: level
+ label: "Log level"
+ schema:
+ type: string
+ default: "info"
+ required: true
+ enum:
+ - value: "trace"
+ description: "trace"
+ - value: "debug"
+ description: "debug"
+ - value: "info"
+ description: "info"
+ - value: "warn"
+ description: "warn"
+ - value: "error"
+ description: "error"
+ - value: "off"
+ description: "off"
+ - variable: file
+ label: "Log-File Location"
+ schema:
+ type: string
+ default: ""
+ - variable: smtp
+ label: "SMTP Settings (Email)"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable SMTP Support"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: host
+ label: "SMTP hostname"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: from
+ label: "SMTP sender e-mail address"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: fromName
+ label: "SMTP sender name"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: user
+ label: "SMTP username"
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: password
+ label: "SMTP password"
+ description: "Required is user is specified, ignored if no user provided"
+ schema:
+ type: string
+ default: ""
+ - variable: ssl
+ label: "Enable SSL connection"
+ schema:
+ type: boolean
+ default: true
+ - variable: port
+ label: "SMTP port"
+ description: "Usually: 25 without SSL, 587 with SSL"
+ schema:
+ type: int
+ default: 587
+ - variable: authMechanism
+ label: "SMTP Authentication Mechanisms"
+ description: "Comma-separated options: Plain, Login and Xoauth2"
+ schema:
+ type: string
+ default: "Plain"
+ - variable: heloName
+ label: "SMTP HELO - Hostname"
+ description: "Hostname to be sent for SMTP HELO. Defaults to pod name"
+ schema:
+ type: string
+ default: ""
+ - variable: timeout
+ label: "SMTP timeout"
+ schema:
+ type: int
+ default: 15
+ - variable: invalidHostname
+ label: "Accept Invalid Hostname"
+ description: "Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!"
+ schema:
+ type: boolean
+ default: false
+ - variable: invalidCertificate
+ label: "Accept Invalid Certificate"
+ description: "Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!"
+ schema:
+ type: boolean
+ default: false
+ - variable: allowSignups
+ label: "Allow Signup"
+ description: "Allow any user to sign-up: https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users"
+ schema:
+ type: boolean
+ default: true
+ - variable: allowInvitation
+ label: "Always allow Invitation"
+ description: "Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/vaultwarden/wiki/Disable-invitations"
+ schema:
+ type: boolean
+ default: true
+ - variable: defaultInviteName
+ label: "Default Invite Organisation Name"
+ description: "Default organization name in invitation e-mails that are not coming from a specific organization."
+ schema:
+ type: string
+ default: ""
+ - variable: showPasswordHint
+ label: "Show password hints"
+ description: "https://github.com/dani-garcia/vaultwarden/wiki/Password-hint-display"
+ schema:
+ type: boolean
+ default: true
+ - variable: signupwhitelistenable
+ label: "Enable Signup Whitelist"
+ description: "allowSignups is ignored if set"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: signupDomains
+ label: "Signup Whitelist Domains"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: domain
+ label: "Domain"
+ schema:
+ type: string
+ default: ""
+ - variable: verifySignup
+ label: "Verifiy Signup"
+ description: "Verify e-mail before login is enabled. SMTP must be enabled"
+ schema:
+ type: boolean
+ default: false
+ - variable: requireEmail
+ label: "Block Login if email fails"
+ description: "When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled"
+ schema:
+ type: boolean
+ default: false
+ - variable: emailAttempts
+ label: "Email token reset attempts"
+ description: "Maximum attempts before an email token is reset and a new email will need to be sent"
+ schema:
+ type: int
+ default: 3
+ - variable: emailTokenExpiration
+ label: "Email token validity in seconds"
+ schema:
+ type: int
+ default: 600
+ - variable: enableWebVault
+ label: "Enable Webvault"
+ description: "Enable Web Vault (static content). https://github.com/dani-garcia/vaultwarden/wiki/Disabling-or-overriding-the-Vault-interface-hosting"
+ schema:
+ type: boolean
+ default: true
+ - variable: orgCreationUsers
+ label: "Limit Organisation Creation to (users)"
+ description: "Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users."
+ schema:
+ type: string
+ default: "all"
+ - variable: attachmentLimitOrg
+ label: "Limit Attachment Disk Usage per Organisation"
+ schema:
+ type: string
+ default: ""
+ - variable: attachmentLimitUser
+ label: "Limit Attachment Disk Usage per User"
+ schema:
+ type: string
+ default: ""
+ - variable: hibpApiKey
+ label: "HaveIBeenPwned API Key"
+ description: "Can be purchased at https://haveibeenpwned.com/API/Key"
+ schema:
+ type: string
+ default: ""
+ - variable: service
+ group: Networking and Services
+ label: Configure Service(s)
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Service"
+ description: "The Primary service on which the healthcheck runs, often the webUI"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Service Port Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: "Port"
+ description: "This port exposes the container port on the service"
+ schema:
+ type: int
+ default: 10102
+ required: true
+ - variable: serviceexpert
+ group: Networking and Services
+ label: Show Expert Config
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: scaleExternalInterface
+ description: Add External Interfaces
+ label: Add external Interfaces
+ group: Networking
+ schema:
+ type: list
+ items:
+ - variable: interfaceConfiguration
+ description: Interface Configuration
+ label: Interface Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ $ref:
+ - "normalize/interfaceConfiguration"
+ attrs:
+ - variable: hostInterface
+ description: Please Specify Host Interface
+ label: Host Interface
+ schema:
+ type: string
+ required: true
+ $ref:
+ - "definitions/interface"
+ - variable: ipam
+ description: Define how IP Address will be managed
+ label: IP Address Management
+ schema:
+ additional_attrs: true
+ type: dict
+ required: true
+ attrs:
+ - variable: type
+ description: Specify type for IPAM
+ label: IPAM Type
+ schema:
+ type: string
+ required: true
+ enum:
+ - value: dhcp
+ description: Use DHCP
+ - value: static
+ description: Use Static IP
+ - variable: staticIPConfigurations
+ label: Static IP Addresses
+ schema:
+ type: list
+ show_if: [["type", "=", "static"]]
+ items:
+ - variable: staticIP
+ label: Static IP
+ schema:
+ type: ipaddr
+ cidr: true
+ - variable: staticRoutes
+ label: Static Routes
+ schema:
+ type: list
+ show_if: [["type", "=", "static"]]
+ items:
+ - variable: staticRouteConfiguration
+ label: Static Route Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: destination
+ label: Destination
+ schema:
+ type: ipaddr
+ cidr: true
+ required: true
+ - variable: gateway
+ label: Gateway
+ schema:
+ type: ipaddr
+ cidr: false
+ required: true
+ - variable: serviceList
+ label: Add Manual Custom Services
+ group: Networking and Services
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: serviceListEntry
+ label: Custom Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - value: Simple
+ description: Deprecated CHANGE THIS
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: advancedsvcset
+ label: Show Advanced Service Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: externalIPs
+ label: "External IP's"
+ description: "External IP's"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: externalIP
+ label: External IP
+ schema:
+ type: string
+ - variable: ipFamilyPolicy
+ label: IP Family Policy
+ description: Specify the IP Policy
+ schema:
+ type: string
+ default: SingleStack
+ enum:
+ - value: SingleStack
+ description: SingleStack
+ - value: PreferDualStack
+ description: PreferDualStack
+ - value: RequireDualStack
+ description: RequireDualStack
+ - variable: ipFamilies
+ label: IP Families
+ description: (Advanced) The IP Families that should be used
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ipFamily
+ label: IP Family
+ schema:
+ type: string
+ - variable: portsList
+ label: Additional Service Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsListEntry
+ label: Custom ports
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Port
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Port Name
+ schema:
+ type: string
+ default: ""
+ - variable: protocol
+ label: Port Type
+ schema:
+ type: string
+ default: tcp
+ enum:
+ - value: http
+ description: HTTP
+ - value: https
+ description: HTTPS
+ - value: tcp
+ description: TCP
+ - value: udp
+ description: UDP
+ - variable: targetPort
+ label: Target Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ required: true
+ - variable: port
+ label: Container Port
+ schema:
+ type: int
+ required: true
+ - variable: persistence
+ label: Integrated Persistent Storage
+ description: Integrated Persistent Storage
+ group: Storage and Persistence
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: data
+ label: "App Config Storage"
+ description: "Stores the Application Configuration."
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: persistenceList
+ label: Additional App Storage
+ group: Storage and Persistence
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: persistenceListEntry
+ label: Custom Storage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the storage
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: hostPath
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: mountPath
+ label: Mount Path
+ description: Path inside the container the storage is mounted
+ schema:
+ type: string
+ default: ""
+ required: true
+ valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size Quotum of Storage
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: ingress
+ label: ""
+ group: Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Ingress"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: certificateIssuer
+ label: Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ - variable: entrypoint
+ label: (Advanced) Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ show_if: [["advanced", "=", true]]
+ required: true
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ show_if: [["advanced", "=", true]]
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ show_if: [["advanced", "=", true]]
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: Use TrueNAS SCALE Certificate (Deprecated)
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: secretName
+ label: Use Custom Secret (Advanced)
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: string
+ default: ""
+ - variable: ingressList
+ label: Add Manual Custom Ingresses
+ group: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressListEntry
+ label: Custom Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: ingressClassName
+ label: IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: service
+ label: Linked Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Service Name
+ schema:
+ type: string
+ default: ""
+ - variable: port
+ label: Service Port
+ schema:
+ type: int
+ - variable: clusterIssuer
+ label: clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ show_if: [["clusterIssuer", "=", ""]]
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: clusterIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: Use TrueNAS SCALE Certificate (Deprecated)
+ schema:
+ show_if: [["clusterIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: secretName
+ label: Use Custom Secret (Advanced)
+ schema:
+ type: string
+ show_if: [["clusterIssuer", "=", ""]]
+ default: ""
+ - variable: entrypoint
+ label: Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ required: true
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: securityContext
+ group: Security and Permissions
+ label: Security Context
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: container
+ label: Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: runAsUser
+ label: "runAsUser"
+ description: "The UserID of the user running the application"
+ schema:
+ type: int
+ default: 568
+ - variable: runAsGroup
+ label: "runAsGroup"
+ description: "The groupID of the user running the application"
+ schema:
+ type: int
+ default: 568
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: PUID
+ label: Process User ID - PUID
+ description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
+ schema:
+ type: int
+ show_if: [["runAsUser", "=", 0]]
+ default: 568
+ - variable: UMASK
+ label: UMASK
+ description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
+ schema:
+ type: string
+ default: "0022"
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: privileged
+ label: "Privileged mode"
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnlyRootFilesystem
+ label: "ReadOnly Root Filesystem"
+ schema:
+ type: boolean
+ default: true
+ - variable: pod
+ label: Pod
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: fsGroupChangePolicy
+ label: "When should we take ownership?"
+ schema:
+ type: string
+ default: OnRootMismatch
+ enum:
+ - value: OnRootMismatch
+ description: OnRootMismatch
+ - value: Always
+ description: Always
+ - variable: supplementalGroups
+ label: Supplemental Groups
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: supplementalGroupsEntry
+ label: Supplemental Group
+ schema:
+ type: int
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: fsGroup
+ label: "fsGroup"
+ description: "The group that should own ALL storage."
+ schema:
+ type: int
+ default: 568
+ - variable: resources
+ group: Resources and Devices
+ label: "Resource Limits"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: limits
+ label: Advanced Limit Resource Consumption
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 4000m
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: RAM
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 8Gi
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: requests
+ label: "Minimum Resources Required (request)"
+ schema:
+ additional_attrs: true
+ type: dict
+ hidden: true
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 10m
+ hidden: true
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: "RAM"
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 50Mi
+ hidden: true
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: deviceList
+ label: Mount USB Devices
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: deviceListEntry
+ label: Device
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Storage
+ schema:
+ type: boolean
+ default: true
+ - variable: type
+ label: (Advanced) Type of Storage
+ description: Sets the persistence type
+ schema:
+ type: string
+ default: device
+ hidden: true
+ - variable: readOnly
+ label: readOnly
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Device Path
+ description: Path to the device on the host system
+ schema:
+ type: path
+ - variable: mountPath
+ label: Container Device Path
+ description: Path inside the container the device is mounted
+ schema:
+ type: string
+ default: "/dev/ttyACM0"
+ - variable: scaleGPU
+ label: GPU Configuration
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: scaleGPUEntry
+ label: GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Specify GPU configuration
+ - variable: gpu
+ label: Select GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ $ref:
+ - "definitions/gpuConfiguration"
+ attrs: []
+ - variable: workaround
+ label: "Workaround"
+ schema:
+ type: string
+ default: workaround
+ hidden: true
+# - variable: horizontalPodAutoscaler
+# group: Advanced
+# label: (Advanced) Horizontal Pod Autoscaler
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: hpaEntry
+# label: HPA Entry
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: name
+# label: Name
+# schema:
+# type: string
+# required: true
+# default: ""
+# - variable: enabled
+# label: Enabled
+# schema:
+# type: boolean
+# default: false
+# show_subquestions_if: true
+# subquestions:
+# - variable: target
+# label: Target
+# description: Deployment name, Defaults to Main Deployment
+# schema:
+# type: string
+# default: ""
+# - variable: minReplicas
+# label: Minimum Replicas
+# schema:
+# type: int
+# default: 1
+# - variable: maxReplicas
+# label: Maximum Replicas
+# schema:
+# type: int
+# default: 5
+# - variable: targetCPUUtilizationPercentage
+# label: Target CPU Utilization Percentage
+# schema:
+# type: int
+# default: 80
+# - variable: targetMemoryUtilizationPercentage
+# label: Target Memory Utilization Percentage
+# schema:
+# type: int
+# default: 80
+ - variable: networkPolicy
+ group: Advanced
+ label: (Advanced) Network Policy
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: netPolicyEntry
+ label: Network Policy Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: policyType
+ label: Policy Type
+ schema:
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: ingress
+ description: Ingress
+ - value: egress
+ description: Egress
+ - value: ingress-egress
+ description: Ingress and Egress
+ - variable: egress
+ label: Egress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: egressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: to
+ label: To
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: toEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: ingress
+ label: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: from
+ label: From
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: fromEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: cnpg
+ group: Postgresql
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Postgresql Database"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: instances
+ label: Instances
+ schema:
+ type: int
+ default: 2
+ - variable: hibernate
+ label: Hibernate
+ description: "enable to safely hibernate and shutdown the postgresql cluster"
+ schema:
+ type: boolean
+ default: false
+ - variable: storage
+ label: "Storage"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: size
+ label: Size
+ schema:
+ type: string
+ default: "256Gi"
+ - variable: walsize
+ label: Walsize
+ schema:
+ type: string
+ default: "256Gi"
+ - variable: pooler
+ label: "Pooler"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: instances
+ label: Instances
+ schema:
+ type: int
+ default: 2
+ - variable: Monitoring
+ label: "Metrics"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enablePodMonitor
+ label: "enablePodMonitor"
+ schema:
+ type: boolean
+ default: true
+ - variable: addons
+ group: Addons
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: Codeserver
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: service
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: NodePort
+ description: Deprecated CHANGE THIS
+ - value: ClusterIP
+ description: ClusterIP
+ - value: LoadBalancer
+ description: LoadBalancer
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ default: 36107
+ - variable: envList
+ label: Codeserver Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: vpn
+ label: VPN
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ schema:
+ type: string
+ default: disabled
+ enum:
+ - value: disabled
+ description: disabled
+ - value: gluetun
+ description: Gluetun
+ - value: tailscale
+ description: Tailscale
+ - value: openvpn
+ description: OpenVPN (Deprecated)
+ - value: wireguard
+ description: Wireguard (Deprecated)
+ - variable: openvpn
+ label: OpenVPN Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "openvpn"]]
+ attrs:
+ - variable: username
+ label: Authentication Username (Optional)
+ description: Authentication Username, Optional
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: Authentication Password
+ description: Authentication Credentials
+ schema:
+ type: string
+ show_if: [["username", "!=", ""]]
+ default: ""
+ required: true
+ - variable: tailscale
+ label: Tailscale Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "tailscale"]]
+ attrs:
+ - variable: authkey
+ label: Authentication Key
+ description: Provide an auth key to automatically authenticate the node as your user account.
+ schema:
+ type: string
+ private: true
+ default: ""
+ - variable: auth_once
+ label: Auth Once
+ description: Only attempt to log in if not already logged in.
+ schema:
+ type: boolean
+ default: true
+ - variable: accept_dns
+ label: Accept DNS
+ description: Accept DNS configuration from the admin console.
+ schema:
+ type: boolean
+ default: false
+ - variable: userspace
+ label: Userspace
+ description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
+ schema:
+ type: boolean
+ default: false
+ - variable: routes
+ label: Routes
+ description: Expose physical subnet routes to your entire Tailscale network.
+ schema:
+ type: string
+ default: ""
+ - variable: dest_ip
+ label: Destination IP
+ description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
+ schema:
+ type: string
+ default: ""
+ - variable: sock5_server
+ label: Sock5 Server
+ description: The address on which to listen for SOCKS5 proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: outbound_http_proxy_listen
+ label: Outbound HTTP Proxy Listen
+ description: The address on which to listen for HTTP proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: extra_args
+ label: Extra Args
+ description: Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: daemon_extra_args
+ label: Tailscale Daemon Extra Args
+ description: Tailscale Daemon Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: killSwitch
+ label: Enable Killswitch
+ schema:
+ type: boolean
+ show_if: [["type", "!=", "disabled"]]
+ default: true
+ - variable: excludedNetworks_IPv4
+ label: Killswitch Excluded IPv4 networks
+ description: List of Killswitch Excluded IPv4 Addresses
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv4
+ label: IPv4 Network
+ schema:
+ type: string
+ required: true
+ - variable: excludedNetworks_IPv6
+ label: Killswitch Excluded IPv6 networks
+ description: "List of Killswitch Excluded IPv6 Addresses"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv6
+ label: IPv6 Network
+ schema:
+ type: string
+ required: true
+ - variable: configFile
+ label: VPN Config File Location
+ schema:
+ type: string
+ show_if: [["type", "!=", "disabled"]]
+ default: ""
+
+ - variable: envList
+ label: VPN Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ max_length: 10240
+ - variable: netshoot
+ label: Netshoot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: envList
+ label: Netshoot Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: docs
+ group: Documentation
+ label: Please read the documentation at https://truecharts.org
+ description: Please read the documentation at
+
https://truecharts.org
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDocs
+ label: I have checked the documentation
+ schema:
+ type: boolean
+ default: true
+ - variable: donateNag
+ group: Documentation
+ label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
+ description: Please consider supporting TrueCharts, see
+
https://truecharts.org/sponsor
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDonate
+ label: I have considered donating
+ schema:
+ type: boolean
+ default: true
+ hidden: true
diff --git a/enterprise/vaultwarden/20.1.0/templates/NOTES.txt b/enterprise/vaultwarden/20.1.0/templates/NOTES.txt
new file mode 100644
index 00000000000..efcb74cb772
--- /dev/null
+++ b/enterprise/vaultwarden/20.1.0/templates/NOTES.txt
@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}
diff --git a/enterprise/vaultwarden/20.1.0/templates/_configmap.tpl b/enterprise/vaultwarden/20.1.0/templates/_configmap.tpl
new file mode 100644
index 00000000000..a396837e5a4
--- /dev/null
+++ b/enterprise/vaultwarden/20.1.0/templates/_configmap.tpl
@@ -0,0 +1,111 @@
+{{/* Define the configmap */}}
+{{- define "vaultwarden.configmap" -}}
+enabled: true
+data:
+ ROCKET_PORT: "8080"
+ SIGNUPS_ALLOWED: {{ .Values.vaultwarden.allowSignups | quote }}
+ {{- if .Values.vaultwarden.signupDomains }}
+ SIGNUPS_DOMAINS_WHITELIST: {{ join "," .Values.vaultwarden.signupDomains | quote }}
+ {{- end }}
+ {{- if and (eq .Values.vaultwarden.verifySignup true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Signup verification requires SMTP to be enabled" nil}}{{end}}
+ SIGNUPS_VERIFY: {{ .Values.vaultwarden.verifySignup | quote }}
+ {{- if and (eq .Values.vaultwarden.requireEmail true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Requiring emails for login depends on SMTP" nil}}{{end}}
+ REQUIRE_DEVICE_EMAIL: {{ .Values.vaultwarden.requireEmail | quote }}
+ {{- if .Values.vaultwarden.emailAttempts }}
+ EMAIL_ATTEMPTS_LIMIT: {{ .Values.vaultwarden.emailAttempts | quote }}
+ {{- end }}
+ {{- if .Values.vaultwarden.emailTokenExpiration }}
+ EMAIL_EXPIRATION_TIME: {{ .Values.vaultwarden.emailTokenExpiration | quote }}
+ {{- end }}
+ INVITATIONS_ALLOWED: {{ .Values.vaultwarden.allowInvitation | quote }}
+ {{- if .Values.vaultwarden.defaultInviteName }}
+ INVITATION_ORG_NAME: {{ .Values.vaultwarden.defaultInviteName | quote }}
+ {{- end }}
+ SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPasswordHint | quote }}
+ WEB_VAULT_ENABLED: {{ .Values.vaultwarden.enableWebVault | quote }}
+ ORG_CREATION_USERS: {{ .Values.vaultwarden.orgCreationUsers | quote }}
+ {{- if .Values.vaultwarden.attachmentLimitOrg }}
+ ORG_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitOrg | quote }}
+ {{- end }}
+ {{- if .Values.vaultwarden.attachmentLimitUser }}
+ USER_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitUser | quote }}
+ {{- end }}
+ {{- if .Values.vaultwarden.hibpApiKey }}
+ HIBP_API_KEY: {{ .Values.vaultwarden.hibpApiKey | quote }}
+ {{- end }}
+ {{- include "vaultwarden.dbTypeValid" . }}
+ {{- if .Values.database.retries }}
+ DB_CONNECTION_RETRIES: {{ .Values.database.retries | quote }}
+ {{- end }}
+ {{- if .Values.database.maxConnections }}
+ DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }}
+ {{- end }}
+ {{- if eq .Values.vaultwarden.smtp.enabled true }}
+ SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .Values.vaultwarden.smtp.host | quote }}
+ SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .Values.vaultwarden.smtp.from | quote }}
+ {{- if .Values.vaultwarden.smtp.fromName }}
+ SMTP_FROM_NAME: {{ .Values.vaultwarden.smtp.fromName | quote }}
+ {{- end }}
+ {{- if .Values.vaultwarden.smtp.ssl }}
+ SMTP_SSL: {{ .Values.vaultwarden.smtp.ssl | quote }}
+ {{- end }}
+ {{- if .Values.vaultwarden.smtp.port }}
+ SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }}
+ {{- end }}
+ {{- if .Values.vaultwarden.smtp.authMechanism }}
+ SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }}
+ {{- end }}
+ {{- if .Values.vaultwarden.smtp.heloName }}
+ HELO_NAME: {{ .Values.vaultwarden.smtp.heloName | quote }}
+ {{- end }}
+ {{- if .Values.vaultwarden.smtp.timeout }}
+ SMTP_TIMEOUT: {{ .Values.vaultwarden.smtp.timeout | quote }}
+ {{- end }}
+ {{- if .Values.vaultwarden.smtp.invalidHostname }}
+ SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.invalidHostname | quote }}
+ {{- end }}
+ {{- if .Values.vaultwarden.smtp.invalidCertificate }}
+ SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.invalidCertificate | quote }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.vaultwarden.log.file }}
+ LOG_FILE: {{ .Values.vaultwarden.log.file | quote }}
+ {{- end }}
+ {{- if or .Values.vaultwarden.log.level .Values.vaultwarden.log.timeFormat }}
+ EXTENDED_LOGGING: "true"
+ {{- end }}
+ {{- if .Values.vaultwarden.log.level }}
+ {{- include "vaultwarden.logLevelValid" . }}
+ LOG_LEVEL: {{ .Values.vaultwarden.log.level | quote }}
+ {{- end }}
+ {{- if .Values.vaultwarden.log.timeFormat }}
+ LOG_TIMESTAMP_FORMAT: {{ .Values.vaultwarden.log.timeFormat | quote }}
+ {{- end }}
+ {{- if .Values.vaultwarden.icons.disableDownload }}
+ DISABLE_ICON_DOWNLOAD: {{ .Values.vaultwarden.icons.disableDownload | quote }}
+ {{- if and (not .Values.vaultwarden.icons.cache) (eq .Values.vaultwarden.icons.disableDownload "true") }}
+ ICON_CACHE_TTL: "0"
+ {{- end }}
+ {{- end }}
+ {{- if .Values.vaultwarden.icons.cache }}
+ ICON_CACHE_TTL: {{ .Values.vaultwarden.icons.cache | quote }}
+ {{- end }}
+ {{- if .Values.vaultwarden.icons.cacheFailed }}
+ ICON_CACHE_NEGTTL: {{ .Values.vaultwarden.icons.cacheFailed | quote }}
+ {{- end }}
+ {{- if eq .Values.vaultwarden.admin.enabled true }}
+ {{- if eq .Values.vaultwarden.admin.disableAdminToken true }}
+ DISABLE_ADMIN_TOKEN: "true"
+ {{- end }}
+ {{- end }}
+ {{- if eq .Values.vaultwarden.yubico.enabled true }}
+ {{- if .Values.vaultwarden.yubico.server }}
+ YUBICO_SERVER: {{ .Values.vaultwarden.yubico.server | quote }}
+ {{- end }}
+ {{- end }}
+ {{- if eq .Values.database.type "sqlite" }}
+ ENABLE_DB_WAL: {{ .Values.database.wal | quote }}
+ {{- else }}
+ ENABLE_DB_WAL: "false"
+ {{- end }}
+{{- end -}}
diff --git a/enterprise/vaultwarden/20.1.0/templates/_secrets.tpl b/enterprise/vaultwarden/20.1.0/templates/_secrets.tpl
new file mode 100644
index 00000000000..a33f037cf71
--- /dev/null
+++ b/enterprise/vaultwarden/20.1.0/templates/_secrets.tpl
@@ -0,0 +1,32 @@
+{{/* Define the secrets */}}
+{{- define "vaultwarden.secrets" -}}
+
+{{- $adminToken := "" }}
+{{- if eq .Values.vaultwarden.admin.enabled true }}
+{{- $adminToken = .Values.vaultwarden.admin.token | default (randAlphaNum 48) | quote }}
+{{- end -}}
+
+{{- $smtpUser := "" }}
+{{- if and (eq .Values.vaultwarden.smtp.enabled true ) (.Values.vaultwarden.smtp.user) }}
+{{- $smtpUser = .Values.vaultwarden.smtp.user | quote }}
+{{- end -}}
+
+{{- $yubicoClientId := "" }}
+{{- if eq .Values.vaultwarden.yubico.enabled true }}
+{{- $yubicoClientId = required "Yubico Client ID required" .Values.vaultwarden.yubico.clientId | toString | quote }}
+{{- end -}}
+enabled: true
+data:
+ placeholder: placeholdervalue
+ {{- if ne $adminToken "" }}
+ ADMIN_TOKEN: {{ $adminToken }}
+ {{- end }}
+ {{- if ne $smtpUser "" }}
+ SMTP_USERNAME: {{ $smtpUser }}
+ SMTP_PASSWORD: {{ required "Must specify SMTP password" .Values.vaultwarden.smtp.password | quote }}
+ {{- end }}
+ {{- if ne $yubicoClientId "" }}
+ YUBICO_CLIENT_ID: {{ $yubicoClientId }}
+ YUBICO_SECRET_KEY: {{ required "Yubico Secret Key required" .Values.vaultwarden.yubico.secretKey | quote }}
+ {{- end }}
+{{- end -}}
diff --git a/enterprise/vaultwarden/20.1.0/templates/_validate.tpl b/enterprise/vaultwarden/20.1.0/templates/_validate.tpl
new file mode 100644
index 00000000000..e4832c2f6e5
--- /dev/null
+++ b/enterprise/vaultwarden/20.1.0/templates/_validate.tpl
@@ -0,0 +1,17 @@
+{{/*
+Ensure valid DB type is select, defaults to SQLite
+*/}}
+{{- define "vaultwarden.dbTypeValid" -}}
+{{- if not (or (eq .Values.database.type "postgresql") (eq .Values.database.type "mysql") (eq .Values.database.type "sqlite")) }}
+{{- required "Invalid database type" nil }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Ensure log type is valid
+*/}}
+{{- define "vaultwarden.logLevelValid" -}}
+{{- if not (or (eq .Values.vaultwarden.log.level "trace") (eq .Values.vaultwarden.log.level "debug") (eq .Values.vaultwarden.log.level "info") (eq .Values.vaultwarden.log.level "warn") (eq .Values.vaultwarden.log.level "error") (eq .Values.vaultwarden.log.level "off")) }}
+{{- required "Invalid log level" nil }}
+{{- end }}
+{{- end }}
diff --git a/enterprise/vaultwarden/20.1.0/templates/common.yaml b/enterprise/vaultwarden/20.1.0/templates/common.yaml
new file mode 100644
index 00000000000..66c6adab5db
--- /dev/null
+++ b/enterprise/vaultwarden/20.1.0/templates/common.yaml
@@ -0,0 +1,17 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . }}
+
+{{/* Render configmap for vaultwarden */}}
+{{- $configmapFile := include "vaultwarden.configmap" . | fromYaml -}}
+{{- if $configmapFile -}}
+ {{- $_ := set .Values.configmap "vaultwardenconfig" $configmapFile -}}
+{{- end -}}
+
+{{/* Render secrets for vaultwarden */}}
+{{- $secret := include "vaultwarden.secrets" . | fromYaml -}}
+{{- if $secret -}}
+ {{- $_ := set .Values.secret "vaultwardensecret" $secret -}}
+{{- end -}}
+
+{{/* Render the templates */}}
+{{ include "tc.v1.common.loader.apply" . }}
diff --git a/enterprise/vaultwarden/20.1.0/values.yaml b/enterprise/vaultwarden/20.1.0/values.yaml
new file mode 100644
index 00000000000..e69de29bb2d