Compare commits
7 Commits
adminer-5.
...
adminer-5.
| Author | SHA1 | Date | |
|---|---|---|---|
|
652d98210f | ||
|
|
34a5f9d99b | ||
|
|
1924f4665b | ||
|
|
ab751cbb7a | ||
|
|
e0e3bc0d52 | ||
|
cd913c96a7 | ||
|
|
a69386d845 |
@@ -23,7 +23,7 @@ sources:
|
||||
- https://github.com/bitnami/bitnami-docker-memcached
|
||||
- http://memcached.org/
|
||||
type: application
|
||||
version: 8.0.16
|
||||
version: 8.0.17
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- database
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
image:
|
||||
repository: tccr.io/truecharts/memcached
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v1.6.21@sha256:117c7f246c0854b46f655a73f411f418e8f78a50cafec5e92d6ebfdb49319331
|
||||
tag: v1.6.21@sha256:5aae60b930344ab0b72f6cd435a63d6ea813ef8463c44e55d3f2c9c9792f95a3
|
||||
|
||||
service:
|
||||
main:
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
apiVersion: v2
|
||||
appVersion: "0.7.30"
|
||||
appVersion: "0.7.35"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 14.0.1
|
||||
version: 14.0.3
|
||||
deprecated: false
|
||||
description: WireGuard-based VPN server and egress firewall
|
||||
home: https://truecharts.org/charts/incubator/firezone
|
||||
@@ -22,7 +22,7 @@ sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/incubator/firezone
|
||||
- https://github.com/firezone/firezone
|
||||
type: application
|
||||
version: 0.0.8
|
||||
version: 0.1.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- vpn
|
||||
|
||||
|
Before Width: | Height: | Size: 12 KiB After Width: | Height: | Size: 12 KiB |
@@ -11,232 +11,227 @@ questions:
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
- variable: env
|
||||
label: Image Environment
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: EXTERNAL_URL
|
||||
label: External Url
|
||||
description: Must be a valid and public FQDN for ACME SSL issuance to function. Include https://
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: DEFAULT_ADMIN_EMAIL
|
||||
label: Default Admin Email
|
||||
description: Primary administrator email.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: DEFAULT_ADMIN_PASSWORD
|
||||
label: Default Admin Password
|
||||
description: Primary administrator password.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
private: true
|
||||
default: ""
|
||||
- variable: RESET_ADMIN_ON_BOOT
|
||||
label: Reset Admin On Boot
|
||||
description: to create or reset the admin password every time FireZone starts.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: TELEMETRY_ENABLED
|
||||
label: Telemetry Enabled
|
||||
description: Enable or disable the FireZone telemetry collection.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: devices
|
||||
label: Devices Settings
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT
|
||||
label: Allow Unprivileged Devices
|
||||
description: Enable or disable management of devices on unprivileged accounts.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION
|
||||
label: Allow Unprivileged Device Configuration
|
||||
description: Enable or disable configuration of device network settings for unprivileged users.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: VPN_SESSION_DURATION
|
||||
label: VPN Session Duration
|
||||
description: Optionally require users to periodically authenticate to the FireZone, Interval for WireGuard persistent keepalive.
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: DEFAULT_CLIENT_PERSISTENT_KEEPALIVE
|
||||
label: Default Client Persistent KeepAlive
|
||||
description: send a keepalive packet every 25 seconds. Otherwise, keep it disabled with a 0 default value.
|
||||
schema:
|
||||
type: int
|
||||
default: 25
|
||||
- variable: DEFAULT_CLIENT_MTU
|
||||
label: Default Client MTU
|
||||
description: WireGuard interface MTU for devices.
|
||||
schema:
|
||||
type: int
|
||||
default: 1280
|
||||
- variable: DEFAULT_CLIENT_ENDPOINT
|
||||
label: Default Client EndPoint
|
||||
description: IPv4, IPv6 address, or FQDN that devices will be configured to connect to. Defaults to this server's FQDN.
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: DEFAULT_CLIENT_DNS
|
||||
label: Default Client DNS
|
||||
description: Comma-separated list of DNS servers to use for devices.
|
||||
schema:
|
||||
type: string
|
||||
default: "1.1.1.1,1.0.0.1"
|
||||
- variable: DEFAULT_CLIENT_ALLOWED_IPS
|
||||
label: Default Client Allowed IPs
|
||||
description: AllowedIPs determines which destination IPs get routed through FireZone.
|
||||
schema:
|
||||
type: string
|
||||
default: "0.0.0.0/0,::/0"
|
||||
- variable: MAX_DEVICES_PER_USER
|
||||
label: Max Devices Per User
|
||||
description: Changes how many devices a user can have at a time.
|
||||
schema:
|
||||
type: int
|
||||
default: 10
|
||||
- variable: authorization
|
||||
label: Authorization Settings
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: LOCAL_AUTH_ENABLED
|
||||
label: Local Auth Enabled
|
||||
description: Enable or disable the local authentication method for all users.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: DISABLE_VPN_ON_OIDC_ERROR
|
||||
label: Disable VPN On OIDC Error
|
||||
description: Enable or disable auto disabling VPN connection on OIDC refresh error.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: wireguard
|
||||
label: Wireguard Settings
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: WIREGUARD_IPV4_ENABLED
|
||||
label: WireGuard IPV4 Enabled
|
||||
description: Enable or disable IPv4 support for WireGuard.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: WIREGUARD_IPV6_ENABLED
|
||||
label: WireGuard IPV6 Enabled
|
||||
description: Enable or disable IPv6 support for WireGuard.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: outbound
|
||||
label: OutBound Email Settings
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: OUTBOUND_EMAIL_FROM
|
||||
label: Outbound Email From
|
||||
description: From address to use for sending outbound emails.
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: OUTBOUND_EMAIL_ADAPTER
|
||||
label: Outbound Email Adapter
|
||||
description: Method to use for sending outbound email.
|
||||
schema:
|
||||
type: string
|
||||
default: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
|
||||
enum:
|
||||
- value: "Elixir.FzHttpWeb.Mailer.AmazonSES"
|
||||
description: "AmazonSES"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.CustomerIO"
|
||||
description: CustomerIO"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Dyn"
|
||||
description: Dyn
|
||||
- value: "Elixir.FzHttpWeb.Mailer.ExAwsAmazonSES"
|
||||
description: ExAwsAmazonSES"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Gmail"
|
||||
description: Gmail"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.MailPace"
|
||||
description: MailPace"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Mailgun"
|
||||
description: Mailgun"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Mailjet"
|
||||
description: MailJet"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Mandrill"
|
||||
description: Mandrill"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Postmark"
|
||||
description: Postmark"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.ProtonBridge"
|
||||
description: ProtonBridge"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.SMTP"
|
||||
description: SMTP"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.SMTP2GO"
|
||||
description: SMTP2GO"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Sendgrid"
|
||||
description: SendGrid"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Sendinblue"
|
||||
description: "SendInBlue"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.Sendmail"
|
||||
description: "Sendmail"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.SocketLabs"
|
||||
description: "SocketLabs"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.SparkPost"
|
||||
description: "SparkPost"
|
||||
- value: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
|
||||
description: "NoopAdapter"
|
||||
- variable: OUTBOUND_EMAIL_ADAPTER_OPTS
|
||||
label: Outbound Email Adapter OPTS
|
||||
description: Adapter configuration, see https://github.com/swoosh/swoosh#adapters.
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: connectivity
|
||||
label: Connectivity Settings
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: CONNECTIVITY_CHECKS_ENABLED
|
||||
label: Connectivity Checks Enabled
|
||||
description: Enable / disable periodic checking for egress connectivity. Determines the instance's public IP to populate Endpoint fields.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: CONNECTIVITY_CHECKS_INTERVAL
|
||||
label: Connectivity Checks Interval
|
||||
description: Periodicity in seconds to check for egress connectivity.
|
||||
schema:
|
||||
type: int
|
||||
default: 43200
|
||||
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
- variable: firezone
|
||||
group: App Configuration
|
||||
label: FireZone
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: web
|
||||
label: Web Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: external_url
|
||||
label: External Url
|
||||
description: Must be a valid and public FQDN for ACME SSL issuance to function. Include https://
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: trusted_proxies
|
||||
label: Trusted Proxies
|
||||
description: List of trusted reverse proxies.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: proxy
|
||||
label: Proxy IP
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: private_clients
|
||||
label: Private Clients
|
||||
description: List of trusted clients.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: client_ip
|
||||
label: Client IP
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: secure_cookies
|
||||
label: Secure Cookies
|
||||
description: Enable or disable requiring secure cookies. Required for HTTPS.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: admin
|
||||
label: Admin Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: reset_admin_on_boot
|
||||
label: Reset Admin On Boot
|
||||
description: to create or reset the admin password every time Firezone starts. By default, the admin password is only set when Firezone is installed.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: default_email
|
||||
label: Default Email
|
||||
description: Primary administrator email.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: default_password
|
||||
label: Default Password
|
||||
description: Default password that will be used for creating or resetting the primary administrator account.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
private: true
|
||||
default: ""
|
||||
- variable: devices
|
||||
label: Devices Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: allow_unprivileged_device_management
|
||||
label: Allow Unprivileged Device Management
|
||||
description: Enable or disable management of devices on unprivileged accounts.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: allow_unprivileged_device_config
|
||||
label: Allow Unprivileged Device Configuration
|
||||
description: Enable or disable configuration of device network settings for unprivileged users.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: vpn_session_duration
|
||||
label: VPN Session Duration
|
||||
description: Optionally require users to periodically authenticate to the Firezone web UI in order to keep their VPN sessions active.
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: client_persistent_keepalive
|
||||
label: Client Persistent KeepAlive
|
||||
description: If you experience NAT or firewall traversal problems, you can enable this to send a keepalive packet every 25 seconds, disabled by setting it to 0.
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: default_client_mtu
|
||||
label: Default Client MTU
|
||||
description: WireGuard interface MTU for devices.
|
||||
schema:
|
||||
type: int
|
||||
default: 1280
|
||||
- variable: client_endpoint
|
||||
label: Client Endpoint
|
||||
description: IPv4, IPv6 address, or FQDN that devices will be configured to connect to.
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: client_dns
|
||||
label: Client DNS
|
||||
description: List of DNS servers to use for devices.
|
||||
schema:
|
||||
type: list
|
||||
empty: false
|
||||
required: true
|
||||
default:
|
||||
- 1.1.1.1
|
||||
- 1.0.0.1
|
||||
items:
|
||||
- variable: dns
|
||||
label: DNS
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: client_allowed_ips
|
||||
label: Client Allowed Ips
|
||||
description: Configures the default AllowedIPs setting for devices.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: dns
|
||||
label: DNS
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: max_devices_per_user
|
||||
label: Max Devices Per User
|
||||
description: Changes how many devices a user can have at a time.
|
||||
schema:
|
||||
type: int
|
||||
default: 10
|
||||
- variable: authorization
|
||||
label: Authorization Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: local_auth_enabled
|
||||
label: Local Auth Enabled
|
||||
description: Enable or disable the local authentication method for all users.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: disable_vpn_on_oidc_error
|
||||
label: Disable VPN On OIDC Error
|
||||
description: Enable or disable auto disabling VPN connection on OIDC refresh error.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: wireguard
|
||||
label: Wireguard Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: ipv4_masquerade_enabled
|
||||
label: IPv4 Masquerade Enabled
|
||||
description: Enable or disable IPv4 masqeurading.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: connectivity
|
||||
label: Connectivity Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: checks_enabled
|
||||
label: Checks Enabled
|
||||
description: Enable / disable periodic checking for egress connectivity.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: checks_interval
|
||||
label: Checks Interval
|
||||
description: Periodicity in seconds to check for egress connectivity.
|
||||
schema:
|
||||
type: int
|
||||
default: 43200
|
||||
- variable: other
|
||||
label: Other Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: telemetry_enabled
|
||||
label: Telemetry Enabled
|
||||
description: Enable or disable the Firezone telemetry collection.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
|
||||
@@ -17,10 +17,12 @@
|
||||
{{- end }}
|
||||
enabled: true
|
||||
data:
|
||||
GUARDIAN_SECRET_KEY: {{ $keyGuardian }}
|
||||
DATABASE_ENCRYPTION_KEY: {{ $keyDatabase }}
|
||||
SECRET_KEY_BASE: {{ $keySecret }}
|
||||
LIVE_VIEW_SIGNING_SALT: {{ $keyLive }}
|
||||
COOKIE_SIGNING_SALT: {{ $keyCookieSigning }}
|
||||
COOKIE_ENCRYPTION_SALT: {{ $keyCookieEncrypt }}
|
||||
# firezone requires all these keys to be in base 64 format presented in the container, so this b64enc here is intentional
|
||||
# https://www.firezone.dev/docs/reference/env-vars#secrets-and-encryption
|
||||
GUARDIAN_SECRET_KEY: {{ $keyGuardian | b64enc }}
|
||||
DATABASE_ENCRYPTION_KEY: {{ $keyDatabase | b64enc }}
|
||||
SECRET_KEY_BASE: {{ $keySecret | b64enc }}
|
||||
LIVE_VIEW_SIGNING_SALT: {{ $keyLive | b64enc }}
|
||||
COOKIE_SIGNING_SALT: {{ $keyCookieSigning | b64enc }}
|
||||
COOKIE_ENCRYPTION_SALT: {{ $keyCookieEncrypt | b64enc }}
|
||||
{{- end -}}
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
{{/* Render secrets for firezone */}}
|
||||
{{- $secrets := include "firezone.secrets" . | fromYaml -}}
|
||||
{{- if $secrets -}}
|
||||
{{- $_ := set .Values.secret "secrets" $secrets -}}
|
||||
{{- $_ := set .Values.secret "firezone-secrets" $secrets -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
image:
|
||||
repository: tccr.io/truecharts/firezone
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.7.30@sha256:e22dc7a9be93a804bbe0e3d301c883625463a3649d856c8b41f80a2257214667
|
||||
tag: v0.7.35@sha256:53c08baeb65dde8689ebb3bd1fc9fbb034970dfdc9bceb005c4ffa03fe2b3e93
|
||||
|
||||
securityContext:
|
||||
container:
|
||||
@@ -15,26 +15,66 @@ securityContext:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
protocol: http
|
||||
port: 13000
|
||||
wireguard:
|
||||
enabled: true
|
||||
ports:
|
||||
wireguard:
|
||||
enabled: true
|
||||
protocol: udp
|
||||
port: 51820
|
||||
|
||||
firezone:
|
||||
web:
|
||||
external_url: "https://example.com"
|
||||
trusted_proxies: []
|
||||
private_clients: []
|
||||
admin:
|
||||
reset_admin_on_boot: false
|
||||
default_email: "admin@email.com"
|
||||
default_password: "1234567890"
|
||||
devices:
|
||||
allow_unprivileged_device_management: true
|
||||
allow_unprivileged_device_config: true
|
||||
vpn_session_duration: 0
|
||||
client_persistent_keepalive: 25
|
||||
default_client_mtu: 1280
|
||||
client_endpoint: ""
|
||||
client_dns:
|
||||
- 1.1.1.1
|
||||
- 1.0.0.1
|
||||
client_allowed_ips:
|
||||
- 0.0.0.0/0
|
||||
max_devices_per_user: 10
|
||||
authorization:
|
||||
local_auth_enabled: true
|
||||
disable_vpn_on_oidc_error: false
|
||||
wireguard:
|
||||
ipv4_masquerade_enabled: true
|
||||
connectivity:
|
||||
checks_enabled: true
|
||||
checks_interval: 43200
|
||||
other:
|
||||
telemetry_enabled: false
|
||||
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
env:
|
||||
# web
|
||||
PHOENIX_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
|
||||
EXTERNAL_URL: "https://app.mydomain.com"
|
||||
# PHOENIX_SECURE_COOKIES: true
|
||||
EXTERNAL_URL: "{{ .Values.firezone.web.external_url }}"
|
||||
PHOENIX_SECURE_COOKIES: "{{ .Values.firezone.web.secure_cookies }}"
|
||||
# PHOENIX_HTTP_PROTOCOL_OPTIONS: "{}"
|
||||
# PHOENIX_EXTERNAL_TRUSTED_PROXIES: "[]"
|
||||
# PHOENIX_PRIVATE_CLIENTS: "[]"
|
||||
PHOENIX_EXTERNAL_TRUSTED_PROXIES: "{{ toJson .Values.firezone.web.trusted_proxies }}"
|
||||
PHOENIX_PRIVATE_CLIENTS: "{{ toJson .Values.firezone.web.private_clients }}"
|
||||
# DB
|
||||
DATABASE_HOST:
|
||||
secretKeyRef:
|
||||
@@ -51,49 +91,49 @@ workload:
|
||||
DATABASE_SSL_ENABLED: false
|
||||
# DATABASE_SSL_OPTS: "{}"
|
||||
# Admin
|
||||
RESET_ADMIN_ON_BOOT: false
|
||||
DEFAULT_ADMIN_EMAIL: "admin@email.com"
|
||||
DEFAULT_ADMIN_PASSWORD: "1234567890"
|
||||
RESET_ADMIN_ON_BOOT: "{{ .Values.firezone.admin.reset_admin_on_boot }}"
|
||||
DEFAULT_ADMIN_EMAIL: "{{ .Values.firezone.admin.default_email }}"
|
||||
DEFAULT_ADMIN_PASSWORD: "{{ .Values.firezone.admin.default_password }}"
|
||||
# Secrets and Encryption
|
||||
GUARDIAN_SECRET_KEY:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
name: firezone-secrets
|
||||
key: GUARDIAN_SECRET_KEY
|
||||
DATABASE_ENCRYPTION_KEY:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
name: firezone-secrets
|
||||
key: DATABASE_ENCRYPTION_KEY
|
||||
SECRET_KEY_BASE:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
name: firezone-secrets
|
||||
key: SECRET_KEY_BASE
|
||||
LIVE_VIEW_SIGNING_SALT:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
name: firezone-secrets
|
||||
key: LIVE_VIEW_SIGNING_SALT
|
||||
COOKIE_SIGNING_SALT:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
name: firezone-secrets
|
||||
key: COOKIE_SIGNING_SALT
|
||||
COOKIE_ENCRYPTION_SALT:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
name: firezone-secrets
|
||||
key: COOKIE_ENCRYPTION_SALT
|
||||
# Devices
|
||||
ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT: true
|
||||
ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION: true
|
||||
VPN_SESSION_DURATION: 0
|
||||
DEFAULT_CLIENT_PERSISTENT_KEEPALIVE: 25
|
||||
DEFAULT_CLIENT_MTU: 1280
|
||||
# DEFAULT_CLIENT_ENDPOINT: ""
|
||||
DEFAULT_CLIENT_DNS: "1.1.1.1,1.0.0.1"
|
||||
DEFAULT_CLIENT_ALLOWED_IPS: "0.0.0.0/0, ::/0"
|
||||
ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT: "{{ .Values.firezone.devices.allow_unprivileged_device_management }}"
|
||||
ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION: "{{ .Values.firezone.devices.allow_unprivileged_device_config }}"
|
||||
VPN_SESSION_DURATION: "{{ .Values.firezone.devices.vpn_session_duration }}"
|
||||
DEFAULT_CLIENT_PERSISTENT_KEEPALIVE: "{{ .Values.firezone.devices.client_persistent_keepalive }}"
|
||||
DEFAULT_CLIENT_MTU: "{{ .Values.firezone.devices.default_client_mtu }}"
|
||||
DEFAULT_CLIENT_ENDPOINT: "{{ .Values.firezone.devices.client_endpoint }}"
|
||||
DEFAULT_CLIENT_DNS: '{{ join "," .Values.firezone.devices.client_dns }}'
|
||||
DEFAULT_CLIENT_ALLOWED_IPS: '{{ join "," .Values.firezone.devices.client_allowed_ips }}'
|
||||
# Limits
|
||||
MAX_DEVICES_PER_USER: 10
|
||||
MAX_DEVICES_PER_USER: "{{ .Values.firezone.devices.max_devices_per_user }}"
|
||||
# Authorization
|
||||
LOCAL_AUTH_ENABLED: true
|
||||
DISABLE_VPN_ON_OIDC_ERROR: false
|
||||
SAML_ENTITY_ID: "urn:firezone.dev:firezone-app"
|
||||
LOCAL_AUTH_ENABLED: "{{ .Values.firezone.authorization.local_auth_enabled }}"
|
||||
DISABLE_VPN_ON_OIDC_ERROR: "{{ .Values.firezone.authorization.disable_vpn_on_oidc_error }}"
|
||||
# SAML_ENTITY_ID: "urn:firezone.dev:firezone-app"
|
||||
# SAML_KEYFILE_PATH: "/var/firezone/saml.key"
|
||||
# SAML_CERTFILE_PATH: "/var/firezone/saml.crt"
|
||||
# OPENID_CONNECT_PROVIDERS: "[]"
|
||||
@@ -101,30 +141,18 @@ workload:
|
||||
# WireGuard
|
||||
WIREGUARD_PORT: "{{ .Values.service.wireguard.ports.wireguard.port }}"
|
||||
WIREGUARD_IPV4_ENABLED: true
|
||||
WIREGUARD_IPV4_MASQUERADE: "{{ .Values.firezone.wireguard.ipv4_masquerade_enabled }}"
|
||||
WIREGUARD_IPV6_ENABLED: false
|
||||
WIREGUARD_IPV6_MASQUERADE: false
|
||||
# Outbound Emails
|
||||
OUTBOUND_EMAIL_FROM: ""
|
||||
OUTBOUND_EMAIL_ADAPTER: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
|
||||
# OUTBOUND_EMAIL_FROM: ""
|
||||
# OUTBOUND_EMAIL_ADAPTER: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
|
||||
# OUTBOUND_EMAIL_ADAPTER_OPTS: "{}"
|
||||
# Connectivity Checks
|
||||
CONNECTIVITY_CHECKS_ENABLED: true
|
||||
CONNECTIVITY_CHECKS_INTERVAL: 43200
|
||||
CONNECTIVITY_CHECKS_ENABLED: "{{ .Values.firezone.connectivity.checks_enabled }}"
|
||||
CONNECTIVITY_CHECKS_INTERVAL: "{{ .Values.firezone.connectivity.checks_interval }}"
|
||||
# Telemetry
|
||||
TELEMETRY_ENABLED: false
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
protocol: http
|
||||
port: 13000
|
||||
wireguard:
|
||||
enabled: true
|
||||
ports:
|
||||
wireguard:
|
||||
enabled: true
|
||||
protocol: udp
|
||||
port: 51820
|
||||
TELEMETRY_ENABLED: "{{ .Values.firezone.other.telemetry_enabled }}"
|
||||
|
||||
persistence:
|
||||
config:
|
||||
|
||||
@@ -26,4 +26,4 @@ sources:
|
||||
- https://github.com/vrana/adminer
|
||||
- http://hub.docker.com/_/adminer/
|
||||
type: application
|
||||
version: 5.0.8
|
||||
version: 5.0.9
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: tccr.io/truecharts/adminer
|
||||
tag: latest@sha256:661fd104fa574599817431a23007cbc3fe418864f5567b1c44375e2ca458d067
|
||||
tag: latest@sha256:f2776d2ae6ec7778c1ccaeffa6be28d55a1accf2a1a33e068ea9c92ee4c02422
|
||||
|
||||
securityContext:
|
||||
container:
|
||||
|
||||
@@ -27,7 +27,7 @@ sources:
|
||||
- https://github.com/zyachel/libremdb
|
||||
- https://github.com/PussTheCat-org/docker-libremdb-quay
|
||||
type: application
|
||||
version: 3.0.50
|
||||
version: 3.0.51
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- media
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
image:
|
||||
repository: tccr.io/truecharts/libremdb
|
||||
pullPolicy: IfNotPresent
|
||||
tag: latest@sha256:6341c52f9bf2aa398dce8023dcc20add1da7adbdbf54f2d3a625fc89dffaadae
|
||||
tag: latest@sha256:b894a549394a5850e8169eddfe58317d57afb0d9a93d5fee56656a10fac75a5c
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
apiVersion: v2
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
name: rsnapshot
|
||||
version: 6.0.3
|
||||
version: 6.0.4
|
||||
appVersion: "1.4.5"
|
||||
description: Rsnapshot is a filesystem snapshot utility based on rsync.
|
||||
type: application
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
image:
|
||||
repository: tccr.io/truecharts/rsnapshot
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v1.4.5@sha256:94b9a733c1960fb4fd69f0e2cfa8d8ca5b336cee4592006d15ab97a0ef676cce
|
||||
tag: v1.4.5@sha256:c22df421175bfee228fd80564982e510cd31f009e84ed1d2bcaff753e722809d
|
||||
service:
|
||||
main:
|
||||
enabled: false
|
||||
|
||||
@@ -23,7 +23,7 @@ sources:
|
||||
- https://github.com/linuxserver/docker-sickchill
|
||||
- https://github.com/SickChill/SickChill
|
||||
type: application
|
||||
version: 7.0.6
|
||||
version: 7.0.7
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- media
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
image:
|
||||
repository: tccr.io/truecharts/sickchill
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v2023.6.27@sha256:a0f415f43114e2e2515e74b45c38e4a9cd82c8036f3ea8cb7acc367ea27445f8
|
||||
tag: v2023.6.27@sha256:bcf63ef5f87bd2ec15118a678f636af27de91a9239de2e73d10c286440a1c12b
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
|
||||
@@ -22,7 +22,7 @@ name: vikunja
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/vikunja
|
||||
- https://vikunja.io/docs
|
||||
version: 9.0.2
|
||||
version: 9.0.3
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- productivity
|
||||
|
||||
@@ -8,7 +8,7 @@ frontendImage:
|
||||
pullPolicy: IfNotPresent
|
||||
nginxImage:
|
||||
repository: tccr.io/truecharts/nginx
|
||||
tag: v1.25.2@sha256:fde7e417d09ec035ec5229cb39ca802c37d204bbff351cb1a9930b5d80872778
|
||||
tag: v1.25.2@sha256:b2992afb4519d24b31d2b6e748ca752bb77cb9fd93037d53b968c3579a9bdfa2
|
||||
|
||||
workload:
|
||||
main:
|
||||
|
||||
Reference in New Issue
Block a user