truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-23 18:10:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
8537145e98bcffbf37a251d5147cdfd650a1cdce
chart/library/ix-dev/community/twofactor-auth/questions.yaml
Stavros Kois daf2bdc5fb Two factor auth - migrate storage section (adds acl) (#1986) 
* update values

* add migration

* update templates

* update ui

* bump version
2024-01-03 09:51:25 +02:00

433 lines
17 KiB
YAML
Raw Blame History

groups:
- name: 2FAuth Configuration
description: Configure 2FAuth
- name: Network Configuration
description: Configure Network for 2FAuth
- name: Storage Configuration
description: Configure Storage for 2FAuth
- name: Resources Configuration
description: Configure Resources for 2FAuth
portals:
web_portal:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
path: "$kubernetes-resource_configmap_portal_path"
questions:
- variable: twofauthConfig
label: ""
group: 2FAuth Configuration
schema:
type: dict
attrs:
- variable: appName
label: App Name
description: The name of the 2FAuth.
schema:
type: string
default: "2FAuth"
required: true
- variable: appUrl
label: App URL
description: |
The URL that 2FAuth will be accessible from.</br>
Example: </br>
http://server.ip:30081</br>
https://2fauth.example.com
schema:
type: uri
default: ""
required: true
- variable: siteOwnerEmail
label: Site Owner Email
description: The email address of the site owner.
schema:
type: string
default: ""
required: true
- variable: authenticationGuard
label: Authentication Guard
description: |
When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all
other built-in authentication checks. That means your proxy is fully responsible of the
authentication process, 2FAuth will trust him as long as headers are presents.
schema:
type: string
default: "web-guard"
required: true
enum:
- value: "web-guard"
description: Web Guard
- value: "reverse-proxy-guard"
description: Reverse Proxy Guard
- variable: authProxyHeaderUser
label: Authentication Proxy Header User
description: |
Name of the HTTP headers sent by the reverse proxy that identifies the authenticated
user at proxy level. Check your proxy documentation to find out how these headers are named.
schema:
type: string
default: ""
show_if: [["authenticationGuard", "=", "reverse-proxy-guard"]]
required: true
- variable: authProxyHeaderEmail
label: Authentication Proxy Header Email
description: |
Name of the HTTP headers sent by the reverse proxy that identifies the authenticated
user at proxy level. Check your proxy documentation to find out how these headers are named.
schema:
type: string
default: ""
show_if: [["authenticationGuard", "=", "reverse-proxy-guard"]]
required: true
- variable: webauthnUserVerification
label: WebAuthn User Verification
description: |
Most authenticators and smartphones will ask the user to actively verify
themselves for log in. For example, through a touch plus pin code,
password entry, or biometric recognition (e.g., presenting a fingerprint).
The intent is to distinguish one user from any other.
schema:
type: string
default: "preferred"
required: true
enum:
- value: "preferred"
description: Preferred
- value: "required"
description: Required
- value: "discouraged"
description: Discouraged
- variable: trustedProxies
label: Trusted Proxies
description: The list of proxies IP to trust
schema:
type: list
default: []
items:
- variable: trustedProxy
label: Trusted Proxy
schema:
type: string
required: true
- variable: additionalEnvs
label: Additional Environment Variables
description: Configure additional environment variables for 2FAuth.
schema:
type: list
default: []
items:
- variable: env
label: Environment Variable
schema:
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
required: true
- variable: value
label: Value
schema:
type: string
required: true
- variable: twofauthNetwork
label: ""
group: Network Configuration
schema:
type: dict
attrs:
- variable: webPort
label: Web Port
description: The port for the 2FAuth Web UI.
schema:
type: int
default: 30081
min: 9000
max: 65535
required: true
- variable: hostNetwork
label: Host Network
description: |
Bind to the host network. It's recommended to keep this disabled.</br>
schema:
type: boolean
default: false
- variable: twofauthStorage
label: ""
group: Storage Configuration
schema:
type: dict
attrs:
- variable: config
label: 2FAuth Config Storage
description: The path to store 2FAuth Configuration.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
immutable: true
default: "ixVolume"
enum:
- value: "hostPath"
description: Host Path (Path that already exists on the system)
- value: "ixVolume"
description: ixVolume (Dataset created automatically by the system)
- variable: ixVolumeConfig
label: ixVolume Configuration
description: The configuration for the ixVolume dataset.
schema:
type: dict
show_if: [["type", "=", "ixVolume"]]
$ref:
- "normalize/ixVolume"
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
required: true
immutable: true
hidden: true
default: "config"
- variable: aclEntries
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
- variable: hostPathConfig
label: Host Path Configuration
schema:
type: dict
show_if: [["type", "=", "hostPath"]]
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: acl
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
$ref:
- "normalize/acl"
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["aclEnable", "=", false]]
required: true
- variable: additionalStorages
label: Additional Storage
description: Additional storage for 2FAuth.
schema:
type: list
default: []
items:
- variable: storageEntry
label: Storage Entry
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.</br>
SMB Share: Is a SMB share that is mounted to a persistent volume claim.
schema:
type: string
required: true
default: "ixVolume"
immutable: true
enum:
- value: "hostPath"
description: Host Path (Path that already exists on the system)
- value: "ixVolume"
description: ixVolume (Dataset created automatically by the system)
- value: "smb-pv-pvc"
description: SMB Share (Mounts a persistent volume claim to a SMB share)
- variable: readOnly
label: Read Only
description: Mount the volume as read only.
schema:
type: boolean
default: false
- variable: mountPath
label: Mount Path
description: The path inside the container to mount the storage.
schema:
type: path
required: true
- variable: hostPathConfig
label: Host Path Configuration
schema:
type: dict
show_if: [["type", "=", "hostPath"]]
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: acl
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
$ref:
- "normalize/acl"
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["aclEnable", "=", false]]
required: true
- variable: ixVolumeConfig
label: ixVolume Configuration
description: The configuration for the ixVolume dataset.
schema:
type: dict
show_if: [["type", "=", "ixVolume"]]
$ref:
- "normalize/ixVolume"
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
required: true
immutable: true
default: "storage_entry"
- variable: aclEntries
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
- variable: smbConfig
label: SMB Share Configuration
description: The configuration for the SMB Share.
schema:
type: dict
show_if: [["type", "=", "smb-pv-pvc"]]
attrs:
- variable: server
label: Server
description: The server for the SMB share.
schema:
type: string
required: true
- variable: share
label: Share
description: The share name for the SMB share.
schema:
type: string
required: true
- variable: domain
label: Domain (Optional)
description: The domain for the SMB share.
schema:
type: string
- variable: username
label: Username
description: The username for the SMB share.
schema:
type: string
required: true
- variable: password
label: Password
description: The password for the SMB share.
schema:
type: string
required: true
private: true
- variable: size
label: Size (in Gi)
description: The size of the volume quota.
schema:
type: int
required: true
min: 1
default: 1
- variable: resources
group: Resources Configuration
label: ""
schema:
type: dict
attrs:
- variable: limits
label: Limits
schema:
type: dict
attrs:
- variable: cpu
label: CPU
description: CPU limit for 2FAuth.
schema:
type: string
max_length: 6
valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$'
valid_chars_error: |
Valid CPU limit formats are</br>
- Plain Integer - eg. 1</br>
- Float - eg. 0.5</br>
- Milicpu - eg. 500m
default: "4000m"
required: true
- variable: memory
label: Memory
description: Memory limit for 2FAuth.
schema:
type: string
max_length: 12
valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$'
valid_chars_error: |
Valid Memory limit formats are</br>
- Suffixed with E/P/T/G/M/K - eg. 1G</br>
- Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi</br>
- Plain Integer in bytes - eg. 1024</br>
- Exponent - eg. 134e6
default: "8Gi"
required: true
Reference in New Issue View Git Blame Copy Permalink