mirror of
https://github.com/truenas/charts.git
synced 2026-04-13 12:09:53 +08:00
347 lines
13 KiB
YAML
347 lines
13 KiB
YAML
groups:
|
|
- name: 2FAuth Configuration
|
|
description: Configure 2FAuth
|
|
- name: Network Configuration
|
|
description: Configure Network for 2FAuth
|
|
- name: Storage Configuration
|
|
description: Configure Storage for 2FAuth
|
|
- name: Resources Configuration
|
|
description: Configure Resources for 2FAuth
|
|
|
|
portals:
|
|
web_portal:
|
|
protocols:
|
|
- "$kubernetes-resource_configmap_portal_protocol"
|
|
host:
|
|
- "$kubernetes-resource_configmap_portal_host"
|
|
ports:
|
|
- "$kubernetes-resource_configmap_portal_port"
|
|
path: "$kubernetes-resource_configmap_portal_path"
|
|
|
|
questions:
|
|
- variable: twofauthConfig
|
|
label: ""
|
|
group: 2FAuth Configuration
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: appName
|
|
label: App Name
|
|
description: The name of the 2FAuth.
|
|
schema:
|
|
type: string
|
|
default: "2FAuth"
|
|
required: true
|
|
- variable: appUrl
|
|
label: App URL
|
|
description: |
|
|
The URL that 2FAuth will be accessible from.</br>
|
|
Example: </br>
|
|
http://server.ip:30081</br>
|
|
https://2fauth.example.com
|
|
schema:
|
|
type: uri
|
|
default: ""
|
|
required: true
|
|
- variable: siteOwnerEmail
|
|
label: Site Owner Email
|
|
description: The email address of the site owner.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
required: true
|
|
- variable: authenticationGuard
|
|
label: Authentication Guard
|
|
description: |
|
|
When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all
|
|
other built-in authentication checks. That means your proxy is fully responsible of the
|
|
authentication process, 2FAuth will trust him as long as headers are presents.
|
|
schema:
|
|
type: string
|
|
default: "web-guard"
|
|
required: true
|
|
enum:
|
|
- value: "web-guard"
|
|
description: Web Guard
|
|
- value: "reverse-proxy-guard"
|
|
description: Reverse Proxy Guard
|
|
- variable: authProxyHeaderUser
|
|
label: Authentication Proxy Header User
|
|
description: |
|
|
Name of the HTTP headers sent by the reverse proxy that identifies the authenticated
|
|
user at proxy level. Check your proxy documentation to find out how these headers are named.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
show_if: [["authenticationGuard", "=", "reverse-proxy-guard"]]
|
|
required: true
|
|
- variable: authProxyHeaderEmail
|
|
label: Authentication Proxy Header Email
|
|
description: |
|
|
Name of the HTTP headers sent by the reverse proxy that identifies the authenticated
|
|
user at proxy level. Check your proxy documentation to find out how these headers are named.
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
show_if: [["authenticationGuard", "=", "reverse-proxy-guard"]]
|
|
required: true
|
|
- variable: webauthnUserVerification
|
|
label: WebAuthn User Verification
|
|
description: |
|
|
Most authenticators and smartphones will ask the user to actively verify
|
|
themselves for log in. For example, through a touch plus pin code,
|
|
password entry, or biometric recognition (e.g., presenting a fingerprint).
|
|
The intent is to distinguish one user from any other.
|
|
schema:
|
|
type: string
|
|
default: "preferred"
|
|
required: true
|
|
enum:
|
|
- value: "preferred"
|
|
description: Preferred
|
|
- value: "required"
|
|
description: Required
|
|
- value: "discouraged"
|
|
description: Discouraged
|
|
- variable: trustedProxies
|
|
label: Trusted Proxies
|
|
description: The list of proxies IP to trust
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: trustedProxy
|
|
label: Trusted Proxy
|
|
schema:
|
|
type: string
|
|
required: true
|
|
- variable: additionalEnvs
|
|
label: Additional Environment Variables
|
|
description: Configure additional environment variables for 2FAuth.
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: env
|
|
label: Environment Variable
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: name
|
|
label: Name
|
|
schema:
|
|
type: string
|
|
required: true
|
|
- variable: value
|
|
label: Value
|
|
schema:
|
|
type: string
|
|
required: true
|
|
|
|
- variable: twofauthNetwork
|
|
label: ""
|
|
group: Network Configuration
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: webPort
|
|
label: Web Port
|
|
description: The port for the 2FAuth Web UI.
|
|
schema:
|
|
type: int
|
|
default: 30081
|
|
min: 9000
|
|
max: 65535
|
|
required: true
|
|
- variable: hostNetwork
|
|
label: Host Network
|
|
description: |
|
|
Bind to the host network. It's recommended to keep this disabled.</br>
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
|
|
- variable: twofauthStorage
|
|
label: ""
|
|
group: Storage Configuration
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: config
|
|
label: 2FAuth Config Storage
|
|
description: The path to store 2FAuth Configuration.
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: type
|
|
label: Type
|
|
description: |
|
|
ixVolume: Is dataset created automatically by the system.</br>
|
|
Host Path: Is a path that already exists on the system.
|
|
schema:
|
|
type: string
|
|
required: true
|
|
immutable: true
|
|
default: "ixVolume"
|
|
enum:
|
|
- value: "hostPath"
|
|
description: Host Path (Path that already exists on the system)
|
|
- value: "ixVolume"
|
|
description: ixVolume (Dataset created automatically by the system)
|
|
- variable: datasetName
|
|
label: Dataset Name
|
|
schema:
|
|
type: string
|
|
show_if: [["type", "=", "ixVolume"]]
|
|
required: true
|
|
hidden: true
|
|
immutable: true
|
|
default: "config"
|
|
$ref:
|
|
- "normalize/ixVolume"
|
|
- variable: hostPath
|
|
label: Host Path
|
|
schema:
|
|
type: hostpath
|
|
show_if: [["type", "=", "hostPath"]]
|
|
required: true
|
|
- variable: additionalStorages
|
|
label: Additional Storage
|
|
description: Additional storage for 2FAuth.
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: storageEntry
|
|
label: Storage Entry
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: type
|
|
label: Type
|
|
description: |
|
|
ixVolume: Is dataset created automatically by the system.</br>
|
|
Host Path: Is a path that already exists on the system.</br>
|
|
SMB Share: Is a SMB share that is mounted to a persistent volume claim.
|
|
schema:
|
|
type: string
|
|
required: true
|
|
default: "ixVolume"
|
|
immutable: true
|
|
enum:
|
|
- value: "hostPath"
|
|
description: Host Path (Path that already exists on the system)
|
|
- value: "ixVolume"
|
|
description: ixVolume (Dataset created automatically by the system)
|
|
- value: "smb-pv-pvc"
|
|
description: SMB Share (Mounts a persistent volume claim to a SMB share)
|
|
- variable: mountPath
|
|
label: Mount Path
|
|
description: The path inside the container to mount the storage.
|
|
schema:
|
|
type: path
|
|
required: true
|
|
- variable: hostPath
|
|
label: Host Path
|
|
description: The host path to use for storage.
|
|
schema:
|
|
type: hostpath
|
|
show_if: [["type", "=", "hostPath"]]
|
|
required: true
|
|
- variable: datasetName
|
|
label: Dataset Name
|
|
description: The name of the dataset to use for storage.
|
|
schema:
|
|
type: string
|
|
show_if: [["type", "=", "ixVolume"]]
|
|
required: true
|
|
immutable: true
|
|
default: "storage_entry"
|
|
$ref:
|
|
- "normalize/ixVolume"
|
|
- variable: server
|
|
label: Server
|
|
description: The server for the SMB share.
|
|
schema:
|
|
type: string
|
|
show_if: [["type", "=", "smb-pv-pvc"]]
|
|
required: true
|
|
- variable: share
|
|
label: Share
|
|
description: The share name for the SMB share.
|
|
schema:
|
|
type: string
|
|
show_if: [["type", "=", "smb-pv-pvc"]]
|
|
required: true
|
|
- variable: domain
|
|
label: Domain (Optional)
|
|
description: The domain for the SMB share.
|
|
schema:
|
|
type: string
|
|
show_if: [["type", "=", "smb-pv-pvc"]]
|
|
- variable: username
|
|
label: Username
|
|
description: The username for the SMB share.
|
|
schema:
|
|
type: string
|
|
show_if: [["type", "=", "smb-pv-pvc"]]
|
|
required: true
|
|
- variable: password
|
|
label: Password
|
|
description: The password for the SMB share.
|
|
schema:
|
|
type: string
|
|
show_if: [["type", "=", "smb-pv-pvc"]]
|
|
required: true
|
|
private: true
|
|
- variable: size
|
|
label: Size (in Gi)
|
|
description: The size of the volume quota.
|
|
schema:
|
|
type: int
|
|
show_if: [["type", "=", "smb-pv-pvc"]]
|
|
required: true
|
|
min: 1
|
|
default: 1
|
|
|
|
- variable: resources
|
|
group: Resources Configuration
|
|
label: ""
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: limits
|
|
label: Limits
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: cpu
|
|
label: CPU
|
|
description: CPU limit for 2FAuth.
|
|
schema:
|
|
type: string
|
|
max_length: 6
|
|
valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$'
|
|
valid_chars_error: |
|
|
Valid CPU limit formats are</br>
|
|
- Plain Integer - eg. 1</br>
|
|
- Float - eg. 0.5</br>
|
|
- Milicpu - eg. 500m
|
|
default: "4000m"
|
|
required: true
|
|
- variable: memory
|
|
label: Memory
|
|
description: Memory limit for 2FAuth.
|
|
schema:
|
|
type: string
|
|
max_length: 12
|
|
valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$'
|
|
valid_chars_error: |
|
|
Valid Memory limit formats are</br>
|
|
- Suffixed with E/P/T/G/M/K - eg. 1G</br>
|
|
- Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi</br>
|
|
- Plain Integer in bytes - eg. 1024</br>
|
|
- Exponent - eg. 134e6
|
|
default: "8Gi"
|
|
required: true
|