| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514 |
- groups:
- - name: 2FAuth Configuration
- description: Configure 2FAuth
- - name: User and Group Configuration
- description: Configure User and Group for 2FAuth
- - name: Network Configuration
- description: Configure Network for 2FAuth
- - name: Storage Configuration
- description: Configure Storage for 2FAuth
- - name: Labels Configuration
- description: Configure Labels for 2FAuth
- - name: Resources Configuration
- description: Configure Resources for 2FAuth
- questions:
- - variable: TZ
- group: 2FAuth Configuration
- label: Timezone
- schema:
- type: string
- default: "Etc/UTC"
- required: true
- $ref:
- - "definitions/timezone"
- - variable: twofactor_auth
- label: ""
- group: 2FAuth Configuration
- schema:
- type: dict
- attrs:
- - variable: app_key
- label: App Key
- description: The app key for 2FAuth.
- schema:
- type: string
- required: true
- private: true
- min_length: 32
- max_length: 32
- default: ""
- - variable: app_name
- label: App Name
- description: The app name for 2FAuth.
- schema:
- type: string
- required: true
- default: 2FAuth
- - variable: app_url
- label: App URL
- description: |
- The app URL for 2FAuth.</br>
- Setting this wrong will show a blank page.</br>
- Examples:</br>
- https://2fauth.example.com </br>
- http://192.168.1.100:30081
- schema:
- type: uri
- required: true
- default: ""
- - variable: site_owner_email
- label: Site Owner Email
- description: The email address of the site owner.
- schema:
- type: string
- required: true
- default: ""
- - variable: authentication_guard
- label: Authentication Guard
- description: |
- When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all
- other built-in authentication checks. That means your proxy is fully responsible of the
- authentication process, 2FAuth will trust him as long as headers are presents.
- schema:
- type: string
- default: "web-guard"
- required: true
- enum:
- - value: "web-guard"
- description: Web Guard
- - value: "reverse-proxy-guard"
- description: Reverse Proxy Guard
- - variable: authentication_header_user
- label: Authentication Proxy Header User
- description: |
- Name of the HTTP headers sent by the reverse proxy that identifies the authenticated
- user at proxy level. Check your proxy documentation to find out how these headers are named.
- schema:
- type: string
- default: ""
- show_if: [["authentication_guard", "=", "reverse-proxy-guard"]]
- required: true
- - variable: authentication_header_email
- label: Authentication Proxy Header Email
- description: |
- Name of the HTTP headers sent by the reverse proxy that identifies the authenticated
- user at proxy level. Check your proxy documentation to find out how these headers are named.
- schema:
- type: string
- default: ""
- show_if: [["authentication_guard", "=", "reverse-proxy-guard"]]
- required: true
- - variable: webauthn_user_verification
- label: WebAuthn User Verification
- description: |
- Most authenticators and smartphones will ask the user to actively verify
- themselves for log in. For example, through a touch plus pin code,
- password entry, or biometric recognition (e.g., presenting a fingerprint).
- The intent is to distinguish one user from any other.
- schema:
- type: string
- default: "preferred"
- required: true
- enum:
- - value: "preferred"
- description: Preferred
- - value: "required"
- description: Required
- - value: "discouraged"
- description: Discouraged
- - variable: trusted_proxies
- label: Trusted Proxies
- description: The list of proxies IP to trust
- schema:
- type: list
- default: []
- items:
- - variable: trustedProxy
- label: Trusted Proxy
- schema:
- type: string
- required: true
- - variable: additional_envs
- label: Additional Environment Variables
- schema:
- type: list
- default: []
- items:
- - variable: env
- label: Environment Variable
- schema:
- type: dict
- attrs:
- - variable: name
- label: Name
- schema:
- type: string
- required: true
- - variable: value
- label: Value
- schema:
- type: string
- - variable: run_as
- label: ""
- group: User and Group Configuration
- schema:
- type: dict
- attrs:
- - variable: user
- label: User ID
- description: The user id that 2FAuth files will be owned by.
- schema:
- type: int
- min: 568
- default: 568
- required: true
- - variable: group
- label: Group ID
- description: The group id that 2FAuth files will be owned by.
- schema:
- type: int
- min: 568
- default: 568
- required: true
- - variable: network
- label: ""
- group: Network Configuration
- schema:
- type: dict
- attrs:
- - variable: host_network
- label: Host Network
- description: |
- Bind to the host network. It's recommended to keep this disabled.
- schema:
- type: boolean
- default: false
- - variable: web_port
- label: WebUI Port
- schema:
- type: dict
- show_if: [["host_network", "=", false]]
- attrs:
- - variable: bind_mode
- label: Port Bind Mode
- description: |
- The port bind mode.</br>
- - Publish: The port will be published on the host for external access.</br>
- - Expose: The port will be exposed for inter-container communication.</br>
- - None: The port will not be exposed or published.</br>
- Note: If the Dockerfile defines an EXPOSE directive,
- the port will still be exposed for inter-container communication regardless of this setting.
- schema:
- type: string
- default: "published"
- enum:
- - value: "published"
- description: Publish port on the host for external access
- - value: "exposed"
- description: Expose port for inter-container communication
- - value: ""
- description: None
- - variable: port_number
- label: Port Number
- schema:
- type: int
- show_if: [["bind_mode", "=", "published"]]
- default: 30081
- min: 1
- max: 65535
- required: true
- - variable: host_ips
- label: Host IPs
- description: IPs on the host to bind this port
- schema:
- type: list
- show_if: [["bind_mode", "=", "published"]]
- default: []
- items:
- - variable: host_ip
- label: Host IP
- schema:
- type: string
- required: true
- $ref:
- - definitions/node_bind_ip
- - variable: storage
- label: ""
- group: Storage Configuration
- schema:
- type: dict
- attrs:
- - variable: config
- label: 2FAuth Config Storage
- description: The path to store 2FAuth Config.
- schema:
- type: dict
- attrs:
- - variable: type
- label: Type
- description: |
- ixVolume: Is dataset created automatically by the system.</br>
- Host Path: Is a path that already exists on the system.
- schema:
- type: string
- required: true
- default: "ix_volume"
- enum:
- - value: "host_path"
- description: Host Path (Path that already exists on the system)
- - value: "ix_volume"
- description: ixVolume (Dataset created automatically by the system)
- - variable: ix_volume_config
- label: ixVolume Configuration
- description: The configuration for the ixVolume dataset.
- schema:
- type: dict
- show_if: [["type", "=", "ix_volume"]]
- $ref:
- - "normalize/ix_volume"
- attrs:
- - variable: acl_enable
- label: Enable ACL
- description: Enable ACL for the storage.
- schema:
- type: boolean
- default: false
- - variable: dataset_name
- label: Dataset Name
- description: The name of the dataset to use for storage.
- schema:
- type: string
- required: true
- hidden: true
- default: "config"
- - variable: acl_entries
- label: ACL Configuration
- schema:
- type: dict
- show_if: [["acl_enable", "=", true]]
- attrs: []
- - variable: host_path_config
- label: Host Path Configuration
- schema:
- type: dict
- show_if: [["type", "=", "host_path"]]
- attrs:
- - variable: acl_enable
- label: Enable ACL
- description: Enable ACL for the storage.
- schema:
- type: boolean
- default: false
- - variable: acl
- label: ACL Configuration
- schema:
- type: dict
- show_if: [["acl_enable", "=", true]]
- attrs: []
- $ref:
- - "normalize/acl"
- - variable: path
- label: Host Path
- description: The host path to use for storage.
- schema:
- type: hostpath
- show_if: [["acl_enable", "=", false]]
- required: true
- - variable: additional_storage
- label: Additional Storage
- schema:
- type: list
- default: []
- items:
- - variable: storageEntry
- label: Storage Entry
- schema:
- type: dict
- attrs:
- - variable: type
- label: Type
- description: |
- ixVolume: Is dataset created automatically by the system.</br>
- Host Path: Is a path that already exists on the system.</br>
- SMB Share: Is a SMB share that is mounted to as a volume.
- schema:
- type: string
- required: true
- default: "ix_volume"
- enum:
- - value: "host_path"
- description: Host Path (Path that already exists on the system)
- - value: "ix_volume"
- description: ixVolume (Dataset created automatically by the system)
- - value: "cifs"
- description: SMB/CIFS Share (Mounts a volume to a SMB share)
- - variable: read_only
- label: Read Only
- description: Mount the volume as read only.
- schema:
- type: boolean
- default: false
- - variable: mount_path
- label: Mount Path
- description: The path inside the container to mount the storage.
- schema:
- type: path
- required: true
- - variable: host_path_config
- label: Host Path Configuration
- schema:
- type: dict
- show_if: [["type", "=", "host_path"]]
- attrs:
- - variable: acl_enable
- label: Enable ACL
- description: Enable ACL for the storage.
- schema:
- type: boolean
- default: false
- - variable: acl
- label: ACL Configuration
- schema:
- type: dict
- show_if: [["acl_enable", "=", true]]
- attrs: []
- $ref:
- - "normalize/acl"
- - variable: path
- label: Host Path
- description: The host path to use for storage.
- schema:
- type: hostpath
- show_if: [["acl_enable", "=", false]]
- required: true
- - variable: ix_volume_config
- label: ixVolume Configuration
- description: The configuration for the ixVolume dataset.
- schema:
- type: dict
- show_if: [["type", "=", "ix_volume"]]
- $ref:
- - "normalize/ix_volume"
- attrs:
- - variable: acl_enable
- label: Enable ACL
- description: Enable ACL for the storage.
- schema:
- type: boolean
- default: false
- - variable: dataset_name
- label: Dataset Name
- description: The name of the dataset to use for storage.
- schema:
- type: string
- required: true
- default: "storage_entry"
- - variable: acl_entries
- label: ACL Configuration
- schema:
- type: dict
- show_if: [["acl_enable", "=", true]]
- attrs: []
- $ref:
- - "normalize/acl"
- - variable: cifs_config
- label: SMB Configuration
- description: The configuration for the SMB dataset.
- schema:
- type: dict
- show_if: [["type", "=", "cifs"]]
- attrs:
- - variable: server
- label: Server
- description: The server to mount the SMB share.
- schema:
- type: string
- required: true
- - variable: path
- label: Path
- description: The path to mount the SMB share.
- schema:
- type: string
- required: true
- - variable: username
- label: Username
- description: The username to use for the SMB share.
- schema:
- type: string
- required: true
- - variable: password
- label: Password
- description: The password to use for the SMB share.
- schema:
- type: string
- required: true
- private: true
- - variable: domain
- label: Domain
- description: The domain to use for the SMB share.
- schema:
- type: string
- - variable: labels
- label: ""
- group: Labels Configuration
- schema:
- type: list
- default: []
- items:
- - variable: label
- label: Label
- schema:
- type: dict
- attrs:
- - variable: key
- label: Key
- schema:
- type: string
- required: true
- - variable: value
- label: Value
- schema:
- type: string
- required: true
- - variable: containers
- label: Containers
- description: Containers where the label should be applied
- schema:
- type: list
- items:
- - variable: container
- label: Container
- schema:
- type: string
- required: true
- enum:
- - value: twofactor-auth
- description: twofactor-auth
- - variable: resources
- label: ""
- group: Resources Configuration
- schema:
- type: dict
- attrs:
- - variable: limits
- label: Limits
- schema:
- type: dict
- attrs:
- - variable: cpus
- label: CPUs
- description: CPUs limit for 2FAuth.
- schema:
- type: int
- default: 2
- required: true
- - variable: memory
- label: Memory (in MB)
- description: Memory limit for 2FAuth.
- schema:
- type: int
- default: 4096
- required: true
|
