123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 |
- {% set tpl = ix_lib.base.render.Render(values) %}
- {% set c1 = tpl.add_container(values.consts.twofactor_auth_container_name, "image") %}
- {% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
- {% set perms_config = {"uid": values.consts.run_as_user, "gid": values.consts.run_as_group, "mode": "check"} %}
- {% do c1.set_user(values.consts.run_as_user, values.consts.run_as_group) %}
- {% do c1.healthcheck.set_test("wget", {"port": values.consts.internal_web_port, "path": "/up"}) %}
- {% do c1.environment.add_env("APP_ENV", "local") %}
- {% do c1.environment.add_env("APP_KEY", values.twofactor_auth.app_key) %}
- {% do c1.environment.add_env("APP_TIMEZONE", values.TZ) %}
- {% do c1.environment.add_env("APP_NAME", values.twofactor_auth.app_name) %}
- {% do c1.environment.add_env("APP_URL", values.twofactor_auth.app_url) %}
- {% do c1.environment.add_env("SITE_OWNER", values.twofactor_auth.site_owner_email) %}
- {% do c1.environment.add_env("AUTHENTICATION_GUARD", values.twofactor_auth.authentication_guard) %}
- {# /srv/database/database.sqlite is symlinked to /2fauth/database.sqlite #}
- {% do c1.environment.add_env("DB_DATABASE", "/srv/database/database.sqlite") %}
- {% do c1.environment.add_env("WEBAUTHN_USER_VERIFICATION", values.twofactor_auth.webauthn_user_verification) %}
- {% if values.twofactor_auth.authentication_guard == "reverse-proxy-guard" %}
- {% do c1.environment.add_env("AUTH_PROXY_HEADER_FOR_USER", values.twofactor_auth.authentication_header_user) %}
- {% do c1.environment.add_env("AUTH_PROXY_HEADER_FOR_EMAIL", values.twofactor_auth.authentication_header_email) %}
- {% endif %}
- {% if values.twofactor_auth.trusted_proxies %}
- {% do c1.environment.add_env("TRUSTED_PROXIES", values.twofactor_auth.trusted_proxies | join(",")) %}
- {% endif %}
- {% do c1.environment.add_user_envs(values.twofactor_auth.additional_envs) %}
- {% if not values.network.host_network %}
- {% do c1.add_port(values.network.web_port, {"container_port": values.consts.internal_web_port}) %}
- {% endif %}
- {% do c1.add_storage("/2fauth", values.storage.config) %}
- {% do perm_container.add_or_skip_action("2fauth", values.storage.config, perms_config) %}
- {% for store in values.storage.additional_storage %}
- {% do c1.add_storage(store.mount_path, store) %}
- {% do perm_container.add_or_skip_action(store.mount_path, store, perms_config) %}
- {% endfor %}
- {% if perm_container.has_actions() %}
- {% do perm_container.activate() %}
- {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
- {% endif %}
- {% do tpl.portals.add(values.network.web_port, {"port": values.consts.internal_web_port if values.network.host_network else None}) %}
- {{ tpl.render() | tojson }}
|