From cb3350e3446de6bdb3c07cf10388385830286ade Mon Sep 17 00:00:00 2001 From: Xstar97TheNoob <9399967+xstar97@users.noreply.github.com> Date: Thu, 28 Dec 2023 07:07:47 -0500 Subject: [PATCH] feat(2fauth) add 2fauth (#12669) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit **Description** A Web app to manage your 2FA accounts and generate their security codes. ⚒️ Fixes # **⚙️ Type of change** - [X] ⚙️ Feature/App addition - [ ] 🪛 Bugfix - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] 🔃 Refactor of current code **🧪 How Has This Been Tested?** **📃 Notes:** **✔️ Checklist:** - [X] ⚖️ My code follows the style guidelines of this project - [X] 👀 I have performed a self-review of my own code - [ ] #️⃣ I have commented my code, particularly in hard-to-understand areas - [ ] 📄 I have made corresponding changes to the documentation - [ ] ⚠️ My changes generate no new warnings - [ ] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [ ] ⬆️ I increased versions for any altered app according to semantic versioning **➕ App addition** If this PR is an app addition please make sure you have done the following. - [X] 🪞 I have opened a PR on [truecharts/containers](https://github.com/truecharts/containers) adding the container to TrueCharts mirror repo. - [X] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._ --------- Signed-off-by: Xstar97TheNoob <9399967+xstar97@users.noreply.github.com> Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Co-authored-by: Stavros kois Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> --- charts/incubator/twofauth/.helmignore | 30 ++ charts/incubator/twofauth/CHANGELOG.md | 1 + charts/incubator/twofauth/Chart.yaml | 27 ++ charts/incubator/twofauth/README.md | 1 + charts/incubator/twofauth/icon.png | Bin 0 -> 449 bytes charts/incubator/twofauth/questions.yaml | 266 ++++++++++++++++++ charts/incubator/twofauth/templates/NOTES.txt | 1 + .../incubator/twofauth/templates/_secrets.tpl | 13 + .../incubator/twofauth/templates/common.yaml | 10 + charts/incubator/twofauth/values.yaml | 126 +++++++++ 10 files changed, 475 insertions(+) create mode 100644 charts/incubator/twofauth/.helmignore create mode 100644 charts/incubator/twofauth/CHANGELOG.md create mode 100644 charts/incubator/twofauth/Chart.yaml create mode 100644 charts/incubator/twofauth/README.md create mode 100644 charts/incubator/twofauth/icon.png create mode 100644 charts/incubator/twofauth/questions.yaml create mode 100644 charts/incubator/twofauth/templates/NOTES.txt create mode 100644 charts/incubator/twofauth/templates/_secrets.tpl create mode 100644 charts/incubator/twofauth/templates/common.yaml create mode 100644 charts/incubator/twofauth/values.yaml diff --git a/charts/incubator/twofauth/.helmignore b/charts/incubator/twofauth/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/charts/incubator/twofauth/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/charts/incubator/twofauth/CHANGELOG.md b/charts/incubator/twofauth/CHANGELOG.md new file mode 100644 index 00000000000..825c32f0d03 --- /dev/null +++ b/charts/incubator/twofauth/CHANGELOG.md @@ -0,0 +1 @@ +# Changelog diff --git a/charts/incubator/twofauth/Chart.yaml b/charts/incubator/twofauth/Chart.yaml new file mode 100644 index 00000000000..dd0231eea57 --- /dev/null +++ b/charts/incubator/twofauth/Chart.yaml @@ -0,0 +1,27 @@ +apiVersion: v2 +appVersion: "4.2.4" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 17.1.4 +deprecated: false +description: A Web app to manage your 2FA accounts and generate their security codes. +home: https://truecharts.org/charts/incubator/twofauth +icon: https://truecharts.org/img/hotlink-ok/chart-icons/twofauth.png +keywords: + - 2fauth + - auth +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: twofauth +sources: + - https://github.com/truecharts/charts/tree/master/charts/incubator/twofauth + - https://github.com/Bubka/2fauth +type: application +version: 0.0.1 +annotations: + truecharts.org/category: auth + truecharts.org/SCALE-support: "true" diff --git a/charts/incubator/twofauth/README.md b/charts/incubator/twofauth/README.md new file mode 100644 index 00000000000..7e59600739c --- /dev/null +++ b/charts/incubator/twofauth/README.md @@ -0,0 +1 @@ +# README diff --git a/charts/incubator/twofauth/icon.png b/charts/incubator/twofauth/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..ac8e6869676bf54f0fca1122f7b59e7762529d33 GIT binary patch literal 449 zcmeAS@N?(olHy`uVBq!ia0vp^Q-Jt12Q!e|Z{>9aNW}*Dgt!9f|1<-ETECwHEs!e- z@(X6r)OYm>jVvfEDX(tq=$kNW-l~ne_Z~cRvhLi%A< ZWhje(#`iVljuFt$44$rjF6*2UngFJ#<8A-| literal 0 HcmV?d00001 diff --git a/charts/incubator/twofauth/questions.yaml b/charts/incubator/twofauth/questions.yaml new file mode 100644 index 00000000000..f9e60824e0e --- /dev/null +++ b/charts/incubator/twofauth/questions.yaml @@ -0,0 +1,266 @@ +# Include{groups} +portals: + open: +# Include{portalLink} +questions: +# Include{global} +# Include{workload} +# Include{workloadDeployment} + +# Include{replicas1} +# Include{podSpec} +# Include{containerMain} + +# Include{containerBasic} +# Include{containerAdvanced} + + - variable: twofauth + group: App Configuration + label: 2fauth + schema: + additional_attrs: true + type: dict + attrs: + - variable: app + label: App Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: App Name + schema: + type: string + default: "2FAuth" + - variable: session_lifetime + label: Session Lifetime + schema: + type: int + default: 120 + - variable: site_owner + label: Site Owner Email + schema: + type: string + default: "" + - variable: trusted_proxies + label: Trusted Proxies + schema: + type: list + empty: false + default: [] + required: true + items: + - variable: proxy + label: Proxy + schema: + type: string + required: true + default: "" + - variable: mail + label: Mail Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: driver + label: Driver + schema: + type: string + required: true + default: log + enum: + - value: log + description: Log + - value: smtp + description: SMTP + - variable: host + label: Host + schema: + type: string + default: "" + - variable: port + label: Port + schema: + type: int + default: 587 + - variable: from + label: From + schema: + type: string + default: "" + - variable: user + label: User + schema: + type: string + default: "" + - variable: pass + label: Pass + schema: + type: string + private: true + default: "" + - variable: encryption + label: encryption + schema: + type: string + default: "STARTTLS" + enum: + - value: TLS + description: TLS + - value: STARTTLS + description: STARTTLS + - value: SSL + description: SSL + - variable: from_name + label: From Name + schema: + type: string + default: "2FAuth" + - variable: from_address + label: From Address + schema: + type: string + default: "" + - variable: auth + label: Auth Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: guard + label: Guard + schema: + type: string + default: "web-guard" + enum: + - value: web-guard + description: Web Guard + - value: reverse-proxy-guard + description: Reverse Proxy Guard + - variable: proxy_header_for_user + label: Proxy Header for User + schema: + type: string + default: "" + show_if: [[guard, "=", "reverse-proxy-guard"]] + - variable: proxy_header_for_email + label: Proxy Header for Email + schema: + type: string + default: "" + show_if: [[guard, "=", "reverse-proxy-guard"]] + - variable: proxy_logout_url + label: Proxy Logout Url + schema: + type: string + default: "" + show_if: [[guard, "=", "reverse-proxy-guard"]] + - variable: webauthn + label: WebAuthn Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + default: 2FAuth + - variable: id + label: ID + schema: + type: string + default: "" + - variable: icon + label: Icon + schema: + type: string + default: "" + - variable: user_verified + label: User Verified + schema: + type: string + default: preferred + enum: + - value: required + description: Required + - value: preferred + description: Preferred + - value: discouraged + description: Discouraged + +# Include{containerConfig} +# Include{podOptions} +# Include{serviceRoot} +# Include{serviceMain} +# Include{serviceSelectorLoadBalancer} +# Include{serviceSelectorExtras} + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 8000 + required: true +# Include{serviceExpertRoot} +# Include{serviceExpert} +# Include{serviceList} +# Include{persistenceRoot} + - variable: config + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} +# Include{persistenceList} +# Include{ingressRoot} + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: +# Include{ingressDefault} +# Include{ingressTLS} +# Include{ingressTraefik} +# Include{ingressAdvanced} +# Include{ingressList} +# Include{securityContextRoot} + + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 1000 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 1000 +# Include{securityContextContainer} +# Include{securityContextAdvanced} +# Include{securityContextPod} + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + +# Include{resources} +# Include{advanced} +# Include{addons} +# Include{codeserver} +# Include{netshoot} +# Include{vpn} +# Include{documentation} diff --git a/charts/incubator/twofauth/templates/NOTES.txt b/charts/incubator/twofauth/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/charts/incubator/twofauth/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/charts/incubator/twofauth/templates/_secrets.tpl b/charts/incubator/twofauth/templates/_secrets.tpl new file mode 100644 index 00000000000..5008373e373 --- /dev/null +++ b/charts/incubator/twofauth/templates/_secrets.tpl @@ -0,0 +1,13 @@ +{{/* Define the secrets */}} +{{- define "twofauth.secret" -}} + {{- $secretName := (printf "%s-twofauth-secret" (include "tc.v1.common.lib.chart.names.fullname" $)) }} + + {{- $appKey := randAlphaNum 32 -}} + + {{- with lookup "v1" "Secret" .Release.Namespace $secretName -}} + {{- $appKey = index .data "APP_KEY" | b64dec -}} + {{- end }} +enabled: true +data: + APP_KEY: {{ $appKey }} +{{- end -}} diff --git a/charts/incubator/twofauth/templates/common.yaml b/charts/incubator/twofauth/templates/common.yaml new file mode 100644 index 00000000000..959caee0647 --- /dev/null +++ b/charts/incubator/twofauth/templates/common.yaml @@ -0,0 +1,10 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . -}} + +{{- $secret := include "twofauth.secret" . | fromYaml -}} +{{- if $secret -}} + {{- $_ := set .Values.secret "twofauth-secret" $secret -}} +{{- end -}} + +{{/* Render the templates */}} +{{- include "tc.v1.common.loader.apply" . -}} diff --git a/charts/incubator/twofauth/values.yaml b/charts/incubator/twofauth/values.yaml new file mode 100644 index 00000000000..998218b18b0 --- /dev/null +++ b/charts/incubator/twofauth/values.yaml @@ -0,0 +1,126 @@ +image: + repository: 2fauth/2fauth + pullPolicy: IfNotPresent + tag: 5.0.0@sha256:4845b8be5b6a2e40e29bb27dee36fffc746ef15b8c9e09f065dcae646c34182f + +securityContext: + container: + readOnlyRootFilesystem: false + runAsUser: 1000 + runAsGroup: 1000 + +twofauth: + app: + name: 2FAuth + site_owner: mail@example.com + url: http://localhost:8000 + session_lifetime: 120 + trusted_proxies: [] + mail: + driver: log + host: "" + port: 587 + from: "" + user: "" + pass: "" + # TLS | STARTTLS | SSL + encryption: STARTTLS + from_name: 2FAuth + from_address: changeme@example.com + auth: + # web-guard | reverse-proxy-guard + guard: web-guard + # show if guard uses reverse-proxy-guard + proxy_header_for_user: "" + proxy_header_for_email: "" + proxy_logout_url: "" + webauthn: + name: 2FAuth + id: "" + icon: "" + # required | preferred | discouraged + user_verified: preferred + +workload: + main: + podSpec: + containers: + main: + probes: + liveness: + path: /infos + readiness: + path: /infos + startup: + type: tcp + env: + # APP + APP_ENV: local + APP_KEY: + secretKeyRef: + name: twofauth-secret + key: APP_KEY + APP_NAME: "{{ .Values.twofauth.app.name }}" + SITE_OWNER: "{{ .Values.twofauth.app.site_owner }}" + APP_URL: "{{ .Values.twofauth.app.url }}" + SESSION_LIFETIME: "{{ .Values.twofauth.app.session_lifetime }}" + TRUSTED_PROXIES: '{{ join "," .Values.twofauth.app.trusted_proxies }}' + # MAIL + MAIL_DRIVER: "{{ .Values.twofauth.mail.driver }}" + MAIL_HOST: "{{ .Values.twofauth.mail.host }}" + MAIL_PORT: "{{ .Values.twofauth.mail.port }}" + MAIL_FROM: "{{ .Values.twofauth.mail.from }}" + MAIL_USERNAME: "{{ .Values.twofauth.mail.user }}" + MAIL_PASSWORD: "{{ .Values.twofauth.mail.pass }}" + MAIL_ENCRYPTION: "{{ .Values.twofauth.mail.encryption }}" + MAIL_FROM_NAME: "{{ .Values.twofauth.mail.from_name }}" + MAIL_FROM_ADDRESS: "{{ .Values.twofauth.mail.from_address }}" + # AUTH + AUTHENTICATION_GUARD: "{{ .Values.twofauth.auth.guard }}" + AUTH_PROXY_HEADER_FOR_USER: "{{ .Values.twofauth.auth.proxy_header_for_user }}" + AUTH_PROXY_HEADER_FOR_EMAIL: "{{ .Values.twofauth.auth.proxy_header_for_email }}" + PROXY_LOGOUT_URL: "{{ .Values.twofauth.auth.proxy_logout_url }}" + # WebAuthn: + WEBAUTHN_NAME: "{{ .Values.twofauth.webauthn.name }}" + WEBAUTHN_ID: "{{ .Values.twofauth.webauthn.id }}" + # Optional image data in BASE64 (128 bytes maximum) or an image url + WEBAUTHN_ICON: "{{ .Values.twofauth.webauthn.icon }}" + WEBAUTHN_USER_VERIFICATION: "{{ .Values.twofauth.webauthn.user_verified }}" + # Postgres + DB_CONNECTION: pgsql + DB_DATABASE: "{{ .Values.cnpg.main.database }}" + DB_USERNAME: "{{ .Values.cnpg.main.user }}" + DB_PORT: 5432 + DB_HOST: + secretKeyRef: + name: cnpg-main-urls + key: host + DB_PASSWORD: + secretKeyRef: + name: cnpg-main-user + key: password + +service: + main: + ports: + main: + protocol: http + targetPort: 8000 + port: 8000 + +persistence: + config: + enabled: true + mountPath: /2fauth + varrun: + enabled: false + +cnpg: + main: + enabled: true + user: twofauth + database: twofauth + +portal: + open: + enabled: true