github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Finish config file reference WHEW

Browse Source
This commit is contained in:
Jamil Bou Kheir
2022-01-23 18:07:38 -08:00
parent 33323b5039
commit f68e4cdb27
1 changed files with 138 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

283
docs/docs/reference/configuration-file.md
View File

@@ -8,148 +8,141 @@ parent: Reference
Shown below is a complete listing of the configuration options available in
`/etc/firezone/firezone.rb`.
| option | description | default value |
| ----------------------------------------- | --------------------- | -------- |
| `default['firezone']['nginx']['enabled']` | Whether to enable the bundled nginx server | `true` |
| default['firezone']['fqdn'] = (node['fqdn'] \|\| node['hostname']).downcase |||
| default['firezone']['config_directory'] = '/etc/firezone' |||
| default['firezone']['install_directory'] = '/opt/firezone' |||
| default['firezone']['app_directory'] = "#{node['firezone']['install_directory']}/embedded/service/firezone" |||
| default['firezone']['log_directory'] = '/var/log/firezone' |||
| default['firezone']['var_directory'] = '/var/opt/firezone' |||
| default['firezone']['user'] = 'firezone' |||
| default['firezone']['group'] = 'firezone' |||
| default['firezone']['admin_email'] = "firezone@localhost" |||
| default['firezone']['egress_interface'] = nil |||
| default['firezone']['fips_enabled'] = nil |||
| default['enterprise']['name'] = 'firezone' |||
| default['firezone']['install_path'] = node['firezone']['install_directory'] |||
| default['firezone']['sysvinit_id'] = 'SUP' |||
| default['firezone']['nginx']['enabled'] = true |||
| default['firezone']['nginx']['force_ssl'] = true |||
| default['firezone']['nginx']['non_ssl_port'] = 80 |||
| default['firezone']['nginx']['ssl_port'] = 443 |||
| default['firezone']['nginx']['directory'] = "#{node['firezone']['var_directory']}/nginx/etc" |||
| default['firezone']['nginx']['log_directory'] = "#{node['firezone']['log_directory']}/nginx" |||
| default['firezone']['nginx']['log_rotation']['file_maxbytes'] = 104857600 |||
| default['firezone']['nginx']['log_rotation']['num_to_keep'] = 10 |||
| default['firezone']['nginx']['log_x_forwarded_for'] = false |||
| default['firezone']['nginx']['redirect_to_canonical'] = false |||
| default['firezone']['nginx']['cache']['enabled'] = false |||
| default['firezone']['nginx']['cache']['directory'] = "#{node['firezone']['var_directory']}/nginx/cache" |||
| default['firezone']['nginx']['user'] = node['firezone']['user'] |||
| default['firezone']['nginx']['group'] = node['firezone']['group'] |||
| default['firezone']['nginx']['dir'] = node['firezone']['nginx']['directory'] |||
| default['firezone']['nginx']['log_dir'] = node['firezone']['nginx']['log_directory'] |||
| default['firezone']['nginx']['pid'] = "#{node['firezone']['nginx']['directory']}/nginx.pid" |||
| default['firezone']['nginx']['daemon_disable'] = true |||
| default['firezone']['nginx']['gzip'] = 'on' |||
| default['firezone']['nginx']['gzip_static'] = 'off' |||
| default['firezone']['nginx']['gzip_http_version'] = '1.0' |||
| default['firezone']['nginx']['gzip_comp_level'] = '2' |||
| default['firezone']['nginx']['gzip_proxied'] = 'any' |||
| default['firezone']['nginx']['gzip_vary'] = 'off' |||
| default['firezone']['nginx']['gzip_buffers'] = nil |||
| default['firezone']['nginx']['gzip_types'] = %w( |||
| text/plain |||
| text/css |||
| application/x-javascript |||
| text/xml |||
| application/xml |||
| application/rss+xml |||
| application/atom+xml |||
| text/javascript |||
| application/javascript |||
| application/json |||
| ) |||
| default['firezone']['nginx']['gzip_min_length'] = 1000 |||
| default['firezone']['nginx']['gzip_disable'] = 'MSIE [1-6]\.' |||
| default['firezone']['nginx']['keepalive'] = 'on' |||
| default['firezone']['nginx']['keepalive_timeout'] = 65 |||
| default['firezone']['nginx']['worker_processes'] = node['cpu'] && node['cpu']['total'] ? node['cpu']['total'] : 1 |||
| default['firezone']['nginx']['worker_connections'] = 1024 |||
| default['firezone']['nginx']['worker_rlimit_nofile'] = nil |||
| default['firezone']['nginx']['multi_accept'] = false |||
| default['firezone']['nginx']['event'] = nil |||
| default['firezone']['nginx']['server_tokens'] = nil |||
| default['firezone']['nginx']['server_names_hash_bucket_size'] = 64 |||
| default['firezone']['nginx']['sendfile'] = 'on' |||
| default['firezone']['nginx']['access_log_options'] = nil |||
| default['firezone']['nginx']['error_log_options'] = nil |||
| default['firezone']['nginx']['disable_access_log'] = false |||
| default['firezone']['nginx']['default_site_enabled'] = false |||
| default['firezone']['nginx']['types_hash_max_size'] = 2048 |||
| default['firezone']['nginx']['types_hash_bucket_size'] = 64 |||
| default['firezone']['nginx']['proxy_read_timeout'] = nil |||
| default['firezone']['nginx']['client_body_buffer_size'] = nil |||
| default['firezone']['nginx']['client_max_body_size'] = '250m' |||
| default['firezone']['nginx']['default']['modules'] = [] |||
| default['firezone']['postgresql']['enabled'] = true |||
| default['firezone']['postgresql']['username'] = node['firezone']['user'] |||
| default['firezone']['postgresql']['data_directory'] = "#{node['firezone']['var_directory']}/postgresql/13.3/data" |||
| default['firezone']['postgresql']['log_directory'] = "#{node['firezone']['log_directory']}/postgresql" |||
| default['firezone']['postgresql']['log_rotation']['file_maxbytes'] = 104857600 |||
| default['firezone']['postgresql']['log_rotation']['num_to_keep'] = 10 |||
| default['firezone']['postgresql']['checkpoint_completion_target'] = 0.5 |||
| default['firezone']['postgresql']['checkpoint_segments'] = 3 |||
| default['firezone']['postgresql']['checkpoint_timeout'] = '5min' |||
| default['firezone']['postgresql']['checkpoint_warning'] = '30s' |||
| default['firezone']['postgresql']['effective_cache_size'] = '128MB' |||
| default['firezone']['postgresql']['listen_address'] = '127.0.0.1' |||
| default['firezone']['postgresql']['max_connections'] = 350 |||
| default['firezone']['postgresql']['md5_auth_cidr_addresses'] = ['127.0.0.1/32', '::1/128'] |||
| default['firezone']['postgresql']['port'] = 15432 |||
| default['firezone']['postgresql']['shared_buffers'] = "#{(node['memory']['total'].to_i / 4) / 1024}MB" |||
| default['firezone']['postgresql']['shmmax'] = 17179869184 |||
| default['firezone']['postgresql']['shmall'] = 4194304 |||
| default['firezone']['postgresql']['work_mem'] = '8MB' |||
| default['firezone']['database']['user'] = node['firezone']['postgresql']['username'] |||
| default['firezone']['database']['name'] = 'firezone' |||
| default['firezone']['database']['host'] = node['firezone']['postgresql']['listen_address'] |||
| default['firezone']['database']['port'] = node['firezone']['postgresql']['port'] |||
| default['firezone']['database']['pool'] = [10, Etc.nprocessors].max |||
| default['firezone']['database']['extensions'] = { 'plpgsql' => true, 'pg_trgm' => true } |||
| default['firezone']['phoenix']['enabled'] = true |||
| default['firezone']['phoenix']['port'] = 13000 |||
| default['firezone']['phoenix']['log_directory'] = "#{node['firezone']['log_directory']}/phoenix" |||
| default['firezone']['phoenix']['log_rotation']['file_maxbytes'] = 104857600 |||
| default['firezone']['phoenix']['log_rotation']['num_to_keep'] = 10 |||
| default['firezone']['wireguard']['enabled'] = true |||
| default['firezone']['wireguard']['log_directory'] = "#{node['firezone']['log_directory']}/wireguard" |||
| default['firezone']['wireguard']['log_rotation']['file_maxbytes'] = 104857600 |||
| default['firezone']['wireguard']['log_rotation']['num_to_keep'] = 10 |||
| default['firezone']['wireguard']['interface_name'] = 'wg-firezone' |||
| default['firezone']['wireguard']['port'] = 51820 |||
| default['firezone']['wireguard']['mtu'] = 1420 |||
| default['firezone']['wireguard']['ipv4']['enabled'] = true |||
| default['firezone']['wireguard']['ipv4']['network'] = '10.3.2.0/24' |||
| default['firezone']['wireguard']['ipv4']['address'] = '10.3.2.1' |||
| default['firezone']['wireguard']['ipv6']['enabled'] = true |||
| default['firezone']['wireguard']['ipv6']['network'] = 'fd00::3:2:0/120' |||
| default['firezone']['wireguard']['ipv6']['address'] = 'fd00::3:2:1' |||
| default['firezone']['runit']['svlogd_bin'] = "#{node['firezone']['install_directory']}/embedded/bin/svlogd" |||
| default['firezone']['ssl']['directory'] = '/var/opt/firezone/ssl' |||
| default['firezone']['ssl']['enabled'] = true |||
| default['firezone']['ssl']['certificate'] = nil |||
| default['firezone']['ssl']['certificate_key'] = nil |||
| default['firezone']['ssl']['ssl_dhparam'] = nil |||
| default['firezone']['ssl']['country_name'] = 'US' |||
| default['firezone']['ssl']['state_name'] = 'CA' |||
| default['firezone']['ssl']['locality_name'] = 'San Francisco' |||
| default['firezone']['ssl']['company_name'] = 'My Company' |||
| default['firezone']['ssl']['organizational_unit_name'] = 'Operations' |||
| default['firezone']['ssl']['email_address'] = 'you@example.com' |||
| default['firezone']['ssl']['ciphers'] = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA' |||
| default['firezone']['ssl']['fips_ciphers'] = 'FIPS@STRENGTH:!aNULL:!eNULL' |||
| default['firezone']['ssl']['protocols'] = 'TLSv1 TLSv1.1 TLSv1.2' |||
| default['firezone']['ssl']['session_cache'] = 'shared:SSL:4m' |||
| default['firezone']['ssl']['session_timeout'] = '5m' |||
| default['firezone']['robots_allow'] = '/' |||
| default['firezone']['robots_disallow'] = nil |||
| default['firezone']['from_email'] = nil |||
| default['firezone']['smtp_address'] = nil |||
| default['firezone']['smtp_password'] = nil |||
| default['firezone']['smtp_port'] = nil |||
| default['firezone']['smtp_user_name'] = nil |||
| default['firezone']['connectivity_checks']['enabled'] = true |||
| default['firezone']['connectivity_checks']['interval'] = 3_600 |||
<!-- markdownlint-disable MD043 -->
| option | description | default value |
| ----------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------- |
| `default['firezone']['nginx']['enabled']` | Whether to enable the bundled nginx server. | `true` |
| `default['firezone']['fqdn']` | FQDN of this Firezone instance. | `(node['fqdn'] \|\| node['hostname']).downcase` |
| `default['firezone']['config_directory']` | Top-level directory for Firezone configuration. | `'/etc/firezone'` |
| `default['firezone']['install_directory']` | Top-level directory to install Firezone to. | `'/opt/firezone'` |
| `default['firezone']['app_directory']` | Top-level directory to install the Firezone web application. | `"#{node['firezone']['install_directory']}/embedded/service/firezone"` |
| `default['firezone']['log_directory']` | Top-level directory for Firezone logs. | `'/var/log/firezone'` |
| `default['firezone']['var_directory']` | Top-level directory for Firezone runtime files. | `'/var/opt/firezone'` |
| `default['firezone']['user']` | Name of unprivileged Linux user most services and files will belong to. | `'firezone'` |
| `default['firezone']['group']` | Name of Linux group most services and files will belong to. | `'firezone'` |
| `default['firezone']['admin_email']` | Email address for initial Firezone user. | `"firezone@localhost"` |
| `default['firezone']['egress_interface']` | Interface name where tunneled traffic will exit. If nil, the default route interface will be used. | `nil` |
| `default['firezone']['fips_enabled']` | Enable or disable OpenSSL FIPs mode. | `nil` |
| `default['enterprise']['name']` | Name used by the Chef 'enterprise' cookbook. | `'firezone'` |
| `default['firezone']['install_path']` | Install path used by Chef 'enterprise' cookbook. Should be set to the same as the `install_directory` above. | `node['firezone']['install_directory']` |
| `default['firezone']['sysvinit_id']` | An identifier used in `/etc/inittab`. Must be a unique sequence of 1-4 characters. | `'SUP'` |
| `default['firezone']['nginx']['enabled']` | Enable or disable the bundled nginx server. | `true` |
| `default['firezone']['nginx']['force_ssl']` | Force nginx to SSL mode only. | `true` |
| `default['firezone']['nginx']['non_ssl_port']` | HTTP listen port. | `80` |
| `default['firezone']['nginx']['ssl_port']` | HTTPS listen port. | `443` |
| `default['firezone']['nginx']['directory']` | Directory to store Firezone-related nginx virtual host configuration. | `"#{node['firezone']['var_directory']}/nginx/etc"` |
| `default['firezone']['nginx']['log_directory']` | Directory to store Firezone-related nginx log files. | `"#{node['firezone']['log_directory']}/nginx"` |
| `default['firezone']['nginx']['log_rotation']['file_maxbytes']` | File size at which to rotate Nginx log files. | `104857600` |
| `default['firezone']['nginx']['log_rotation']['num_to_keep']` | Number of Firezone nginx log files to keep before discarding. | `10` |
| `default['firezone']['nginx']['log_x_forwarded_for']` | Whether to log Firezone nginx `x-forwarded-for` header. | `false` |
| `default['firezone']['nginx']['redirect_to_canonical']` | Whether to redirect URLs to the canonical FQDN specified above | `false` |
| `default['firezone']['nginx']['cache']['enabled']` | Enable or disable the Firezone nginx cache. | `false` |
| `default['firezone']['nginx']['cache']['directory']` | Directory for Firezone nginx cache. | `"#{node['firezone']['var_directory']}/nginx/cache"` |
| `default['firezone']['nginx']['user']` | Firezone nginx user. | `node['firezone']['user']` |
| `default['firezone']['nginx']['group']` | Firezone nginx group. | `node['firezone']['group']` |
| `default['firezone']['nginx']['dir']` | Top-level nginx configuration directory. | `node['firezone']['nginx']['directory']` |
| `default['firezone']['nginx']['log_dir']` | Top-level nginx log directory. | `node['firezone']['nginx']['log_directory']` |
| `default['firezone']['nginx']['pid']` | Location for nginx pid file. | `"#{node['firezone']['nginx']['directory']}/nginx.pid"` |
| `default['firezone']['nginx']['daemon_disable']` | Disable nginx daemon mode so we can monitor it instead. | `true` |
| `default['firezone']['nginx']['gzip']` | Turn nginx gzip compression on or off. | `'on'` |
| `default['firezone']['nginx']['gzip_static']` | Turn nginx gzip compression on or off for static files. | `'off'` |
| `default['firezone']['nginx']['gzip_http_version']` | HTTP version to use for serving static files. | `'1.0'` |
| `default['firezone']['nginx']['gzip_comp_level']` | nginx gzip compression level. | `'2'` |
| `default['firezone']['nginx']['gzip_proxied']` | Enables or disables gzipping of responses for proxied requests depending on the request and response. | `'any'` |
| `default['firezone']['nginx']['gzip_vary']` | Enables or disables inserting the “Vary: Accept-Encoding” response header. | `'off'` |
| `default['firezone']['nginx']['gzip_buffers']` | Sets the number and size of buffers used to compress a response. If `nil`, nginx default is used. | `nil` |
| `default['firezone']['nginx']['gzip_types']` | MIME types to enable gzip compression for. | `['text/plain', 'text/css','application/x-javascript', 'text/xml', 'application/xml', 'application/rss+xml', 'application/atom+xml', 'text/javascript', 'application/javascript', 'application/json']` |
| `default['firezone']['nginx']['gzip_min_length']` | Minimum file length to enable file gzip compression for. | `1000` |
| `default['firezone']['nginx']['gzip_disable']` | User-agent matcher to disable gzip compression for. | `'MSIE [1-6]\.'` |
| `default['firezone']['nginx']['keepalive']` | Activates cache for connection to upstream servers. | `'on'` |
| `default['firezone']['nginx']['keepalive_timeout']` | Timeout in seconds for keepalive connection to upstream servers. | `65` |
| `default['firezone']['nginx']['worker_processes']` | Number of nginx worker processes. | `node['cpu'] && node['cpu']['total'] ? node['cpu']['total'] : 1` |
| `default['firezone']['nginx']['worker_connections']` | Max number of simultaneous connections that can be opened by a worker process. | `1024` |
| `default['firezone']['nginx']['worker_rlimit_nofile']` | Changes the limit on the maximum number of open files for worker processes. Uses nginx default if nil. | `nil` |
| `default['firezone']['nginx']['multi_accept']` | Whether workers should accept one connection at a time or multiple. | `false` |
| `default['firezone']['nginx']['event']` | Specifies the connection processing method to use inside nginx events context. | `nil` |
| `default['firezone']['nginx']['server_tokens']` | Enables or disables emitting nginx version on error pages and in the “Server” response header field. | `nil` |
| `default['firezone']['nginx']['server_names_hash_bucket_size']` | Sets the bucket size for the server names hash tables. | `64` |
| `default['firezone']['nginx']['sendfile']` | Enables or disables the use of nginx's `sendfile()`. | `'on'` |
| `default['firezone']['nginx']['access_log_options']` | Sets nginx access log options. | `nil` |
| `default['firezone']['nginx']['error_log_options']` | Sets nginx error log options. | `nil` |
| `default['firezone']['nginx']['disable_access_log']` | Disables nginx access log. | `false` |
| `default['firezone']['nginx']['default_site_enabled']` | Enables nginx default site. | `false` |
| `default['firezone']['nginx']['types_hash_max_size']` | nginx types hash max size. | `2048` |
| `default['firezone']['nginx']['types_hash_bucket_size']` | nginx types hash bucket size. | `64` |
| `default['firezone']['nginx']['proxy_read_timeout']` | nginx proxy read timeout. Set to `nil` to use nginx default. | `nil` |
| `default['firezone']['nginx']['client_body_buffer_size']` | nginx client body buffer size. Set to `nil` to use nginx default. | `nil` |
| `default['firezone']['nginx']['client_max_body_size']` | nginx client max body size. | `'250m'` |
| `default['firezone']['nginx']['default']['modules']` | Specify additional nginx modules. | `[]` |
| `default['firezone']['postgresql']['enabled']` | Enable or disable bundled Postgresql. Set to `false` and fill in the `database` options below to use your own Postgresql instance. | `true` |
| `default['firezone']['postgresql']['username']` | Username for Postgresql. | `node['firezone']['user']` |
| `default['firezone']['postgresql']['data_directory']` | Postgresql data directory. | `"#{node['firezone']['var_directory']}/postgresql/13.3/data"` |
| `default['firezone']['postgresql']['log_directory']` | Postgresql log directory. | `"#{node['firezone']['log_directory']}/postgresql"` |
| `default['firezone']['postgresql']['log_rotation']['file_maxbytes']` | Postgresql log file maximum size before it's rotated. | `104857600` |
| `default['firezone']['postgresql']['log_rotation']['num_to_keep']` | Number of Postgresql log files to keep. | `10` |
| `default['firezone']['postgresql']['checkpoint_completion_target']` | Postgresql checkpoint completion target. | `0.5` |
| `default['firezone']['postgresql']['checkpoint_segments']` | Number of Postgresql checkpoint segments. | `3` |
| `default['firezone']['postgresql']['checkpoint_timeout']` | Postgresql checkpoint timeout. | `'5min'` |
| `default['firezone']['postgresql']['checkpoint_warning']` | Postgresql checkpoint warning time in seconds. | `'30s'` |
| `default['firezone']['postgresql']['effective_cache_size']` | Postgresql effective cache size. | `'128MB'` |
| `default['firezone']['postgresql']['listen_address']` | Postgresql listen address. | `'127.0.0.1'` |
| `default['firezone']['postgresql']['max_connections']` | Postgresql max connections. | `350` |
| `default['firezone']['postgresql']['md5_auth_cidr_addresses']` | Postgresql CIDRs to allow for md5 auth. | `['127.0.0.1/32', '::1/128']` |
| `default['firezone']['postgresql']['port']` | Postgresql listen port. | `15432` |
| `default['firezone']['postgresql']['shared_buffers']` | Postgresql shared buffers size. | `"#{(node['memory']['total'].to_i / 4) / 1024}MB"` |
| `default['firezone']['postgresql']['shmmax']` | Postgresql shmmax in bytes. | `17179869184` |
| `default['firezone']['postgresql']['shmall']` | Postgresql shmall in bytes. | `4194304` |
| `default['firezone']['postgresql']['work_mem']` | Postgresql working memory size. | `'8MB'` |
| `default['firezone']['database']['user']` | Specifies the username Firezone will use to connect to the DB. | `node['firezone']['postgresql']['username']` |
| `default['firezone']['database']['name']` | Database that Firezone will use. Will be created if it doesn't exist. | `'firezone'` |
| `default['firezone']['database']['host']` | Database host that Firezone will connect to. | `node['firezone']['postgresql']['listen_address']` |
| `default['firezone']['database']['port']` | Database port that Firezone will connect to. | `node['firezone']['postgresql']['port']` |
| `default['firezone']['database']['pool']` | Database pool size Firezone will use. | `[10, Etc.nprocessors].max` |
| `default['firezone']['database']['extensions']` | Database extensions to enable. | `{ 'plpgsql' => true, 'pg_trgm' => true }` |
| `default['firezone']['phoenix']['enabled']` | Enable or disable the Firezone web application. | `true` |
| `default['firezone']['phoenix']['port']` | Firezone web application listen port. This will be the upstream port that nginx proxies. | `13000` |
| `default['firezone']['phoenix']['log_directory']` | Firezone web application log directory. | `"#{node['firezone']['log_directory']}/phoenix"` |
| `default['firezone']['phoenix']['log_rotation']['file_maxbytes']` | Firezone web application log file size. | `104857600` |
| `default['firezone']['phoenix']['log_rotation']['num_to_keep']` | Number of Firezone web application log files to keep. | `10` |
| `default['firezone']['wireguard']['enabled']` | Enable or disable bundled WireGuard management. | `true` |
| `default['firezone']['wireguard']['log_directory']` | Log directory for bundled WireGuard management. | `"#{node['firezone']['log_directory']}/wireguard"` |
| `default['firezone']['wireguard']['log_rotation']['file_maxbytes']` | WireGuard log file max size. | `104857600` |
| `default['firezone']['wireguard']['log_rotation']['num_to_keep']` | Number of WireGuard log files to keep. | `10` |
| `default['firezone']['wireguard']['interface_name']` | WireGuard interface name. | `'wg-firezone'` |
| `default['firezone']['wireguard']['port']` | WireGuard listen port. | `51820` |
| `default['firezone']['wireguard']['mtu']` | WireGuard interface MTU. | `1420` |
| `default['firezone']['wireguard']['ipv4']['enabled']` | Enable or disable IPv4 for WireGuard network. | `true` |
| `default['firezone']['wireguard']['ipv4']['network']` | WireGuard network IPv4 address pool. | `'10.3.2.0/24'` |
| `default['firezone']['wireguard']['ipv4']['address']` | WireGuard interface IPv4 address. Must be within WireGuard address pool. | `'10.3.2.1'` |
| `default['firezone']['wireguard']['ipv6']['enabled']` | Enable or disable IPv6 for WireGuard network. | `true` |
| `default['firezone']['wireguard']['ipv6']['network']` | WireGuard network IPv6 address pool. | `'fd00::3:2:0/120'` |
| `default['firezone']['wireguard']['ipv6']['address']` | WireGuard interface IPv6 address. Must be within IPv6 address pool. | `'fd00::3:2:1'` |
| `default['firezone']['runit']['svlogd_bin']` | Runit svlogd bin location. | `"#{node['firezone']['install_directory']}/embedded/bin/svlogd"` |
| `default['firezone']['ssl']['directory']` | SSL directory for storing generated certs. | `'/var/opt/firezone/ssl'` |
| `default['firezone']['ssl']['enabled']` | Enable or disable SSL for nginx. | `true` |
| `default['firezone']['ssl']['certificate']` | Path to the certificate file for your FQDN. If this is nil, a self-signed on will be generated for you. | `nil` |
| `default['firezone']['ssl']['certificate_key']` | Path to the certificate key file for your FQDN. If this is nil, a self-signed certificate will be generated for you. | `nil` |
| `default['firezone']['ssl']['ssl_dhparam']` | nginx ssl dh_param. | `nil` |
| `default['firezone']['ssl']['country_name']` | Country name for self-signed cert. | `'US'` |
| `default['firezone']['ssl']['state_name']` | State name for self-signed cert. | `'CA'` |
| `default['firezone']['ssl']['locality_name']` | Locality name for self-signed cert. | `'San Francisco'` |
| `default['firezone']['ssl']['company_name']` | Company name self-signed cert. | `'My Company'` |
| `default['firezone']['ssl']['organizational_unit_name']` | Organizational unit name for self-signed cert. | `'Operations'` |
| `default['firezone']['ssl']['email_address']` | Email address for self-signed cert. | `'you@example.com'` |
| `default['firezone']['ssl']['ciphers']` | SSL ciphers for nginx to use. | `'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'` |
| `default['firezone']['ssl']['fips_ciphers']` | SSL ciphers for FIPs mode. | `'FIPS@STRENGTH:!aNULL:!eNULL'` |
| `default['firezone']['ssl']['protocols']` | TLS protocols to use. | `'TLSv1 TLSv1.1 TLSv1.2'` |
| `default['firezone']['ssl']['session_cache']` | SSL session cache. | `'shared:SSL:4m'` |
| `default['firezone']['ssl']['session_timeout']` | SSL session timeout. | `'5m'` |
| `default['firezone']['robots_allow']` | nginx robots allow. | `'/'` |
| `default['firezone']['robots_disallow']` | nginx robots disallow. | `nil` |
| `default['firezone']['from_email']` | Outbound email from address. | `nil` |
| `default['firezone']['smtp_address']` | Outbound email SMTP server address. | `nil` |
| `default['firezone']['smtp_password']` | Outbound email SMTP password. | `nil` |
| `default['firezone']['smtp_port']` | Outbound email SMTP port. | `nil` |
| `default['firezone']['smtp_user_name']` | Outbound email SMTP username. | `nil` |
| `default['firezone']['connectivity_checks']['enabled']` | Enable or disable the Firezone connectivity checks service. | `true` |
| `default['firezone']['connectivity_checks']['interval']` | Interval between connectivity checks in seconds. | `3_600` |
<!-- markdownlint-enable MD043 -->