From 163f8f80f1f2e33126de4d4438445ca4db775936 Mon Sep 17 00:00:00 2001 From: Simon Smith Date: Sun, 13 Aug 2023 00:18:50 +0100 Subject: [PATCH] fix meshcentral-config-schema.json --- meshcentral-config-schema.json | 3978 +++++++++++++++++--------------- 1 file changed, 2131 insertions(+), 1847 deletions(-) diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json index a1b33c2c..5d665c60 100644 --- a/meshcentral-config-schema.json +++ b/meshcentral-config-schema.json @@ -3,7 +3,10 @@ "$schema": "http://json-schema.org/draft-04/schema#", "description": "MeshCentral configuration file schema", "type": "object", - "required": [ "settings", "domains" ], + "required": [ + "settings", + "domains" + ], "properties": { "settings": { "type": "object", @@ -220,7 +223,11 @@ "sessionSameSite": { "type": "string", "default": "lax", - "enum": [ "strict", "lax", "none" ] + "enum": [ + "strict", + "lax", + "none" + ] }, "dbEncryptKey": { "type": "string", @@ -357,16 +364,25 @@ "description": "When code signing an agent using authenticode, lock the agent to only allow connection to this server. (This is in testing, the default value will change to true in the future)." }, "agentTimeStampServer": { - "type": [ "boolean", "string" ], + "type": [ + "boolean", + "string" + ], "default": "http://timestamp.comodoca.com/authenticode", "description": "The time stamping server to use when code signing Windows executables. When set to false, the executables are not time stamped." }, "agentTimeStampProxy": { - "type": [ "boolean", "string" ], + "type": [ + "boolean", + "string" + ], "description": "The HTTP proxy to use when contacting the time stamping server, if false, no proxy is used. By default, the npmproxy value is used." }, "ignoreAgentHashCheck": { - "type": [ "boolean", "string" ], + "type": [ + "boolean", + "string" + ], "default": false, "description": "When true, the agent no longer checked the TLS certificate of the server. This should be used for debugging only. You can also set this to a comma separated list of IP addresses to ignore, for example: \"192.168.2.100,192.168.1.0/24\"." }, @@ -380,7 +396,10 @@ "default": false }, "StrictTransportSecurity": { - "type": [ "boolean", "string" ], + "type": [ + "boolean", + "string" + ], "default": null, "description": "Controls the Strict-Transport-Security header, default is 1 year. Set to false to remove, true to force enable, or string to set a custom value. If set to null, MeshCentral will enable if a trusted certificate is set." }, @@ -390,13 +409,23 @@ "description": "When enabled, the MeshCentral web site can be embedded within another website's iframe." }, "cookieIpCheck": { - "type": [ "string", "boolean" ], + "type": [ + "string", + "boolean" + ], "default": "lax", - "enum": [ "strict", "lax", "none" ] + "enum": [ + "strict", + "lax", + "none" + ] }, "cookieEncoding": { "type": "string", - "enum": [ "hex", "base64" ], + "enum": [ + "hex", + "base64" + ], "default": "base64", "description": "Encoding format of cookies in the HTTP headers, this is typically Base64 but some reverse proxies will require HEX." }, @@ -531,7 +560,9 @@ "description": "Server administrator email given to the FireFox and Chrome push notification services." } }, - "required": [ "email" ] + "required": [ + "email" + ] }, "RunOnServerStarted": { "type": "boolean", @@ -564,22 +595,34 @@ "description": "If set, a user from a banned IP address will be redirected to this URL." }, "userAllowedIP": { - "type": [ "string", "array" ], + "type": [ + "string", + "array" + ], "default": null, "description": "When set, only users from allowed IP address ranges can connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" }, "userBlockedIP": { - "type": [ "string", "array" ], + "type": [ + "string", + "array" + ], "default": null, "description": "When set, users from these denied IP address ranges will not be able to connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" }, "agentAllowedIP": { - "type": [ "string", "array" ], + "type": [ + "string", + "array" + ], "default": null, "description": "When set, only agents from allowed IP address ranges can connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" }, "agentBlockedIP": { - "type": [ "string", "array" ], + "type": [ + "string", + "array" + ], "default": null, "description": "When set, agents from these denied IP address ranges will not be able to connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" }, @@ -628,10 +671,16 @@ "description": "When set, encrypts all LAN discovery traffic to agents and tools using this key. This is only useful in LAN/Hybrid mode when agents and tools user multicast to find the server." } }, - "required": [ "name", "info" ] + "required": [ + "name", + "info" + ] }, "tlsOffload": { - "type": [ "boolean", "string" ], + "type": [ + "boolean", + "string" + ], "default": false, "description": "When true, indicates that a TLS offloader is in front of the MeshCentral server. More typically, set this to the IP address of the reverse proxy or TLS offloader so that IP forwarding headers will be trusted. For example: \"127.0.0.1,192.168.1.100\"." }, @@ -712,11 +761,15 @@ "type": "string" } }, - "required": [ "urls" ] + "required": [ + "urls" + ] } } }, - "required": [ "iceServers" ] + "required": [ + "iceServers" + ] }, "crowdsec": { "type": "object", @@ -734,11 +787,18 @@ "fallbackRemediation": { "type": "string", "default": "ban", - "enum": [ "bypass", "captcha", "ban" ], + "enum": [ + "bypass", + "captcha", + "ban" + ], "description": "Action to perform if the CrowdSec agent can't be contacted." } }, - "required": [ "url", "apiKey" ] + "required": [ + "url", + "apiKey" + ] }, "autoBackup": { "type": "object", @@ -872,7 +932,12 @@ "amtProvisioningServer": { "type": "object", "additionalProperties": false, - "required": [ "deviceGroup", "newMebxPassword", "trustedFqdn", "ip" ], + "required": [ + "deviceGroup", + "newMebxPassword", + "trustedFqdn", + "ip" + ], "description": "When present, this section will enable the Intel AMT provisioning server on the local network. This is used for Intel AMT bare-metal ACM activation.", "properties": { "port": { @@ -905,7 +970,9 @@ "type": "boolean" } }, - "required": [ "enabled" ] + "required": [ + "enabled" + ] } } }, @@ -974,7 +1041,10 @@ "type": "integer" }, "loginKey": { - "type": [ "string", "array" ], + "type": [ + "string", + "array" + ], "items": { "type": "string" }, @@ -982,7 +1052,10 @@ "description": "Requires that users add the value ?key=xxx in the URL in order to see the web site." }, "agentKey": { - "type": [ "string", "array" ], + "type": [ + "string", + "array" + ], "items": { "type": "string" }, @@ -1088,7 +1161,10 @@ "default": "This value is normally auto-detected, when set to true, MeshCentral assumes that the TLS certificate comes from a trusted CA and will insure download tools perform certificate checking." }, "guestDeviceSharing": { - "type": [ "boolean", "object" ], + "type": [ + "boolean", + "object" + ], "default": true, "description": "When set to false, the desktop/terminal sharing link feature is not available.", "properties": { @@ -1111,7 +1187,10 @@ "description": "When set to true, the devices search box will match on both the server name and client name of a device." }, "agentSelfGuestSharing": { - "type": [ "boolean", "object" ], + "type": [ + "boolean", + "object" + ], "default": false, "description": "When set to true, MeshCentral Assistant can create it's own guest sharing links.", "properties": { @@ -1127,7 +1206,10 @@ "description": "When set, your can try click the run button to run on of these scripts on the remote device.", "items": { "type": "object", - "required": [ "name", "type" ], + "required": [ + "name", + "type" + ], "properties": { "name": { "description": "Name of the script.", @@ -1136,12 +1218,21 @@ "type": { "description": "The type of script.", "type": "string", - "enum": [ "bat", "ps1", "sh", "agent" ] + "enum": [ + "bat", + "ps1", + "sh", + "agent" + ] }, "runas": { "description": "How to run this script, does not apply to agent scripts.", "type": "string", - "enum": [ "agent", "userfirst", "user" ] + "enum": [ + "agent", + "userfirst", + "user" + ] }, "cmd": { "description": "The command or \\r\\n separated commands to run, if set do not use the file key.", @@ -1160,7 +1251,10 @@ "description": "When set, you can right click on the input button in the desktop tab and instantly remotely type one of these pre-configured strings.", "items": { "type": "object", - "required": [ "name", "value" ], + "required": [ + "name", + "value" + ], "properties": { "name": { "description": "Name of the text string.", @@ -1192,12 +1286,19 @@ }, "type": { "type": "string", - "enum": [ null, "user", "device" ], + "enum": [ + null, + "user", + "device" + ], "default": null, "description": "Indicate if this button should be shown in the user or device type. If omitted, it will be displayed in both." } }, - "required": [ "name", "url" ] + "required": [ + "name", + "url" + ] } }, "deviceMeshRouterLinks": { @@ -1223,7 +1324,11 @@ "items": { "type": "object", "additionalProperties": false, - "required": [ "name", "protocol", "port" ], + "required": [ + "name", + "protocol", + "port" + ], "properties": { "name": { "description": "Name of the link to be displayed on the web site.", @@ -1261,1884 +1366,2063 @@ } } } - }, - "certUrl": { - "type": "string", - "format": "uri", - "description": "https url when to get the TLS certificate that MeshAgent's will see when connecting to this server. This setting is used when a reverse proxy like NGINX is used in front of MeshCentral." - }, - "myServer": { - "type": [ "object", "boolean" ], - "additionalProperties": false, - "properties": { - "Backup": { - "type": "boolean", - "default": true, - "description": "Allows administrators to backup the server from the My Server tab. This option can only enabled when the NeDB database is in use. For other databases, this option disabled and the setting is ignored." - }, - "Restore": { - "type": "boolean", - "default": true, - "description": "Allows administrators to restore the server from the My Server tab. This option can only enabled when the NeDB database is in use. For other databases, this option disabled and the setting is ignored." - }, - "Upgrade": { - "type": "boolean", - "default": true, - "description": "Allows administrators to update the server from the My Server tab." - }, - "ErrorLog": { - "type": "boolean", - "default": true, - "description": "Allows administrators to see the server crash log the server from the My Server tab." - }, - "Console": { - "type": "boolean", - "default": true, - "description": "Allows administrators to access the server console from the My Server tab." - }, - "Trace": { - "type": "boolean", - "default": true, - "description": "Allows administrators to access the server trace tab from from the My Server tab." - } + } + }, + "certUrl": { + "type": "string", + "format": "uri", + "description": "https url when to get the TLS certificate that MeshAgent's will see when connecting to this server. This setting is used when a reverse proxy like NGINX is used in front of MeshCentral." + }, + "myServer": { + "type": [ + "object", + "boolean" + ], + "additionalProperties": false, + "properties": { + "Backup": { + "type": "boolean", + "default": true, + "description": "Allows administrators to backup the server from the My Server tab. This option can only enabled when the NeDB database is in use. For other databases, this option disabled and the setting is ignored." + }, + "Restore": { + "type": "boolean", + "default": true, + "description": "Allows administrators to restore the server from the My Server tab. This option can only enabled when the NeDB database is in use. For other databases, this option disabled and the setting is ignored." + }, + "Upgrade": { + "type": "boolean", + "default": true, + "description": "Allows administrators to update the server from the My Server tab." + }, + "ErrorLog": { + "type": "boolean", + "default": true, + "description": "Allows administrators to see the server crash log the server from the My Server tab." + }, + "Console": { + "type": "boolean", + "default": true, + "description": "Allows administrators to access the server console from the My Server tab." + }, + "Trace": { + "type": "boolean", + "default": true, + "description": "Allows administrators to access the server trace tab from from the My Server tab." } - }, - "passwordRequirements": { - "type": "object", - "properties": { - "min": { - "type": "integer", - "description": "Minimum number of characters allowed for the account password." - }, - "max": { - "type": "integer", - "description": "Maximum number of characters allowed for the account password." - }, - "upper": { - "type": "integer", - "description": "Minimum number of upper case characters required in the password." - }, - "lower": { - "type": "integer", - "description": "Minimum number of lower case characters required in the password." - }, - "numeric": { - "type": "integer", - "description": "Minimum number of numeric characters required in the password." - }, - "nonalpha": { - "type": "integer", - "description": "Minimum number of non-alpha-numeric characters required in the password." - }, - "reset": { - "type": "integer", - "description": "Number of days after which the user is required to change the account password." - }, - "email2factor": { - "type": "boolean", - "default": true, - "description": "Set to false to disable email 2FA." - }, - "sms2factor": { - "type": "boolean", - "default": true, - "description": "Set to false to disable SMS 2FA." - }, - "push2factor": { - "type": "boolean", - "default": true, - "description": "Set to false to disable push notification 2FA." - }, - "otp2factor": { - "type": "boolean", - "default": true, - "description": "Set to false to disable one-time-password 2FA." - }, - "msg2factor": { - "type": "boolean", - "default": true, - "description": "Set to false to disable user messaging 2FA." - }, - "backupcode2factor": { - "type": "boolean", - "default": true, - "description": "Set to false to disable 2FA backup codes." - }, - "single2factorWarning": { - "type": "boolean", - "default": true, - "description": "Set to false to disable single 2FA warning." - }, - "lock2factor": { - "type": "boolean", - "default": false, - "description": "When set to true, prevents any changes to 2FA." - }, - "force2factor": { - "type": "boolean", - "default": false, - "description": "Requires that all accounts setup 2FA." - }, - "skip2factor": { - "type": "string", - "description": "IP addresses where 2FA login is skipped, for example: 127.0.0.1,192.168.2.0/24" - }, - "oldPasswordBan": { - "type": "integer", - "description": "Number of old passwords the server should remember and not allow the user to switch back to." - }, - "banCommonPasswords": { - "type": "boolean", - "default": false, - "description": "Uses WildLeek to block use of the 10000 most commonly used passwords." - }, - "loginTokens": { - "type": [ "boolean", "array" ], - "default": true, - "description": "Allows users to create alternative username/passwords for their account. Set to false to disallow all users, or set to a userid array to only allow some users." - }, - "twoFactorTimeout": { - "type": "integer", - "default": 300, - "description": "Maximum about of time to wait for a 2FA token on the login page in seconds." - }, - "autofido2fa": { - "type": "boolean", - "default": false, - "description": "If true and user account has FIDO key setup, 2FA login screen will automatically request FIDO 2FA." - }, - "maxfidokeys": { - "type": "integer", - "default": null, - "description": "Maximum number of FIDO/YubikeyOTP hardware 2FA keys that can be setup in a user account." - }, - "allowaccountreset": { - "type": "boolean", - "default": true, - "description": "If set to false, the account reset option on the login screen will not be available to users." - } + } + }, + "passwordRequirements": { + "type": "object", + "properties": { + "min": { + "type": "integer", + "description": "Minimum number of characters allowed for the account password." + }, + "max": { + "type": "integer", + "description": "Maximum number of characters allowed for the account password." + }, + "upper": { + "type": "integer", + "description": "Minimum number of upper case characters required in the password." + }, + "lower": { + "type": "integer", + "description": "Minimum number of lower case characters required in the password." + }, + "numeric": { + "type": "integer", + "description": "Minimum number of numeric characters required in the password." + }, + "nonalpha": { + "type": "integer", + "description": "Minimum number of non-alpha-numeric characters required in the password." + }, + "reset": { + "type": "integer", + "description": "Number of days after which the user is required to change the account password." + }, + "email2factor": { + "type": "boolean", + "default": true, + "description": "Set to false to disable email 2FA." + }, + "sms2factor": { + "type": "boolean", + "default": true, + "description": "Set to false to disable SMS 2FA." + }, + "push2factor": { + "type": "boolean", + "default": true, + "description": "Set to false to disable push notification 2FA." + }, + "otp2factor": { + "type": "boolean", + "default": true, + "description": "Set to false to disable one-time-password 2FA." + }, + "msg2factor": { + "type": "boolean", + "default": true, + "description": "Set to false to disable user messaging 2FA." + }, + "backupcode2factor": { + "type": "boolean", + "default": true, + "description": "Set to false to disable 2FA backup codes." + }, + "single2factorWarning": { + "type": "boolean", + "default": true, + "description": "Set to false to disable single 2FA warning." + }, + "lock2factor": { + "type": "boolean", + "default": false, + "description": "When set to true, prevents any changes to 2FA." + }, + "force2factor": { + "type": "boolean", + "default": false, + "description": "Requires that all accounts setup 2FA." + }, + "skip2factor": { + "type": "string", + "description": "IP addresses where 2FA login is skipped, for example: 127.0.0.1,192.168.2.0/24" + }, + "oldPasswordBan": { + "type": "integer", + "description": "Number of old passwords the server should remember and not allow the user to switch back to." + }, + "banCommonPasswords": { + "type": "boolean", + "default": false, + "description": "Uses WildLeek to block use of the 10000 most commonly used passwords." + }, + "loginTokens": { + "type": [ + "boolean", + "array" + ], + "default": true, + "description": "Allows users to create alternative username/passwords for their account. Set to false to disallow all users, or set to a userid array to only allow some users." + }, + "twoFactorTimeout": { + "type": "integer", + "default": 300, + "description": "Maximum about of time to wait for a 2FA token on the login page in seconds." + }, + "autofido2fa": { + "type": "boolean", + "default": false, + "description": "If true and user account has FIDO key setup, 2FA login screen will automatically request FIDO 2FA." + }, + "maxfidokeys": { + "type": "integer", + "default": null, + "description": "Maximum number of FIDO/YubikeyOTP hardware 2FA keys that can be setup in a user account." + }, + "allowaccountreset": { + "type": "boolean", + "default": true, + "description": "If set to false, the account reset option on the login screen will not be available to users." } - }, - "twoFactorCookieDurationDays": { - "type": "integer", - "default": 30, - "description": "Number of days that a user is allowed to remember this device for when completing 2FA. Set this to 0 to remove this option." - }, - "auth": { - "type": "string", - "default": null, - "enum": [ null, "sspi", "ldap" ], - "description": "Type of user authentication to use, this can be SSPI on Windows or LDAP. If not set, username/password is used." - }, - "ldapUserKey": { - "type": "string", - "default": null, - "description": "The LDAP value to use as a user's unique account identifier. Use \"ldapUserKey\" or \"ldapUserBinaryKey\"." - }, - "ldapUserBinaryKey": { - "type": "string", - "default": "objectSid", - "description": "The LDAP value to use as a user's unique account identifier, when specified in this field, the values will be HEX converted." - }, - "ldapUserName": { - "type": "string", - "default": "displayName", - "description": "The LDAP value to use for the user name, you can also compose the name by setting this value to, for example: \"{{{givenName}}} {{{sn}}}\"" - }, - "ldapUserEmail": { - "type": "string", - "default": "mail", - "description": "The LDAP value to use for the user's email address." - }, - "ldapUserRealName": { - "type": "string", - "default": "name", - "description": "The LDAP value to use for the user's real name, you can also compose the name by setting this value to, for example: \"{{{givenName}}} {{{sn}}}\"" - }, - "ldapUserPhoneNumber": { - "type": "string", - "default": "telephoneNumber", - "description": "The LDAP value to use for the user's phone number." - }, - "ldapUserImage": { - "type": "string", - "default": "thumbnailPhoto", - "description": "The LDAP value to use for the user's image." - }, - "ldapSaveUserToFile": { - "type": "string", - "default": null, - "description": "When set to a filename, for example c:\\temp\\ldapusers.txt, MeshCentral will save the LDAP user object to this file each time a user logs in. This is used for debugging LDAP issues." - }, - "ldapUserGroups": { - "type": "string", - "default": "memberOf", - "description": "The LDAP value to use for the user's group memberships." - }, - "ldapSyncWithUserGroups": { - "type": [ "boolean", "object" ], - "default": false, - "description": "When set to true or set to an object, MeshCentral will synchronize LDAP user memberships to MeshCentral user groups.", - "additionalProperties": false, - "properties": { - "filter": { - "type": [ "string", "array" ], - "default": null, - "description": "When set to a string or array of strings, only LDAP membership groups that includes one of the strings will be synchronized with MeshCentral user groups." - } + } + }, + "twoFactorCookieDurationDays": { + "type": "integer", + "default": 30, + "description": "Number of days that a user is allowed to remember this device for when completing 2FA. Set this to 0 to remove this option." + }, + "auth": { + "type": "string", + "default": null, + "enum": [ + null, + "sspi", + "ldap" + ], + "description": "Type of user authentication to use, this can be SSPI on Windows or LDAP. If not set, username/password is used." + }, + "ldapUserKey": { + "type": "string", + "default": null, + "description": "The LDAP value to use as a user's unique account identifier. Use \"ldapUserKey\" or \"ldapUserBinaryKey\"." + }, + "ldapUserBinaryKey": { + "type": "string", + "default": "objectSid", + "description": "The LDAP value to use as a user's unique account identifier, when specified in this field, the values will be HEX converted." + }, + "ldapUserName": { + "type": "string", + "default": "displayName", + "description": "The LDAP value to use for the user name, you can also compose the name by setting this value to, for example: \"{{{givenName}}} {{{sn}}}\"" + }, + "ldapUserEmail": { + "type": "string", + "default": "mail", + "description": "The LDAP value to use for the user's email address." + }, + "ldapUserRealName": { + "type": "string", + "default": "name", + "description": "The LDAP value to use for the user's real name, you can also compose the name by setting this value to, for example: \"{{{givenName}}} {{{sn}}}\"" + }, + "ldapUserPhoneNumber": { + "type": "string", + "default": "telephoneNumber", + "description": "The LDAP value to use for the user's phone number." + }, + "ldapUserImage": { + "type": "string", + "default": "thumbnailPhoto", + "description": "The LDAP value to use for the user's image." + }, + "ldapSaveUserToFile": { + "type": "string", + "default": null, + "description": "When set to a filename, for example c:\\temp\\ldapusers.txt, MeshCentral will save the LDAP user object to this file each time a user logs in. This is used for debugging LDAP issues." + }, + "ldapUserGroups": { + "type": "string", + "default": "memberOf", + "description": "The LDAP value to use for the user's group memberships." + }, + "ldapSyncWithUserGroups": { + "type": [ + "boolean", + "object" + ], + "default": false, + "description": "When set to true or set to an object, MeshCentral will synchronize LDAP user memberships to MeshCentral user groups.", + "additionalProperties": false, + "properties": { + "filter": { + "type": [ + "string", + "array" + ], + "default": null, + "description": "When set to a string or array of strings, only LDAP membership groups that includes one of the strings will be synchronized with MeshCentral user groups." } - }, - "ldapSiteAdminGroups": { - "type": [ "string", "array" ], - "default": null, - "description": "When set to a list of LDAP groups, users that are part of one of these groups will be set a site administrator, otherwise site administrator rights will be removed." - }, - "ldapUserRequiredGroupMembership": { - "type": [ "string", "array" ], - "default": null, - "description": "A list of LDAP groups. Users must be part of at least one of these groups to allow login. If null, all users are allowed to login." - }, - "ldapOptions": { - "type": "object", - "description": "LDAP options passed to ldapauth-fork" - }, - "agentInviteCodes": { - "type": "boolean", - "default": false, - "description": "Enabled a feature where you can set one or more invitation codes in a device group. You can then give a invitation link to users who can use it to download the agent." - }, - "agentNoProxy": { - "type": "boolean", - "default": false, - "description": "When enabled, all newly installed MeshAgents will be instructed to no use a HTTP/HTTPS proxy even if one is configured on the remote system" - }, - "agentTag": { - "type": "object", - "description": "This section is used to indicate if parts of the meshagent.tag file should be used to set server-side device properties.", - "additionalProperties": false, - "properties": { - "ServerName": { - "type": "integer", - "default": 0, - "description": "Action taken if one of the lines in meshagent.tag contains ~ServerName:name. 0=Ignore, 1=Set." - }, - "ServerDesc": { - "type": "integer", - "default": 0, - "description": "Action taken if one of the lines in meshagent.tag contains ~ServerDesc:desc. 0=Ignore, 1=Set, 2=SetIfEmpty." - }, - "ServerTags": { - "type": "integer", - "default": 0, - "description": "Action taken if one of the lines in meshagent.tag contains ~ServerTags:tag1,tag2,tag3. 0=Ignore, 1=Set, 2=SetIfEmpty, 3=Append." - } + } + }, + "ldapSiteAdminGroups": { + "type": [ + "string", + "array" + ], + "default": null, + "description": "When set to a list of LDAP groups, users that are part of one of these groups will be set a site administrator, otherwise site administrator rights will be removed." + }, + "ldapUserRequiredGroupMembership": { + "type": [ + "string", + "array" + ], + "default": null, + "description": "A list of LDAP groups. Users must be part of at least one of these groups to allow login. If null, all users are allowed to login." + }, + "ldapOptions": { + "type": "object", + "description": "LDAP options passed to ldapauth-fork" + }, + "agentInviteCodes": { + "type": "boolean", + "default": false, + "description": "Enabled a feature where you can set one or more invitation codes in a device group. You can then give a invitation link to users who can use it to download the agent." + }, + "agentNoProxy": { + "type": "boolean", + "default": false, + "description": "When enabled, all newly installed MeshAgents will be instructed to no use a HTTP/HTTPS proxy even if one is configured on the remote system" + }, + "agentTag": { + "type": "object", + "description": "This section is used to indicate if parts of the meshagent.tag file should be used to set server-side device properties.", + "additionalProperties": false, + "properties": { + "ServerName": { + "type": "integer", + "default": 0, + "description": "Action taken if one of the lines in meshagent.tag contains ~ServerName:name. 0=Ignore, 1=Set." + }, + "ServerDesc": { + "type": "integer", + "default": 0, + "description": "Action taken if one of the lines in meshagent.tag contains ~ServerDesc:desc. 0=Ignore, 1=Set, 2=SetIfEmpty." + }, + "ServerTags": { + "type": "integer", + "default": 0, + "description": "Action taken if one of the lines in meshagent.tag contains ~ServerTags:tag1,tag2,tag3. 0=Ignore, 1=Set, 2=SetIfEmpty, 3=Append." } - }, - "geoLocation": { - "type": "boolean", - "default": false, - "description": "Enables the geo-location feature and device location map in the user interface, this feature is not being worked on." - }, - "novnc": { - "type": "boolean", - "default": true, - "description": "When enabled, activates the built-in web-based VNC client." - }, - "mstsc": { - "type": "boolean", - "default": false, - "description": "When enabled, activates the built-in web-based RDP client." - }, - "ssh": { - "type": "boolean", - "default": false, - "description": "When enabled, activates the built-in web-based SSH client." - }, - "webEmailsPath": { - "type": "string", - "description": "Path where to find custom email templates for this domain." - }, - "customUI": { - "type": "object" - }, - "consentMessages": { - "type": "object", - "description": "This section is used to customize user consent prompts, these show up when asking if a remote session is allowed or not.", - "additionalProperties": false, - "properties": { - "Title": { - "type": "string" - }, - "Desktop": { - "type": "string" - }, - "Terminal": { - "type": "string" - }, - "Files": { - "type": "string" - }, - "consentTimeout": { - "type": "integer", - "default": 30, - "description": "How long in seconds to show the user consent dialog box." - }, - "autoAcceptOnTimeout": { - "type": "boolean", - "default": false, - "description": "If true, user consent is accepted after the timeout." - } + } + }, + "geoLocation": { + "type": "boolean", + "default": false, + "description": "Enables the geo-location feature and device location map in the user interface, this feature is not being worked on." + }, + "novnc": { + "type": "boolean", + "default": true, + "description": "When enabled, activates the built-in web-based VNC client." + }, + "mstsc": { + "type": "boolean", + "default": false, + "description": "When enabled, activates the built-in web-based RDP client." + }, + "ssh": { + "type": "boolean", + "default": false, + "description": "When enabled, activates the built-in web-based SSH client." + }, + "webEmailsPath": { + "type": "string", + "description": "Path where to find custom email templates for this domain." + }, + "customUI": { + "type": "object" + }, + "consentMessages": { + "type": "object", + "description": "This section is used to customize user consent prompts, these show up when asking if a remote session is allowed or not.", + "additionalProperties": false, + "properties": { + "Title": { + "type": "string" + }, + "Desktop": { + "type": "string" + }, + "Terminal": { + "type": "string" + }, + "Files": { + "type": "string" + }, + "consentTimeout": { + "type": "integer", + "default": 30, + "description": "How long in seconds to show the user consent dialog box." + }, + "autoAcceptOnTimeout": { + "type": "boolean", + "default": false, + "description": "If true, user consent is accepted after the timeout." } - }, - "notificationMessages": { - "type": "object", - "additionalProperties": false, - "description": "This section is user to customize user notifications when a remote desktop, terminal or file session is connected to a remote system.", - "properties": { - "Title": { - "type": "string" - }, - "Desktop": { - "type": "string" - }, - "Terminal": { - "type": "string" - }, - "Files": { - "type": "string" - } - } - }, - "agentCustomization": { - "type": "object", - "additionalProperties": false, - "description": "Use this section to customize the agent branding.", - "properties": { - "displayName": { - "type": "string", - "default": "MeshCentral Agent", - "description": "The name of the agent as displayed to the user." - }, - "description": { - "type": "string", - "default": "Mesh Agent background service", - "description": "The description of the agent as displayed to the user." - }, - "companyName": { - "type": "string", - "default": "Mesh Agent", - "description": "This will be used as the path to install the agent, by default this is 'Mesh Agent' in Windows and 'meshagent' in other OS's." - }, - "serviceName": { - "type": "string", - "default": "Mesh Agent", - "description": "The name of the background service, by default this is 'Mesh Agent' in Windows and 'meshagent' in other OS's but should be set to an all lower case, no space string." - }, - "installText": { - "type": "string", - "default": null, - "description": "Text string to show in the agent installation dialog box." - }, - "image": { - "type": "string", - "default": null, - "description": "The filename of a image file in .png format located in meshcentral-data to display in the MeshCentral Agent installation dialog, image should be square and from 64x64 to 200x200." - }, - "fileName": { - "type": "string", - "default": "meshagent", - "description": "The agent filename." - }, - "foregroundColor": { - "type": "string", - "default": null, - "description": "Foreground text color, valid values are RBG in format 0,0,0 to 255,255,255 or format #000000 to #FFFFFF." - }, - "backgroundColor": { - "type": "string", - "default": null, - "description": "Background color, valid values are RBG in format 0,0,0 to 255,255,255 or format #000000 to #FFFFFF." - } - } - }, - "agentFileInfo": { - "type": "object", - "additionalProperties": false, - "description": "Use this section to set resource metadata of the Windows agents prior to signing. In Windows, you can right-click and select properties to view these values.", - "properties": { - "icon": { - "type": "string", - "description": "Sets the agent icon, this is the name of a .ico file with the file placed in the meshcentral-data folder." - }, - "fileDescription": { - "type": "string", - "description": "Executable file description." - }, - "fileVersion": { - "type": "string", - "description": "Executable file version, in the form of 'n.n.n.n', for example: '1.2.3.4'." - }, - "internalName": { - "type": "string", - "description": "Executable internal name." - }, - "legalCopyright": { - "type": "string", - "description": "Executable legal copyright." - }, - "originalFilename": { - "type": "string", - "description": "Executable original file name." - }, - "productName": { - "type": "string", - "description": "Executable product name." - }, - "productVersion": { - "type": "string", - "description": "Executable product version. Any string format will work, but a alphabetic character is required for this value to show correctly in the Windows property box. For example: 'v1.2.3.4' will work, but '1.2.3.4' will not." - } - } - }, - "assistantCustomization": { - "type": "object", - "additionalProperties": false, - "description": "Use this section to customize the MeshCentral Assistant.", - "properties": { - "title": { - "type": "string", - "default": "MeshCentral Assistant", - "description": "Name to show as MeshCentral Assistant dialog title." - }, - "image": { - "type": "string", - "default": null, - "description": "The filename of a image file in .png format located in meshcentral-data to display in MeshCentral Assistant, image should be square and from 64x64 to 128x128." - }, - "fileName": { - "type": "string", - "default": "meshagent", - "description": "The MeshCentral Assistant filename." - } - } - }, - "androidCustomization": { - "type": "object", - "additionalProperties": false, - "description": "Use this section to customize the MeshCentral Agent for Android.", - "properties": { - "title": { - "type": "string", - "default": "MeshCentral Agent", - "description": "Displayed on top of the MeshCentral Agent for Android." - }, - "subtitle": { - "type": "string", - "default": null, - "description": "Subtitle displayed until the title on the toolbar." - }, - "image": { - "type": "string", - "default": null, - "description": "The filename of a image file in .png format located in meshcentral-data to display in MeshCentral Agent for Android, image should be square and from 64x64 to 128x128." - } - } - }, - "ipBlockedUserRedirect": { - "type": "string", - "default": null, - "description": "If set, a user from a banned IP address will be redirected to this URL." - }, - "userRequiredHttpHeader": { - "type": "object", - "default": null, - "description": "When set, requires that a browser request have set HTTP header to allow user login. Example: \"{ \"Sec-Fetch-Dest\": \"iframe\" }\"" - }, - "userAllowedIP": { - "type": [ "string", "array" ], - "default": null, - "description": "When set, only users from allowed IP address ranges can connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" - }, - "userBlockedIP": { - "type": [ "string", "array" ], - "default": null, - "description": "When set, users from these denied IP address ranges will not be able to connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" - }, - "agentAllowedIP": { - "type": [ "string", "array" ], - "default": null, - "description": "When set, only agents from allowed IP address ranges can connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" - }, - "agentBlockedIP": { - "type": [ "string", "array" ], - "default": null, - "description": "When set, agents from these denied IP address ranges will not be able to connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" - }, - "userSessionIdleTimeout": { - "type": "integer", - "default": null, - "description": "When set, idle users will be disconnected after a set amounts of minutes." - }, - "userConsentFlags": { - "type": "object", - "additionalProperties": false, - "description": "Use this section to require user consent for this domain.", - "properties": { - "desktopnotify": { - "type": "boolean", - "default": false, - "description": "Enable desktop notification for this domain." - }, - "terminalnotify": { - "type": "boolean", - "default": false, - "description": "Enable terminal notification for this domain." - }, - "filenotify": { - "type": "boolean", - "default": false, - "description": "Enable files notification for this domain." - }, - "desktopprompt": { - "type": "boolean", - "default": false, - "description": "Enable desktop prompt for this domain." - }, - "terminalprompt": { - "type": "boolean", - "default": false, - "description": "Enable terminal user prompt for this domain." - }, - "fileprompt": { - "type": "boolean", - "default": false, - "description": "Enable files prompt for this domain." - }, - "desktopprivacybar": { - "type": "boolean", - "default": false, - "description": "Enable remote desktop privacy bar for this domain." - } - } - }, - "urlSwitching": { - "type": "boolean", - "default": true, - "description": "When users navigate thru the web interface, the URL on top will change to point to the current screen. This allows a user to refresh or bookmark the URL and come back to the correct screen. Setting false here will disable this feature." - }, - "desktopPrivacyBarText": { - "type": "string", - "description": "This is the text that will be shown in the remote desktop privacy bar. You can use {0} to display the account realname or {1} to display the account identifier in the string." - }, - "limits": { - "type": "object", - "additionalProperties": false, - "properties": { - "MaxDevices": { - "type": "integer", - "default": null, - "description": "Maximum number of devices in this domain." - }, - "MaxUserAccounts": { - "type": "integer", - "default": null, - "description": "Maximum number of devices in this domain." - }, - "MaxUserSessions": { - "type": "integer", - "default": null, - "description": "Maximum number of user sessions that can connect to this server for this domain." - }, - "MaxAgentSessions": { - "type": "integer", - "default": null, - "description": "Maximum number of agents that can connect to this server for this domain." - }, - "MaxSingleUserSessions": { - "type": "integer", - "default": null, - "description": "Maximum number of sessions a single user can have. Each time a user opens a new browser tab or opens a new browser on a different computer, a new user session is created." - } - } - }, - "files": { - "type": "object", - "description": "Values that affect the files feature", - "properties": { - "sftpConnect": { - "type": "boolean", - "default": true, - "description": "When false, removes the 'SFTP Connect' button from the files tab unless this is the only possible option." - } - } - }, - "terminal": { - "type": "object", - "description": "Values that affect the terminal feature", - "properties": { - "sshConnect": { - "type": "boolean", - "default": true, - "description": "When false, removes the 'SSH Connect' button from the terminal tab unless this is the only possible option." - }, - "linuxShell": { - "type": "string", - "enum": [ "any", "root", "user", "login" ], - "default": "any", - "description": "Indicate what terminal options are available when the user clicks the right mouse button on the terminal connect button." - }, - "launchCommand": { - "type": "object", - "description": "Indicate what string the agent must write to the shell after starting a terminal session", - "linux": { - "type": "string", - "default": " alias ls=\\'ls --color=auto\\';clear\\n", - "description": "String to write after opening a Linux terminal." - }, - "darwin": { - "type": "string", - "default": null, - "description": "String to write after opening a macOS terminal." - }, - "freebsd": { - "type": "string", - "default": null, - "description": "String to write after opening a FreeBSD terminal." - } - } - } - }, - "desktop": { - "type": "object", - "description": "Values that affect the desktop feature", - "properties": { - "viewonly": { - "type": "boolean", - "description": "When set to true, the remote desktop feature is view only.", - "default": "false" - } - } - }, - "amtScanOptions": { - "description": "List of local network Intel AMT scanning options offered in the user interface. For example [\"LabNetwork 192.168.15.0/23\", \"SalesNetwork 192.168.8.0/24\"].", - "type": "array", - "default": null, - "items": { + } + }, + "notificationMessages": { + "type": "object", + "additionalProperties": false, + "description": "This section is user to customize user notifications when a remote desktop, terminal or file session is connected to a remote system.", + "properties": { + "Title": { + "type": "string" + }, + "Desktop": { + "type": "string" + }, + "Terminal": { + "type": "string" + }, + "Files": { "type": "string" } - }, - "amtManager": { - "type": "object", - "additionalProperties": false, - "description": "Information passed to the AMT manager module that impacts all Intel AMT device managed within this domain.", - "properties": { - "TlsConnections": { - "type": "boolean", - "default": true, - "description": "When set to false, MeshCentral will use TLS to connect to Intel AMT, this is not recommended." + } + }, + "agentCustomization": { + "type": "object", + "additionalProperties": false, + "description": "Use this section to customize the agent branding.", + "properties": { + "displayName": { + "type": "string", + "default": "MeshCentral Agent", + "description": "The name of the agent as displayed to the user." + }, + "description": { + "type": "string", + "default": "Mesh Agent background service", + "description": "The description of the agent as displayed to the user." + }, + "companyName": { + "type": "string", + "default": "Mesh Agent", + "description": "This will be used as the path to install the agent, by default this is 'Mesh Agent' in Windows and 'meshagent' in other OS's." + }, + "serviceName": { + "type": "string", + "default": "Mesh Agent", + "description": "The name of the background service, by default this is 'Mesh Agent' in Windows and 'meshagent' in other OS's but should be set to an all lower case, no space string." + }, + "installText": { + "type": "string", + "default": null, + "description": "Text string to show in the agent installation dialog box." + }, + "image": { + "type": "string", + "default": null, + "description": "The filename of a image file in .png format located in meshcentral-data to display in the MeshCentral Agent installation dialog, image should be square and from 64x64 to 200x200." + }, + "fileName": { + "type": "string", + "default": "meshagent", + "description": "The agent filename." + }, + "foregroundColor": { + "type": "string", + "default": null, + "description": "Foreground text color, valid values are RBG in format 0,0,0 to 255,255,255 or format #000000 to #FFFFFF." + }, + "backgroundColor": { + "type": "string", + "default": null, + "description": "Background color, valid values are RBG in format 0,0,0 to 255,255,255 or format #000000 to #FFFFFF." + } + } + }, + "agentFileInfo": { + "type": "object", + "additionalProperties": false, + "description": "Use this section to set resource metadata of the Windows agents prior to signing. In Windows, you can right-click and select properties to view these values.", + "properties": { + "icon": { + "type": "string", + "description": "Sets the agent icon, this is the name of a .ico file with the file placed in the meshcentral-data folder." + }, + "fileDescription": { + "type": "string", + "description": "Executable file description." + }, + "fileVersion": { + "type": "string", + "description": "Executable file version, in the form of 'n.n.n.n', for example: '1.2.3.4'." + }, + "internalName": { + "type": "string", + "description": "Executable internal name." + }, + "legalCopyright": { + "type": "string", + "description": "Executable legal copyright." + }, + "originalFilename": { + "type": "string", + "description": "Executable original file name." + }, + "productName": { + "type": "string", + "description": "Executable product name." + }, + "productVersion": { + "type": "string", + "description": "Executable product version. Any string format will work, but a alphabetic character is required for this value to show correctly in the Windows property box. For example: 'v1.2.3.4' will work, but '1.2.3.4' will not." + } + } + }, + "assistantCustomization": { + "type": "object", + "additionalProperties": false, + "description": "Use this section to customize the MeshCentral Assistant.", + "properties": { + "title": { + "type": "string", + "default": "MeshCentral Assistant", + "description": "Name to show as MeshCentral Assistant dialog title." + }, + "image": { + "type": "string", + "default": null, + "description": "The filename of a image file in .png format located in meshcentral-data to display in MeshCentral Assistant, image should be square and from 64x64 to 128x128." + }, + "fileName": { + "type": "string", + "default": "meshagent", + "description": "The MeshCentral Assistant filename." + } + } + }, + "androidCustomization": { + "type": "object", + "additionalProperties": false, + "description": "Use this section to customize the MeshCentral Agent for Android.", + "properties": { + "title": { + "type": "string", + "default": "MeshCentral Agent", + "description": "Displayed on top of the MeshCentral Agent for Android." + }, + "subtitle": { + "type": "string", + "default": null, + "description": "Subtitle displayed until the title on the toolbar." + }, + "image": { + "type": "string", + "default": null, + "description": "The filename of a image file in .png format located in meshcentral-data to display in MeshCentral Agent for Android, image should be square and from 64x64 to 128x128." + } + } + }, + "ipBlockedUserRedirect": { + "type": "string", + "default": null, + "description": "If set, a user from a banned IP address will be redirected to this URL." + }, + "userRequiredHttpHeader": { + "type": "object", + "default": null, + "description": "When set, requires that a browser request have set HTTP header to allow user login. Example: \"{ \"Sec-Fetch-Dest\": \"iframe\" }\"" + }, + "userAllowedIP": { + "type": [ + "string", + "array" + ], + "default": null, + "description": "When set, only users from allowed IP address ranges can connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" + }, + "userBlockedIP": { + "type": [ + "string", + "array" + ], + "default": null, + "description": "When set, users from these denied IP address ranges will not be able to connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" + }, + "agentAllowedIP": { + "type": [ + "string", + "array" + ], + "default": null, + "description": "When set, only agents from allowed IP address ranges can connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" + }, + "agentBlockedIP": { + "type": [ + "string", + "array" + ], + "default": null, + "description": "When set, agents from these denied IP address ranges will not be able to connect to the server. Example: \"192.168.2.100,192.168.1.0/24\"" + }, + "userSessionIdleTimeout": { + "type": "integer", + "default": null, + "description": "When set, idle users will be disconnected after a set amounts of minutes." + }, + "userConsentFlags": { + "type": "object", + "additionalProperties": false, + "description": "Use this section to require user consent for this domain.", + "properties": { + "desktopnotify": { + "type": "boolean", + "default": false, + "description": "Enable desktop notification for this domain." + }, + "terminalnotify": { + "type": "boolean", + "default": false, + "description": "Enable terminal notification for this domain." + }, + "filenotify": { + "type": "boolean", + "default": false, + "description": "Enable files notification for this domain." + }, + "desktopprompt": { + "type": "boolean", + "default": false, + "description": "Enable desktop prompt for this domain." + }, + "terminalprompt": { + "type": "boolean", + "default": false, + "description": "Enable terminal user prompt for this domain." + }, + "fileprompt": { + "type": "boolean", + "default": false, + "description": "Enable files prompt for this domain." + }, + "desktopprivacybar": { + "type": "boolean", + "default": false, + "description": "Enable remote desktop privacy bar for this domain." + } + } + }, + "urlSwitching": { + "type": "boolean", + "default": true, + "description": "When users navigate thru the web interface, the URL on top will change to point to the current screen. This allows a user to refresh or bookmark the URL and come back to the correct screen. Setting false here will disable this feature." + }, + "desktopPrivacyBarText": { + "type": "string", + "description": "This is the text that will be shown in the remote desktop privacy bar. You can use {0} to display the account realname or {1} to display the account identifier in the string." + }, + "limits": { + "type": "object", + "additionalProperties": false, + "properties": { + "MaxDevices": { + "type": "integer", + "default": null, + "description": "Maximum number of devices in this domain." + }, + "MaxUserAccounts": { + "type": "integer", + "default": null, + "description": "Maximum number of devices in this domain." + }, + "MaxUserSessions": { + "type": "integer", + "default": null, + "description": "Maximum number of user sessions that can connect to this server for this domain." + }, + "MaxAgentSessions": { + "type": "integer", + "default": null, + "description": "Maximum number of agents that can connect to this server for this domain." + }, + "MaxSingleUserSessions": { + "type": "integer", + "default": null, + "description": "Maximum number of sessions a single user can have. Each time a user opens a new browser tab or opens a new browser on a different computer, a new user session is created." + } + } + }, + "files": { + "type": "object", + "description": "Values that affect the files feature", + "properties": { + "sftpConnect": { + "type": "boolean", + "default": true, + "description": "When false, removes the 'SFTP Connect' button from the files tab unless this is the only possible option." + } + } + }, + "terminal": { + "type": "object", + "description": "Values that affect the terminal feature", + "properties": { + "sshConnect": { + "type": "boolean", + "default": true, + "description": "When false, removes the 'SSH Connect' button from the terminal tab unless this is the only possible option." + }, + "linuxShell": { + "type": "string", + "enum": [ + "any", + "root", + "user", + "login" + ], + "default": "any", + "description": "Indicate what terminal options are available when the user clicks the right mouse button on the terminal connect button." + }, + "launchCommand": { + "type": "object", + "description": "Indicate what string the agent must write to the shell after starting a terminal session", + "linux": { + "type": "string", + "default": " alias ls=\\'ls --color=auto\\';clear\\n", + "description": "String to write after opening a Linux terminal." }, - "TlsAcmActivation": { - "type": "boolean", - "default": false, - "description": "When set to false, MeshCentral will not attempt a TLS ACM activation on Intel AMT v14+" - }, - "AdminAccounts": { - "description": "List of username and passwords to try when connecting to Intel AMT.", - "type": "array", - "items": { - "type": "object", - "additionalProperties": false, - "required": [ "pass" ], - "properties": { - "user": { - "description": "Intel AMT administrator username.", - "type": "string", - "default": "admin" - }, - "pass": { - "description": "Intel AMT administrator password.", - "type": "string" - } - } - } - }, - "EnvironmentDetection": { - "description": "List of up to 4 domain suffixes to configure in Intel AMT when activating CIRA.", - "type": "array", - "items": { - "type": "string", - "minItems": 1, - "maxItems": 4, - "uniqueItems": true - } - }, - "TlsRootCert": { - "description": "Specifies a certificate and private key to use to issue Intel AMT TLS certificates. By default the MeshCentral self-signed root certificate is used.", - "type": "object", - "properties": { - "certpfx": { - "description": "Name of the certificate file that is in .p12 or .pfx format in meshcentral-data, use this with certpfxpass.", - "type": "string" - }, - "certpfxpass": { - "description": "Password for the file specified in certpfx.", - "type": "string" - }, - "certfile": { - "description": "Name of the certificate file in PEM format located in meshcentral-data. Using this with keyfile.", - "type": "string" - }, - "keyfile": { - "description": "Name of the private key file in PEM format located in meshcentral-data. Using this with certfile.", - "type": "string" - } - } - }, - "WifiProfiles": { - "description": "List of WIFI profiles to setup in any managed Intel AMT device with a WIFI network interface.", - "type": "array", - "items": { - "type": "object", - "additionalProperties": false, - "required": [ "ssid" ], - "properties": { - "name": { - "description": "WIFI profile name, if not specified the SSID is used.", - "type": "string" - }, - "ssid": { - "description": "SSID of the WIFI station.", - "type": "string" - }, - "authentication": { - "description": "WIFI authentication.", - "type": "string", - "enum": [ - "wpa-psk", - "wpa2-psk", - "wpa-8021x", - "wpa2-802.1x", - "wpa3-sae-802.1x", - "wpa3-owe-802.1x" - ], - "default": "wpa2-psk" - }, - "encryption": { - "description": "WIFI encryption.", - "type": "string", - "enum": [ "ccmp-aes", "tkip-rc4" ], - "default": "ccmp-aes" - }, - "password": { - "description": "Password on the WIFI station", - "type": "string", - "minLength": 8, - "maxLength": 63 - }, - "802.1x": { - "description": "802.1x settings for this WIFI profile. Only required if the WIFI authentication type has 802.1x", - "default": null, - "type": "object", - "additionalProperties": false, - "required": [ "authenticationProtocol" ], - "properties": { - "authenticationProtocol": { - "description": "Identifies the authentication protocol used to authenticate the access requestor to the AAA server.", - "type": [ "integer", "string" ], - "enum": [ - "EAP-TLS", - "EAP-TTLS/MSCHAPv2", - "PEAPv0/EAP-MSCHAPv2", - "PEAPv1/EAP-GTC", - "EAP-FAST/MSCHAPv2", - "EAP-FAST/GTC", - "EAP-MD5", - "EAP-PSK", - "EAP-SIM", - "EAP-AKA", - "EAP-FAST/TLS", - 0, - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10 - ] - }, - "serverCertificateNameComparison": { - "type": [ "integer", "string" ], - "default": "FullName", - "description": "Determines the comparison algorithm used between the ServerCertificateName value and the subject name field of the certificate presented by the AAA server.", - "enum": [ "FullName", "DomainSuffix", 2, 3 ] - }, - "serverCertificateName": { - "type": "string", - "default": null, - "description": "The name compared against the subject name field in the certificate provided by the AAA server.", - "maxLength": 80 - }, - "availableInS0": { - "type": "boolean", - "default": true, - "description": "Indicates the activity setting of the 802.1X module in H0 state" - }, - "protectedAccessCredentialHex": { - "type": "string", - "default": null, - "description": "A credential used by the supplicant and AAA server to establish a mutually authenticated encrypted tunnel for confidential user authentication.", - "maxLength": 64 - }, - "pacPassword": { - "type": "string", - "default": null, - "description": "Optional password to extract the PAC (Protected Access Credential) information from the PAC data.", - "maxLength": 256 - }, - "domain": { - "type": "string", - "default": null, - "description": "The domain within which Username is unique.", - "maxLength": 128 - }, - "username": { - "type": "string", - "default": null, - "description": "Within the domain specified by Domain, Identifies the user that is requesting access to the network.", - "maxLength": 128 - }, - "password": { - "type": "string", - "default": null, - "description": "The password associated with the user identified by Username and Domain.", - "maxLength": 32 - }, - "roamingIdentity": { - "type": "string", - "default": null, - "description": "A string presented to the authentication server in 802.1x protocol exchange", - "maxLength": 80 - }, - "pxeTimeoutInSeconds": { - "type": "integer", - "default": 120, - "description": "Timeout in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X session." - } - } - } - } - } - }, - "802.1x": { - "description": "802.1x settings for the Intel AMT Wired interface. If set to false, any existing 802.1x wired profile will be removed from Intel AMT.", + "darwin": { + "type": "string", "default": null, - "type": [ "object", "boolean" ], + "description": "String to write after opening a macOS terminal." + }, + "freebsd": { + "type": "string", + "default": null, + "description": "String to write after opening a FreeBSD terminal." + } + } + } + }, + "desktop": { + "type": "object", + "description": "Values that affect the desktop feature", + "properties": { + "viewonly": { + "type": "boolean", + "description": "When set to true, the remote desktop feature is view only.", + "default": "false" + } + } + }, + "amtScanOptions": { + "description": "List of local network Intel AMT scanning options offered in the user interface. For example [\"LabNetwork 192.168.15.0/23\", \"SalesNetwork 192.168.8.0/24\"].", + "type": "array", + "default": null, + "items": { + "type": "string" + } + }, + "amtManager": { + "type": "object", + "additionalProperties": false, + "description": "Information passed to the AMT manager module that impacts all Intel AMT device managed within this domain.", + "properties": { + "TlsConnections": { + "type": "boolean", + "default": true, + "description": "When set to false, MeshCentral will use TLS to connect to Intel AMT, this is not recommended." + }, + "TlsAcmActivation": { + "type": "boolean", + "default": false, + "description": "When set to false, MeshCentral will not attempt a TLS ACM activation on Intel AMT v14+" + }, + "AdminAccounts": { + "description": "List of username and passwords to try when connecting to Intel AMT.", + "type": "array", + "items": { + "type": "object", "additionalProperties": false, - "required": [ "authenticationProtocol" ], + "required": [ + "pass" + ], "properties": { - "authenticationProtocol": { - "description": "Identifies the authentication protocol used to authenticate the access requestor to the AAA server.", - "type": [ "integer", "string" ], - "enum": [ - "EAP-TLS", - "EAP-TTLS/MSCHAPv2", - "PEAPv0/EAP-MSCHAPv2", - "PEAPv1/EAP-GTC", - "EAP-FAST/MSCHAPv2", - "EAP-FAST/GTC", - "EAP-MD5", - "EAP-PSK", - "EAP-SIM", - "EAP-AKA", - "EAP-FAST/TLS", - 0, - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10 - ] - }, - "serverCertificateNameComparison": { - "type": [ "integer", "string" ], - "description": "Determines the comparison algorithm used between the ServerCertificateName value and the subject name field of the certificate presented by the AAA server.", - "enum": [ "FullName", "DomainSuffix", 2, 3 ] - }, - "serverCertificateName": { + "user": { + "description": "Intel AMT administrator username.", "type": "string", - "default": null, - "description": "The name compared against the subject name field in the certificate provided by the AAA server.", - "maxLength": 80 + "default": "admin" }, - "availableInS0": { - "type": "boolean", - "default": true, - "description": "Indicates the activity setting of the 802.1X module in H0 state" - }, - "protectedAccessCredentialHex": { - "type": "string", - "default": null, - "description": "A credential used by the supplicant and AAA server to establish a mutually authenticated encrypted tunnel for confidential user authentication.", - "maxLength": 64 - }, - "pacPassword": { - "type": "string", - "default": null, - "description": "Optional password to extract the PAC (Protected Access Credential) information from the PAC data.", - "maxLength": 256 - }, - "domain": { - "type": "string", - "default": null, - "description": "The domain within which Username is unique.", - "maxLength": 128 - }, - "username": { - "type": "string", - "default": null, - "description": "Within the domain specified by Domain, Identifies the user that is requesting access to the network.", - "maxLength": 128 - }, - "password": { - "type": "string", - "default": null, - "description": "The password associated with the user identified by Username and Domain.", - "maxLength": 32 - }, - "roamingIdentity": { - "type": "string", - "default": null, - "description": "A string presented to the authentication server in 802.1x protocol exchange", - "maxLength": 80 - }, - "pxeTimeoutInSeconds": { - "type": "integer", - "default": 120, - "description": "Timeout in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X session." + "pass": { + "description": "Intel AMT administrator password.", + "type": "string" } } } - } - }, - "amtAcmActivation": { - "type": "object", - "additionalProperties": false, - "properties": { - "log": { - "type": "string" - }, - "strictCommonName": { - "type": "boolean", - "default": false, - "description": "When set to true, the certificate common name needs to match exactly the Intel AMT trusted FQDN or DHCP Option 15. If false, some flexibility may be given to the matching." - }, - "certs": { - "type": "object", - "additionalProperties": { - "type": "object", - "additionalProperties": false, - "properties": { - "certfiles": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "keyfile": { - "type": "string" - } - }, - "required": [ "certfiles", "keyfile" ] - } + }, + "EnvironmentDetection": { + "description": "List of up to 4 domain suffixes to configure in Intel AMT when activating CIRA.", + "type": "array", + "items": { + "type": "string", + "minItems": 1, + "maxItems": 4, + "uniqueItems": true } }, - "required": [ "certs" ] - }, - "redirects": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "This is used to create HTTP redirections. For example setting \"redirects\": { \"example\":\"https://example.com\" } will make it so that anyone accessing /example on the server will get redirected to the specified URL." - }, - "yubikey": { - "type": "object", - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "secret": { - "type": "string" - }, - "proxy": { - "type": "string", - "format": "uri" - } - }, - "required": [ "id", "secret" ] - }, - "httpHeaders": { - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "agentConfig": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - }, - "default": null, - "description": "Key and values to add to the MeshAgent .msh file" - }, - "assistantConfig": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - }, - "default": null, - "description": "Key and values to add to the MeshCentral Assistant .msh file" - }, - "clipboardGet": { - "type": "boolean", - "default": true, - "description": "When false, users can't set the clipboard of a remove device." - }, - "clipboardSet": { - "type": "boolean", - "default": true, - "description": "When false, users can't get the clipboard of a remove device." - }, - "localSessionRecording": { - "type": "boolean", - "default": true, - "description": "When false, removes the local recording feature on remote desktop." - }, - "sessionRecording": { - "type": "object", - "additionalProperties": false, - "properties": { - "onlySelectedUsers": { - "type": "boolean", - "default": false, - "description": "When enabled, only device users with the session recording feature turned on will be recorded. When false, all users are recorded." - }, - "onlySelectedUserGroups": { - "type": "boolean", - "default": false, - "description": "When enabled, only device user groups with the session recording feature turned on will be recorded. When false, all users are recorded." - }, - "onlySelectedDeviceGroups": { - "type": "boolean", - "default": false, - "description": "When enabled, only device groups with the session recording feature turned on will be recorded. When false, all devices are recorded." - }, - "filepath": { - "type": "string", - "description": "The file path where recording files are kept." - }, - "index": { - "type": "boolean", - "default": false, - "description": "If true, automatically index remote desktop recordings so that the plays can skip to any place in the file." - }, - "maxRecordings": { - "type": "integer", - "default": null, - "description": "Maximum number of recording files to keep." - }, - "maxRecordingDays": { - "type": "integer", - "default": null, - "description": "Maximum number of days to keep a recording." - }, - "maxRecordingSizeMegabytes": { - "type": "integer", - "default": null, - "description": "Maximum number of recordings in megabytes. Once exceed, remove the oldest recordings." - }, - "protocols": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "integer" - }, - "description": "This is an array: 1 = Terminal, 2 = Desktop, 5 = Files, 100 = Intel AMT WSMAN, 101 = Intel AMT Redirection, 200 = Messenger" - } - }, - "required": [ "protocols" ] - }, - "showPasswordLogin": { - "type": "boolean", - "default": true, - "description": "When set to false, hides the username and password prompt on login screen." - }, - "sendgrid": { - "title": "SendGrid.com Email server", - "description": "Connects MeshCentral to the SendGrid email server, allows MeshCentral to send email messages for 2FA or user notification.", - "type": "object", - "properties": { - "from": { - "type": "string", - "format": "email", - "description": "Email address used in the messages from field." - }, - "apikey": { - "type": "string", - "description": "The SendGrid API key." - }, - "verifyemail": { - "type": "boolean", - "default": true, - "description": "When set to false, the email format and DNS MX record are not checked." - }, - "emailDelaySeconds": { - "type": "integer", - "default": 300, - "description": "Time to wait before sending a device connection/disconnection notification email. If many events occur, they will be merged into a single email." - } - }, - "required": [ "from", "apikey" ] - }, - "smtp": { - "title": "SMTP email server", - "description": "Connects MeshCentral to a SMTP email server, allows MeshCentral to send email messages for 2FA or user notification.", - "type": "object", - "properties": { - "name": { - "type": "string", - "format": "hostname", - "description": "Optional hostname of the client, this defaults to the hostname of the machine. This is useful for SMTP relays." - }, - "host": { - "type": "string", - "format": "hostname", - "description": "Hostname of the SMTP server." - }, - "port": { - "type": "integer", - "minimum": 1, - "maximum": 65535, - "description": "SMTP server port number." - }, - "from": { - "type": "string", - "format": "email", - "description": "Email address used in the messages from field." - }, - "tls": { - "type": "boolean" - }, - "auth": { - "type": "object", - "properties": { - "clientId": { - "type": "string" - }, - "clientSecret": { - "type": "string" - }, - "refreshToken": { - "type": "string" - } - }, - "required": [ "clientId", "clientSecret", "refreshToken" ] - }, - "tlscertcheck": { - "type": "boolean" - }, - "tlsstrict": { - "type": "boolean" - }, - "verifyemail": { - "type": "boolean", - "default": true, - "description": "When set to false, the email format and DNS MX record are not checked." - }, - "emailDelaySeconds": { - "type": "integer", - "default": 300, - "description": "Time to wait before sending a device connection/disconnection notification email. If many events occur, they will be merged into a single email." - } - }, - "required": [ "from" ] - }, - "sendmail": { - "title": "Send email using the sendmail command", - "description": "Makes MeshCentral send emails using the Unix sendmail command. Allows MeshCentral to send email messages for 2FA or user notification.", - "type": "object", - "properties": { - "newline": { - "type": "string", - "default": "unix", - "description": "Possible values are unix or windows" - }, - "path": { - "type": "string", - "default": "sendmail", - "description": "Path to the sendmail command" - }, - "args": { - "type": "array", - "items": { + "TlsRootCert": { + "description": "Specifies a certificate and private key to use to issue Intel AMT TLS certificates. By default the MeshCentral self-signed root certificate is used.", + "type": "object", + "properties": { + "certpfx": { + "description": "Name of the certificate file that is in .p12 or .pfx format in meshcentral-data, use this with certpfxpass.", "type": "string" }, - "default": null, - "description": "Array or arguments to pass to sendmail" - }, - "emailDelaySeconds": { - "type": "integer", - "default": 300, - "description": "Time to wait before sending a device connection/disconnection notification email. If many events occur, they will be merged into a single email." + "certpfxpass": { + "description": "Password for the file specified in certpfx.", + "type": "string" + }, + "certfile": { + "description": "Name of the certificate file in PEM format located in meshcentral-data. Using this with keyfile.", + "type": "string" + }, + "keyfile": { + "description": "Name of the private key file in PEM format located in meshcentral-data. Using this with certfile.", + "type": "string" + } + } + }, + "WifiProfiles": { + "description": "List of WIFI profiles to setup in any managed Intel AMT device with a WIFI network interface.", + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "required": [ + "ssid" + ], + "properties": { + "name": { + "description": "WIFI profile name, if not specified the SSID is used.", + "type": "string" + }, + "ssid": { + "description": "SSID of the WIFI station.", + "type": "string" + }, + "authentication": { + "description": "WIFI authentication.", + "type": "string", + "enum": [ + "wpa-psk", + "wpa2-psk", + "wpa-8021x", + "wpa2-802.1x", + "wpa3-sae-802.1x", + "wpa3-owe-802.1x" + ], + "default": "wpa2-psk" + }, + "encryption": { + "description": "WIFI encryption.", + "type": "string", + "enum": [ + "ccmp-aes", + "tkip-rc4" + ], + "default": "ccmp-aes" + }, + "password": { + "description": "Password on the WIFI station", + "type": "string", + "minLength": 8, + "maxLength": 63 + }, + "802.1x": { + "description": "802.1x settings for this WIFI profile. Only required if the WIFI authentication type has 802.1x", + "default": null, + "type": "object", + "additionalProperties": false, + "required": [ + "authenticationProtocol" + ], + "properties": { + "authenticationProtocol": { + "description": "Identifies the authentication protocol used to authenticate the access requestor to the AAA server.", + "type": [ + "integer", + "string" + ], + "enum": [ + "EAP-TLS", + "EAP-TTLS/MSCHAPv2", + "PEAPv0/EAP-MSCHAPv2", + "PEAPv1/EAP-GTC", + "EAP-FAST/MSCHAPv2", + "EAP-FAST/GTC", + "EAP-MD5", + "EAP-PSK", + "EAP-SIM", + "EAP-AKA", + "EAP-FAST/TLS", + 0, + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10 + ] + }, + "serverCertificateNameComparison": { + "type": [ + "integer", + "string" + ], + "default": "FullName", + "description": "Determines the comparison algorithm used between the ServerCertificateName value and the subject name field of the certificate presented by the AAA server.", + "enum": [ + "FullName", + "DomainSuffix", + 2, + 3 + ] + }, + "serverCertificateName": { + "type": "string", + "default": null, + "description": "The name compared against the subject name field in the certificate provided by the AAA server.", + "maxLength": 80 + }, + "availableInS0": { + "type": "boolean", + "default": true, + "description": "Indicates the activity setting of the 802.1X module in H0 state" + }, + "protectedAccessCredentialHex": { + "type": "string", + "default": null, + "description": "A credential used by the supplicant and AAA server to establish a mutually authenticated encrypted tunnel for confidential user authentication.", + "maxLength": 64 + }, + "pacPassword": { + "type": "string", + "default": null, + "description": "Optional password to extract the PAC (Protected Access Credential) information from the PAC data.", + "maxLength": 256 + }, + "domain": { + "type": "string", + "default": null, + "description": "The domain within which Username is unique.", + "maxLength": 128 + }, + "username": { + "type": "string", + "default": null, + "description": "Within the domain specified by Domain, Identifies the user that is requesting access to the network.", + "maxLength": 128 + }, + "password": { + "type": "string", + "default": null, + "description": "The password associated with the user identified by Username and Domain.", + "maxLength": 32 + }, + "roamingIdentity": { + "type": "string", + "default": null, + "description": "A string presented to the authentication server in 802.1x protocol exchange", + "maxLength": 80 + }, + "pxeTimeoutInSeconds": { + "type": "integer", + "default": 120, + "description": "Timeout in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X session." + } + } + } + } + } + }, + "802.1x": { + "description": "802.1x settings for the Intel AMT Wired interface. If set to false, any existing 802.1x wired profile will be removed from Intel AMT.", + "default": null, + "type": [ + "object", + "boolean" + ], + "additionalProperties": false, + "required": [ + "authenticationProtocol" + ], + "properties": { + "authenticationProtocol": { + "description": "Identifies the authentication protocol used to authenticate the access requestor to the AAA server.", + "type": [ + "integer", + "string" + ], + "enum": [ + "EAP-TLS", + "EAP-TTLS/MSCHAPv2", + "PEAPv0/EAP-MSCHAPv2", + "PEAPv1/EAP-GTC", + "EAP-FAST/MSCHAPv2", + "EAP-FAST/GTC", + "EAP-MD5", + "EAP-PSK", + "EAP-SIM", + "EAP-AKA", + "EAP-FAST/TLS", + 0, + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10 + ] + }, + "serverCertificateNameComparison": { + "type": [ + "integer", + "string" + ], + "description": "Determines the comparison algorithm used between the ServerCertificateName value and the subject name field of the certificate presented by the AAA server.", + "enum": [ + "FullName", + "DomainSuffix", + 2, + 3 + ] + }, + "serverCertificateName": { + "type": "string", + "default": null, + "description": "The name compared against the subject name field in the certificate provided by the AAA server.", + "maxLength": 80 + }, + "availableInS0": { + "type": "boolean", + "default": true, + "description": "Indicates the activity setting of the 802.1X module in H0 state" + }, + "protectedAccessCredentialHex": { + "type": "string", + "default": null, + "description": "A credential used by the supplicant and AAA server to establish a mutually authenticated encrypted tunnel for confidential user authentication.", + "maxLength": 64 + }, + "pacPassword": { + "type": "string", + "default": null, + "description": "Optional password to extract the PAC (Protected Access Credential) information from the PAC data.", + "maxLength": 256 + }, + "domain": { + "type": "string", + "default": null, + "description": "The domain within which Username is unique.", + "maxLength": 128 + }, + "username": { + "type": "string", + "default": null, + "description": "Within the domain specified by Domain, Identifies the user that is requesting access to the network.", + "maxLength": 128 + }, + "password": { + "type": "string", + "default": null, + "description": "The password associated with the user identified by Username and Domain.", + "maxLength": 32 + }, + "roamingIdentity": { + "type": "string", + "default": null, + "description": "A string presented to the authentication server in 802.1x protocol exchange", + "maxLength": 80 + }, + "pxeTimeoutInSeconds": { + "type": "integer", + "default": 120, + "description": "Timeout in seconds, in which the Intel(R) AMT will hold an authenticated 802.1X session." + } } } - }, - "authStrategies": { - "type": "object", - "additionalProperties": false, - "properties": { - "twitter": { + } + }, + "amtAcmActivation": { + "type": "object", + "additionalProperties": false, + "properties": { + "log": { + "type": "string" + }, + "strictCommonName": { + "type": "boolean", + "default": false, + "description": "When set to true, the certificate common name needs to match exactly the Intel AMT trusted FQDN or DHCP Option 15. If false, some flexibility may be given to the matching." + }, + "certs": { + "type": "object", + "additionalProperties": { "type": "object", "additionalProperties": false, "properties": { - "callbackurl": { - "type": "string", - "format": "uri" - }, - "newAccounts": { - "type": "boolean", - "default": false - }, - "newAccountsUserGroups": { + "certfiles": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, - "clientid": { + "keyfile": { "type": "string" - }, - "clientsecret": { - "type": "string" - }, - "logouturl": { - "type": "string", - "format": "uri", - "description": "Then set, the user will be redirected to this URL when hitting the logout link." - } - }, - "required": [ "clientid", "clientsecret" ] - }, - "google": { - "type": "object", - "properties": { - "callbackurl": { - "type": "string", - "format": "uri" - }, - "newAccounts": { - "type": "boolean", - "default": false - }, - "newAccountsUserGroups": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "clientid": { - "type": "string" - }, - "clientsecret": { - "type": "string" - }, - "logouturl": { - "type": "string", - "format": "uri", - "description": "Then set, the user will be redirected to this URL when hitting the logout link." - } - }, - "required": [ "clientid", "clientsecret" ] - }, - "github": { - "type": "object", - "properties": { - "callbackurl": { - "type": "string", - "format": "uri" - }, - "newAccounts": { - "type": "boolean", - "default": false - }, - "newAccountsUserGroups": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "clientid": { - "type": "string" - }, - "clientsecret": { - "type": "string" - }, - "logouturl": { - "type": "string", - "format": "uri", - "description": "Then set, the user will be redirected to this URL when hitting the logout link." - } - }, - "required": [ "clientid", "clientsecret" ] - }, - "reddit": { - "type": "object", - "properties": { - "callbackurl": { - "type": "string", - "format": "uri" - }, - "newAccounts": { - "type": "boolean", - "default": false - }, - "newAccountsUserGroups": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "clientid": { - "type": "string" - }, - "clientsecret": { - "type": "string" - }, - "logouturl": { - "type": "string", - "format": "uri", - "description": "Then set, the user will be redirected to this URL when hitting the logout link." - } - }, - "required": [ "clientid", "clientsecret" ] - }, - "azure": { - "type": "object", - "properties": { - "callbackurl": { - "type": "string", - "format": "uri" - }, - "newAccounts": { - "type": "boolean", - "default": false - }, - "newAccountsUserGroups": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "clientid": { - "type": "string" - }, - "clientsecret": { - "type": "string" - }, - "tenantid": { - "type": "string" - }, - "logouturl": { - "type": "string", - "format": "uri", - "description": "Then set, the user will be redirected to this URL when hitting the logout link." - } - }, - "required": [ "clientid", "clientsecret", "tenantid" ] - }, - "jumpcloud": { - "type": "object", - "properties": { - "callbackurl": { - "type": "string", - "format": "uri" - }, - "newAccounts": { - "type": "boolean", - "default": false - }, - "newAccountsUserGroups": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "entityid": { - "type": "string" - }, - "idpurl": { - "type": "string", - "format": "uri" - }, - "cert": { - "type": "string" - }, - "logouturl": { - "type": "string", - "format": "uri", - "description": "Then set, the user will be redirected to this URL when hitting the logout link." - } - }, - "required": [ "entityid", "idpurl", "cert" ] - }, - "saml": { - "type": "object", - "properties": { - "callbackurl": { - "type": "string", - "format": "uri" - }, - "disableRequestedAuthnContext": { - "type": "boolean" - }, - "newAccounts": { - "type": "boolean", - "default": false - }, - "newAccountsUserGroups": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "newAccountsRights": { - "type": "array", - "uniqueItems": true, - "items": { - "type": "string" - } - }, - "entityid": { - "type": "string" - }, - "idpurl": { - "type": "string", - "format": "uri" - }, - "cert": { - "type": "string" - }, - "logouturl": { - "type": "string", - "format": "uri", - "description": "Then set, the user will be redirected to this URL when hitting the logout link." - } - }, - "required": [ "entityid", "idpurl", "cert" ] - }, - "oidc": { - "type": "object", - "properties": { - "authorizationURL": { - "type": "string", - "format": "uri", - "description": "If set, this will be used as the authorization URL. (If set tokenURL and userInfoURL need set also)" - }, - "callbackURL": { - "type": "string", - "format": "uri", - "description": "Required, this is the URL that your SSO provider sends auth approval to." - }, - "clientid": { - "type": "string" - }, - "clientsecret": { - "type": "string" - }, - "issuer": { - "type": "string", - "format": "uri", - "description": "Full URL of SSO portal" - }, - "tokenURL": { - "type": "string", - "format": "uri", - "description": "If set, this will be used as the token URL. (If set authorizationURL and userInfoURL need set also)" - }, - "userInfoURL": { - "type": "string", - "format": "uri", - "description": "If set, this will be used as the user info URL. (If set authorizationURL and tokenURL need set also)" - }, - "logouturl": { - "type": "string", - "format": "uri", - "description": "Then set, the user will be redirected to this URL when hitting the logout link." - }, - "newAccounts": { - "type": "boolean", - "default": true - }, - "groups": { - "type": "object", - "properties": { - "required": { - "type": [ "string", "array" ], - "description": "When set, the user must be part of one of the OIDC user groups to login to MeshCentral." - }, - "siteadmin": { - "type": [ "string", "array" ], - "description": "When set, users part of these groups will be promoted with site administrator in MeshCentral, users that are not part of these groups will be demoted." - }, - "sync": { - "type": [ "boolean", "object" ], - "description": "Allows some or all ODIC user groups to be mirrored within MeshCentral as user groups.", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "filter": { - "type": [ "string", "array" ], - "description": "When set, limits what OIDC groups are mirrored into MeshCentral user groups." - } - } - } - } } }, "required": [ - "issuer", - "clientid", - "clientsecret", - "callbackURL" + "certfiles", + "keyfile" ] } } + }, + "required": [ + "certs" + ] + }, + "redirects": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "This is used to create HTTP redirections. For example setting \"redirects\": { \"example\":\"https://example.com\" } will make it so that anyone accessing /example on the server will get redirected to the specified URL." + }, + "yubikey": { + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "secret": { + "type": "string" + }, + "proxy": { + "type": "string", + "format": "uri" + } + }, + "required": [ + "id", + "secret" + ] + }, + "httpHeaders": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "agentConfig": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "default": null, + "description": "Key and values to add to the MeshAgent .msh file" + }, + "assistantConfig": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "default": null, + "description": "Key and values to add to the MeshCentral Assistant .msh file" + }, + "clipboardGet": { + "type": "boolean", + "default": true, + "description": "When false, users can't set the clipboard of a remove device." + }, + "clipboardSet": { + "type": "boolean", + "default": true, + "description": "When false, users can't get the clipboard of a remove device." + }, + "localSessionRecording": { + "type": "boolean", + "default": true, + "description": "When false, removes the local recording feature on remote desktop." + }, + "sessionRecording": { + "type": "object", + "additionalProperties": false, + "properties": { + "onlySelectedUsers": { + "type": "boolean", + "default": false, + "description": "When enabled, only device users with the session recording feature turned on will be recorded. When false, all users are recorded." + }, + "onlySelectedUserGroups": { + "type": "boolean", + "default": false, + "description": "When enabled, only device user groups with the session recording feature turned on will be recorded. When false, all users are recorded." + }, + "onlySelectedDeviceGroups": { + "type": "boolean", + "default": false, + "description": "When enabled, only device groups with the session recording feature turned on will be recorded. When false, all devices are recorded." + }, + "filepath": { + "type": "string", + "description": "The file path where recording files are kept." + }, + "index": { + "type": "boolean", + "default": false, + "description": "If true, automatically index remote desktop recordings so that the plays can skip to any place in the file." + }, + "maxRecordings": { + "type": "integer", + "default": null, + "description": "Maximum number of recording files to keep." + }, + "maxRecordingDays": { + "type": "integer", + "default": null, + "description": "Maximum number of days to keep a recording." + }, + "maxRecordingSizeMegabytes": { + "type": "integer", + "default": null, + "description": "Maximum number of recordings in megabytes. Once exceed, remove the oldest recordings." + }, + "protocols": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "integer" + }, + "description": "This is an array: 1 = Terminal, 2 = Desktop, 5 = Files, 100 = Intel AMT WSMAN, 101 = Intel AMT Redirection, 200 = Messenger" + } + }, + "required": [ + "protocols" + ] + }, + "showPasswordLogin": { + "type": "boolean", + "default": true, + "description": "When set to false, hides the username and password prompt on login screen." + }, + "sendgrid": { + "title": "SendGrid.com Email server", + "description": "Connects MeshCentral to the SendGrid email server, allows MeshCentral to send email messages for 2FA or user notification.", + "type": "object", + "properties": { + "from": { + "type": "string", + "format": "email", + "description": "Email address used in the messages from field." + }, + "apikey": { + "type": "string", + "description": "The SendGrid API key." + }, + "verifyemail": { + "type": "boolean", + "default": true, + "description": "When set to false, the email format and DNS MX record are not checked." + }, + "emailDelaySeconds": { + "type": "integer", + "default": 300, + "description": "Time to wait before sending a device connection/disconnection notification email. If many events occur, they will be merged into a single email." + } + }, + "required": [ + "from", + "apikey" + ] + }, + "smtp": { + "title": "SMTP email server", + "description": "Connects MeshCentral to a SMTP email server, allows MeshCentral to send email messages for 2FA or user notification.", + "type": "object", + "properties": { + "name": { + "type": "string", + "format": "hostname", + "description": "Optional hostname of the client, this defaults to the hostname of the machine. This is useful for SMTP relays." + }, + "host": { + "type": "string", + "format": "hostname", + "description": "Hostname of the SMTP server." + }, + "port": { + "type": "integer", + "minimum": 1, + "maximum": 65535, + "description": "SMTP server port number." + }, + "from": { + "type": "string", + "format": "email", + "description": "Email address used in the messages from field." + }, + "tls": { + "type": "boolean" + }, + "auth": { + "type": "object", + "properties": { + "clientId": { + "type": "string" + }, + "clientSecret": { + "type": "string" + }, + "refreshToken": { + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "refreshToken" + ] + }, + "tlscertcheck": { + "type": "boolean" + }, + "tlsstrict": { + "type": "boolean" + }, + "verifyemail": { + "type": "boolean", + "default": true, + "description": "When set to false, the email format and DNS MX record are not checked." + }, + "emailDelaySeconds": { + "type": "integer", + "default": 300, + "description": "Time to wait before sending a device connection/disconnection notification email. If many events occur, they will be merged into a single email." + } + }, + "required": [ + "from" + ] + }, + "sendmail": { + "title": "Send email using the sendmail command", + "description": "Makes MeshCentral send emails using the Unix sendmail command. Allows MeshCentral to send email messages for 2FA or user notification.", + "type": "object", + "properties": { + "newline": { + "type": "string", + "default": "unix", + "description": "Possible values are unix or windows" + }, + "path": { + "type": "string", + "default": "sendmail", + "description": "Path to the sendmail command" + }, + "args": { + "type": "array", + "items": { + "type": "string" + }, + "default": null, + "description": "Array or arguments to pass to sendmail" + }, + "emailDelaySeconds": { + "type": "integer", + "default": 300, + "description": "Time to wait before sending a device connection/disconnection notification email. If many events occur, they will be merged into a single email." + } + } + }, + "authStrategies": { + "type": "object", + "additionalProperties": false, + "properties": { + "twitter": { + "type": "object", + "additionalProperties": false, + "properties": { + "callbackurl": { + "type": "string", + "format": "uri" + }, + "newAccounts": { + "type": "boolean", + "default": false + }, + "newAccountsUserGroups": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "clientid": { + "type": "string" + }, + "clientsecret": { + "type": "string" + }, + "logouturl": { + "type": "string", + "format": "uri", + "description": "Then set, the user will be redirected to this URL when hitting the logout link." + } + }, + "required": [ + "clientid", + "clientsecret" + ] + }, + "google": { + "type": "object", + "properties": { + "callbackurl": { + "type": "string", + "format": "uri" + }, + "newAccounts": { + "type": "boolean", + "default": false + }, + "newAccountsUserGroups": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "clientid": { + "type": "string" + }, + "clientsecret": { + "type": "string" + }, + "logouturl": { + "type": "string", + "format": "uri", + "description": "Then set, the user will be redirected to this URL when hitting the logout link." + } + }, + "required": [ + "clientid", + "clientsecret" + ] + }, + "github": { + "type": "object", + "properties": { + "callbackurl": { + "type": "string", + "format": "uri" + }, + "newAccounts": { + "type": "boolean", + "default": false + }, + "newAccountsUserGroups": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "clientid": { + "type": "string" + }, + "clientsecret": { + "type": "string" + }, + "logouturl": { + "type": "string", + "format": "uri", + "description": "Then set, the user will be redirected to this URL when hitting the logout link." + } + }, + "required": [ + "clientid", + "clientsecret" + ] + }, + "reddit": { + "type": "object", + "properties": { + "callbackurl": { + "type": "string", + "format": "uri" + }, + "newAccounts": { + "type": "boolean", + "default": false + }, + "newAccountsUserGroups": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "clientid": { + "type": "string" + }, + "clientsecret": { + "type": "string" + }, + "logouturl": { + "type": "string", + "format": "uri", + "description": "Then set, the user will be redirected to this URL when hitting the logout link." + } + }, + "required": [ + "clientid", + "clientsecret" + ] + }, + "azure": { + "type": "object", + "properties": { + "callbackurl": { + "type": "string", + "format": "uri" + }, + "newAccounts": { + "type": "boolean", + "default": false + }, + "newAccountsUserGroups": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "clientid": { + "type": "string" + }, + "clientsecret": { + "type": "string" + }, + "tenantid": { + "type": "string" + }, + "logouturl": { + "type": "string", + "format": "uri", + "description": "Then set, the user will be redirected to this URL when hitting the logout link." + } + }, + "required": [ + "clientid", + "clientsecret", + "tenantid" + ] + }, + "jumpcloud": { + "type": "object", + "properties": { + "callbackurl": { + "type": "string", + "format": "uri" + }, + "newAccounts": { + "type": "boolean", + "default": false + }, + "newAccountsUserGroups": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "entityid": { + "type": "string" + }, + "idpurl": { + "type": "string", + "format": "uri" + }, + "cert": { + "type": "string" + }, + "logouturl": { + "type": "string", + "format": "uri", + "description": "Then set, the user will be redirected to this URL when hitting the logout link." + } + }, + "required": [ + "entityid", + "idpurl", + "cert" + ] + }, + "saml": { + "type": "object", + "properties": { + "callbackurl": { + "type": "string", + "format": "uri" + }, + "disableRequestedAuthnContext": { + "type": "boolean" + }, + "newAccounts": { + "type": "boolean", + "default": false + }, + "newAccountsUserGroups": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "newAccountsRights": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "entityid": { + "type": "string" + }, + "idpurl": { + "type": "string", + "format": "uri" + }, + "cert": { + "type": "string" + }, + "logouturl": { + "type": "string", + "format": "uri", + "description": "Then set, the user will be redirected to this URL when hitting the logout link." + } + }, + "required": [ + "entityid", + "idpurl", + "cert" + ] + }, + "oidc": { + "type": "object", + "properties": { + "authorizationURL": { + "type": "string", + "format": "uri", + "description": "If set, this will be used as the authorization URL. (If set tokenURL and userInfoURL need set also)" + }, + "callbackURL": { + "type": "string", + "format": "uri", + "description": "Required, this is the URL that your SSO provider sends auth approval to." + }, + "clientid": { + "type": "string" + }, + "clientsecret": { + "type": "string" + }, + "issuer": { + "type": "string", + "format": "uri", + "description": "Full URL of SSO portal" + }, + "tokenURL": { + "type": "string", + "format": "uri", + "description": "If set, this will be used as the token URL. (If set authorizationURL and userInfoURL need set also)" + }, + "userInfoURL": { + "type": "string", + "format": "uri", + "description": "If set, this will be used as the user info URL. (If set authorizationURL and tokenURL need set also)" + }, + "logouturl": { + "type": "string", + "format": "uri", + "description": "Then set, the user will be redirected to this URL when hitting the logout link." + }, + "newAccounts": { + "type": "boolean", + "default": true + }, + "groups": { + "type": "object", + "properties": { + "required": { + "type": [ + "string", + "array" + ], + "description": "When set, the user must be part of one of the OIDC user groups to login to MeshCentral." + }, + "siteadmin": { + "type": [ + "string", + "array" + ], + "description": "When set, users part of these groups will be promoted with site administrator in MeshCentral, users that are not part of these groups will be demoted." + }, + "sync": { + "type": [ + "boolean", + "object" + ], + "description": "Allows some or all ODIC user groups to be mirrored within MeshCentral as user groups.", + "properties": { + "enabled": { + "type": "boolean", + "default": false + }, + "filter": { + "type": [ + "string", + "array" + ], + "description": "When set, limits what OIDC groups are mirrored into MeshCentral user groups." + } + } + } + } + } + }, + "required": [ + "issuer", + "clientid", + "clientsecret", + "callbackURL" + ] + } } } } - }, - "letsEncrypt": { - "title": "Built-in Let's Encrypt support", - "description": "If your server has a proper DNS name and it public facing on the Internet with a public facing HTTP server on port 80, you can get a free TLS certificate.", - "type": "object", - "additionalProperties": false, - "properties": { - "email": { - "type": "string", - "format": "email", - "description": "Email address of the administrator of this server. Make sure this is a valid email address otherwise the certificate request will fail." - }, - "names": { - "type": "string" - }, - "skipChallengeVerification": { - "type": "boolean", - "default": false, - "description": "By default, MeshCentral will perform a self-test to make sure HTTP port 80 can respond correctly before making a request to Let's Encrypt. In some cases, this self-test can't work and must be skipped." - }, - "production": { - "type": "boolean", - "default": false, - "description": "By default a test certificate will be obtained from Let's Encrypt. Always start by getting a test certificate and make sure that works before setting this to true and obtaining a production certificate. Making too many bad requests for a production certificate will get you banned for a long period of time." - } + } + }, + "letsEncrypt": { + "title": "Built-in Let's Encrypt support", + "description": "If your server has a proper DNS name and it public facing on the Internet with a public facing HTTP server on port 80, you can get a free TLS certificate.", + "type": "object", + "additionalProperties": false, + "properties": { + "email": { + "type": "string", + "format": "email", + "description": "Email address of the administrator of this server. Make sure this is a valid email address otherwise the certificate request will fail." }, - "required": [ "email", "names" ] - }, - "peers": { - "title": "Server peering", - "description": "Setup peer server for load-balancing between many servers.", - "type": "object", - "minProperties": 1, - "propertyNames": { - "pattern": "^[A-Za-z_][A-Za-z0-9_]*$" + "names": { + "type": "string" }, - "additionalProperties": false, - "properties": { - "serverId": { - "type": "string" - }, - "servers": { - "type": "object", - "additionalProperties": { - "type": "object", - "properties": { - "url": { - "type": "string", - "format": "uri" - } - }, - "required": [ "url" ] - } - } + "skipChallengeVerification": { + "type": "boolean", + "default": false, + "description": "By default, MeshCentral will perform a self-test to make sure HTTP port 80 can respond correctly before making a request to Let's Encrypt. In some cases, this self-test can't work and must be skipped." }, - "required": [ "serverId", "servers" ] + "production": { + "type": "boolean", + "default": false, + "description": "By default a test certificate will be obtained from Let's Encrypt. Always start by getting a test certificate and make sure that works before setting this to true and obtaining a production certificate. Making too many bad requests for a production certificate will get you banned for a long period of time." + } }, - "sendgrid": { - "title": "SendGrid.com Email server", - "description": "Connects MeshCentral to the SendGrid email server, allows MeshCentral to send email messages for 2FA or user notification.", - "type": "object", - "properties": { - "from": { - "type": "string", - "format": "email", - "description": "Email address used in the messages from field." - }, - "apikey": { - "type": "string", - "description": "The SendGrid API key." - }, - "verifyemail": { - "type": "boolean", - "default": true, - "description": "When set to false, the email format and DNS MX record are not checked." - } + "required": [ + "email", + "names" + ] + }, + "peers": { + "title": "Server peering", + "description": "Setup peer server for load-balancing between many servers.", + "type": "object", + "minProperties": 1, + "propertyNames": { + "pattern": "^[A-Za-z_][A-Za-z0-9_]*$" + }, + "additionalProperties": false, + "properties": { + "serverId": { + "type": "string" }, - "required": [ "from", "apikey" ] - }, - "smtp": { - "title": "SMTP email server", - "description": "Connects MeshCentral to a SMTP email server, allows MeshCentral to send email messages for 2FA or user notification.", - "type": "object", - "properties": { - "host": { - "type": "string", - "format": "hostname" - }, - "port": { - "type": "integer", - "minimum": 1, - "maximum": 65535 - }, - "from": { - "type": "string", - "format": "email", - "description": "Email address used in the messages from field." - }, - "tls": { - "type": "boolean" - }, - "tlscertcheck": { - "type": "boolean" - }, - "tlsstrict": { - "type": "boolean" - }, - "verifyemail": { - "type": "boolean", - "default": true, - "description": "When set to false, the email format and DNS MX record are not checked." - } - }, - "required": [ "host", "port", "from", "tls" ] - }, - "sms": { - "title": "SMS provider", - "description": "Connects MeshCentral to a SMS text messaging provider, allows MeshCentral to send SMS messages for 2FA or user notification.", - "oneOf": [ - { + "servers": { + "type": "object", + "additionalProperties": { "type": "object", "properties": { - "provider": { - "type": "string", - "enum": [ "twilio" ] - }, - "sid": { - "type": "string" - }, - "auth": { - "type": "string" - }, - "from": { - "type": "string" - } - }, - "required": [ "provider", "sid", "auth", "from" ] - }, - { - "type": "object", - "properties": { - "provider": { - "type": "string", - "enum": [ "plivo" ] - }, - "id": { - "type": "string" - }, - "token": { - "type": "string" - }, - "from": { - "type": "string" - } - }, - "required": [ "provider", "id", "token", "from" ] - }, - { - "type": "object", - "properties": { - "provider": { - "type": "string", - "enum": [ "telnyx" ] - }, - "apikey": { - "type": "string" - }, - "from": { - "type": "string" - } - }, - "required": [ "provider", "apikey", "from" ] - }, - { - "type": "object", - "properties": { - "provider": { - "type": "string", - "enum": [ "url" ] - }, "url": { "type": "string", - "description": "A http or https URL with {{phone}} and {{message}} in the string. These will be replaced with the URL encoded target phone number and message." + "format": "uri" } }, - "required": [ "url" ] + "required": [ + "url" + ] } - ] + } }, - "messaging": { - "title": "Messaging server", - "description": "This section allow MeshCentral to send messages over user messaging networks like Telegram", - "type": "object", - "properties": { - "telegram": { - "type": "object", - "description": "Configure Telegram messaging system", - "properties": { - "apiid": { - "type": "number" - }, - "apihash": { - "type": "string" - }, - "session": { - "type": "string" + "required": [ + "serverId", + "servers" + ] + }, + "sendgrid": { + "title": "SendGrid.com Email server", + "description": "Connects MeshCentral to the SendGrid email server, allows MeshCentral to send email messages for 2FA or user notification.", + "type": "object", + "properties": { + "from": { + "type": "string", + "format": "email", + "description": "Email address used in the messages from field." + }, + "apikey": { + "type": "string", + "description": "The SendGrid API key." + }, + "verifyemail": { + "type": "boolean", + "default": true, + "description": "When set to false, the email format and DNS MX record are not checked." + } + }, + "required": [ + "from", + "apikey" + ] + }, + "smtp": { + "title": "SMTP email server", + "description": "Connects MeshCentral to a SMTP email server, allows MeshCentral to send email messages for 2FA or user notification.", + "type": "object", + "properties": { + "host": { + "type": "string", + "format": "hostname" + }, + "port": { + "type": "integer", + "minimum": 1, + "maximum": 65535 + }, + "from": { + "type": "string", + "format": "email", + "description": "Email address used in the messages from field." + }, + "tls": { + "type": "boolean" + }, + "tlscertcheck": { + "type": "boolean" + }, + "tlsstrict": { + "type": "boolean" + }, + "verifyemail": { + "type": "boolean", + "default": true, + "description": "When set to false, the email format and DNS MX record are not checked." + } + }, + "required": [ + "host", + "port", + "from", + "tls" + ] + }, + "sms": { + "title": "SMS provider", + "description": "Connects MeshCentral to a SMS text messaging provider, allows MeshCentral to send SMS messages for 2FA or user notification.", + "oneOf": [ + { + "type": "object", + "properties": { + "provider": { + "type": "string", + "enum": [ + "twilio" + ] + }, + "sid": { + "type": "string" + }, + "auth": { + "type": "string" + }, + "from": { + "type": "string" + } + }, + "required": [ + "provider", + "sid", + "auth", + "from" + ] + }, + { + "type": "object", + "properties": { + "provider": { + "type": "string", + "enum": [ + "plivo" + ] + }, + "id": { + "type": "string" + }, + "token": { + "type": "string" + }, + "from": { + "type": "string" + } + }, + "required": [ + "provider", + "id", + "token", + "from" + ] + }, + { + "type": "object", + "properties": { + "provider": { + "type": "string", + "enum": [ + "telnyx" + ] + }, + "apikey": { + "type": "string" + }, + "from": { + "type": "string" + } + }, + "required": [ + "provider", + "apikey", + "from" + ] + }, + { + "type": "object", + "properties": { + "provider": { + "type": "string", + "enum": [ + "url" + ] + }, + "url": { + "type": "string", + "description": "A http or https URL with {{phone}} and {{message}} in the string. These will be replaced with the URL encoded target phone number and message." + } + }, + "required": [ + "url" + ] + } + ] + }, + "messaging": { + "title": "Messaging server", + "description": "This section allow MeshCentral to send messages over user messaging networks like Telegram", + "type": "object", + "properties": { + "telegram": { + "type": "object", + "description": "Configure Telegram messaging system", + "properties": { + "apiid": { + "type": "number" + }, + "apihash": { + "type": "string" + }, + "session": { + "type": "string" + } + } + }, + "discord": { + "type": "object", + "description": "Configure Discord messaging system", + "properties": { + "serverurl": { + "type": "string", + "format": "uri", + "description": "An optional HTTP link to the discord server the user must join to get notifications." + }, + "token": { + "type": "string", + "description": "A Discord bot token that MeshCentral will use to login to Discord." + } + }, + "required": [ + "token" + ] + }, + "xmpp": { + "type": "object", + "description": "Configure XMPP messaging system", + "properties": { + "service": { + "type": "string", + "description": "Host name of the XMPP server." + }, + "credentials": { + "type": "object", + "description": "Login credentials for the XMPP server.", + "properties": { + "username": { + "type": "string" + }, + "password": { + "type": "string" + } } } }, - "discord": { - "type": "object", - "description": "Configure Discord messaging system", - "properties": { - "serverurl": { - "type": "string", - "format": "uri", - "description": "An optional HTTP link to the discord server the user must join to get notifications." - }, - "token": { - "type": "string", - "description": "A Discord bot token that MeshCentral will use to login to Discord." - } - }, - "required": [ "token" ] + "required": [ + "credentials" + ] + }, + "callmebot": { + "type": "boolean", + "default": false, + "description": "Enabled CallMeBot integration support." + }, + "pushover": { + "type": "object", + "description": "Configure Pushover messaging system", + "properties": { + "token": { + "type": "string", + "description": "A Pushover application token that MeshCentral will use to login." + } }, - "xmpp": { - "type": "object", - "description": "Configure XMPP messaging system", - "properties": { - "service": { - "type": "string", - "description": "Host name of the XMPP server." - }, - "credentials": { - "type": "object", - "description": "Login credentials for the XMPP server.", - "properties": { - "username": { - "type": "string" - }, - "password": { - "type": "string" - } - } - } + "required": [ + "token" + ] + }, + "ntfy": { + "type": [ + "boolean", + "object" + ], + "default": false, + "properties": { + "host": { + "type": "string", + "description": "Host name of the ntfy server." }, - "required": [ "credentials" ] + "userurl": { + "type": "string", + "description": "A URL given to users to help them setup this service." + } }, - "callmebot": { - "type": "boolean", - "default": false, - "description": "Enabled CallMeBot integration support." - }, - "pushover": { - "type": "object", - "description": "Configure Pushover messaging system", - "properties": { - "token": { - "type": "string", - "description": "A Pushover application token that MeshCentral will use to login." - } + "description": "Enabled ntfy.sh integration support." + }, + "zulip": { + "type": "object", + "properties": { + "site": { + "type": "string", + "format": "uri", + "default": "https://api.zulip.com", + "description": "URL to the Zulip server" }, - "required": [ "token" ] - }, - "ntfy": { - "type": [ "boolean", "object" ], - "default": false, - "properties": { - "host": { - "type": "string", - "description": "Host name of the ntfy server." - }, - "userurl": { - "type": "string", - "description": "A URL given to users to help them setup this service." - } + "email": { + "type": "string", + "description": "Bot email address to login as." }, - "description": "Enabled ntfy.sh integration support." + "api_key": { + "type": "string", + "description": "Bot api key." + } }, - "zulip": { - "type": "object", - "properties": { - "site": { - "type": "string", - "format": "uri", - "default": "https://api.zulip.com", - "description": "URL to the Zulip server" - }, - "email": { - "type": "string", - "description": "Bot email address to login as." - }, - "api_key": { - "type": "string", - "description": "Bot api key." - } - }, - "description": "Enabled Zulip integration support." - } + "description": "Enabled Zulip integration support." } } } } -} \ No newline at end of file +}