-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathmastodon.yaml
130 lines (125 loc) · 3.93 KB
/
mastodon.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: mastodon
namespace: social
spec:
interval: 15m
chart:
spec:
chart: mastodon
version: 5.5.2
sourceRef:
kind: HelmRepository
name: wrmilling-charts
namespace: flux-system
values:
image:
repository: ghcr.io/glitch-soc/mastodon
tag: nightly@sha256:591ac811dfd9a49dcf9261001d00fccadf618abc5579775351c25477086c579f
pullPolicy: IfNotPresent
mastodon:
createAdmin:
enabled: false
username: "winston"
email: "winston@${SECRET_DOMAIN_SECONDARY}"
local_domain: "${SECRET_DOMAIN_SECONDARY}"
web_domain: "mastodon.${SECRET_DOMAIN}"
singleUserMode: true
extraEnvVars:
MAX_TOOT_CHARS: 2048
s3:
enabled: true
access_key: "${SECRET_MASTODON_S3_ACCESS_KEY}"
access_secret: "${SECRET_MASTODON_S3_SECRET_KEY}"
bucket: "mastodon"
endpoint: "https://mfile.${SECRET_DOMAIN}"
hostname: "mfile.${SECRET_DOMAIN}"
alias_host: "mcdn.${SECRET_DOMAIN}"
secrets:
secret_key_base: "${SECRET_MASTODON_SECRET_KEY_BASE}"
otp_secret: "${SECRET_MASTODON_OTP_SECRET}"
vapid:
private_key: "${SECRET_MASTODON_VAPID_PRIVATE_KEY}"
public_key: "${SECRET_MASTODON_VAPID_PUBLIC_KEY}"
activeRecordEncryption:
primaryKey: "${SECRET_MASTODON_AR_PRIMARY_KEY}"
deterministicKey: "${SECRET_MASTODON_AR_DETERMINISTIC_KEY}"
keyDerivationSalt: "${SECRET_MASTODON_AR_KEY_DERIVATION_SALT}"
sidekiq:
workers:
- name: all-queues
concurrency: 25
replicas: 1
resources: {}
affinity: {}
queues:
- default,8
- push,6
- ingress,4
- mailers,2
- pull
- scheduler # Make sure the scheduler queue only exists once and with a worker that has 1 replica.
- name: pull-ingress
concurrency: 50
replicas: 1
resources: {}
affinity: {}
queues:
- pull
- ingress
smtp:
domain: "${SECRET_DOMAIN}"
from_address: "${SECRET_MASTODON_SMTP_USER}"
server: "${SECRET_SMTP_DOMAIN}"
port: 587
login: "${SECRET_MASTODON_SMTP_USER}"
password: "${SECRET_MASTODON_SMTP_PASS}"
streaming:
image:
repository: ghcr.io/glitch-soc/mastodon-streaming
tag: nightly@sha256:a766ac5dd6605cadd4b423e00d9d8e5ba4201947891f43752361af7dfdb0f448
port: 4000
web:
port: 3000
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 40m
nginx.org/client-max-body-size: 40m
#nginx.ingress.kubernetes.io/configuration-snippet: |
# more_set_headers "Content-Security-Policy: \"default-src 'none'; form-action 'none'\"";
# more_set_headers "X-Content-Type-Options: nosniff";
ingressClassName: nginx-external
hosts:
- host: mastodon.${SECRET_DOMAIN}
paths:
- path: '/'
tls:
- secretName: mastodon-cert
hosts:
- mastodon.${SECRET_DOMAIN}
elasticsearch:
enabled: true
image:
tag: 7.17.9
postgresql:
enabled: false
postgresqlHostname: mastodon-psql-v16-rw.default.svc
postgresqlPort: 5432
primary:
persistence:
enabled: false
existingClaim: "mastodon-postgres-pvc"
auth:
database: mastodon
username: mastodon
password: "${SECRET_MASTODON_DB_PASS}"
postgresPassword: "${SECRET_MASTODON_POSTGRES_POSTGRES_PASSWORD}"
existingSecret: mastodon-postgresql
redis:
enabled: false
hostname: mastodon-valkey-primary.social.svc
auth:
password: "${SECRET_MASTODON_REDIS_PASSWORD}"