diff --git a/roles/mastodon/defaults/main.yaml b/roles/mastodon/defaults/main.yaml index bb8b2ba..027d092 100644 --- a/roles/mastodon/defaults/main.yaml +++ b/roles/mastodon/defaults/main.yaml @@ -14,30 +14,34 @@ mastodon_default_values: nginx.ingress.kubernetes.io/proxy-send-timeout: "600" kubernetes.io/ingress.class: "{{ external_ingress_class if mastodon_publish else internal_ingress_class }}" kubernetes.io/tls-acme: "true" - hostname: "{{ mastodon_short_name }}.{{ domain }}" + hosts: + - host: "{{ mastodon_short_name }}.{{ domain }}" + paths: + - path: '/' tls: - secretName: "{{ mastodon_short_name }}.{{ domain }}-tls" hosts: - "{{ mastodon_short_name }}.{{ domain }}" - - # create an initial administrator user; the password is autogenerated and will - # have to be reset - createAdmin: - enabled: true - username: "{{ mastodon_admin_user | default(mastodon_admin_username) | default('mastodon') }}" - password: "{{ mastodon_admin_pass | default(mastodon_admin_password) }}" - email: "{{ mastodon_admin_email }}" - - # available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43 - locale: en - - cron: - # run `tootctl media remove` every week - removeMedia: + + mastodon: + # create an initial administrator user; the password is autogenerated and will + # have to be reset + createAdmin: enabled: true - schedule: "0 0 * * 0" - - application: + username: "{{ mastodon_admin_user | default(mastodon_admin_username) | default('mastodon') }}" + password: "{{ mastodon_admin_pass | default(mastodon_admin_password) }}" + email: "{{ mastodon_admin_email }}" + + # available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43 + locale: en + local_domain: "{{ mastodon_short_name }}.{{ domain }}" + + cron: + # run `tootctl media remove` every week + removeMedia: + enabled: true + schedule: "0 0 * * 0" + web: port: 3000 streaming: @@ -48,29 +52,45 @@ mastodon_default_values: workers: 2 sidekiq: concurrency: 25 - - # these must be set manually; autogenerated keys are rotated on each upgrade - secrets: - secret_key_base: "{{ mastodon_vapid_public_key_base64 | hash('sha256') }}" - otp_secret: "{{ mastodon_vapid_public_key_base64 | hash('sha256') | hash('sha256') }}" - vapid: - private_key: "{{ mastodon_vapid_private_key_base64 | b64decode }}" - public_key: "{{ mastodon_vapid_public_key_base64 | b64decode }}" - - smtp: - auth_method: login - ca_file: - delivery_method: smtp - domain: "{{ domain }}" - enable_starttls_auto: false - from_address: "{{ mastodon_admin_email }}" - login: "{{ mastodon_admin_user | default(mastodon_admin_username) | default('mastodon') }}" - openssl_verify_mode: false - password: "{{ mastodon_ldap_pass | default(mastodon_ldap_password) }}" - port: 465 - reply_to: "{{ mastodon_admin_email }}" - server: "{{ mail_short_name | default('mail') }}.{{ domain }}" - tls: true + + # these must be set manually; autogenerated keys are rotated on each upgrade + secrets: + secret_key_base: "{{ mastodon_vapid_public_key_base64 | hash('sha256') }}" + otp_secret: "{{ mastodon_vapid_public_key_base64 | hash('sha256') | hash('sha256') }}" + vapid: + private_key: "{{ mastodon_vapid_private_key_base64 | b64decode }}" + public_key: "{{ mastodon_vapid_public_key_base64 | b64decode }}" + + smtp: + auth_method: login + ca_file: + delivery_method: smtp + domain: "{{ domain }}" + enable_starttls_auto: false + from_address: "{{ mastodon_admin_email }}" + login: "{{ mastodon_admin_user | default(mastodon_admin_username) | default('mastodon') }}" + openssl_verify_mode: false + password: "{{ mastodon_ldap_pass | default(mastodon_ldap_password) }}" + port: 465 + reply_to: "{{ mastodon_admin_email }}" + server: "{{ mail_short_name | default('mail') }}.{{ domain }}" + tls: true + persistence: + assets: + # ReadWriteOnce is more widely supported than ReadWriteMany, but limits + # scalability, since it requires the Rails and Sidekiq pods to run on the + # same node. + storageClassName: "{{ mastodon_assets_storage | default('nfs-ssd') }}" + accessMode: "{{ mastodon_assets_storage_mode | default('ReadWriteMany') }}" + resources: + requests: + storage: "{{ mastodon_assets_size | default('10Gi') }}" + system: + storageClassName: "{{ mastodon_system_storage | default('nfs-hdd') }}" + accessMode: "{{ mastodon_system_storage_mode | default('ReadWriteMany') }}" + resources: + requests: + storage: "{{ mastodon_system_size | default('100Gi') }}" elasticsearch: # `false` will disable full-text search @@ -99,9 +119,7 @@ mastodon_default_values: postgresql: # Disable for external PostgreSQL enabled: false - # Set for external PostgreSQL - # postgresqlHost: postgresql.local - postgresqlHost: "{{ namespace }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local" + postgresqlHostname: "{{ namespace }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local" postgresqlDatabase: mastodon # you must set a password; the password generated by the postgresql chart will # be rotated on each upgrade: @@ -111,28 +129,9 @@ mastodon_default_values: # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters redis: + architecture: standalone enabled: true - usePassword: true - # you must set a password; the password generated by the redis chart will be - # rotated on each upgrade: - password: "{{ mastodon_vapid_public_key_base64 | hash('md5') }}" - cluster: - enabled: false + auth: + password: "{{ mastodon_vapid_public_key_base64 | hash('md5') }}" - persistence: - assets: - # ReadWriteOnce is more widely supported than ReadWriteMany, but limits - # scalability, since it requires the Rails and Sidekiq pods to run on the - # same node. - storageClassName: "{{ mastodon_assets_storage | default('nfs-ssd') }}" - accessMode: "{{ mastodon_assets_storage_mode | default('ReadWriteMany') }}" - resources: - requests: - storage: "{{ mastodon_assets_size | default('10Gi') }}" - system: - storageClassName: "{{ mastodon_system_storage | default('nfs-hdd') }}" - accessMode: "{{ mastodon_system_storage_mode | default('ReadWriteMany') }}" - resources: - requests: - storage: "{{ mastodon_system_size | default('100Gi') }}"