Compare commits

...

2 Commits

Author SHA1 Message Date
ace
2991123422
mastodon: bump to vv4.2.9, helm chart v5.1.2
postgres-operator: bump to v1.12.0, helm chart v1.12.0

postgres-operator-ui: bump to v1.12.0, helm chart v1.12.0
2024-06-01 03:42:30 +03:00
ace
e9c70618f6
roundcube: fix tls 2024-06-01 03:42:18 +03:00
6 changed files with 14 additions and 73 deletions

View File

@ -26,8 +26,8 @@ internal_ingress_nginx_version: 4.2.3
local_ingress_nginx_version: 4.2.3
# PostgreSQL operator
postgres_operator_version: 1.11.0
postgres_operator_ui_version: 1.11.0
postgres_operator_version: 1.12.0
postgres_operator_ui_version: 1.12.0
# OpenLDAP
openldap_version: 1.2.7
@ -53,7 +53,7 @@ gitea_act_runner_version: 0.1.10
harbor_version: 1.12.4
# Mastodon
mastodon_version: 4.0.1
mastodon_version: 5.1.2
# Nextcloud
nextcloud_version: 4.6.4

View File

@ -26,43 +26,26 @@ mastodon_default_values:
- "{{ mastodon_short_name }}.{{ domain }}"
mastodon:
# create an initial administrator user; the password is autogenerated and will
# have to be reset
createAdmin:
enabled: true
username: "{{ mastodon_admin_user | default(mastodon_admin_username) | default('mastodon') }}"
password: "{{ mastodon_admin_pass | default(mastodon_admin_password) }}"
email: "{{ mastodon_admin_email }}"
# available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43
locale: en
local_domain: "{{ mastodon_short_name }}.{{ domain }}"
cron:
# run `tootctl media remove` every week
removeMedia:
enabled: true
schedule: "0 0 * * 0"
web:
port: 3000
streaming:
port: 4000
# this should be set manually since os.cpus() returns the number of CPUs on
# the node running the pod, which is unrelated to the resources allocated to
# the pod by k8s
workers: 2
sidekiq:
concurrency: 25
# these must be set manually; autogenerated keys are rotated on each upgrade
secrets:
secret_key_base: "{{ mastodon_vapid_public_key_base64 | hash('sha256') }}"
otp_secret: "{{ mastodon_vapid_public_key_base64 | hash('sha256') | hash('sha256') }}"
vapid:
private_key: "{{ mastodon_vapid_private_key_base64 | b64decode }}"
public_key: "{{ mastodon_vapid_public_key_base64 | b64decode }}"
activeRecordEncryption:
primaryKey: "{{ mastodon_primary_key_secret }}"
deterministicKey: "{{ mastodon_deterministic_key_secret }}"
keyDerivationSalt: "{{ mastodon_key_derivation_salt_secret }}"
smtp:
auth_method: login
ca_file:
@ -95,11 +78,6 @@ mastodon_default_values:
storage: "{{ mastodon_system_size | default('100Gi') }}"
elasticsearch:
# `false` will disable full-text search
#
# if you enable ES after the initial install, you will need to manually run
# RAILS_ENV=production bundle exec rake chewy:sync
# (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
enabled: "{{ mastodon_enable_elasticsearch }}"
master:
name: master
@ -116,20 +94,14 @@ mastodon_default_values:
##
replicas: 1
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
postgresql:
# Disable for external PostgreSQL
enabled: false
postgresqlHostname: "{{ namespace }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
# you must set a password; the password generated by the postgresql chart will
# be rotated on each upgrade:
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
auth:
database: mastodon
username: "{{ mastodon_db_username }}"
password: "{{ mastodon_db_password }}"
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
redis:
architecture: standalone
enabled: true

View File

@ -15,38 +15,3 @@
chart_ref: "{{ mastodon_chart_ref }}"
chart_version: "{{ mastodon_version | default(omit) }}"
release_values: "{{ mastodon_combined_values | from_yaml }}"
- name: Search for mastodon web pod
kubernetes.core.k8s_info:
kind: Pod
namespace: "{{ mastodon_namespace | default(namespace) }}"
label_selectors:
- app.kubernetes.io/component=web
- app.kubernetes.io/instance=mastodon
register: mastodon_web_pod_name
- name: Remove mastodon web pod for restart
kubernetes.core.k8s:
state: absent
api_version: v1
kind: Pod
namespace: "{{ mastodon_namespace | default(namespace) }}"
name: "{{ mastodon_web_pod_name.resources[0].metadata.name }}"
- name: Search for mastodon streaming pod
kubernetes.core.k8s_info:
kind: Pod
namespace: "{{ mastodon_namespace | default(namespace) }}"
label_selectors:
- app.kubernetes.io/component=streaming
- app.kubernetes.io/instance=mastodon
register: mastodon_streaming_pod_name
- name: Remove mastodon streaming pod for restart
kubernetes.core.k8s:
state: absent
api_version: v1
kind: Pod
namespace: "{{ mastodon_namespace | default(namespace) }}"
name: "{{ mastodon_streaming_pod_name.resources[0].metadata.name }}"

View File

@ -20,6 +20,7 @@ postgres_operator_ui_default_values:
envs:
# IMPORTANT: While operator chart and UI chart are idendependent, this is the interface between
# UI and operator API. Insert the service name of the operator API here!
appUrl: "https://{{ postgres_operator_ui_short_name }}.{{ domain }}"
operatorApiUrl: "http://postgres-operator:8080"
operatorClusterNameLabel: "cluster-name"
resourcesVisible: "False"

View File

@ -20,6 +20,9 @@ default_accounts:
secret_keys:
- { name: peertube }
- { name: harbor }
- { name: mastodon_primary_key }
- { name: mastodon_deterministic_key }
- { name: mastodon_key_derivation_salt }
htpasswd_accounts:
- { name: pypiserver_admin }

View File

@ -77,7 +77,7 @@ roundcube_default_values:
'ssl' => array(
'verify_peer' => false,
'allow_self_signed' => true,
'ciphers' => 'TLSv1.3+HIGH:!aNull:@STRENGTH',
'ciphers' => 'TLSv1.2+HIGH:!aNull:@STRENGTH',
),
);
// For STARTTLS SMTP
@ -85,7 +85,7 @@ roundcube_default_values:
'ssl' => array(
'verify_peer' => false,
'allow_self_signed' => true,
'ciphers' => 'TLSv1.3+HIGH:!aNull:@STRENGTH',
'ciphers' => 'TLSv1.2+HIGH:!aNull:@STRENGTH',
),
);
?>