mastodon_enabled: false
mastodon_publish: true
mastodon_chart_ref: "ghp/mastodon"
mastodon_use_external_db: true
mastodon_short_name: "mastodon"
mastodon_enable_elasticsearch: true
mastodon_admin_email: "mastodon@{{ mail_domain | default(domain) }}" 
mastodon_default_values:
  ingress:
    enabled: true
    ingressClassName: "{{ external_ingress_class if mastodon_publish else internal_ingress_class }}"
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      kubernetes.io/tls-acme: "true"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    hosts:
      - host: "{{ mastodon_short_name }}.{{ domain }}"
        paths:
          - path: /
            pathType: ImplementationSpecific
    tls:
      - secretName: "{{ mastodon_short_name }}.{{ domain }}-tls"
        hosts:
          - "{{ mastodon_short_name }}.{{ domain }}"

  mastodon:
    createAdmin:
      enabled: true
      username: "{{ mastodon_admin_user | default(mastodon_admin_username) | default('mastodon') }}"
      password: "{{ mastodon_admin_pass | default(mastodon_admin_password) }}" 
      email: "{{ mastodon_admin_email }}"
    
    locale: en
    local_domain: "{{ mastodon_short_name }}.{{ domain }}"
    
    secrets:
      secret_key_base: "{{ mastodon_vapid_public_key_base64 | hash('sha256') }}"
      otp_secret: "{{ mastodon_vapid_public_key_base64 | hash('sha256') | hash('sha256') }}"
      vapid:
        private_key: "{{ mastodon_vapid_private_key_base64 | b64decode }}"
        public_key: "{{ mastodon_vapid_public_key_base64 | b64decode }}"
      activeRecordEncryption:
        primaryKey: "{{ mastodon_primary_key_secret }}"
        deterministicKey: "{{ mastodon_deterministic_key_secret }}"
        keyDerivationSalt: "{{ mastodon_key_derivation_salt_secret }}"

    smtp:
      auth_method: login
      ca_file:
      delivery_method: smtp
      domain: "{{ domain }}"
      enable_starttls: false
      from_address: "{{ mastodon_admin_email }}"
      login: "{{ mastodon_admin_user | default(mastodon_admin_username) | default('mastodon') }}"
      openssl_verify_mode: false
      password: "{{ mastodon_ldap_pass | default(mastodon_ldap_password) }}"
      port: 465
      reply_to: "{{ mastodon_admin_email }}"
      server: "{{ mail_short_name | default('mail') }}.{{ domain }}"
      tls: true
    persistence:
      assets:
        # ReadWriteOnce is more widely supported than ReadWriteMany, but limits
        # scalability, since it requires the Rails and Sidekiq pods to run on the
        # same node.
        storageClassName: "{{ mastodon_assets_storage | default('nfs-ssd') }}"
        accessMode: "{{ mastodon_assets_storage_mode | default('ReadWriteMany') }}"
        resources:
          requests:
            storage: "{{ mastodon_assets_size | default('10Gi') }}"
      system:
        storageClassName: "{{ mastodon_system_storage | default('nfs-hdd') }}"
        accessMode: "{{ mastodon_system_storage_mode | default('ReadWriteMany') }}"
        resources:
          requests:
            storage: "{{ mastodon_system_size | default('100Gi') }}"
  
  elasticsearch:
    enabled: "{{ mastodon_enable_elasticsearch }}" 
    master:
      name: master
      ## Number of master-eligible node(s) replicas to deploy
      ##
      replicas: 1
    coordinating:
      ## Number of coordinating-only node(s) replicas to deploy
      ##
      replicas: 1
    data:
      name: data
      ## Number of data node(s) replicas to deploy
      ##
      replicas: 1

  postgresql:
    enabled: false
    postgresqlHostname: "{{ namespace }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
    auth:
      database: mastodon
      username: "{{ mastodon_db_username }}"
      password: "{{ mastodon_db_password }}"

  redis:
    architecture: standalone
    enabled: true
    auth:
      password: "{{ mastodon_vapid_public_key_base64 | hash('md5') }}"