mastodon_enabled: false
mastodon_publish: true
mastodon_use_external_db: true
mastodon_short_name: "mastodon"
mastodon_enable_elasticsearch: true
mastodon_admin_email: "mastodon@{{ mail_domain | default(domain) }}" 
mastodon_default_values:
  ingress:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
      kubernetes.io/ingress.class: "{{ external_ingress_class if mastodon_publish else internal_ingress_class }}"
      kubernetes.io/tls-acme: "true"
    hosts:
      - host: "{{ mastodon_short_name }}.{{ domain }}"
        paths:
          - path: '/'
    tls:
      - secretName: "{{ mastodon_short_name }}.{{ domain }}-tls"
        hosts:
          - "{{ mastodon_short_name }}.{{ domain }}"

  mastodon:
    # create an initial administrator user; the password is autogenerated and will
    # have to be reset
    createAdmin:
      enabled: true
      username: "{{ mastodon_admin_user | default(mastodon_admin_username) | default('mastodon') }}"
      password: "{{ mastodon_admin_pass | default(mastodon_admin_password) }}" 
      email: "{{ mastodon_admin_email }}"
    
    # available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43
    locale: en
    local_domain: "{{ mastodon_short_name }}.{{ domain }}"
    
    cron:
      # run `tootctl media remove` every week
      removeMedia:
        enabled: true
        schedule: "0 0 * * 0"
    
    web:
      port: 3000
    streaming:
      port: 4000
      # this should be set manually since os.cpus() returns the number of CPUs on
      # the node running the pod, which is unrelated to the resources allocated to
      # the pod by k8s
      workers: 2
    sidekiq:
      concurrency: 25
    
    # these must be set manually; autogenerated keys are rotated on each upgrade
    secrets:
      secret_key_base: "{{ mastodon_vapid_public_key_base64 | hash('sha256') }}"
      otp_secret: "{{ mastodon_vapid_public_key_base64 | hash('sha256') | hash('sha256') }}"
      vapid:
        private_key: "{{ mastodon_vapid_private_key_base64 | b64decode }}"
        public_key: "{{ mastodon_vapid_public_key_base64 | b64decode }}"
    
    smtp:
      auth_method: login
      ca_file:
      delivery_method: smtp
      domain: "{{ domain }}"
      enable_starttls_auto: false
      from_address: "{{ mastodon_admin_email }}"
      login: "{{ mastodon_admin_user | default(mastodon_admin_username) | default('mastodon') }}"
      openssl_verify_mode: false
      password: "{{ mastodon_ldap_pass | default(mastodon_ldap_password) }}"
      port: 465
      reply_to: "{{ mastodon_admin_email }}"
      server: "{{ mail_short_name | default('mail') }}.{{ domain }}"
      tls: true
    persistence:
      assets:
        # ReadWriteOnce is more widely supported than ReadWriteMany, but limits
        # scalability, since it requires the Rails and Sidekiq pods to run on the
        # same node.
        storageClassName: "{{ mastodon_assets_storage | default('nfs-ssd') }}"
        accessMode: "{{ mastodon_assets_storage_mode | default('ReadWriteMany') }}"
        resources:
          requests:
            storage: "{{ mastodon_assets_size | default('10Gi') }}"
      system:
        storageClassName: "{{ mastodon_system_storage | default('nfs-hdd') }}"
        accessMode: "{{ mastodon_system_storage_mode | default('ReadWriteMany') }}"
        resources:
          requests:
            storage: "{{ mastodon_system_size | default('100Gi') }}"
  
  elasticsearch:
    # `false` will disable full-text search
    #
    # if you enable ES after the initial install, you will need to manually run
    # RAILS_ENV=production bundle exec rake chewy:sync
    # (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
    enabled: "{{ mastodon_enable_elasticsearch }}" 
    master:
      name: master
      ## Number of master-eligible node(s) replicas to deploy
      ##
      replicas: 1
    coordinating:
      ## Number of coordinating-only node(s) replicas to deploy
      ##
      replicas: 1
    data:
      name: data
      ## Number of data node(s) replicas to deploy
      ##
      replicas: 1


  # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
  postgresql:
    # Disable for external PostgreSQL
    enabled: false
    postgresqlHostname: "{{ namespace }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
    postgresqlDatabase: mastodon
    # you must set a password; the password generated by the postgresql chart will
    # be rotated on each upgrade:
    # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
    postgresqlUsername: "{{ mastodon_db_username }}"
    postgresqlPassword: "{{ mastodon_db_password }}"
  
  # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
  redis:
    architecture: standalone
    enabled: true
    auth:
      password: "{{ mastodon_vapid_public_key_base64 | hash('md5') }}"