139 lines
5.0 KiB
YAML
139 lines
5.0 KiB
YAML
mastodon_enabled: false
|
|
mastodon_publish: true
|
|
mastodon_use_external_db: true
|
|
mastodon_short_name: "mastodon"
|
|
mastodon_enable_elasticsearch: true
|
|
mastodon_admin_email: "mastodon@{{ mail_domain | default(domain) }}"
|
|
mastodon_default_values:
|
|
ingress:
|
|
enabled: true
|
|
className: "{{ external_ingress_class if mastodon_publish else internal_ingress_class }}"
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
kubernetes.io/tls-acme: "true"
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
|
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
|
|
hosts:
|
|
- host: "{{ mastodon_short_name }}.{{ domain }}"
|
|
paths:
|
|
- path: /
|
|
pathType: ImplementationSpecific
|
|
tls:
|
|
- secretName: "{{ mastodon_short_name }}.{{ domain }}-tls"
|
|
hosts:
|
|
- "{{ mastodon_short_name }}.{{ domain }}"
|
|
|
|
mastodon:
|
|
# create an initial administrator user; the password is autogenerated and will
|
|
# have to be reset
|
|
createAdmin:
|
|
enabled: true
|
|
username: "{{ mastodon_admin_user | default(mastodon_admin_username) | default('mastodon') }}"
|
|
password: "{{ mastodon_admin_pass | default(mastodon_admin_password) }}"
|
|
email: "{{ mastodon_admin_email }}"
|
|
|
|
# available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43
|
|
locale: en
|
|
local_domain: "{{ mastodon_short_name }}.{{ domain }}"
|
|
|
|
cron:
|
|
# run `tootctl media remove` every week
|
|
removeMedia:
|
|
enabled: true
|
|
schedule: "0 0 * * 0"
|
|
|
|
web:
|
|
port: 3000
|
|
streaming:
|
|
port: 4000
|
|
# this should be set manually since os.cpus() returns the number of CPUs on
|
|
# the node running the pod, which is unrelated to the resources allocated to
|
|
# the pod by k8s
|
|
workers: 2
|
|
sidekiq:
|
|
concurrency: 25
|
|
|
|
# these must be set manually; autogenerated keys are rotated on each upgrade
|
|
secrets:
|
|
secret_key_base: "{{ mastodon_vapid_public_key_base64 | hash('sha256') }}"
|
|
otp_secret: "{{ mastodon_vapid_public_key_base64 | hash('sha256') | hash('sha256') }}"
|
|
vapid:
|
|
private_key: "{{ mastodon_vapid_private_key_base64 | b64decode }}"
|
|
public_key: "{{ mastodon_vapid_public_key_base64 | b64decode }}"
|
|
|
|
smtp:
|
|
auth_method: login
|
|
ca_file:
|
|
delivery_method: smtp
|
|
domain: "{{ domain }}"
|
|
enable_starttls_auto: false
|
|
from_address: "{{ mastodon_admin_email }}"
|
|
login: "{{ mastodon_admin_user | default(mastodon_admin_username) | default('mastodon') }}"
|
|
openssl_verify_mode: false
|
|
password: "{{ mastodon_ldap_pass | default(mastodon_ldap_password) }}"
|
|
port: 465
|
|
reply_to: "{{ mastodon_admin_email }}"
|
|
server: "{{ mail_short_name | default('mail') }}.{{ domain }}"
|
|
tls: true
|
|
persistence:
|
|
assets:
|
|
# ReadWriteOnce is more widely supported than ReadWriteMany, but limits
|
|
# scalability, since it requires the Rails and Sidekiq pods to run on the
|
|
# same node.
|
|
storageClassName: "{{ mastodon_assets_storage | default('nfs-ssd') }}"
|
|
accessMode: "{{ mastodon_assets_storage_mode | default('ReadWriteMany') }}"
|
|
resources:
|
|
requests:
|
|
storage: "{{ mastodon_assets_size | default('10Gi') }}"
|
|
system:
|
|
storageClassName: "{{ mastodon_system_storage | default('nfs-hdd') }}"
|
|
accessMode: "{{ mastodon_system_storage_mode | default('ReadWriteMany') }}"
|
|
resources:
|
|
requests:
|
|
storage: "{{ mastodon_system_size | default('100Gi') }}"
|
|
|
|
elasticsearch:
|
|
# `false` will disable full-text search
|
|
#
|
|
# if you enable ES after the initial install, you will need to manually run
|
|
# RAILS_ENV=production bundle exec rake chewy:sync
|
|
# (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
|
|
enabled: "{{ mastodon_enable_elasticsearch }}"
|
|
master:
|
|
name: master
|
|
## Number of master-eligible node(s) replicas to deploy
|
|
##
|
|
replicas: 1
|
|
coordinating:
|
|
## Number of coordinating-only node(s) replicas to deploy
|
|
##
|
|
replicas: 1
|
|
data:
|
|
name: data
|
|
## Number of data node(s) replicas to deploy
|
|
##
|
|
replicas: 1
|
|
|
|
|
|
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
|
|
postgresql:
|
|
# Disable for external PostgreSQL
|
|
enabled: false
|
|
postgresqlHostname: "{{ namespace }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
|
|
postgresqlDatabase: mastodon
|
|
# you must set a password; the password generated by the postgresql chart will
|
|
# be rotated on each upgrade:
|
|
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
|
|
postgresqlUsername: "{{ mastodon_db_username }}"
|
|
postgresqlPassword: "{{ mastodon_db_password }}"
|
|
|
|
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
|
|
redis:
|
|
architecture: standalone
|
|
enabled: true
|
|
auth:
|
|
password: "{{ mastodon_vapid_public_key_base64 | hash('md5') }}"
|
|
|
|
|