add everything to a config map and flesh fix default values a bit more for docker

charts/pixelfed/README.md

@@ -19,6 +19,26 @@ A Helm chart for deploying Pixelfed on Kubernetes
 | autoscaling.maxReplicas | int | `100` |  |
 | autoscaling.minReplicas | int | `1` |  |
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
+| externalDatabase.connection | string | `"psql"` | options: sqlite mysql pgsql sqlsrv |
+| externalDatabase.database | string | `"pixelfed"` |  |
+| externalDatabase.existingSecret | string | `""` | get database credentials from an existing Kubernetes Secret |
+| externalDatabase.existingSecretKeys.database | string | `"pixelfed"` | key in existing Kubernetes Secret for database. If set, ignores externalDatabase.database |
+| externalDatabase.existingSecretKeys.host | string | `""` | key in existing Kubernetes Secret for host. If set, ignores externalDatabase.host |
+| externalDatabase.existingSecretKeys.password | string | `""` | key in existing Kubernetes Secret for password. If set, ignores externalDatabase.password |
+| externalDatabase.existingSecretKeys.port | string | `""` | key in existing Kubernetes Secret for port. If set, ignores externalDatabase.port |
+| externalDatabase.existingSecretKeys.username | string | `""` | key in existing Kubernetes Secret for username. If set, ignores externalDatabase.username |
+| externalDatabase.host | string | `""` |  |
+| externalDatabase.password | string | `""` |  |
+| externalDatabase.port | int | `3306` |  |
+| externalDatabase.username | string | `""` |  |
+| externalValkey.client | string | `"phpredis"` |  |
+| externalValkey.existingSecret | string | `""` | get valkey credentials from an existing Kubernetes Secret |
+| externalValkey.existingSecretKeys.host | string | `""` | key in existing Kubernetes Secret for host. If set, ignores externalValkey.host |
+| externalValkey.existingSecretKeys.password | string | `""` | key in existing Kubernetes Secret for password. If set, ignores externalValkey.password |
+| externalValkey.host | string | `"valkey"` |  |
+| externalValkey.password | string | `"null"` |  |
+| externalValkey.port | string | `"6379"` |  |
+| externalValkey.scheme | string | `"tcp"` |  |
 | fullnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. |
 | image.registry | string | `"ghcr.io"` |  |
@@ -37,13 +57,21 @@ A Helm chart for deploying Pixelfed on Kubernetes
 | nameOverride | string | `""` | This is to override the chart name. |
 | nodeSelector | object | `{}` |  |
 | pixelfed.account_deletion | bool | `true` | Enable account deletion (may be a requirement in some jurisdictions) |
+| pixelfed.activity_pub.enabled | bool | `false` |  |
+| pixelfed.activity_pub.inbox | bool | `false` |  |
+| pixelfed.activity_pub.outbox | bool | `false` |  |
+| pixelfed.activity_pub.remote_follow | bool | `false` |  |
+| pixelfed.activity_pub.sharedinbox | bool | `false` |  |
+| pixelfed.admin_domain | string | `""` | domain of admin interface |
 | pixelfed.app.domain | string | `""` | The domain of your server, without https:// |
 | pixelfed.app.env | string | `"production"` | The app environment, keep it set to "production" |
 | pixelfed.app.locale | string | `"en"` | change this to the language code of your pixelfed instance |
 | pixelfed.app.name | string | `"Pixelfed"` | The name of your server/instance |
 | pixelfed.app.url | string | `"https://localhost"` | change this to the domain of your pixelfed instance |
+| pixelfed.atom_feeds | string | `"true"` | https://docs.pixelfed.org/technical-documentation/config/#atom_feeds |
 | pixelfed.enable_config_cache | bool | `true` | Enable the config cache to allow you to manage settings via the admin dashboard |
 | pixelfed.enforce_email_verification | bool | `true` | Enforce email verification |
+| pixelfed.exp_emc | bool | `true` | Experimental Configuration |
 | pixelfed.force_https_urls | bool | `true` | Force https url generation |
 | pixelfed.image_quality | int | `80` | Set the image optimization quality, between 1-100. Lower uses less space, higher more quality |
 | pixelfed.instance.contact_email | string | `""` | The public contact email for your server |
@@ -60,6 +88,19 @@ A Helm chart for deploying Pixelfed on Kubernetes
 | pixelfed.instance.reports.email_autospam | bool | `false` | Enable autospam reports (require INSTANCE_REPORTS_EMAIL_ENABLED) |
 | pixelfed.instance.reports.email_enabled | bool | `false` | Send a report email to the admin account for new autospam/reports |
 | pixelfed.instance.show_peers | bool | `false` | Enable the api/v1/peers API endpoint |
+| pixelfed.mail.driver | string | `"smtp"` | options: "smtp" (default), "sendmail", "mailgun", "mandrill", "ses" "sparkpost", "log", "array" |
+| pixelfed.mail.encryption | string | `"tls"` |  |
+| pixelfed.mail.existingSecret | string | `""` | name of an existing Kubernetes Secret for mail credentials |
+| pixelfed.mail.existingSecretKeys.host | string | `""` | key in existing Kubernetes Secret for host. If set, ignores mail.host |
+| pixelfed.mail.existingSecretKeys.password | string | `""` | key in existing Kubernetes Secret for password. If set, ignores mail.password |
+| pixelfed.mail.existingSecretKeys.port | string | `""` | key in existing Kubernetes Secret for port. If set, ignores mail.port |
+| pixelfed.mail.existingSecretKeys.username | string | `""` | key in existing Kubernetes Secret for username. If set, ignores mail.username |
+| pixelfed.mail.from_address | string | `"pixelfed@example.com"` |  |
+| pixelfed.mail.from_name | string | `"Pixelfed"` |  |
+| pixelfed.mail.host | string | `"smtp.mailtrap.io"` |  |
+| pixelfed.mail.password | string | `""` |  |
+| pixelfed.mail.port | int | `2525` |  |
+| pixelfed.mail.username | string | `""` |  |
 | pixelfed.max_account_size | int | `1000000` | The max allowed account size in KB |
 | pixelfed.max_album_length | int | `6` | The max number of media per post album |
 | pixelfed.max_avatar_size | int | `2000` | The max user avatar size in KB |
@@ -68,6 +109,7 @@ A Helm chart for deploying Pixelfed on Kubernetes
 | pixelfed.max_name_length | int | `32` | The max user display name length |
 | pixelfed.max_photo_size | int | `15000` | The max photo/video size in KB |
 | pixelfed.min_password_length | int | `16` | The min password length |
+| pixelfed.nodeinfo | string | `"true"` | https://docs.pixelfed.org/technical-documentation/config/#nodeinfo |
 | pixelfed.oauth_enabled | bool | `true` | Enable oAuth support, required for mobile/3rd party apps |
 | pixelfed.open_registration | bool | `true` | Enable open registration for new accounts |
 | pixelfed.pf.admin_invites_enabled | bool | `true` | Enable the Admin Invites feature |
@@ -82,10 +124,28 @@ A Helm chart for deploying Pixelfed on Kubernetes
 | pixelfed.pf.max_users | int | `1000` | Limit max user registrations |
 | pixelfed.pf.optimize_images | bool | `true` | Enable image optimization |
 | pixelfed.pf.optimize_videos | bool | `true` | Enable video optimization |
+| pixelfed.s3.access_key_id | string | `""` | s3 access_key_id. ignored if s3.existingSecretKeys.access_key_id is set |
+| pixelfed.s3.bucket | string | `""` | s3 bucket |
+| pixelfed.s3.endpoint | string | `""` | s3 endpoint excluding protocol such as s3.domain.com |
+| pixelfed.s3.existingSecret | string | `""` | name of an existing Kubernetes Secret for s3 credentials |
+| pixelfed.s3.existingSecretKeys.access_key_id | string | `""` | key in existing Kubernetes Secret for access_key_id. If set, ignores s3.access_key_id |
+| pixelfed.s3.existingSecretKeys.endpoint | string | `""` | key in existing Kubernetes Secret for endpoint. If set, ignores s3.endpoint |
+| pixelfed.s3.existingSecretKeys.secret_access_key | string | `""` | key in existing Kubernetes Secret for secret_access_key. If set, ignores s3.secret_access_key |
+| pixelfed.s3.existingSecretKeys.url | string | `""` | key in existing Kubernetes Secret for url. If set, ignores s3.url |
+| pixelfed.s3.region | string | `""` | s3 region |
+| pixelfed.s3.secret_access_key | string | `""` | s3 secret_access_key. ignored if s3.existingSecretKeys.secret_access_key is set |
+| pixelfed.s3.url | string | `""` | s3 url including protocol such as https://s3.domain.com |
+| pixelfed.s3.use_path_style_endpoint | bool | `false` | use S3 path type instead of using a DNS subdomain |
+| pixelfed.session_domain | string | `""` | domain of session? |
 | pixelfed.stories_enabled | bool | `false` | Enable the Stories feature |
+| pixelfed.timezone | string | `"europe/amsterdam"` | timezone for docker container |
+| pixelfed.trusted_proxies | string | `"*"` | trusted proxies |
+| pixelfed.webfinger | string | `"true"` | https://docs.pixelfed.org/technical-documentation/config/#webfinger |
 | podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
 | podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ |
 | podSecurityContext | object | `{}` |  |
+| postgresql.enabled | bool | `false` | enable the bundled postgresql sub chart from Bitnami. Must set to true if externalDatabase.enabled=false |
+| postgresql.fullnameOverride | string | `""` |  |
 | readinessProbe.httpGet.path | string | `"/"` |  |
 | readinessProbe.httpGet.port | string | `"http"` |  |
 | replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ |
@@ -98,8 +158,26 @@ A Helm chart for deploying Pixelfed on Kubernetes
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | tolerations | list | `[]` |  |
+| valkey.auth.enabled | bool | `true` |  |
+| valkey.auth.existingSecret | string | `""` |  |
+| valkey.auth.existingSecretPasswordKey | string | `"password"` |  |
+| valkey.auth.metrics.enabled | bool | `false` |  |
+| valkey.auth.persistentVolumeClaimRetentionPolicy.enabled | bool | `true` |  |
+| valkey.auth.persistentVolumeClaimRetentionPolicy.whenDeleted | string | `"Retain"` |  |
+| valkey.auth.persistentVolumeClaimRetentionPolicy.whenScaled | string | `"Retain"` |  |
+| valkey.auth.primary.persistence.enabled | bool | `true` |  |
+| valkey.auth.primary.persistence.existingClaim | string | `""` |  |
+| valkey.auth.replica.persistence.enabled | bool | `true` |  |
+| valkey.auth.replica.persistence.existingClaim | string | `""` |  |
+| valkey.auth.resourcesPreset | string | `"small"` |  |
+| valkey.auth.tls.authClients | bool | `true` |  |
+| valkey.auth.tls.autoGenerated | bool | `false` |  |
+| valkey.auth.tls.enabled | bool | `false` |  |
+| valkey.enabled | bool | `false` | enable the bundled valkey sub chart from Bitnami. Must set to true if externalValkey.enabled=false |
+| valkey.fullnameOverride | string | `""` |  |
+| valkey.global.storageClass | string | `""` |  |
 | volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. |
 | volumes | list | `[]` | Additional volumes on the output Deployment definition. |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/pixelfed/templates/configmap.yaml

@@ -0,0 +1,115 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: pixelfed-env
+data:
+  env: |-
+    # app config vars
+    APP_NAME={{ .Values.pixelfed.app.name }}
+    APP_ENV={{ .Values.pixelfed.app.env }}
+    APP_URL={{ .Values.pixelfed.app.url }}
+    APP_LOCALE={{ .Values.pixelfed.app.locale }}
+    {{- with .Values.pixelfed.app.domain }}
+    APP_DOMAIN={{ . }}
+    {{- end }}
+
+    # registration related env vars
+    OPEN_REGISTRATION={{ .Values.pixelfed.open_registration | quote }}
+    ENFORCE_EMAIL_VERIFICATION={{ .Values.pixelfed.enforce_email_verification | quote }}
+    ACCOUNT_DELETION={{ .Values.pixelfed.account_deletion | quote }}
+    OAUTH_ENABLED={{ .Values.pixelfed.oauth_enabled | quote }}
+
+    MIN_PASSWORD_LENGTH={{ .Values.pixelfed.min_password_length | quote }}
+    MAX_ACCOUNT_SIZE={{ .Values.pixelfed.max_account_size | quote }}
+    MAX_PHOTO_SIZE={{ .Values.pixelfed.max_photo_size | quote }}
+    MAX_AVATAR_SIZE={{ .Values.pixelfed.max_avatar_size | quote }}
+    MAX_CAPTION_LENGTH={{ .Values.pixelfed.max_caption_length | quote }}
+    MAX_BIO_LENGTH={{ .Values.pixelfed.max_bio_length | quote }}
+    MAX_NAME_LENGTH={{ .Values.pixelfed.max_name_length | quote }}
+    MAX_ALBUM_LENGTH={{ .Values.pixelfed.max_album_length | quote }}
+    FORCE_HTTPS_URLS={{ .Values.pixelfed.force_https_urls | quote }}
+
+    # misc
+    STORIES_ENABLED={{ .Values.pixelfed.stories_enabled | quote }}
+    ENABLE_CONFIG_CACHE={{ .Values.pixelfed.enable_config_cache | quote }}
+    IMAGE_QUALITY={{ .Values.pixelfed.image_quality | quote }}
+
+    # instance wide configuration
+    INSTANCE_DESCRIPTION={{ .Values.pixelfed.instance.description }}
+    INSTANCE_CONTACT_FORM={{ .Values.pixelfed.instance.contact_form | quote }}
+    INSTANCE_DISCOVER_PUBLIC={{ .Values.pixelfed.instance.discover_public | quote }}
+    INSTANCE_PUBLIC_HASHTAGS={{ .Values.pixelfed.instance.public_hashtags | quote }}
+    {{- with .Values.pixelfed.instance.contact_email }}
+    INSTANCE_CONTACT_EMAIL={{ .Values.pixelfed.instance.contact_email }}
+    {{- end }}
+    INSTANCE_PROFILE_EMBEDS={{ .Values.pixelfed.instance.profile_embeds | quote }}
+    INSTANCE_POST_EMBEDS={{ .Values.pixelfed.instance.post_embeds | quote }}
+    INSTANCE_REPORTS_EMAIL_ENABLED={{ .Values.pixelfed.instance.reports.email_enabled | quote }}
+    {{- with .Values.pixelfed.instance.reports.email_addresses }}
+    INSTANCE_REPORTS_EMAIL_ADDRESSES={{ join "," . }}
+    {{- end }}
+    INSTANCE_REPORTS_EMAIL_AUTOSPAM={{ .Values.pixelfed.instance.reports.email_autospam | quote }}
+    INSTANCE_LANDING_SHOW_DIRECTORY={{ .Values.pixelfed.instance.landing.show_directory | quote }}
+    INSTANCE_LANDING_SHOW_EXPLORE={{ .Values.pixelfed.instance.landing.show_explore | quote }}
+    INSTANCE_CUR_REG={{ .Values.pixelfed.instance.cur_reg | quote }}
+    INSTANCE_SHOW_PEERS={{ .Values.pixelfed.instance.show_peers | quote }}
+
+    # pixelfed config
+    PF_HIDE_NSFW_ON_PUBLIC_FEEDS={{ .Values.pixelfed.pf.hide_nsfw_on_public_feeds | quote }}
+    PF_LOCAL_AVATAR_TO_CLOUD={{ .Values.pixelfed.pf.local_avatar_to_cloud | quote }}
+    PF_ADMIN_INVITES_ENABLED={{ .Values.pixelfed.pf.admin_invites_enabled | quote }}
+    PF_MAX_USER_BLOCKS={{ .Values.pixelfed.pf.max_user_blocks | quote }}
+    PF_MAX_USER_MUTES={{ .Values.pixelfed.pf.max_user_mutes | quote }}
+    PF_MAX_DOMAIN_BLOCKS={{ .Values.pixelfed.pf.max_domain_blocks | quote }}
+    PF_ENABLE_CLOUD={{ .Values.pixelfed.pf.enable_cloud | quote }}
+    PF_MAX_USERS={{ .Values.pixelfed.pf.max_users | quote }}
+    PF_ENFORCE_MAX_USERS={{ .Values.pixelfed.pf.enforce_max_users | quote }}
+    PF_OPTIMIZE_IMAGES={{ .Values.pixelfed.pf.optimize_images | quote }}
+    PF_OPTIMIZE_VIDEOS={{ .Values.pixelfed.pf.optimize_videos | quote }}
+    PF_MAX_COLLECTION_LENGTH={{ .Values.pixelfed.pf.max_collection_length | quote }}
+
+    # Laravel Configuration
+    SESSION_DRIVER="redis"
+    CACHE_DRIVER="redis"
+    QUEUE_DRIVER="redis"
+    BROADCAST_DRIVER="log"
+    LOG_CHANNEL="stack"
+    HORIZON_PREFIX="horizon-"
+
+    # activity pub
+    ACTIVITY_PUB="true"
+    AP_REMOTE_FOLLOW="true"
+    AP_SHAREDINBOX="true"
+    AP_INBOX="true"
+    AP_OUTBOX="true"
+
+    # redis
+    {{- with .Values.externalValkey.host }}
+    REDIS_HOST={{ . }}
+    {{- end }}
+    {{- with .Values.externalValkey.port }}
+    REDIS_PORT={{ . }}
+    {{- end }}
+    {{- with .Values.externalValkey.password }}
+    REDIS_PASSWORD={{ . }}
+    {{- end }}
+
+    # mail
+    MAIL_DRIVER="smtp"
+    MAIL_HOST="smtp.mailgun.org"
+    MAIL_PORT="587"
+    MAIL_FROM_ADDRESS="__CHANGE_ME__"
+    MAIL_FROM_NAME="${APP_NAME}"
+    MAIL_USERNAME=""
+    MAIL_PASSWORD=""
+    MAIL_ENCRYPTION="tls"
+
+    # db
+    DB_CONNECTION="pgsql"
+    DB_HOST="db"
+    DB_USERNAME="pixelfed"
+    DB_PASSWORD=
+    DB_DATABASE="pixelfed_prod"
+    DB_PORT="3306"
+    DB_APPLY_NEW_MIGRATIONS_AUTOMATICALLY="false"

charts/pixelfed/templates/deployment.yaml

@@ -41,6 +41,7 @@ spec:
               containerPort: {{ .Values.service.port }}
               protocol: TCP
           env:
+            # app data
             - name: APP_NAME
               value: {{ .Values.pixelfed.app.name }}
             - name: APP_ENV
@@ -53,6 +54,8 @@ spec:
             - name: APP_DOMAIN
               value: {{ . }}
             {{- end }}
+
+            # registration related
             - name: OPEN_REGISTRATION
               value: {{ .Values.pixelfed.open_registration | quote }}
             - name: ENFORCE_EMAIL_VERIFICATION
@@ -63,6 +66,8 @@ spec:
               value: {{ .Values.pixelfed.account_deletion | quote }}
             - name: OAUTH_ENABLED
               value: {{ .Values.pixelfed.oauth_enabled | quote }}
+
+            # limits
             - name: MIN_PASSWORD_LENGTH
               value: {{ .Values.pixelfed.min_password_length | quote }}
             - name: MAX_ACCOUNT_SIZE
@@ -85,6 +90,8 @@ spec:
               value: {{ .Values.pixelfed.stories_enabled | quote }}
             - name: ENABLE_CONFIG_CACHE
               value: {{ .Values.pixelfed.enable_config_cache | quote }}
+
+            # instance config
             - name: INSTANCE_DESCRIPTION
               value: {{ .Values.pixelfed.instance.description }}
             - name: INSTANCE_CONTACT_FORM
@@ -117,6 +124,8 @@ spec:
               value: {{ .Values.pixelfed.instance.cur_reg | quote }}
             - name: INSTANCE_SHOW_PEERS
               value: {{ .Values.pixelfed.instance.show_peers | quote }}
+
+            # public feed
             - name: PF_HIDE_NSFW_ON_PUBLIC_FEEDS
               value: {{ .Values.pixelfed.pf.hide_nsfw_on_public_feeds | quote }}
             - name: PF_LOCAL_AVATAR_TO_CLOUD
@@ -141,6 +150,81 @@ spec:
               value: {{ .Values.pixelfed.pf.optimize_videos | quote }}
             - name: PF_MAX_COLLECTION_LENGTH
               value: {{ .Values.pixelfed.pf.max_collection_length | quote }}
+
+            # Laravel Configuration
+            - name: SESSION_DRIVER
+              value: "database"
+            - name: CACHE_DRIVER
+              value: "redis"
+            - name: QUEUE_DRIVER
+              value: "redis"
+            - name: BROADCAST_DRIVER
+              value: "log"
+            - name: LOG_CHANNEL
+              value: "stack"
+            - name: HORIZON_PREFIX
+              value: "horizon-"
+
+            # activity pub
+            - name: ACTIVITY_PUB
+              value: "true"
+            - name: AP_REMOTE_FOLLOW
+              value: "true"
+            - name: AP_SHAREDINBOX
+              value: "true"
+            - name: AP_INBOX
+              value: "true"
+            - name: AP_OUTBOX
+              value: "true"
+
+            # redis
+            {{- with .Values.externalValkey.host }}
+            - name: REDIS_HOST
+              value: {{ . }}
+            {{- end }}
+            {{- with .Values.externalValkey.port }}
+            - name: REDIS_PORT
+              value: {{ . }}
+            {{- end }}
+            {{- with .Values.externalValkey.password }}
+            - name: REDIS_PASSWORD
+              value: {{ . }}
+            {{- end }}
+
+            # mail
+            - name: MAIL_DRIVER
+              value: "smtp"
+            - name: MAIL_HOST
+              value: "smtp.mailgun.org"
+            - name: MAIL_PORT
+              value: "587"
+            - name: MAIL_FROM_ADDRESS
+              value: "__CHANGE_ME__"
+            - name: MAIL_FROM_NAME
+              value: "${APP_NAME}"
+            - name: MAIL_USERNAME
+              value: ""
+            - name: MAIL_PASSWORD
+              value: ""
+            - name: MAIL_ENCRYPTION
+              value: "tls"
+
+            # db
+            - name: DB_CONNECTION
+              value: "pgsql"
+            - name: DB_HOST
+              value: "db"
+            - name: DB_USERNAME
+              value: "pixelfed"
+            - name: DB_PASSWORD
+              value: ""
+            - name: DB_DATABASE
+              value: "pixelfed_prod"
+            - name: DB_PORT
+              value: "3306"
+            - name: DB_APPLY_NEW_MIGRATIONS_AUTOMATICALLY
+              value: "false"
+
           livenessProbe:
             {{- toYaml .Values.livenessProbe | nindent 12 }}
           readinessProbe:

charts/pixelfed/values.yaml

@@ -62,8 +62,6 @@ ingress:
   enabled: false
   className: ""
   annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
   hosts:
     - host: chart-example.local
       paths:
@@ -124,7 +122,121 @@ tolerations: []
 
 affinity: {}
 
+externalDatabase:
+  # -- options: sqlite mysql pgsql sqlsrv
+  connection: psql
+  host: ""
+  port: 3306
+  database: pixelfed
+  username: ""
+  password: ""
+  # options: disable, require, allow, prefer, verify-full
+  # ssl_mode: ""
+  # path to ssl root cert
+  # ssl_root_cert:
+  # path to ssl cert
+  # ssl_cert: ""
+  # path to ssl key
+  # ssl_key: ""
+  # -- get database credentials from an existing Kubernetes Secret
+  existingSecret: ""
+  existingSecretKeys:
+    # --  key in existing Kubernetes Secret for host. If set, ignores externalDatabase.host
+    host: ""
+    # --  key in existing Kubernetes Secret for port. If set, ignores externalDatabase.port
+    port: ""
+    # --  key in existing Kubernetes Secret for database. If set, ignores externalDatabase.database
+    database: pixelfed
+    # --  key in existing Kubernetes Secret for username. If set, ignores externalDatabase.username
+    username: ""
+    # --  key in existing Kubernetes Secret for password. If set, ignores externalDatabase.password
+    password: ""
+
+# External Redis Configuration. Use this if you set valkey.enabled: false
+externalValkey:
+  client: "phpredis"
+  scheme: "tcp"
+  host: "valkey"
+  password: "null"
+  port: "6379"
+  # -- get valkey credentials from an existing Kubernetes Secret
+  existingSecret: ""
+  existingSecretKeys:
+    # --  key in existing Kubernetes Secret for host. If set, ignores externalValkey.host
+    host: ""
+    # --  key in existing Kubernetes Secret for password. If set, ignores externalValkey.password
+    password: ""
+
+# valkey is a fork of redis with a better license
+valkey:
+  # -- enable the bundled valkey sub chart from Bitnami.
+  # Must set to true if externalValkey.enabled=false
+  enabled: false
+  fullnameOverride: ""
+  global:
+    storageClass: ""
+
+  # for auth, we get the valkey credentials from an ExternalSecret
+  auth:
+    enabled: true
+    existingSecret: ""
+    existingSecretPasswordKey: "password"
+    # TLS settings
+    tls:
+      enabled: false
+      authClients: true
+      autoGenerated: false
+
+    # primary (control plane) configuration
+    primary:
+      persistence:
+        enabled: true
+        existingClaim: ""
+
+    # valkey replica configuration
+    replica:
+      persistence:
+        enabled: true
+        existingClaim: ""
+
+    # persistnent volume retention policy for the StatefulSet
+    persistentVolumeClaimRetentionPolicy:
+      enabled: true
+      whenScaled: Retain
+      whenDeleted: Retain
+
+    metrics:
+      # we use a grafana exporter that logs into valkey directly
+      enabled: false
+
+    # definitions: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+    # Options: nano, micro, small, medium, large, xlarge, 2xlarge
+    # default: nano
+    resourcesPreset: "small"
+
+
+postgresql:
+  # -- enable the bundled postgresql sub chart from Bitnami.
+  # Must set to true if externalDatabase.enabled=false
+  enabled: false
+  fullnameOverride: ""
+
 pixelfed:
+  # -- timezone for docker container
+  timezone: "europe/amsterdam"
+
+  # -- Experimental Configuration
+  exp_emc: true
+
+  # -- domain of admin interface
+  admin_domain: ""
+
+  # -- domain of session?
+  session_domain: ""
+
+  # -- trusted proxies
+  trusted_proxies: "*"
+
   # app specific settings
   app:
     # -- The name of your server/instance
@@ -247,3 +359,75 @@ pixelfed:
     optimize_videos: true
     # -- Max collection post limit
     max_collection_length: 100
+
+  # ActivityPub Configuration
+  activity_pub:
+    enabled: false
+    remote_follow: false
+    inbox: false
+    outbox: false
+    sharedinbox: false
+
+  ###########################################################
+  # Federation
+  ###########################################################
+  # -- https://docs.pixelfed.org/technical-documentation/config/#atom_feeds
+  atom_feeds: "true"
+
+  # -- https://docs.pixelfed.org/technical-documentation/config/#nodeinfo
+  nodeinfo: "true"
+
+  # -- https://docs.pixelfed.org/technical-documentation/config/#webfinger
+  webfinger: "true"
+
+  # Mail Configuration (Post-Installer)
+  mail:
+    # -- options: "smtp" (default), "sendmail", "mailgun", "mandrill", "ses"
+    # "sparkpost", "log", "array"
+    driver: smtp
+    host: smtp.mailtrap.io
+    port: 2525
+    username: ""
+    password: ""
+    encryption: "tls"
+    from_address: "pixelfed@example.com"
+    from_name: "Pixelfed"
+    # -- name of an existing Kubernetes Secret for mail credentials
+    existingSecret: ""
+    existingSecretKeys:
+      # --  key in existing Kubernetes Secret for host. If set, ignores mail.host
+      host: ""
+      # --  key in existing Kubernetes Secret for port. If set, ignores mail.port
+      port: ""
+      # --  key in existing Kubernetes Secret for username. If set, ignores mail.username
+      username: ""
+      # --  key in existing Kubernetes Secret for password. If set, ignores mail.password
+      password: ""
+
+  # Mail Configuration (Post-Installer)
+  s3:
+    # -- s3 url including protocol such as https://s3.domain.com
+    url: ""
+    # -- s3 endpoint excluding protocol such as s3.domain.com
+    endpoint: ""
+    # -- s3 bucket
+    bucket: ""
+    # -- s3 region
+    region: ""
+    # -- s3 access_key_id. ignored if s3.existingSecretKeys.access_key_id is set
+    access_key_id: ""
+    # -- s3 secret_access_key. ignored if s3.existingSecretKeys.secret_access_key is set
+    secret_access_key: ""
+    # --  use S3 path type instead of using a DNS subdomain
+    use_path_style_endpoint: false
+    # -- name of an existing Kubernetes Secret for s3 credentials
+    existingSecret: ""
+    existingSecretKeys:
+      # --  key in existing Kubernetes Secret for url. If set, ignores s3.url
+      url: ""
+      # --  key in existing Kubernetes Secret for endpoint. If set, ignores s3.endpoint
+      endpoint: ""
+      # --  key in existing Kubernetes Secret for access_key_id. If set, ignores s3.access_key_id
+      access_key_id: ""
+      # --  key in existing Kubernetes Secret for secret_access_key. If set, ignores s3.secret_access_key
+      secret_access_key: ""