# Default values for pixelfed. # This is a YAML-formatted file. # Declare variables to be passed into your templates. # -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ replicaCount: 1 # This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/ image: registry: ghcr.io # -- you can see the source [ghcr.io/mattlqx/docker-pixelfed](https://ghcr.io/mattlqx/docker-pixelfed) repository: mattlqx/docker-pixelfed # -- This sets the pull policy for images. pullPolicy: IfNotPresent # -- Overrides the image tag whose default is the chart appVersion. # you may want to set this to dev-nginx if you experice issue with the default tag tag: "" # -- This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] # -- This is to override the chart name. nameOverride: "" # -- This is to override the chart name, but used in more places fullnameOverride: "" # -- how many revisions of the deployment to keep for rollbacks revisionHistoryLimit: 10 # -- template out extra environment variables from ConfigMaps or Secrets extraEnv: [] # -- template out extra enviornment variables extraEnvFrom: [] # This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/ serviceAccount: # -- Specifies whether a service account should be created create: true # -- Automatically mount a ServiceAccount's API credentials? automount: true # -- Annotations to add to the service account annotations: {} # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # -- This is for setting Kubernetes Annotations to a Pod. # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ podAnnotations: {} # -- This is for setting Kubernetes Labels to a Pod. # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ podLabels: {} # -- securityContext for the whole pod podSecurityContext: {} # runAsUser: 33 # runAsGroup: 33 # fsGroup: 33 # -- securityContext for the pixelfed container securityContext: {} # runAsUser: 33 # runAsNonRoot: true # readOnlyRootFilesystem: true # capabilities: # drop: # - ALL # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ service: # -- This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: ClusterIP # -- This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports port: 80 # -- Port to attach to on the pods. Also sets what port nginx listens on inside the container. targetPort: 80 # This block is for setting up the ingress for more information can be found here: # https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: # -- enable deploy an Ingress resource - network traffic from outside the cluster enabled: false # -- ingress class name, e.g. nginx className: "" # annotations to apply to the Ingress resource annotations: {} hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local # -- set resource limits and requests for cpu, memory, and ephemeral storage resources: {} # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi # -- This is to setup the liveness probe # more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ livenessProbe: {} # httpGet: # path: /api/service/health-check # port: http # -- This is to setup the readiness probe # more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: {} # httpGet: # path: /api/service/health-check # port: http autoscaling: # -- enable autoscaling. more information can be found [here](https://kubernetes.io/docs/concepts/workloads/autoscaling/) enabled: false # -- minimum replicas to always keep up minReplicas: 1 # -- max replicas to scale up to maxReplicas: 100 # -- CPU limit a pod needs to hit to start autoscaling new pods targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 # -- Additional volumes on the output Deployment definition extraVolumes: [] # - name: foo # secret: # secretName: mysecret # optional: false # -- Additional volumeMounts on the output Deployment definition extraVolumeMounts: [] # - name: foo # mountPath: "/etc/foo" # readOnly: true # -- set extra init containers extraInitContainers: [] # -- set sidecar containers to run along side the pixelfed container extraContainers: [] # -- put the pixelfed pod on a specific node/nodegroup nodeSelector: {} # -- set tolerations of node taints tolerations: [] # -- set affinity to specific nodes or nodegroups affinity: {} externalDatabase: # -- enable using an external mysql or postgresql cluster enabled: false host: "" port: 3306 database: pixelfed username: "" password: "" # options: disable, require, allow, prefer, verify-full # ssl_mode: "" # path to ssl root cert # ssl_root_cert: # path to ssl cert # ssl_cert: "" # path to ssl key # ssl_key: "" # -- get database credentials from an existing Kubernetes Secret existingSecret: "" existingSecretKeys: # -- key in existing Kubernetes Secret for host. If set, ignores externalDatabase.host host: "" # -- key in existing Kubernetes Secret for port. If set, ignores externalDatabase.port port: "" # -- key in existing Kubernetes Secret for database. If set, ignores externalDatabase.database database: pixelfed # -- key in existing Kubernetes Secret for username. If set, ignores externalDatabase.username username: "" # -- key in existing Kubernetes Secret for password. If set, ignores externalDatabase.password password: "" # External Redis Configuration. Use this if you set valkey.enabled: false externalValkey: # -- enable using an external valkey or redis cluster enabled: false client: "phpredis" scheme: "tcp" host: "valkey" password: "null" port: "6379" # -- get valkey credentials from an existing Kubernetes Secret existingSecret: "" existingSecretKeys: # -- key in existing Kubernetes Secret for host. If set, ignores externalValkey.host host: "" # -- key in existing Kubernetes Secret for port. If set, ignores externalValkey.port port: "" # -- key in existing Kubernetes Secret for password. If set, ignores externalValkey.password password: "" # valkey is a fork of redis with a better license valkey: # -- enable the bundled [valkey sub chart from Bitnami](https://github.com/bitnami/charts/blob/main/bitnami/valkey/README.md#parameters). # Must set to true if externalValkey.enabled=false enabled: true fullnameOverride: "valkey" global: storageClass: "" # for auth, we get the valkey credentials from an ExternalSecret auth: enabled: true existingSecret: "" existingSecretPasswordKey: "password" # TLS settings tls: enabled: false authClients: true autoGenerated: false # primary (control plane) configuration primary: # -- Laravel requires the ability to call FLUSHDB, which is disabled by default disableCommands: - FLUSHALL persistence: # -- enable to persistent primary data accross restarts enabled: false existingClaim: "" # valkey replica configuration replica: persistence: # -- enable to persistent replica data accross restarts enabled: false existingClaim: "" # persistnent volume retention policy for the StatefulSet persistentVolumeClaimRetentionPolicy: enabled: true whenScaled: Retain whenDeleted: Retain metrics: # -- we use a grafana exporter that logs into valkey directly, but you can enable this if you don't use that enabled: false # -- definitions: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 # Options: nano, micro, small, medium, large, xlarge, 2xlarge # default: nano resourcesPreset: "small" postgresql: # -- enable the bundled [postgresql sub chart from Bitnami](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/README.md#parameters). # Must set to true if externalDatabase.enabled=false enabled: true fullnameOverride: "postgresql" global: storageClass: "" # -- PHP Configuration files # Will be injected in /usr/local/etc/php-fpm.d phpConfigs: {} # www.conf: |- # [www] # user = www-data # group = www-data # security.limit_extensions = .php .css .js .html # pm = dynamic # pm.max_children = 350 # pm.start_servers = 100 # pm.min_spare_servers = 100 # pm.max_spare_servers = 280 pixelfed: db: # -- options: sqlite mysql pgsql sqlsrv connection: pgsql # -- Automatically run [artisan migrate --force] if new migrations are detected. apply_new_migrations_automatically: false # -- timezone for docker container timezone: "europe/amsterdam" # -- Experimental Configuration exp_emc: true # -- domain of admin interface admin_domain: "" # -- domain of session? session_domain: "" # -- trusted proxies trusted_proxies: "*" # app specific settings app: # -- This key is used by the Illuminate encrypter service and should # be set to a random, 32 character string, otherwise these encrypted strings # will not be safe. If you don't generate one, we'll generate one for you # however it will change everytime you upgrade the helm chart, so it should # only be used for testing. In production, please set this, or pixelfed.app.existingSecret key: "" # -- use an existing Kuberentes Secret to store the app key # If set, ignores pixelfed.app.key existingSecret: "" # -- key in pixelfed.app.existingSecret to use for the app key existingSecretKey: "" # -- The name of your server/instance name: "Pixelfed" # -- The app environment, keep it set to "production" env: "production" # -- change this to the domain of your pixelfed instance url: "https://localhost" # -- change this to the language code of your pixelfed instance locale: "en" # -- The domain of your server, without https:// domain: "" # Laravel log settings laravel: # -- Laravel log channel. Pixelfed's default, 'stack', sends logs to the default Laravel logfile. 'stderr' allows Kubernetes to capture these logs log_channel: stack # -- Enable open registration for new accounts open_registration: true # -- Enforce email verification enforce_email_verification: true # -- The min password length min_password_length: 16 # -- Enable account deletion (may be a requirement in some jurisdictions) account_deletion: true # -- Enable oAuth support, required for mobile/3rd party apps oauth_enabled: true # -- Enable the Stories feature stories_enabled: false # -- Enable custom emojis custom_emoji: false # -- Enable the config cache to allow you to manage settings via the admin dashboard enable_config_cache: true # -- Set the image optimization quality, between 1-100. Lower uses less space, higher more quality image_quality: 80 # -- The max allowed account size in KB max_account_size: 1000000 # -- The max photo/video size in KB max_photo_size: 15000 # -- The max user avatar size in KB max_avatar_size: 2000 # -- The max post caption length max_caption_length: 1000 # -- The max user bio length max_bio_length: 256 # -- The max user display name length max_name_length: 32 # -- The max number of media per post album max_album_length: 6 # -- Force https url generation force_https_urls: true # your whole instance, or server, settings instance: # -- your server description description: "Pixelfed - Photo sharing for everyone" # -- enable the instance contact form contact_form: false # -- Enable public access to the Discover feature discover_public: false # -- Allow anonymous access to hashtag feeds public_hashtags: false # -- The public contact email for your server contact_email: "" # -- Enable the profile embed feature profile_embeds: true # -- Enable the post embed feature post_embeds: true # -- Enable Curated Registration cur_reg: false # -- Enable the api/v1/peers API endpoint show_peers: false reports: # -- Send a report email to the admin account for new autospam/reports email_enabled: false # -- A list of email addresses to deliver admin reports to email_addresses: [] # -- Enable autospam reports (require INSTANCE_REPORTS_EMAIL_ENABLED) email_autospam: false landing: # -- Enable the profile directory on the landing page show_directory: true # -- Enable the popular post explore on the landing page show_explore: true # public feed settings pf: # -- Hide sensitive posts from public/network feeds hide_nsfw_on_public_feeds: false # -- Store local avatars on S3 (Requires S3) local_avatar_to_cloud: false # -- Enable the Admin Invites feature admin_invites_enabled: true # -- The max number of user blocks per account max_user_blocks: 50 # -- The max number of user mutes per account max_user_mutes: 50 # -- The max number of domain blocks per account max_domain_blocks: 50 # -- Enable S3/Object Storage enable_cloud: false # -- Limit max user registrations max_users: 1000 # -- in KB enforce_max_users: 2000 # -- Enable image optimization optimize_images: true # -- Enable video optimization optimize_videos: true # -- Max collection post limit max_collection_length: 100 # ActivityPub Configuration activity_pub: # -- enable ActivityPub enabled: false remote_follow: false inbox: false outbox: false sharedinbox: false ########################################################### # Federation ########################################################### # -- https://docs.pixelfed.org/technical-documentation/config/#atom_feeds atom_feeds: "true" # -- https://docs.pixelfed.org/technical-documentation/config/#nodeinfo nodeinfo: "true" # -- https://docs.pixelfed.org/technical-documentation/config/#webfinger webfinger: "true" # Mail Configuration (Post-Installer) mail: # -- options: "smtp" (default), "sendmail", "mailgun", "mandrill", "ses" # "sparkpost", "log", "array" driver: smtp host: smtp.mailtrap.io # -- mail server port port: 2525 # -- mail server username username: "" # -- mail server password password: "" # -- mail server encryption type encryption: "tls" # -- address to use for sending emails from_address: "pixelfed@example.com" # -- name to use for sending emails from_name: "Pixelfed" # -- name of an existing Kubernetes Secret for mail credentials existingSecret: "" existingSecretKeys: # -- key in existing Kubernetes Secret for host. If set, ignores mail.host host: "" # -- key in existing Kubernetes Secret for port. If set, ignores mail.port port: "" # -- key in existing Kubernetes Secret for username. If set, ignores mail.username username: "" # -- key in existing Kubernetes Secret for password. If set, ignores mail.password password: "" # Mail Configuration (Post-Installer) s3: # -- s3 url including protocol such as https://s3.domain.com url: "" # -- s3 endpoint excluding protocol such as s3.domain.com endpoint: "" # -- s3 bucket bucket: "" # -- s3 region region: "" # -- s3 access_key_id. ignored if s3.existingSecretKeys.access_key_id is set access_key_id: "" # -- s3 secret_access_key. ignored if s3.existingSecretKeys.secret_access_key is set secret_access_key: "" # -- use S3 path type instead of using a DNS subdomain use_path_style_endpoint: false # -- name of an existing Kubernetes Secret for s3 credentials existingSecret: "" existingSecretKeys: # -- key in existing Kubernetes Secret for url. If set, ignores s3.url url: "" # -- key in existing Kubernetes Secret for endpoint. If set, ignores s3.endpoint endpoint: "" # -- key in existing Kubernetes Secret for access_key_id. If set, ignores s3.access_key_id access_key_id: "" # -- key in existing Kubernetes Secret for secret_access_key. If set, ignores s3.secret_access_key secret_access_key: ""