jessebot
569 lines
18 KiB
YAML
569 lines
18 KiB
YAML
# Default values for pixelfed.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
# -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
|
|
replicaCount: 1
|
|
|
|
# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
|
|
image:
|
|
registry: ghcr.io
|
|
# -- you can see the source [ghcr.io/mattlqx/docker-pixelfed](https://ghcr.io/mattlqx/docker-pixelfed)
|
|
repository: mattlqx/docker-pixelfed
|
|
# -- This sets the pull policy for images.
|
|
pullPolicy: IfNotPresent
|
|
# -- Overrides the image tag whose default is the chart appVersion.
|
|
# you may want to set this to dev-nginx if you experice issue with the default tag
|
|
tag: ""
|
|
|
|
# -- This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
imagePullSecrets: []
|
|
|
|
# -- This is to override the chart name.
|
|
nameOverride: ""
|
|
|
|
# -- This is to override the chart name, but used in more places
|
|
fullnameOverride: ""
|
|
|
|
# -- how many revisions of the deployment to keep for rollbacks
|
|
revisionHistoryLimit: 10
|
|
|
|
# -- template out extra environment variables from ConfigMaps or Secrets
|
|
extraEnv: []
|
|
|
|
# -- template out extra enviornment variables
|
|
extraEnvFrom: []
|
|
|
|
# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
|
|
serviceAccount:
|
|
# -- Specifies whether a service account should be created
|
|
create: true
|
|
# -- Automatically mount a ServiceAccount's API credentials?
|
|
automount: true
|
|
# -- Annotations to add to the service account
|
|
annotations: {}
|
|
# -- The name of the service account to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name: ""
|
|
|
|
# -- This is for setting Kubernetes Annotations to a Pod.
|
|
# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
podAnnotations: {}
|
|
|
|
# -- This is for setting Kubernetes Labels to a Pod.
|
|
# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
podLabels: {}
|
|
|
|
# -- securityContext for the whole pod
|
|
podSecurityContext: {}
|
|
# runAsUser: 33
|
|
# runAsGroup: 33
|
|
# fsGroup: 33
|
|
|
|
# -- securityContext for the pixelfed container
|
|
securityContext: {}
|
|
# runAsUser: 33
|
|
# runAsNonRoot: true
|
|
# readOnlyRootFilesystem: true
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
|
|
# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
service:
|
|
# -- This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
|
|
type: ClusterIP
|
|
# -- This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
|
|
port: 80
|
|
# -- Port to attach to on the pods. Also sets what port nginx listens on inside the container.
|
|
targetPort: 80
|
|
|
|
# This block is for setting up the ingress for more information can be found here:
|
|
# https://kubernetes.io/docs/concepts/services-networking/ingress/
|
|
ingress:
|
|
# -- enable deploy an Ingress resource - network traffic from outside the cluster
|
|
enabled: false
|
|
# -- ingress class name, e.g. nginx
|
|
className: ""
|
|
# annotations to apply to the Ingress resource
|
|
annotations: {}
|
|
hosts:
|
|
- host: chart-example.local
|
|
paths:
|
|
- path: /
|
|
pathType: ImplementationSpecific
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# hosts:
|
|
# - chart-example.local
|
|
|
|
# -- set resource limits and requests for cpu, memory, and ephemeral storage
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
# -- This is to setup the liveness probe
|
|
# more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
|
|
livenessProbe: {}
|
|
# httpGet:
|
|
# path: /api/service/health-check
|
|
# port: http
|
|
|
|
# -- This is to setup the readiness probe
|
|
# more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
|
|
readinessProbe: {}
|
|
# httpGet:
|
|
# path: /api/service/health-check
|
|
# port: http
|
|
|
|
autoscaling:
|
|
# -- enable autoscaling. more information can be found [here](https://kubernetes.io/docs/concepts/workloads/autoscaling/)
|
|
enabled: false
|
|
# -- minimum replicas to always keep up
|
|
minReplicas: 1
|
|
# -- max replicas to scale up to
|
|
maxReplicas: 100
|
|
# -- CPU limit a pod needs to hit to start autoscaling new pods
|
|
targetCPUUtilizationPercentage: 80
|
|
# targetMemoryUtilizationPercentage: 80
|
|
|
|
# -- Additional volumes on the output Deployment definition
|
|
extraVolumes: []
|
|
# - name: foo
|
|
# secret:
|
|
# secretName: mysecret
|
|
# optional: false
|
|
|
|
# -- Additional volumeMounts on the output Deployment definition
|
|
extraVolumeMounts: []
|
|
# - name: foo
|
|
# mountPath: "/etc/foo"
|
|
# readOnly: true
|
|
|
|
# -- set extra init containers
|
|
extraInitContainers: []
|
|
|
|
# -- set sidecar containers to run along side the pixelfed container
|
|
extraContainers: []
|
|
|
|
# -- put the pixelfed pod on a specific node/nodegroup
|
|
nodeSelector: {}
|
|
|
|
# -- set tolerations of node taints
|
|
tolerations: []
|
|
|
|
# -- set affinity to specific nodes or nodegroups
|
|
affinity: {}
|
|
|
|
externalDatabase:
|
|
# -- enable using an external mysql or postgresql cluster
|
|
enabled: false
|
|
host: ""
|
|
port: 3306
|
|
database: pixelfed
|
|
username: ""
|
|
password: ""
|
|
# options: disable, require, allow, prefer, verify-full
|
|
# ssl_mode: ""
|
|
# path to ssl root cert
|
|
# ssl_root_cert:
|
|
# path to ssl cert
|
|
# ssl_cert: ""
|
|
# path to ssl key
|
|
# ssl_key: ""
|
|
# -- get database credentials from an existing Kubernetes Secret
|
|
existingSecret: ""
|
|
existingSecretKeys:
|
|
# -- key in existing Kubernetes Secret for host. If set, ignores externalDatabase.host
|
|
host: ""
|
|
# -- key in existing Kubernetes Secret for port. If set, ignores externalDatabase.port
|
|
port: ""
|
|
# -- key in existing Kubernetes Secret for database. If set, ignores externalDatabase.database
|
|
database: pixelfed
|
|
# -- key in existing Kubernetes Secret for username. If set, ignores externalDatabase.username
|
|
username: ""
|
|
# -- key in existing Kubernetes Secret for password. If set, ignores externalDatabase.password
|
|
password: ""
|
|
|
|
# External Redis Configuration. Use this if you set valkey.enabled: false
|
|
externalValkey:
|
|
# -- enable using an external valkey or redis cluster
|
|
enabled: false
|
|
client: "phpredis"
|
|
scheme: "tcp"
|
|
host: "valkey"
|
|
password: "null"
|
|
port: "6379"
|
|
# -- get valkey credentials from an existing Kubernetes Secret
|
|
existingSecret: ""
|
|
existingSecretKeys:
|
|
# -- key in existing Kubernetes Secret for host. If set, ignores externalValkey.host
|
|
host: ""
|
|
# -- key in existing Kubernetes Secret for port. If set, ignores externalValkey.port
|
|
port: ""
|
|
# -- key in existing Kubernetes Secret for password. If set, ignores externalValkey.password
|
|
password: ""
|
|
|
|
# valkey is a fork of redis with a better license
|
|
valkey:
|
|
# -- enable the bundled [valkey sub chart from Bitnami](https://github.com/bitnami/charts/blob/main/bitnami/valkey/README.md#parameters).
|
|
# Must set to true if externalValkey.enabled=false
|
|
enabled: true
|
|
fullnameOverride: "valkey"
|
|
global:
|
|
storageClass: ""
|
|
|
|
# for auth, we get the valkey credentials from an ExternalSecret
|
|
auth:
|
|
enabled: true
|
|
existingSecret: ""
|
|
existingSecretPasswordKey: "password"
|
|
|
|
# TLS settings
|
|
tls:
|
|
enabled: false
|
|
authClients: true
|
|
autoGenerated: false
|
|
|
|
# primary (control plane) configuration
|
|
primary:
|
|
# -- Laravel requires the ability to call FLUSHDB, which is disabled by default
|
|
disableCommands:
|
|
- FLUSHALL
|
|
persistence:
|
|
# -- enable to persistent primary data accross restarts
|
|
enabled: false
|
|
existingClaim: ""
|
|
|
|
# valkey replica configuration
|
|
replica:
|
|
persistence:
|
|
# -- enable to persistent replica data accross restarts
|
|
enabled: false
|
|
existingClaim: ""
|
|
|
|
# persistnent volume retention policy for the StatefulSet
|
|
persistentVolumeClaimRetentionPolicy:
|
|
enabled: true
|
|
whenScaled: Retain
|
|
whenDeleted: Retain
|
|
|
|
metrics:
|
|
# -- we use a grafana exporter that logs into valkey directly, but you can enable this if you don't use that
|
|
enabled: false
|
|
|
|
# -- definitions: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
|
# Options: nano, micro, small, medium, large, xlarge, 2xlarge
|
|
# default: nano
|
|
resourcesPreset: "small"
|
|
|
|
|
|
postgresql:
|
|
# -- enable the bundled [postgresql sub chart from Bitnami](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/README.md#parameters).
|
|
# Must set to true if externalDatabase.enabled=false
|
|
enabled: true
|
|
fullnameOverride: "postgresql"
|
|
global:
|
|
storageClass: ""
|
|
|
|
|
|
# -- PHP Configuration files
|
|
# Will be injected in /usr/local/etc/php-fpm.d
|
|
phpConfigs: {}
|
|
# www.conf: |-
|
|
# [www]
|
|
# user = www-data
|
|
# group = www-data
|
|
# security.limit_extensions = .php .css .js .html
|
|
# pm = dynamic
|
|
# pm.max_children = 350
|
|
# pm.start_servers = 100
|
|
# pm.min_spare_servers = 100
|
|
# pm.max_spare_servers = 280
|
|
|
|
pixelfed:
|
|
db:
|
|
# -- options: sqlite mysql pgsql sqlsrv
|
|
connection: pgsql
|
|
# -- Automatically run [artisan migrate --force] if new migrations are detected.
|
|
apply_new_migrations_automatically: false
|
|
|
|
filesystem:
|
|
# -- Many applications store files both locally and in the cloud.
|
|
# For this reason, you may specify a default “cloud” driver here.
|
|
# This driver will be bound as the Cloud disk implementation in the container.
|
|
cloud: "s3"
|
|
driver: "local"
|
|
|
|
# -- delete local files after saving to the cloud
|
|
media_delete_local_after_cloud: true
|
|
|
|
# -- timezone for docker container
|
|
timezone: "europe/amsterdam"
|
|
|
|
# -- Experimental Configuration
|
|
exp_emc: true
|
|
|
|
# -- domain of admin interface
|
|
admin_domain: ""
|
|
|
|
# -- domain of session?
|
|
session_domain: ""
|
|
|
|
# -- trusted proxies
|
|
trusted_proxies: "*"
|
|
|
|
# horizon - for interfacing with redis
|
|
horizon:
|
|
# -- prefix will be used when storing all Horizon data in Redis
|
|
prefix: "horizon-"
|
|
# -- darkmode for the web interface in the admin panel
|
|
dark_mode: false
|
|
|
|
# app specific settings
|
|
app:
|
|
# -- This key is used by the Illuminate encrypter service and should
|
|
# be set to a random, 32 character string, otherwise these encrypted strings
|
|
# will not be safe. If you don't generate one, we'll generate one for you
|
|
# however it will change everytime you upgrade the helm chart, so it should
|
|
# only be used for testing. In production, please set this, or pixelfed.app.existingSecret
|
|
key: ""
|
|
# -- use an existing Kuberentes Secret to store the app key
|
|
# If set, ignores pixelfed.app.key
|
|
existingSecret: ""
|
|
# -- key in pixelfed.app.existingSecret to use for the app key
|
|
existingSecretKey: ""
|
|
# -- The name of your server/instance
|
|
name: "Pixelfed"
|
|
# -- The app environment, keep it set to "production"
|
|
env: "production"
|
|
# -- change this to the domain of your pixelfed instance
|
|
url: "https://localhost"
|
|
# -- change this to the language code of your pixelfed instance
|
|
locale: "en"
|
|
# -- The domain of your server, without https://
|
|
domain: ""
|
|
|
|
# Laravel log settings
|
|
laravel:
|
|
# -- Laravel log channel. Pixelfed's default, 'stack', sends logs to the default Laravel logfile. 'stderr' allows Kubernetes to capture these logs
|
|
log_channel: stack
|
|
# -- logging level
|
|
log_level: "debug"
|
|
|
|
# -- Enable open registration for new accounts
|
|
open_registration: true
|
|
|
|
# -- Enforce email verification
|
|
enforce_email_verification: true
|
|
|
|
# -- The min password length
|
|
min_password_length: 16
|
|
|
|
# -- Enable account deletion (may be a requirement in some jurisdictions)
|
|
account_deletion: true
|
|
|
|
# -- Enable oAuth support, required for mobile/3rd party apps
|
|
oauth_enabled: true
|
|
|
|
# -- Enable the Stories feature
|
|
stories_enabled: false
|
|
|
|
# -- Enable custom emojis
|
|
custom_emoji: false
|
|
|
|
# -- max size for custom emojis, in... bytes?
|
|
custom_emoji_max_size: 2000000
|
|
|
|
# -- types of media to allow
|
|
media_types: "image/jpeg,image/png,image/gif"
|
|
|
|
# -- Enable the config cache to allow you to manage settings via the admin dashboard
|
|
enable_config_cache: true
|
|
|
|
# -- Set the image optimization quality, between 1-100. Lower uses less space, higher more quality
|
|
image_quality: 80
|
|
|
|
# -- The max allowed account size in KB
|
|
max_account_size: 1000000
|
|
|
|
# -- The max photo/video size in KB
|
|
max_photo_size: 15000
|
|
|
|
# -- The max user avatar size in KB
|
|
max_avatar_size: 2000
|
|
|
|
# -- The max post caption length
|
|
max_caption_length: 1000
|
|
|
|
# -- The max user bio length
|
|
max_bio_length: 256
|
|
|
|
# -- The max user display name length
|
|
max_name_length: 32
|
|
|
|
# -- The max number of media per post album
|
|
max_album_length: 6
|
|
|
|
# -- Force https url generation
|
|
force_https_urls: true
|
|
|
|
# -- exp loops (as in loops video? 🤷
|
|
exp_loops: false
|
|
|
|
# -- library to process images. options: "gd" (default), "imagick"
|
|
image_driver: "gd"
|
|
|
|
# your whole instance, or server, settings
|
|
instance:
|
|
# -- your server description
|
|
description: "Pixelfed - Photo sharing for everyone"
|
|
# -- Enable public access to the Discover feature
|
|
discover_public: false
|
|
# -- Allow anonymous access to hashtag feeds
|
|
public_hashtags: false
|
|
# -- enable the instance contact form
|
|
contact_form: false
|
|
# -- The public contact email for your server
|
|
contact_email: ""
|
|
# -- instance contact max per day
|
|
contact_max_per_day: ""
|
|
# -- Enable the profile embed feature
|
|
profile_embeds: true
|
|
# -- Enable the post embed feature
|
|
post_embeds: true
|
|
# -- Enable Curated Registration
|
|
cur_reg: false
|
|
# -- Enable the api/v1/peers API endpoint
|
|
show_peers: false
|
|
|
|
reports:
|
|
# -- Send a report email to the admin account for new autospam/reports
|
|
email_enabled: false
|
|
# -- A list of email addresses to deliver admin reports to
|
|
email_addresses: []
|
|
# -- Enable autospam reports (require INSTANCE_REPORTS_EMAIL_ENABLED)
|
|
email_autospam: false
|
|
|
|
landing:
|
|
# -- Enable the profile directory on the landing page
|
|
show_directory: true
|
|
# -- Enable the popular post explore on the landing page
|
|
show_explore: true
|
|
|
|
# public feed settings
|
|
pf:
|
|
# -- Hide sensitive posts from public/network feeds
|
|
hide_nsfw_on_public_feeds: false
|
|
# -- Store local avatars on S3 (Requires S3)
|
|
local_avatar_to_cloud: false
|
|
# -- Enable the Admin Invites feature
|
|
admin_invites_enabled: true
|
|
# -- The max number of user blocks per account
|
|
max_user_blocks: 50
|
|
# -- The max number of user mutes per account
|
|
max_user_mutes: 50
|
|
# -- The max number of domain blocks per account
|
|
max_domain_blocks: 50
|
|
# -- Enable S3/Object Storage
|
|
enable_cloud: false
|
|
# -- Limit max user registrations
|
|
max_users: 1000
|
|
# -- in KB
|
|
enforce_max_users: 2000
|
|
# -- Enable image optimization
|
|
optimize_images: true
|
|
# -- Enable video optimization
|
|
optimize_videos: true
|
|
# -- Max collection post limit
|
|
max_collection_length: 100
|
|
|
|
# ActivityPub Configuration
|
|
activity_pub:
|
|
# -- enable ActivityPub
|
|
enabled: false
|
|
remote_follow: false
|
|
inbox: false
|
|
outbox: false
|
|
sharedinbox: false
|
|
# activity pub logger?
|
|
logger_enabled: false
|
|
|
|
###########################################################
|
|
# Federation
|
|
###########################################################
|
|
# -- https://docs.pixelfed.org/technical-documentation/config/#atom_feeds
|
|
atom_feeds: "true"
|
|
|
|
# -- https://docs.pixelfed.org/technical-documentation/config/#nodeinfo
|
|
nodeinfo: "true"
|
|
|
|
# -- https://docs.pixelfed.org/technical-documentation/config/#webfinger
|
|
webfinger: "true"
|
|
|
|
# Mail Configuration (Post-Installer)
|
|
mail:
|
|
# -- options: "smtp" (default), "sendmail", "mailgun", "mandrill", "ses"
|
|
# "sparkpost", "log", "array"
|
|
driver: smtp
|
|
# -- mail server hostname
|
|
host: smtp.mailtrap.io
|
|
# -- mail server port
|
|
port: 2525
|
|
# -- mail server username
|
|
username: ""
|
|
# -- mail server password
|
|
password: ""
|
|
# -- mail server encryption type
|
|
encryption: "tls"
|
|
# -- address to use for sending emails
|
|
from_address: "pixelfed@example.com"
|
|
# -- name to use for sending emails
|
|
from_name: "Pixelfed"
|
|
|
|
# -- name of an existing Kubernetes Secret for mail credentials
|
|
existingSecret: ""
|
|
# keys in existing secret
|
|
existingSecretKeys:
|
|
# -- key in existing Kubernetes Secret for host. If set, ignores mail.host
|
|
host: ""
|
|
# -- key in existing Kubernetes Secret for port. If set, ignores mail.port
|
|
port: ""
|
|
# -- key in existing Kubernetes Secret for username. If set, ignores mail.username
|
|
username: ""
|
|
# -- key in existing Kubernetes Secret for password. If set, ignores mail.password
|
|
password: ""
|
|
|
|
# Mail Configuration (Post-Installer)
|
|
s3:
|
|
# -- s3 url including protocol such as https://s3.domain.com
|
|
url: ""
|
|
# -- s3 endpoint excluding protocol such as s3.domain.com
|
|
endpoint: ""
|
|
# -- s3 bucket
|
|
bucket: ""
|
|
# -- s3 region
|
|
region: ""
|
|
# -- s3 access_key_id. ignored if s3.existingSecretKeys.access_key_id is set
|
|
access_key_id: ""
|
|
# -- s3 secret_access_key. ignored if s3.existingSecretKeys.secret_access_key is set
|
|
secret_access_key: ""
|
|
# -- use S3 path type instead of using a DNS subdomain
|
|
use_path_style_endpoint: false
|
|
|
|
# -- name of an existing Kubernetes Secret for s3 credentials
|
|
existingSecret: ""
|
|
existingSecretKeys:
|
|
# -- key in existing Kubernetes Secret for url. If set, ignores s3.url
|
|
url: ""
|
|
# -- key in existing Kubernetes Secret for endpoint. If set, ignores s3.endpoint
|
|
endpoint: ""
|
|
# -- key in existing Kubernetes Secret for access_key_id. If set, ignores s3.access_key_id
|
|
access_key_id: ""
|
|
# -- key in existing Kubernetes Secret for secret_access_key. If set, ignores s3.secret_access_key
|
|
secret_access_key: ""
|