2024-01-28 11:07:59 +01:00
# Default values for gotosocial.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global :
image :
# -- if set it will overwrite all registry entries
registry :
# -- if set it will overwrite all pullPolicy
pullPolicy :
replicaCount : 1
image :
registry : docker.io
repository : superseriousbusiness/gotosocial
pullPolicy : IfNotPresent
# -- Overrides the image tag whose default is the chart appVersion.
tag : ""
imagePullSecrets : [ ]
nameOverride : ""
fullnameOverride : ""
gotosocial :
tz : "UTC"
applicationName : "gotosocial"
landingPageUser : ""
host : "localhost"
accountDomain : ""
database :
# -- Database type.
# Options: ["postgres","sqlite"]
type : "sqlite"
# -- Database address or parameters.
# For Postgres, this should be the address or socket at which the database can be reached.
address : ""
# -- Port for database connection.
port : 5432
# -- Username for the database connection.
username : ""
# -- Password to use for the database connection
password : ""
# -- Name of the database to use within the provided database type.
database : "gotosocial"
# -- Disable, enable, or require SSL/TLS connection to the database.
# If "disable" then no TLS connection will be attempted.
# If "enable" then TLS will be tried, but the database certificate won't be checked (for self-signed certs).
# If "require" then TLS will be required to make a connection, and a valid certificate must be presented.
tlsMode : "disabled"
# -- Path to a CA certificate on the host machine for db certificate validation.
# If this is left empty, just the host certificates will be used.
# If filled in, the certificate will be loaded and added to host certificates.
tlsCACert : ""
2024-08-17 17:43:27 +02:00
instance :
# -- BCP47 language tags to indicate preferred languages of users on this instance.
#
# If you provide these, you should provide these in order from most-preferred to least-preferred,
# but note that leaving out a language from this array doesn't mean it can't be used on this instance,
# it only means it won't be advertised as a preferred instance language.
#
# It is valid to provide no entries here; your instance will then have no particular preferred language.
#
# See here for commonly-used tags: https://en.wikipedia.org/wiki/IETF_language_tag#List_of_common_primary_language_subtags
# See here for all current tags: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry
#
# Example: ["nl", "en-gb", "fr"]
languages : [ ]
federation :
# -- Federation mode to use for this instance.
#
# "blocklist" -- open federation by default. Only instances that are explicitly
# blocked will be denied (unless they are also explicitly allowed).
#
# "allowlist" -- closed federation by default. Only instances that are explicitly
# allowed will be able to interact with this instance.
#
# For more details on blocklist and allowlist modes, check the documentation at:
# https://docs.gotosocial.org/en/latest/admin/federation_modes
#
# Options: ["blocklist", "allowlist"]
mode : "blocklist"
# -- Enable spam filtering heuristics for messages entering your instance
# via the federation API. Regardless of what you set here, basic checks
# for message relevancy will still be performed, but you can try enabling
# this setting if you are being spammed with unwanted messages from other
# instances, and want to more strictly filter out spam messages.
#
# THIS IS CURRENTLY AN EXPERIMENTAL SETTING, AND MAY FILTER OUT LEGITIMATE
# MESSAGES, OR FAIL TO FILTER OUT SPAMMY MESSAGES. It is recommended to
# only enable this setting when the fediverse is in the midst of a spam
# wave, and you need to batten down the hatches to keep your instance usable.
#
# The decision of whether a message counts as spam or not is made based on
# the following heuristics, in order, where receiver = the account on your
# instance that received a message in their inbox, and requester = the
# account on a remote instance that sent the message.
#
# First, basic relevancy checks
#
# 1. Receiver follows requester. Return OK.
# 2. Statusable doesn't mention receiver. Return NotRelevant.
#
# If instance-federation-spam-filter = false, then return OK now.
# Otherwise check:
#
# 3. Receiver is locked and is followed by requester. Return OK.
# 4. Five or more people are mentioned. Return Spam.
# 5. Receiver follow (requests) a mentioned account. Return OK.
# 6. Statusable has a media attachment. Return Spam.
# 7. Statusable contains non-mention, non-hashtag links. Return Spam.
#
# Messages identified as spam will be dropped from your instance, and not
# inserted into the database, or into home timelines or notifications.
spamFilter : false
expose :
# -- Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=open in order
# to see a list of instances that this instance 'peers' with. Even if set to 'false', then authenticated
# users (members of the instance) will still be able to query the endpoint.
peers : false
# -- Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=suspended in order
# to see a list of instances that this instance blocks/suspends. Even if set to 'false', then authenticated
# users (members of the instance) will still be able to query the endpoint.
#
# WARNING: Setting this variable to 'true' may result in your instance being scraped by blocklist scrapers.
# See: https://docs.gotosocial.org/en/latest/admin/domain_blocks/#block-announce-bots
suspended : false
# -- Allow unauthenticated users to view /about/suspended,
# showing the HTML rendered list of instances that this instance blocks/suspends.
suspendedWeb : false
# -- This flag tweaks whether GoToSocial will deliver ActivityPub messages
# to the shared inbox of a recipient, if one is available, instead of delivering
# each message to each actor who should receive a message individually.
#
# Shared inbox delivery can significantly reduce network load when delivering
# to multiple recipients share an inbox (eg., on large Mastodon instances).
#
# See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery
publicTimeline : false
# -- This flag tweaks whether GoToSocial will deliver ActivityPub messages
# to the shared inbox of a recipient, if one is available, instead of delivering
# each message to each actor who should receive a message individually.
#
# Shared inbox delivery can significantly reduce network load when delivering
# to multiple recipients share an inbox (eg., on large Mastodon instances).
#
# See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery
deliverToSharedInboxes : true
# -- This flag will inject a Mastodon version into the version field that
# is included in /api/v1/instance. This version is often used by Mastodon clients
# to do API feature detection. By injecting a Mastodon compatible version, it is
# possible to cajole those clients to behave correctly with GoToSocial.
injectMastodonVersion : false
2024-01-28 11:07:59 +01:00
accounts :
# -- Do we want people to be able to just submit sign up requests, or do we want invite only?
registrationOpen : true
# -- Do sign up requests require approval from an admin/moderator before an account can sign in/use the server?
approvalRequired : true
# -- Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)?
reasonRequired : true
# -- Allow accounts on this instance to set custom CSS for their profile pages and statuses.
# Enabling this setting will allow accounts to upload custom CSS via the /user settings page,
# which will then be rendered on the web view of the account's profile and statuses.
#
# For instances with public sign ups, it is **HIGHLY RECOMMENDED** to leave this setting on 'false',
# since setting it to true allows malicious accounts to make their profile pages misleading, unusable
# or even dangerous to visitors. In other words, you should only enable this setting if you trust
# the users on your instance not to produce harmful CSS.
#
# Regardless of what this value is set to, any uploaded CSS will not be federated to other instances,
# it will only be shown on profiles and statuses on *this* instance.
allowCustomCSS : false
# -- If accounts-allow-custom-css is true, this is the permitted length in characters for
# CSS uploaded by accounts on this instance. No effect if accounts-allow-custom-css is false.
customCSSLength : 10000
storage :
# -- Type of storage backend to use.
# Examples: ["local", "s3"]
# Default: "local" (storage on local disk)
backend : "local"
s3 :
# -- API endpoint of the S3 compatible service.
# Only required when running with the s3 storage backend.
# GoToSocial uses "DNS-style" when accessing buckets.
# If you are using Scaleways object storage, please remove the "bucket name" from the endpoint address
endpoint : ""
# -- If data stored in S3 should be proxied through GoToSocial instead of redirecting to a presigned URL.
proxy : false
# -- Use SSL for S3 connections.
#
# Only set this to 'false' when testing locally.
useSSL : true
# -- Name of the storage bucket.
#
# If you have already encoded your bucket name in the storage-s3-endpoint, this
# value will be used as a directory containing your data.
#
# The bucket must exist prior to starting GoToSocial
#
# Only required when running with the s3 storage backend.
bucket : ""
# -- Access key part of the S3 credentials.
# Consider setting this value using environment variables to avoid leaking it via the config file
# Only required when running with the s3 storage backend.
accessKey : ""
# -- Secret key part of the S3 credentials.
# Consider setting this value using environment variables to avoid leaking it via the config file
# Only required when running with the s3 storage backend.
secretKey : ""
oidc :
# -- Enable authentication with external OIDC provider. If set to true, then
# the other OIDC options must be set as well. If this is set to false, then the standard
# internal oauth flow will be used, where users sign in to GtS with username/password.
enabled : false
# -- Name of the oidc idp (identity provider). This will be shown to users when they log in.
idpName : ""
# -- Skip the normal verification flow of tokens returned from the OIDC provider, ie.,
# don't check the expiry or signature. This should only be used in debugging or testing,
# never ever in a production environment as it's extremely unsafe!
skipVerification : false
# -- The OIDC issuer URI. This is where GtS will redirect users to for login.
# Typically this will look like a standard web URL.
issuer : ""
# -- The ID for this client as registered with the OIDC provider.
clientID : ""
# -- The secret for this client as registered with the OIDC provider.
clientSecret : ""
# -- Scopes to request from the OIDC provider. The returned values will be used to
# populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required.
# 'profile' is used to extract a username for the newly created user.
# 'groups' is optional and can be used to determine if a user is an admin based on oidc-admin-groups.
scopes :
- "openid"
- "email"
- "profile"
- "groups"
# -- Link OIDC authenticated users to existing ones based on their email address.
# This is mostly intended for migration purposes if you were running previous versions of GTS
# which only correlated users with their email address. Should be set to false for most usecases.
linkExisting : false
# -- If the returned ID token contains a 'groups' claim that matches one of the
# groups in oidc-admin-groups, then this user will be granted admin rights on the GtS instance
adminGroups :
- "admins"
smtp :
# -- The hostname of the smtp server you want to use.
# If this is not set, smtp will not be used to send emails, and you can ignore the other settings.
host : ""
# -- Port to use to connect to the smtp server.
port : 0
# -- Username to use when authenticating with the smtp server.
# This should have been provided to you by your smtp host.
# This is often, but not always, an email address.
username : ""
# -- Password to use when authenticating with the smtp server.
# This should have been provided to you by your smtp host.
password : ""
# -- 'From' address for sent emails.
from : ""
# -- If true, when an email is sent that has multiple recipients, each recipient
# will be included in the To field, so that each recipient can see who else got the
# email, and they can 'reply all' to the other recipients if they want to.
#
# If false, email will be sent to Undisclosed Recipients, and each recipient will not
# be able to see who else received the email.
#
# It might be useful to change this setting to 'true' if you want to be able to discuss
# new moderation reports with other admins by 'replying-all' to the notification email.
discloseRecipients : false
metrics :
enabled : true
auth :
enabled : false
username : ""
password : ""
2024-07-19 17:28:32 +02:00
tracing :
# -- Enable OpenTelemetry based tracing support.
enabled : false
# -- Set the transport protocol for the tracing system. Can either be "grpc" for OTLP gRPC, or "http" for OTLP HTTP.
transport : grpc
# -- Endpoint of the trace ingester. When using the gRPC or HTTP based transports, provide the endpoint as a single address/port combination without a protocol scheme.
endpoint : ""
# -- Disable TLS for the gRPC and HTTP transport protocols.
insecureTransport : false
2024-01-28 11:07:59 +01:00
prometheus :
servicemonitor :
enabled : false
labels : {}
serviceAccount :
# -- Specifies whether a service account should be created
create : false
# -- Automatically mount a ServiceAccount's API credentials?
automount : true
# -- Annotations to add to the service account
annotations : {}
# -- The name of the service account to use.
2024-07-19 17:28:32 +02:00
# If not set and create is true, a name is generated using the fullname template
2024-01-28 11:07:59 +01:00
name : ""
podAnnotations : {}
podLabels : {}
podSecurityContext : {}
# fsGroup: 2000
securityContext : {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service :
type : ClusterIP
port : 8080
ingress :
enabled : false
className : ""
annotations : {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts :
- host : chart-example.local
paths :
- path : /
pathType : ImplementationSpecific
tls : [ ]
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources : {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling :
enabled : false
minReplicas : 1
maxReplicas : 100
targetCPUUtilizationPercentage : 80
# targetMemoryUtilizationPercentage: 80
# Additional volumes on the output Deployment definition.
volumes : [ ]
# - name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the output Deployment definition.
volumeMounts : [ ]
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
nodeSelector : {}
tolerations : [ ]
affinity : {}
persistence :
# -- Enable persistence using Persistent Volume Claims
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
enabled : true
annotations : {}
# -- Persistent Volume Storage Class
# If defined, storageClassName: <storageClass>
# If set to "-", storageClassName: "", which disables dynamic provisioning
# If undefined (the default) or set to null, no storageClassName spec is
# set, choosing the default provisioner. (gp2 on AWS, standard on
# GKE, AWS & OpenStack)
storageClass :
# -- A manually managed Persistent Volume and Claim
# Requires persistence.enabled: true
# If defined, PVC must be created manually before volume will be bound
existingClaim :
# -- Do not create an PVC, direct use hostPath in Pod
hostPath :
# -- accessMode
accessMode : ReadWriteOnce
# -- size
size : 10Gi
