From 45928ee1b80b414903e3b433e83e66a091747e99 Mon Sep 17 00:00:00 2001 From: WrenIX Date: Sun, 23 Feb 2025 09:15:08 +0100 Subject: [PATCH] fix(gotosocial): make trusted proxies configurable --- gotosocial/Chart.yaml | 2 +- gotosocial/README.md | 7 ++++++- gotosocial/templates/secret.yaml | 5 +++++ gotosocial/values.yaml | 7 +++++++ 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/gotosocial/Chart.yaml b/gotosocial/Chart.yaml index 909dea7..7932159 100644 --- a/gotosocial/Chart.yaml +++ b/gotosocial/Chart.yaml @@ -3,7 +3,7 @@ name: gotosocial description: With GoToSocial, you can keep in touch with your friends, post, read, and share images and articles. All without being tracked or advertised to! icon: https://docs.gotosocial.org/en/latest/assets/sloth.png type: application -version: "0.2.9" +version: "0.2.10" # renovate: image=docker.io/superseriousbusiness/gotosocial appVersion: "0.18.0" maintainers: diff --git a/gotosocial/README.md b/gotosocial/README.md index e216c8f..8ef65ed 100644 --- a/gotosocial/README.md +++ b/gotosocial/README.md @@ -7,7 +7,7 @@ description: "With GoToSocial, you can keep in touch with your friends, post, re # gotosocial -![Version: 0.2.9](https://img.shields.io/badge/Version-0.2.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.18.0](https://img.shields.io/badge/AppVersion-0.18.0-informational?style=flat-square) +![Version: 0.2.10](https://img.shields.io/badge/Version-0.2.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.18.0](https://img.shields.io/badge/AppVersion-0.18.0-informational?style=flat-square) With GoToSocial, you can keep in touch with your friends, post, read, and share images and articles. All without being tracked or advertised to! @@ -57,6 +57,8 @@ helm uninstall gotosocial-release | gotosocial.accounts.customCSSLength | int | `10000` | If accounts-allow-custom-css is true, this is the permitted length in characters for CSS uploaded by accounts on this instance. No effect if accounts-allow-custom-css is false. | | gotosocial.accounts.reasonRequired | bool | `true` | Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)? | | gotosocial.accounts.registrationOpen | bool | `true` | Do we want people to be able to just submit sign up requests, or do we want invite only? | +| gotosocial.advancedRateLimitExceptions | list | `[]` | | +| gotosocial.advancedRateLimitRequests | int | `300` | | | gotosocial.applicationName | string | `"gotosocial"` | | | gotosocial.database.address | string | `""` | Database address or parameters. For Postgres, this should be the address or socket at which the database can be reached. | | gotosocial.database.database | string | `"gotosocial"` | Name of the database to use within the provided database type. | @@ -107,6 +109,9 @@ helm uninstall gotosocial-release | gotosocial.tracing.endpoint | string | `""` | Endpoint of the trace ingester. When using the gRPC or HTTP based transports, provide the endpoint as a single address/port combination without a protocol scheme. | | gotosocial.tracing.insecureTransport | bool | `false` | Disable TLS for the gRPC and HTTP transport protocols. | | gotosocial.tracing.transport | string | `"grpc"` | Set the transport protocol for the tracing system. Can either be "grpc" for OTLP gRPC, or "http" for OTLP HTTP. | +| gotosocial.trustedProxies[0] | string | `"10.42.0.0/16"` | | +| gotosocial.trustedProxies[1] | string | `"127.0.0.1/32"` | | +| gotosocial.trustedProxies[2] | string | `"::1"` | | | gotosocial.tz | string | `"UTC"` | | | image.pullPolicy | string | `"IfNotPresent"` | | | image.registry | string | `"docker.io"` | | diff --git a/gotosocial/templates/secret.yaml b/gotosocial/templates/secret.yaml index 070a6f6..486ee23 100644 --- a/gotosocial/templates/secret.yaml +++ b/gotosocial/templates/secret.yaml @@ -17,6 +17,11 @@ data: {{- end }} GTS_HOST: {{ .host | b64enc }} GTS_ACCOUNT_DOMAIN: {{ .accountDomain | b64enc }} + GTS_TRUSTED_PROXIES: {{ .trustedProxies | join "," | b64enc }} + {{- with .advancedRateLimitExceptions }} + GTS_ADVANCED_RATE_LIMIT_EXCEPTIONS: {{ . | join "," | b64enc }} + {{- end }} + GTS_ADVANCED_RATE_LIMIT_REQUESTS: {{ quote .advancedRateLimitRequests | b64enc }} GTS_DB_TYPE: {{ .database.type | b64enc }} {{- if (eq .database.type "sqlite") }} diff --git a/gotosocial/values.yaml b/gotosocial/values.yaml index 11260c5..9ce2b9c 100644 --- a/gotosocial/values.yaml +++ b/gotosocial/values.yaml @@ -28,6 +28,13 @@ gotosocial: landingPageUser: "" host: "localhost" accountDomain: "" + trustedProxies: + - "10.42.0.0/16" + - "127.0.0.1/32" + - "::1" + advancedRateLimitExceptions: [] + advancedRateLimitRequests: 300 + database: # -- Database type. # Options: ["postgres","sqlite"]