# Default values for gotosocial. # This is a YAML-formatted file. # Declare variables to be passed into your templates. global: image: # -- if set it will overwrite all registry entries registry: # -- if set it will overwrite all pullPolicy pullPolicy: replicaCount: 1 image: registry: docker.io repository: superseriousbusiness/gotosocial pullPolicy: IfNotPresent # -- Overrides the image tag whose default is the chart appVersion. tag: "" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" gotosocial: tz: "UTC" applicationName: "gotosocial" landingPageUser: "" host: "localhost" accountDomain: "" database: # -- Database type. # Options: ["postgres","sqlite"] type: "sqlite" # -- Database address or parameters. # For Postgres, this should be the address or socket at which the database can be reached. address: "" # -- Port for database connection. port: 5432 # -- Username for the database connection. username: "" # -- Password to use for the database connection password: "" # -- Name of the database to use within the provided database type. database: "gotosocial" # -- Disable, enable, or require SSL/TLS connection to the database. # If "disable" then no TLS connection will be attempted. # If "enable" then TLS will be tried, but the database certificate won't be checked (for self-signed certs). # If "require" then TLS will be required to make a connection, and a valid certificate must be presented. tlsMode: "disabled" # -- Path to a CA certificate on the host machine for db certificate validation. # If this is left empty, just the host certificates will be used. # If filled in, the certificate will be loaded and added to host certificates. tlsCACert: "" accounts: # -- Do we want people to be able to just submit sign up requests, or do we want invite only? registrationOpen: true # -- Do sign up requests require approval from an admin/moderator before an account can sign in/use the server? approvalRequired: true # -- Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)? reasonRequired: true # -- Allow accounts on this instance to set custom CSS for their profile pages and statuses. # Enabling this setting will allow accounts to upload custom CSS via the /user settings page, # which will then be rendered on the web view of the account's profile and statuses. # # For instances with public sign ups, it is **HIGHLY RECOMMENDED** to leave this setting on 'false', # since setting it to true allows malicious accounts to make their profile pages misleading, unusable # or even dangerous to visitors. In other words, you should only enable this setting if you trust # the users on your instance not to produce harmful CSS. # # Regardless of what this value is set to, any uploaded CSS will not be federated to other instances, # it will only be shown on profiles and statuses on *this* instance. allowCustomCSS: false # -- If accounts-allow-custom-css is true, this is the permitted length in characters for # CSS uploaded by accounts on this instance. No effect if accounts-allow-custom-css is false. customCSSLength: 10000 storage: # -- Type of storage backend to use. # Examples: ["local", "s3"] # Default: "local" (storage on local disk) backend: "local" s3: # -- API endpoint of the S3 compatible service. # Only required when running with the s3 storage backend. # GoToSocial uses "DNS-style" when accessing buckets. # If you are using Scaleways object storage, please remove the "bucket name" from the endpoint address endpoint: "" # -- If data stored in S3 should be proxied through GoToSocial instead of redirecting to a presigned URL. proxy: false # -- Use SSL for S3 connections. # # Only set this to 'false' when testing locally. useSSL: true # -- Name of the storage bucket. # # If you have already encoded your bucket name in the storage-s3-endpoint, this # value will be used as a directory containing your data. # # The bucket must exist prior to starting GoToSocial # # Only required when running with the s3 storage backend. bucket: "" # -- Access key part of the S3 credentials. # Consider setting this value using environment variables to avoid leaking it via the config file # Only required when running with the s3 storage backend. accessKey: "" # -- Secret key part of the S3 credentials. # Consider setting this value using environment variables to avoid leaking it via the config file # Only required when running with the s3 storage backend. secretKey: "" oidc: # -- Enable authentication with external OIDC provider. If set to true, then # the other OIDC options must be set as well. If this is set to false, then the standard # internal oauth flow will be used, where users sign in to GtS with username/password. enabled: false # -- Name of the oidc idp (identity provider). This will be shown to users when they log in. idpName: "" # -- Skip the normal verification flow of tokens returned from the OIDC provider, ie., # don't check the expiry or signature. This should only be used in debugging or testing, # never ever in a production environment as it's extremely unsafe! skipVerification: false # -- The OIDC issuer URI. This is where GtS will redirect users to for login. # Typically this will look like a standard web URL. issuer: "" # -- The ID for this client as registered with the OIDC provider. clientID: "" # -- The secret for this client as registered with the OIDC provider. clientSecret: "" # -- Scopes to request from the OIDC provider. The returned values will be used to # populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required. # 'profile' is used to extract a username for the newly created user. # 'groups' is optional and can be used to determine if a user is an admin based on oidc-admin-groups. scopes: - "openid" - "email" - "profile" - "groups" # -- Link OIDC authenticated users to existing ones based on their email address. # This is mostly intended for migration purposes if you were running previous versions of GTS # which only correlated users with their email address. Should be set to false for most usecases. linkExisting: false # -- If the returned ID token contains a 'groups' claim that matches one of the # groups in oidc-admin-groups, then this user will be granted admin rights on the GtS instance adminGroups: - "admins" smtp: # -- The hostname of the smtp server you want to use. # If this is not set, smtp will not be used to send emails, and you can ignore the other settings. host: "" # -- Port to use to connect to the smtp server. port: 0 # -- Username to use when authenticating with the smtp server. # This should have been provided to you by your smtp host. # This is often, but not always, an email address. username: "" # -- Password to use when authenticating with the smtp server. # This should have been provided to you by your smtp host. password: "" # -- 'From' address for sent emails. from: "" # -- If true, when an email is sent that has multiple recipients, each recipient # will be included in the To field, so that each recipient can see who else got the # email, and they can 'reply all' to the other recipients if they want to. # # If false, email will be sent to Undisclosed Recipients, and each recipient will not # be able to see who else received the email. # # It might be useful to change this setting to 'true' if you want to be able to discuss # new moderation reports with other admins by 'replying-all' to the notification email. discloseRecipients: false metrics: enabled: true auth: enabled: false username: "" password: "" tracing: # -- Enable OpenTelemetry based tracing support. enabled: false # -- Set the transport protocol for the tracing system. Can either be "grpc" for OTLP gRPC, or "http" for OTLP HTTP. transport: grpc # -- Endpoint of the trace ingester. When using the gRPC or HTTP based transports, provide the endpoint as a single address/port combination without a protocol scheme. endpoint: "" # -- Disable TLS for the gRPC and HTTP transport protocols. insecureTransport: false prometheus: servicemonitor: enabled: false labels: {} serviceAccount: # -- Specifies whether a service account should be created create: false # -- Automatically mount a ServiceAccount's API credentials? automount: true # -- Annotations to add to the service account annotations: {} # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} podLabels: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 service: type: ClusterIP port: 8080 ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 # Additional volumes on the output Deployment definition. volumes: [] # - name: foo # secret: # secretName: mysecret # optional: false # Additional volumeMounts on the output Deployment definition. volumeMounts: [] # - name: foo # mountPath: "/etc/foo" # readOnly: true nodeSelector: {} tolerations: [] affinity: {} persistence: # -- Enable persistence using Persistent Volume Claims # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ enabled: true annotations: {} # -- Persistent Volume Storage Class # If defined, storageClassName: # If set to "-", storageClassName: "", which disables dynamic provisioning # If undefined (the default) or set to null, no storageClassName spec is # set, choosing the default provisioner. (gp2 on AWS, standard on # GKE, AWS & OpenStack) storageClass: # -- A manually managed Persistent Volume and Claim # Requires persistence.enabled: true # If defined, PVC must be created manually before volume will be bound existingClaim: # -- Do not create an PVC, direct use hostPath in Pod hostPath: # -- accessMode accessMode: ReadWriteOnce # -- size size: 10Gi