299 lines
11 KiB
YAML
299 lines
11 KiB
YAML
# Default values for gotosocial.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
global:
|
|
image:
|
|
# -- if set it will overwrite all registry entries
|
|
registry:
|
|
# -- if set it will overwrite all pullPolicy
|
|
pullPolicy:
|
|
|
|
replicaCount: 1
|
|
|
|
image:
|
|
registry: docker.io
|
|
repository: superseriousbusiness/gotosocial
|
|
pullPolicy: IfNotPresent
|
|
# -- Overrides the image tag whose default is the chart appVersion.
|
|
tag: ""
|
|
|
|
imagePullSecrets: []
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
gotosocial:
|
|
tz: "UTC"
|
|
applicationName: "gotosocial"
|
|
landingPageUser: ""
|
|
host: "localhost"
|
|
accountDomain: ""
|
|
database:
|
|
# -- Database type.
|
|
# Options: ["postgres","sqlite"]
|
|
type: "sqlite"
|
|
# -- Database address or parameters.
|
|
# For Postgres, this should be the address or socket at which the database can be reached.
|
|
address: ""
|
|
# -- Port for database connection.
|
|
port: 5432
|
|
# -- Username for the database connection.
|
|
username: ""
|
|
# -- Password to use for the database connection
|
|
password: ""
|
|
# -- Name of the database to use within the provided database type.
|
|
database: "gotosocial"
|
|
# -- Disable, enable, or require SSL/TLS connection to the database.
|
|
# If "disable" then no TLS connection will be attempted.
|
|
# If "enable" then TLS will be tried, but the database certificate won't be checked (for self-signed certs).
|
|
# If "require" then TLS will be required to make a connection, and a valid certificate must be presented.
|
|
tlsMode: "disabled"
|
|
# -- Path to a CA certificate on the host machine for db certificate validation.
|
|
# If this is left empty, just the host certificates will be used.
|
|
# If filled in, the certificate will be loaded and added to host certificates.
|
|
tlsCACert: ""
|
|
accounts:
|
|
# -- Do we want people to be able to just submit sign up requests, or do we want invite only?
|
|
registrationOpen: true
|
|
# -- Do sign up requests require approval from an admin/moderator before an account can sign in/use the server?
|
|
approvalRequired: true
|
|
# -- Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)?
|
|
reasonRequired: true
|
|
# -- Allow accounts on this instance to set custom CSS for their profile pages and statuses.
|
|
# Enabling this setting will allow accounts to upload custom CSS via the /user settings page,
|
|
# which will then be rendered on the web view of the account's profile and statuses.
|
|
#
|
|
# For instances with public sign ups, it is **HIGHLY RECOMMENDED** to leave this setting on 'false',
|
|
# since setting it to true allows malicious accounts to make their profile pages misleading, unusable
|
|
# or even dangerous to visitors. In other words, you should only enable this setting if you trust
|
|
# the users on your instance not to produce harmful CSS.
|
|
#
|
|
# Regardless of what this value is set to, any uploaded CSS will not be federated to other instances,
|
|
# it will only be shown on profiles and statuses on *this* instance.
|
|
allowCustomCSS: false
|
|
# -- If accounts-allow-custom-css is true, this is the permitted length in characters for
|
|
# CSS uploaded by accounts on this instance. No effect if accounts-allow-custom-css is false.
|
|
customCSSLength: 10000
|
|
storage:
|
|
# -- Type of storage backend to use.
|
|
# Examples: ["local", "s3"]
|
|
# Default: "local" (storage on local disk)
|
|
backend: "local"
|
|
s3:
|
|
# -- API endpoint of the S3 compatible service.
|
|
# Only required when running with the s3 storage backend.
|
|
# GoToSocial uses "DNS-style" when accessing buckets.
|
|
# If you are using Scaleways object storage, please remove the "bucket name" from the endpoint address
|
|
endpoint: ""
|
|
# -- If data stored in S3 should be proxied through GoToSocial instead of redirecting to a presigned URL.
|
|
proxy: false
|
|
# -- Use SSL for S3 connections.
|
|
#
|
|
# Only set this to 'false' when testing locally.
|
|
useSSL: true
|
|
# -- Name of the storage bucket.
|
|
#
|
|
# If you have already encoded your bucket name in the storage-s3-endpoint, this
|
|
# value will be used as a directory containing your data.
|
|
#
|
|
# The bucket must exist prior to starting GoToSocial
|
|
#
|
|
# Only required when running with the s3 storage backend.
|
|
bucket: ""
|
|
# -- Access key part of the S3 credentials.
|
|
# Consider setting this value using environment variables to avoid leaking it via the config file
|
|
# Only required when running with the s3 storage backend.
|
|
accessKey: ""
|
|
# -- Secret key part of the S3 credentials.
|
|
# Consider setting this value using environment variables to avoid leaking it via the config file
|
|
# Only required when running with the s3 storage backend.
|
|
secretKey: ""
|
|
oidc:
|
|
# -- Enable authentication with external OIDC provider. If set to true, then
|
|
# the other OIDC options must be set as well. If this is set to false, then the standard
|
|
# internal oauth flow will be used, where users sign in to GtS with username/password.
|
|
enabled: false
|
|
# -- Name of the oidc idp (identity provider). This will be shown to users when they log in.
|
|
idpName: ""
|
|
# -- Skip the normal verification flow of tokens returned from the OIDC provider, ie.,
|
|
# don't check the expiry or signature. This should only be used in debugging or testing,
|
|
# never ever in a production environment as it's extremely unsafe!
|
|
skipVerification: false
|
|
# -- The OIDC issuer URI. This is where GtS will redirect users to for login.
|
|
# Typically this will look like a standard web URL.
|
|
issuer: ""
|
|
# -- The ID for this client as registered with the OIDC provider.
|
|
clientID: ""
|
|
# -- The secret for this client as registered with the OIDC provider.
|
|
clientSecret: ""
|
|
# -- Scopes to request from the OIDC provider. The returned values will be used to
|
|
# populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required.
|
|
# 'profile' is used to extract a username for the newly created user.
|
|
# 'groups' is optional and can be used to determine if a user is an admin based on oidc-admin-groups.
|
|
scopes:
|
|
- "openid"
|
|
- "email"
|
|
- "profile"
|
|
- "groups"
|
|
# -- Link OIDC authenticated users to existing ones based on their email address.
|
|
# This is mostly intended for migration purposes if you were running previous versions of GTS
|
|
# which only correlated users with their email address. Should be set to false for most usecases.
|
|
linkExisting: false
|
|
# -- If the returned ID token contains a 'groups' claim that matches one of the
|
|
# groups in oidc-admin-groups, then this user will be granted admin rights on the GtS instance
|
|
adminGroups:
|
|
- "admins"
|
|
smtp:
|
|
# -- The hostname of the smtp server you want to use.
|
|
# If this is not set, smtp will not be used to send emails, and you can ignore the other settings.
|
|
host: ""
|
|
# -- Port to use to connect to the smtp server.
|
|
port: 0
|
|
# -- Username to use when authenticating with the smtp server.
|
|
# This should have been provided to you by your smtp host.
|
|
# This is often, but not always, an email address.
|
|
username: ""
|
|
# -- Password to use when authenticating with the smtp server.
|
|
# This should have been provided to you by your smtp host.
|
|
password: ""
|
|
# -- 'From' address for sent emails.
|
|
from: ""
|
|
# -- If true, when an email is sent that has multiple recipients, each recipient
|
|
# will be included in the To field, so that each recipient can see who else got the
|
|
# email, and they can 'reply all' to the other recipients if they want to.
|
|
#
|
|
# If false, email will be sent to Undisclosed Recipients, and each recipient will not
|
|
# be able to see who else received the email.
|
|
#
|
|
# It might be useful to change this setting to 'true' if you want to be able to discuss
|
|
# new moderation reports with other admins by 'replying-all' to the notification email.
|
|
discloseRecipients: false
|
|
metrics:
|
|
enabled: true
|
|
auth:
|
|
enabled: false
|
|
username: ""
|
|
password: ""
|
|
tracing:
|
|
# -- Enable OpenTelemetry based tracing support.
|
|
enabled: false
|
|
# -- Set the transport protocol for the tracing system. Can either be "grpc" for OTLP gRPC, or "http" for OTLP HTTP.
|
|
transport: grpc
|
|
# -- Endpoint of the trace ingester. When using the gRPC or HTTP based transports, provide the endpoint as a single address/port combination without a protocol scheme.
|
|
endpoint: ""
|
|
# -- Disable TLS for the gRPC and HTTP transport protocols.
|
|
insecureTransport: false
|
|
|
|
prometheus:
|
|
servicemonitor:
|
|
enabled: false
|
|
labels: {}
|
|
|
|
serviceAccount:
|
|
# -- Specifies whether a service account should be created
|
|
create: false
|
|
# -- Automatically mount a ServiceAccount's API credentials?
|
|
automount: true
|
|
# -- Annotations to add to the service account
|
|
annotations: {}
|
|
# -- The name of the service account to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name: ""
|
|
|
|
podAnnotations: {}
|
|
podLabels: {}
|
|
|
|
podSecurityContext: {}
|
|
# fsGroup: 2000
|
|
|
|
securityContext: {}
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
# readOnlyRootFilesystem: true
|
|
# runAsNonRoot: true
|
|
# runAsUser: 1000
|
|
|
|
service:
|
|
type: ClusterIP
|
|
port: 8080
|
|
|
|
ingress:
|
|
enabled: false
|
|
className: ""
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
hosts:
|
|
- host: chart-example.local
|
|
paths:
|
|
- path: /
|
|
pathType: ImplementationSpecific
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# hosts:
|
|
# - chart-example.local
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 1
|
|
maxReplicas: 100
|
|
targetCPUUtilizationPercentage: 80
|
|
# targetMemoryUtilizationPercentage: 80
|
|
|
|
# Additional volumes on the output Deployment definition.
|
|
volumes: []
|
|
# - name: foo
|
|
# secret:
|
|
# secretName: mysecret
|
|
# optional: false
|
|
|
|
# Additional volumeMounts on the output Deployment definition.
|
|
volumeMounts: []
|
|
# - name: foo
|
|
# mountPath: "/etc/foo"
|
|
# readOnly: true
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|
|
|
|
|
|
persistence:
|
|
# -- Enable persistence using Persistent Volume Claims
|
|
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
enabled: true
|
|
annotations: {}
|
|
# -- Persistent Volume Storage Class
|
|
# If defined, storageClassName: <storageClass>
|
|
# If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
# If undefined (the default) or set to null, no storageClassName spec is
|
|
# set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
# GKE, AWS & OpenStack)
|
|
storageClass:
|
|
|
|
# -- A manually managed Persistent Volume and Claim
|
|
# Requires persistence.enabled: true
|
|
# If defined, PVC must be created manually before volume will be bound
|
|
existingClaim:
|
|
|
|
# -- Do not create an PVC, direct use hostPath in Pod
|
|
hostPath:
|
|
# -- accessMode
|
|
accessMode: ReadWriteOnce
|
|
# -- size
|
|
size: 10Gi
|