|
@@ -48,6 +48,9 @@ mastodon:
|
|
|
enabled: false
|
|
|
access_key: ""
|
|
|
access_secret: ""
|
|
|
+ # you can also specify the name of an existing Secret
|
|
|
+ # with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
|
|
|
+ existingSecret: ""
|
|
|
bucket: ""
|
|
|
endpoint: https://us-east-1.linodeobjects.com
|
|
|
hostname: us-east-1.linodeobjects.com
|
|
@@ -61,6 +64,10 @@ mastodon:
|
|
|
vapid:
|
|
|
private_key: ""
|
|
|
public_key: ""
|
|
|
+ # you can also specify the name of an existing Secret
|
|
|
+ # with keys SECRET_KEY_BASE and OTP_SECRET and
|
|
|
+ # VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
|
|
|
+ existingSecret: ""
|
|
|
sidekiq:
|
|
|
concurrency: 25
|
|
|
smtp:
|
|
@@ -70,13 +77,16 @@ mastodon:
|
|
|
domain:
|
|
|
enable_starttls_auto: true
|
|
|
from_address: notifications@example.com
|
|
|
- login:
|
|
|
openssl_verify_mode: peer
|
|
|
- password:
|
|
|
port: 587
|
|
|
reply_to:
|
|
|
server: smtp.mailgun.org
|
|
|
tls: false
|
|
|
+ login:
|
|
|
+ password:
|
|
|
+ # you can also specify the name of an existing Secret
|
|
|
+ # with the keys login and password
|
|
|
+ existingSecret:
|
|
|
streaming:
|
|
|
port: 4000
|
|
|
# this should be set manually since os.cpus() returns the number of CPUs on
|
|
@@ -127,18 +137,26 @@ postgresql:
|
|
|
# must match those of that external postgres instance
|
|
|
enabled: true
|
|
|
# postgresqlHostname: preexisting-postgresql
|
|
|
- postgresqlDatabase: mastodon_production
|
|
|
- # you must set a password; the password generated by the postgresql chart will
|
|
|
- # be rotated on each upgrade:
|
|
|
- # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
|
|
|
- postgresqlPassword: ""
|
|
|
- postgresqlUsername: postgres
|
|
|
+ auth:
|
|
|
+ database: mastodon_production
|
|
|
+ username: postgres
|
|
|
+ # you must set a password; the password generated by the postgresql chart will
|
|
|
+ # be rotated on each upgrade:
|
|
|
+ # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
|
|
|
+ password: ""
|
|
|
+ # you can also specify the name of an existing Secret
|
|
|
+ # with a key of postgres-password set to the password you want
|
|
|
+ existingSecret: ""
|
|
|
|
|
|
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
|
|
|
redis:
|
|
|
# you must set a password; the password generated by the redis chart will be
|
|
|
# rotated on each upgrade:
|
|
|
password: ""
|
|
|
+ # you can also specify the name of an existing Secret
|
|
|
+ # with a key of redis-password set to the password you want
|
|
|
+ # auth:
|
|
|
+ # existingSecret: ""
|
|
|
|
|
|
service:
|
|
|
type: ClusterIP
|
|
@@ -157,45 +175,45 @@ externalAuth:
|
|
|
# client_secret: SECRETKEY
|
|
|
# redirect_uri: https://example.com/auth/auth/openid_connect/callback
|
|
|
# assume_email_is_verified: true
|
|
|
- # client_auth_method:
|
|
|
- # response_type:
|
|
|
- # response_mode:
|
|
|
- # display:
|
|
|
- # prompt:
|
|
|
- # send_nonce:
|
|
|
- # send_scope_to_token_endpoint:
|
|
|
- # idp_logout_redirect_uri:
|
|
|
- # http_scheme:
|
|
|
- # host:
|
|
|
- # port:
|
|
|
- # jwks_uri:
|
|
|
- # auth_endpoint:
|
|
|
- # token_endpoint:
|
|
|
- # user_info_endpoint:
|
|
|
- # end_session_endpoint:
|
|
|
+ # client_auth_method:
|
|
|
+ # response_type:
|
|
|
+ # response_mode:
|
|
|
+ # display:
|
|
|
+ # prompt:
|
|
|
+ # send_nonce:
|
|
|
+ # send_scope_to_token_endpoint:
|
|
|
+ # idp_logout_redirect_uri:
|
|
|
+ # http_scheme:
|
|
|
+ # host:
|
|
|
+ # port:
|
|
|
+ # jwks_uri:
|
|
|
+ # auth_endpoint:
|
|
|
+ # token_endpoint:
|
|
|
+ # user_info_endpoint:
|
|
|
+ # end_session_endpoint:
|
|
|
saml:
|
|
|
enabled: false
|
|
|
# acs_url: http://mastodon.example.com/auth/auth/saml/callback
|
|
|
# issuer: mastodon
|
|
|
# idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml
|
|
|
# idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----'
|
|
|
- # idp_cert_fingerprint:
|
|
|
+ # idp_cert_fingerprint:
|
|
|
# name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
|
|
|
- # cert:
|
|
|
- # private_key:
|
|
|
+ # cert:
|
|
|
+ # private_key:
|
|
|
# want_assertion_signed: true
|
|
|
# want_assertion_encrypted: true
|
|
|
# assume_email_is_verified: true
|
|
|
# uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1"
|
|
|
- # attributes_statements:
|
|
|
+ # attributes_statements:
|
|
|
# uid: "urn:oid:0.9.2342.19200300.100.1.1"
|
|
|
# email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
|
|
|
# full_name: "urn:oid:2.16.840.1.113730.3.1.241"
|
|
|
# first_name: "urn:oid:2.5.4.42"
|
|
|
# last_name: "urn:oid:2.5.4.4"
|
|
|
- # verified:
|
|
|
- # verified_email:
|
|
|
- oauth_global:
|
|
|
+ # verified:
|
|
|
+ # verified_email:
|
|
|
+ oauth_global:
|
|
|
# Force redirect local login to CAS. Does not function with SAML or LDAP.
|
|
|
oauth_redirect_at_sign_in: false
|
|
|
cas:
|
|
@@ -204,15 +222,15 @@ externalAuth:
|
|
|
# host: sso.myserver.com
|
|
|
# port: 443
|
|
|
# ssl: true
|
|
|
- # validate_url:
|
|
|
- # callback_url:
|
|
|
- # logout_url:
|
|
|
- # login_url:
|
|
|
+ # validate_url:
|
|
|
+ # callback_url:
|
|
|
+ # logout_url:
|
|
|
+ # login_url:
|
|
|
# uid_field: 'user'
|
|
|
- # ca_path:
|
|
|
+ # ca_path:
|
|
|
# disable_ssl_verification: false
|
|
|
# assume_email_is_verified: true
|
|
|
- # keys:
|
|
|
+ # keys:
|
|
|
# uid: 'user'
|
|
|
# name: 'name'
|
|
|
# email: 'email'
|
|
@@ -222,7 +240,7 @@ externalAuth:
|
|
|
# location: 'location'
|
|
|
# image: 'image'
|
|
|
# phone: 'phone'
|
|
|
- pam:
|
|
|
+ pam:
|
|
|
enabled: false
|
|
|
# email_domain: example.com
|
|
|
# default_service: rpam
|
|
@@ -232,9 +250,9 @@ externalAuth:
|
|
|
# host: myservice.namespace.svc
|
|
|
# port: 389
|
|
|
# method: simple_tls
|
|
|
- # base:
|
|
|
- # bind_on:
|
|
|
- # password:
|
|
|
+ # base:
|
|
|
+ # bind_on:
|
|
|
+ # password:
|
|
|
# uid: cn
|
|
|
# mail: mail
|
|
|
# search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))"
|