@ -48,6 +48,9 @@ mastodon:
enabled : false
enabled : false
access_key : ""
access_key : ""
access_secret : ""
access_secret : ""
# you can also specify the name of an existing Secret
# with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
existingSecret : ""
bucket : ""
bucket : ""
endpoint : https://us-east-1.linodeobjects.com
endpoint : https://us-east-1.linodeobjects.com
hostname : us-east-1.linodeobjects.com
hostname : us-east-1.linodeobjects.com
@ -61,6 +64,10 @@ mastodon:
vapid:
vapid:
private_key : ""
private_key : ""
public_key : ""
public_key : ""
# you can also specify the name of an existing Secret
# with keys SECRET_KEY_BASE and OTP_SECRET and
# VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
existingSecret : ""
sidekiq:
sidekiq:
concurrency : 25
concurrency : 25
smtp:
smtp:
@ -70,13 +77,16 @@ mastodon:
domain:
domain:
enable_starttls_auto : true
enable_starttls_auto : true
from_address : notifications@example.com
from_address : notifications@example.com
login:
openssl_verify_mode : peer
openssl_verify_mode : peer
password:
port : 587
port : 587
reply_to:
reply_to:
server : smtp.mailgun.org
server : smtp.mailgun.org
tls : false
tls : false
login:
password:
# you can also specify the name of an existing Secret
# with the keys login and password
existingSecret:
streaming:
streaming:
port : 4000
port : 4000
# this should be set manually since os.cpus() returns the number of CPUs on
# this should be set manually since os.cpus() returns the number of CPUs on
@ -127,18 +137,26 @@ postgresql:
# must match those of that external postgres instance
# must match those of that external postgres instance
enabled : true
enabled : true
# postgresqlHostname: preexisting-postgresql
# postgresqlHostname: preexisting-postgresql
postgresqlDatabase : mastodon_production
auth:
# you must set a password; the password generated by the postgresql chart will
database : mastodon_production
# be rotated on each upgrade:
username : postgres
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
# you must set a password; the password generated by the postgresql chart will
postgresqlPassword : ""
# be rotated on each upgrade:
postgresqlUsername : postgres
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
password : ""
# you can also specify the name of an existing Secret
# with a key of postgres-password set to the password you want
existingSecret : ""
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
redis:
redis:
# you must set a password; the password generated by the redis chart will be
# you must set a password; the password generated by the redis chart will be
# rotated on each upgrade:
# rotated on each upgrade:
password : ""
password : ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
# auth:
# existingSecret: ""
service:
service:
type : ClusterIP
type : ClusterIP
@ -157,45 +175,45 @@ externalAuth:
# client_secret: SECRETKEY
# client_secret: SECRETKEY
# redirect_uri: https://example.com/auth/auth/openid_connect/callback
# redirect_uri: https://example.com/auth/auth/openid_connect/callback
# assume_email_is_verified: true
# assume_email_is_verified: true
# client_auth_method:
# client_auth_method:
# response_type:
# response_type:
# response_mode:
# response_mode:
# display:
# display:
# prompt:
# prompt:
# send_nonce:
# send_nonce:
# send_scope_to_token_endpoint:
# send_scope_to_token_endpoint:
# idp_logout_redirect_uri:
# idp_logout_redirect_uri:
# http_scheme:
# http_scheme:
# host:
# host:
# port:
# port:
# jwks_uri:
# jwks_uri:
# auth_endpoint:
# auth_endpoint:
# token_endpoint:
# token_endpoint:
# user_info_endpoint:
# user_info_endpoint:
# end_session_endpoint:
# end_session_endpoint:
saml:
saml:
enabled : false
enabled : false
# acs_url: http://mastodon.example.com/auth/auth/saml/callback
# acs_url: http://mastodon.example.com/auth/auth/saml/callback
# issuer: mastodon
# issuer: mastodon
# idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml
# idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml
# idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----'
# idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----'
# idp_cert_fingerprint:
# idp_cert_fingerprint:
# name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
# name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
# cert:
# cert:
# private_key:
# private_key:
# want_assertion_signed: true
# want_assertion_signed: true
# want_assertion_encrypted: true
# want_assertion_encrypted: true
# assume_email_is_verified: true
# assume_email_is_verified: true
# uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1"
# uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1"
# attributes_statements:
# attributes_statements:
# uid: "urn:oid:0.9.2342.19200300.100.1.1"
# uid: "urn:oid:0.9.2342.19200300.100.1.1"
# email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
# email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
# full_name: "urn:oid:2.16.840.1.113730.3.1.241"
# full_name: "urn:oid:2.16.840.1.113730.3.1.241"
# first_name: "urn:oid:2.5.4.42"
# first_name: "urn:oid:2.5.4.42"
# last_name: "urn:oid:2.5.4.4"
# last_name: "urn:oid:2.5.4.4"
# verified:
# verified:
# verified_email:
# verified_email:
oauth_global :
oauth_global:
# Force redirect local login to CAS. Does not function with SAML or LDAP.
# Force redirect local login to CAS. Does not function with SAML or LDAP.
oauth_redirect_at_sign_in : false
oauth_redirect_at_sign_in : false
cas:
cas:
@ -204,15 +222,15 @@ externalAuth:
# host: sso.myserver.com
# host: sso.myserver.com
# port: 443
# port: 443
# ssl: true
# ssl: true
# validate_url:
# validate_url:
# callback_url:
# callback_url:
# logout_url:
# logout_url:
# login_url:
# login_url:
# uid_field: 'user'
# uid_field: 'user'
# ca_path:
# ca_path:
# disable_ssl_verification: false
# disable_ssl_verification: false
# assume_email_is_verified: true
# assume_email_is_verified: true
# keys:
# keys:
# uid: 'user'
# uid: 'user'
# name: 'name'
# name: 'name'
# email: 'email'
# email: 'email'
@ -222,7 +240,7 @@ externalAuth:
# location: 'location'
# location: 'location'
# image: 'image'
# image: 'image'
# phone: 'phone'
# phone: 'phone'
pam :
pam:
enabled : false
enabled : false
# email_domain: example.com
# email_domain: example.com
# default_service: rpam
# default_service: rpam
@ -232,9 +250,9 @@ externalAuth:
# host: myservice.namespace.svc
# host: myservice.namespace.svc
# port: 389
# port: 389
# method: simple_tls
# method: simple_tls
# base:
# base:
# bind_on:
# bind_on:
# password:
# password:
# uid: cn
# uid: cn
# mail: mail
# mail: mail
# search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))"
# search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))"