This repository has been archived on 2024-02-11. You can view files and clone it, but cannot push or open issues or pull requests.
valinor/kubernetes/apps/fediverse/mastodon/app/externalsecret.yaml

86 lines
2.9 KiB
YAML

---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: mastodon
namespace: fediverse
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: mastodon-secret
creationPolicy: Owner
template:
engineVersion: v2
data:
DB_SSLMODE: "require"
LOCAL_DOMAIN: "valinor.social"
SINGLE_USER_MODE: "false"
SECRET_KEY_BASE: "{{ .mastodon_secret_key_base }}"
OTP_SECRET: "{{ .mastodon_otp_secret }}"
VAPID_PRIVATE_KEY: "{{ .mastodon_vapid_private_key }}"
VAPID_PUBLIC_KEY: "{{ .mastodon_vapid_public_key }}"
DB_HOST: "{{ .mastodon_db_host }}"
DB_USER: "{{ .mastodon_db_user }}"
DB_PORT: "{{ .mastodon_db_port }}"
DB_PASS: "{{ .mastodon_db_pass }}"
REDIS_URL: "{{ .mastodon_redis_url }}"
S3_ENABLED: "true"
S3_PROTOCOL: "https"
S3_ENDPOINT: "{{ .s3_valinor_endpoint }}"
S3_HOSTNAME: "{{ .s3_valinor_hostname }}"
S3_BUCKET: "{{ .s3_valinor_bucket }}"
S3_ALIAS_HOST: "{{ .mastodon_s3_alias_host }}"
S3_PERMISSION: "private"
AWS_ACCESS_KEY_ID: "{{ .s3_valinor_access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ .s3_valinor_secret_key }}"
SMTP_SERVER: "smtp.mailgun.org"
SMTP_PORT: "587"
SMTP_LOGIN: "{{ .mailgun_smtp_user }}"
SMTP_PASSWORD: "{{ .mailgun_smtp_password }}"
SMTP_AUTH_METHOD: "plain"
SMTP_OPENSSL_VERIFY_MODE: "peer"
SMTP_ENABLE_STARTTLS: "auto"
SMTP_FROM_ADDRESS: "Mastodon <notifications@valinor.social>"
DB_POOL: "25"
DEEPL_PLAN: "free"
DEEPL_API_KEY: "{{ .deepl_api_key }}"
ES_ENABLED: "{{ .mastodon_es_enabled }}"
ES_HOST: "{{ .mastodon_es_host }}"
ES_PORT: "{{ .mastodon_es_port }}"
STATSD_ADDR: "statsd-exporter.fediverse.svc.cluster.local:9125"
CP_DB_PORT: "{{ .mastodon_cp_db_port }}"
CP_SIDEKIQ_LOW_VOLUME: "{{ .mastodon_db_name_cp_sidekiq_low_volume }}"
CP_SIDEKIQ_HIGH_PRIORITY: "{{ .mastodon_db_name_cp_sidekiq_high_priority }}"
CP_SIDEKIQ_INGRESS: "{{ .mastodon_db_name_cp_sidekiq_ingress }}"
CP_SIDEKIQ_PULL: "{{ .mastodon_db_name_cp_sidekiq_pull }}"
CP_MASTODON_WEB: "{{ .mastodon_db_name_cp_mastodon_web }}"
CP_MASTODON_STREAMING: "{{ .mastodon_db_name_cp_mastodon_streaming }}"
dataFrom:
- extract:
key: s3
rewrite:
- regexp:
source: "(.*)"
target: "s3_$1"
- extract:
key: mastodon
rewrite:
- regexp:
source: "(.*)"
target: "mastodon_$1"
data:
- secretKey: mailgun_smtp_user
remoteRef:
key: mailgun
property: mastodon_smtp_user
- secretKey: mailgun_smtp_password
remoteRef:
key: mailgun
property: mastodon_smtp_password
- secretKey: deepl_api_key
remoteRef:
key: deepl
property: api_key