From 7c6cfebf304f16c0b265724a9fd3f6907fbe48da Mon Sep 17 00:00:00 2001 From: cunningpike <117583036+cunningpike@users.noreply.github.com> Date: Sat, 21 Jan 2023 19:59:54 -0500 Subject: [PATCH] Update and rename configmap-conf-toml to configmap-conf-toml.yaml --- chart/templates/configmap-conf-toml | 323 ----------------------- chart/templates/configmap-conf-toml.yaml | 74 ++++++ 2 files changed, 74 insertions(+), 323 deletions(-) delete mode 100644 chart/templates/configmap-conf-toml create mode 100644 chart/templates/configmap-conf-toml.yaml diff --git a/chart/templates/configmap-conf-toml b/chart/templates/configmap-conf-toml deleted file mode 100644 index fae348e..0000000 --- a/chart/templates/configmap-conf-toml +++ /dev/null @@ -1,323 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "fediblockhole.fullname" . }}-conf-toml - labels: - {{- include "fediblockhole.labels" . | nindent 4 }} -data: - {{- if .Values.postgresql.enabled }} - DB_HOST: {{ template "mastodon.postgresql.fullname" . }} - DB_PORT: "5432" - {{- else }} - DB_HOST: {{ .Values.postgresql.postgresqlHostname }} - DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }} - {{- end }} - DB_NAME: {{ .Values.postgresql.auth.database }} - DB_POOL: {{ include "mastodon.maxDbPool" . }} - DB_USER: {{ .Values.postgresql.auth.username }} - DEFAULT_LOCALE: {{ .Values.mastodon.locale }} - {{- if .Values.elasticsearch.enabled }} - ES_ENABLED: "true" - ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl - ES_PORT: "9200" - {{- end }} - LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} - {{- with .Values.mastodon.web_domain }} - WEB_DOMAIN: {{ . }} - {{- end }} - {{- with .Values.mastodon.singleUserMode }} - SINGLE_USER_MODE: "true" - {{- end }} - {{- with .Values.mastodon.authorizedFetch }} - AUTHORIZED_FETCH: {{ . | quote }} - {{- end }} - # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior - MALLOC_ARENA_MAX: "2" - NODE_ENV: "production" - RAILS_ENV: "production" - {{- if .Values.redis.enabled }} - REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master - {{- else }} - REDIS_HOST: {{ required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname }} - {{- end }} - REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }} - {{- if .Values.mastodon.s3.enabled }} - S3_BUCKET: {{ .Values.mastodon.s3.bucket }} - S3_ENABLED: "true" - S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }} - S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }} - S3_PROTOCOL: "https" - {{- with .Values.mastodon.s3.region }} - S3_REGION: {{ . }} - {{- end }} - {{- with .Values.mastodon.s3.alias_host }} - S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}} - {{- end }} - {{- end }} - {{- with .Values.mastodon.smtp.auth_method }} - SMTP_AUTH_METHOD: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.ca_file }} - SMTP_CA_FILE: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.delivery_method }} - SMTP_DELIVERY_METHOD: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.domain }} - SMTP_DOMAIN: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.enable_starttls }} - SMTP_ENABLE_STARTTLS: {{ . | quote }} - {{- end }} - {{- with .Values.mastodon.smtp.enable_starttls_auto }} - SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }} - {{- end }} - {{- with .Values.mastodon.smtp.from_address }} - SMTP_FROM_ADDRESS: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.login }} - SMTP_LOGIN: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.openssl_verify_mode }} - SMTP_OPENSSL_VERIFY_MODE: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.password }} - SMTP_PASSWORD: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.port }} - SMTP_PORT: {{ . | quote }} - {{- end }} - {{- with .Values.mastodon.smtp.reply_to }} - SMTP_REPLY_TO: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.server }} - SMTP_SERVER: {{ . }} - {{- end }} - {{- with .Values.mastodon.smtp.tls }} - SMTP_TLS: {{ . | quote }} - {{- end }} - STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }} - {{- with .Values.mastodon.streaming.base_url }} - STREAMING_API_BASE_URL: {{ . | quote }} - {{- end }} - {{- if .Values.externalAuth.oidc.enabled }} - OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }} - OIDC_DISPLAY_NAME: {{ .Values.externalAuth.oidc.display_name }} - OIDC_ISSUER: {{ .Values.externalAuth.oidc.issuer }} - OIDC_DISCOVERY: {{ .Values.externalAuth.oidc.discovery | quote }} - OIDC_SCOPE: {{ .Values.externalAuth.oidc.scope | quote }} - OIDC_UID_FIELD: {{ .Values.externalAuth.oidc.uid_field }} - OIDC_CLIENT_ID: {{ .Values.externalAuth.oidc.client_id }} - OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }} - OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }} - OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }} - {{- with .Values.externalAuth.oidc.client_auth_method }} - OIDC_CLIENT_AUTH_METHOD: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.response_type }} - OIDC_RESPONSE_TYPE: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.response_mode }} - OIDC_RESPONSE_MODE: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.display }} - OIDC_DISPLAY: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.prompt }} - OIDC_PROMPT: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.send_nonce }} - OIDC_SEND_NONCE: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.send_scope_to_token_endpoint }} - OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.oidc.idp_logout_redirect_uri }} - OIDC_IDP_LOGOUT_REDIRECT_URI: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.http_scheme }} - OIDC_HTTP_SCHEME: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.host }} - OIDC_HOST: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.port }} - OIDC_PORT: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.jwks_uri }} - OIDC_JWKS_URI: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.auth_endpoint }} - OIDC_AUTH_ENDPOINT: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.token_endpoint }} - OIDC_TOKEN_ENDPOINT: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.user_info_endpoint }} - OIDC_USER_INFO_ENDPOINT: {{ . }} - {{- end }} - {{- with .Values.externalAuth.oidc.end_session_endpoint }} - OIDC_END_SESSION_ENDPOINT: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.externalAuth.saml.enabled }} - SAML_ENABLED: {{ .Values.externalAuth.saml.enabled | quote }} - SAML_ACS_URL: {{ .Values.externalAuth.saml.acs_url }} - SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }} - SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }} - SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }} - {{- with .Values.externalAuth.saml.idp_cert_fingerprint }} - SAML_IDP_CERT_FINGERPRINT: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.name_identifier_format }} - SAML_NAME_IDENTIFIER_FORMAT: {{ . }} - {{- end }} - {{- with .Values.externalAuth.saml.cert }} - SAML_CERT: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.private_key }} - SAML_PRIVATE_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.want_assertion_signed }} - SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.want_assertion_encrypted }} - SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.assume_email_is_verified }} - SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.uid_attribute }} - SAML_UID_ATTRIBUTE: {{ . }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.uid }} - SAML_ATTRIBUTES_STATEMENTS_UID: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.email }} - SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.full_name }} - SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.first_name }} - SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.last_name }} - SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.verified }} - SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.saml.attributes_statements.verified_email }} - SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ . | quote }} - {{- end }} - {{- end }} - {{- with .Values.externalAuth.oauth_global.omniauth_only }} - OMNIAUTH_ONLY: {{ . | quote }} - {{- end }} - {{- if .Values.externalAuth.cas.enabled }} - CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }} - CAS_URL: {{ .Values.externalAuth.cas.url }} - CAS_HOST: {{ .Values.externalAuth.cas.host }} - CAS_PORT: {{ .Values.externalAuth.cas.port }} - CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }} - {{- with .Values.externalAuth.cas.validate_url }} - CAS_VALIDATE_URL: {{ . }} - {{- end }} - {{- with .Values.externalAuth.cas.callback_url }} - CAS_CALLBACK_URL: {{ . }} - {{- end }} - {{- with .Values.externalAuth.cas.logout_url }} - CAS_LOGOUT_URL: {{ . }} - {{- end }} - {{- with .Values.externalAuth.cas.login_url }} - CAS_LOGIN_URL: {{ . }} - {{- end }} - {{- with .Values.externalAuth.cas.uid_field }} - CAS_UID_FIELD: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.ca_path }} - CAS_CA_PATH: {{ . }} - {{- end }} - {{- with .Values.externalAuth.cas.disable_ssl_verification }} - CAS_DISABLE_SSL_VERIFICATION: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.assume_email_is_verified }} - CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.uid }} - CAS_UID_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.name }} - CAS_NAME_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.email }} - CAS_EMAIL_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.nickname }} - CAS_NICKNAME_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.first_name }} - CAS_FIRST_NAME_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.last_name }} - CAS_LAST_NAME_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.location }} - CAS_LOCATION_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.image }} - CAS_IMAGE_KEY: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.cas.keys.phone }} - CAS_PHONE_KEY: {{ . | quote }} - {{- end }} - {{- end }} - {{- with .Values.externalAuth.pam.enabled }} - PAM_ENABLED: {{ . | quote }} - {{- with .Values.externalAuth.pam.email_domain }} - PAM_EMAIL_DOMAIN: {{ . }} - {{- end }} - {{- with .Values.externalAuth.pam.default_service }} - PAM_DEFAULT_SERVICE: {{ . }} - {{- end }} - {{- with .Values.externalAuth.pam.controlled_service }} - PAM_CONTROLLED_SERVICE: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.externalAuth.ldap.enabled }} - LDAP_ENABLED: {{ .Values.externalAuth.ldap.enabled | quote }} - LDAP_HOST: {{ .Values.externalAuth.ldap.host }} - LDAP_PORT: {{ .Values.externalAuth.ldap.port }} - LDAP_METHOD: {{ .Values.externalAuth.ldap.method }} - {{- with .Values.externalAuth.ldap.base }} - LDAP_BASE: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.bind_on }} - LDAP_BIND_ON: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.password }} - LDAP_PASSWORD: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.uid }} - LDAP_UID: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.mail }} - LDAP_MAIL: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.search_filter }} - LDAP_SEARCH_FILTER: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.uid_conversion.enabled }} - LDAP_UID_CONVERSION_ENABLED: {{ . | quote }} - {{- end }} - {{- with .Values.externalAuth.ldap.uid_conversion.search }} - LDAP_UID_CONVERSION_SEARCH: {{ . }} - {{- end }} - {{- with .Values.externalAuth.ldap.uid_conversion.replace }} - LDAP_UID_CONVERSION_REPLACE: {{ . }} - {{- end }} - {{- end }} - {{- with .Values.mastodon.metrics.statsd.address }} - STATSD_ADDR: {{ . }} - {{- end }} diff --git a/chart/templates/configmap-conf-toml.yaml b/chart/templates/configmap-conf-toml.yaml new file mode 100644 index 0000000..335611e --- /dev/null +++ b/chart/templates/configmap-conf-toml.yaml @@ -0,0 +1,74 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "fediblockhole.fullname" . }}-conf-toml + labels: + {{- include "fediblockhole.labels" . | nindent 4 }} +data: + # List of instances to read blocklists from. + # If the instance makes its blocklist public, no authorization token is needed. + # Otherwise, `token` is a Bearer token authorised to read domain_blocks. + # If `admin` = True, use the more detailed admin API, which requires a token with a + # higher level of authorization. + # If `import_fields` are provided, only import these fields from the instance. + # Overrides the global `import_fields` setting. + blocklist_instance_sources = [ + # { domain = 'public.blocklist'}, # an instance with a public list of domain_blocks + # { domain = 'jorts.horse', token = '' }, # user accessible block list + # { domain = 'eigenmagic.net', token = '', admin = true }, # admin access required + ] + + # List of URLs to read csv blocklists from + # Format tells the parser which format to use when parsing the blocklist + # max_severity tells the parser to override any severities that are higher than this value + # import_fields tells the parser to only import that set of fields from a specific source + blocklist_url_sources = [ + # { url = 'file:///path/to/fediblockhole/samples/demo-blocklist-01.csv', format = 'csv' }, + { url = 'https://raw.githubusercontent.com/eigenmagic/fediblockhole/main/samples/demo-blocklist-01.csv', format = 'csv' }, + + ] + + ## These global allowlists override blocks from blocklists + # These are the same format and structure as blocklists, but they take precedence + allowlist_url_sources = [ + { url = 'https://raw.githubusercontent.com/eigenmagic/fediblockhole/main/samples/demo-allowlist-01.csv', format = 'csv' }, + { url = 'https://raw.githubusercontent.com/eigenmagic/fediblockhole/main/samples/demo-allowlist-02.csv', format = 'csv' }, + ] + + # List of instances to write blocklist to + blocklist_instance_destinations = [ + # { domain = 'eigenmagic.net', token = '', max_followed_severity = 'silence'}, + ] + + ## Store a local copy of the remote blocklists after we fetch them + #save_intermediate = true + + ## Directory to store the local blocklist copies + # savedir = '/tmp' + + ## File to save the fully merged blocklist into + # blocklist_savefile = '/tmp/merged_blocklist.csv' + + ## Don't push blocklist to instances, even if they're defined above + # no_push_instance = false + + ## Don't fetch blocklists from URLs, even if they're defined above + # no_fetch_url = false + + ## Don't fetch blocklists from instances, even if they're defined above + # no_fetch_instance = false + + ## Set the mergeplan to use when dealing with overlaps between blocklists + # The default 'max' mergeplan will use the harshest severity block found for a domain. + # The 'min' mergeplan will use the lightest severity block found for a domain. + # mergeplan = 'max' + + ## Set which fields we import + ## 'domain' and 'severity' are always imported, these are additional + ## + import_fields = ['public_comment', 'reject_media', 'reject_reports', 'obfuscate'] + + ## Set which fields we export + ## 'domain' and 'severity' are always exported, these are additional + ## + export_fields = ['public_comment']