Update and rename configmap-conf-toml to configmap-conf-toml.yaml

2023-01-21 19:59:54 -05:00 · 2023-01-21 19:59:54 -05:00 · 7c6cfebf30
parent a111661caf
commit 7c6cfebf30
2 changed files with 74 additions and 323 deletions
--- a/chart/templates/configmap-conf-toml
+++ b/chart/templates/configmap-conf-toml
@ -1,323 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "fediblockhole.fullname" . }}-conf-toml
-  labels:
-    {{- include "fediblockhole.labels" . | nindent 4 }}
-data:
-  {{- if .Values.postgresql.enabled }}
-  DB_HOST: {{ template "mastodon.postgresql.fullname" . }}
-  DB_PORT: "5432"
-  {{- else }}
-  DB_HOST: {{ .Values.postgresql.postgresqlHostname }}
-  DB_PORT: {{ .Values.postgresql.postgresqlPort | default "5432" | quote }}
-  {{- end }}
-  DB_NAME: {{ .Values.postgresql.auth.database }}
-  DB_POOL: {{ include "mastodon.maxDbPool" . }}
-  DB_USER: {{ .Values.postgresql.auth.username }}
-  DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
-  {{- if .Values.elasticsearch.enabled }}
-  ES_ENABLED: "true"
-  ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl
-  ES_PORT: "9200"
-  {{- end }}
-  LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
-  {{- with .Values.mastodon.web_domain }}
-  WEB_DOMAIN: {{ . }}
-  {{- end }}
-  {{- with .Values.mastodon.singleUserMode }}
-  SINGLE_USER_MODE: "true"
-  {{- end }}
-  {{- with .Values.mastodon.authorizedFetch }}
-  AUTHORIZED_FETCH: {{ . | quote }}
-  {{- end }}
-  # https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior
-  MALLOC_ARENA_MAX: "2"
-  NODE_ENV: "production"
-  RAILS_ENV: "production"
-  {{- if .Values.redis.enabled }}
-  REDIS_HOST: {{ template "mastodon.redis.fullname" . }}-master
-  {{- else }}
-  REDIS_HOST: {{ required "When the redis chart is disabled .Values.redis.hostname is required" .Values.redis.hostname }}
-  {{- end }}
-  REDIS_PORT: {{ .Values.redis.port | default "6379" | quote }}
-  {{- if .Values.mastodon.s3.enabled }}
-  S3_BUCKET: {{ .Values.mastodon.s3.bucket }}
-  S3_ENABLED: "true"
-  S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
-  S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
-  S3_PROTOCOL: "https"
-  {{- with .Values.mastodon.s3.region }}
-  S3_REGION: {{ . }}
-  {{- end }}
-  {{- with .Values.mastodon.s3.alias_host }}
-  S3_ALIAS_HOST: {{ .Values.mastodon.s3.alias_host}}
-  {{- end }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.auth_method }}
-  SMTP_AUTH_METHOD: {{ . }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.ca_file }}
-  SMTP_CA_FILE: {{ . }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.delivery_method }}
-  SMTP_DELIVERY_METHOD: {{ . }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.domain }}
-  SMTP_DOMAIN: {{ . }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.enable_starttls }}
-  SMTP_ENABLE_STARTTLS: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.enable_starttls_auto }}
-  SMTP_ENABLE_STARTTLS_AUTO: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.from_address }}
-  SMTP_FROM_ADDRESS: {{ . }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.login }}
-  SMTP_LOGIN: {{ . }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.openssl_verify_mode }}
-  SMTP_OPENSSL_VERIFY_MODE: {{ . }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.password }}
-  SMTP_PASSWORD: {{ . }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.port }}
-  SMTP_PORT: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.reply_to }}
-  SMTP_REPLY_TO: {{ . }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.server }}
-  SMTP_SERVER: {{ . }}
-  {{- end }}
-  {{- with .Values.mastodon.smtp.tls }}
-  SMTP_TLS: {{ . | quote }}
-  {{- end }}
-  STREAMING_CLUSTER_NUM: {{ .Values.mastodon.streaming.workers | quote }}
-  {{- with .Values.mastodon.streaming.base_url }}
-  STREAMING_API_BASE_URL: {{ . | quote }}
-  {{- end }}
-  {{- if .Values.externalAuth.oidc.enabled }}
-  OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }}
-  OIDC_DISPLAY_NAME: {{ .Values.externalAuth.oidc.display_name }}
-  OIDC_ISSUER: {{ .Values.externalAuth.oidc.issuer }}
-  OIDC_DISCOVERY: {{ .Values.externalAuth.oidc.discovery | quote }}
-  OIDC_SCOPE: {{ .Values.externalAuth.oidc.scope | quote }}
-  OIDC_UID_FIELD: {{ .Values.externalAuth.oidc.uid_field }}
-  OIDC_CLIENT_ID: {{ .Values.externalAuth.oidc.client_id }}
-  OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
-  OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }}
-  OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }}
-  {{- with .Values.externalAuth.oidc.client_auth_method }}
-  OIDC_CLIENT_AUTH_METHOD: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.response_type }}
-  OIDC_RESPONSE_TYPE: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.response_mode }}
-  OIDC_RESPONSE_MODE: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.display }}
-  OIDC_DISPLAY: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.prompt }}
-  OIDC_PROMPT: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.send_nonce }}
-  OIDC_SEND_NONCE: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.send_scope_to_token_endpoint }}
-  OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.idp_logout_redirect_uri }}
-  OIDC_IDP_LOGOUT_REDIRECT_URI: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.http_scheme }}
-  OIDC_HTTP_SCHEME: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.host }}
-  OIDC_HOST: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.port }}
-  OIDC_PORT: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.jwks_uri }}
-  OIDC_JWKS_URI: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.auth_endpoint }}
-  OIDC_AUTH_ENDPOINT: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.token_endpoint }}
-  OIDC_TOKEN_ENDPOINT: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.user_info_endpoint }}
-  OIDC_USER_INFO_ENDPOINT: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.oidc.end_session_endpoint }}
-  OIDC_END_SESSION_ENDPOINT: {{ . }}
-  {{- end }}
-  {{- end }}
-  {{- if .Values.externalAuth.saml.enabled }}
-  SAML_ENABLED: {{ .Values.externalAuth.saml.enabled | quote }}
-  SAML_ACS_URL: {{ .Values.externalAuth.saml.acs_url }}
-  SAML_ISSUER: {{ .Values.externalAuth.saml.issuer }}
-  SAML_IDP_SSO_TARGET_URL: {{ .Values.externalAuth.saml.idp_sso_target_url }}
-  SAML_IDP_CERT: {{ .Values.externalAuth.saml.idp_cert | quote }}
-  {{- with .Values.externalAuth.saml.idp_cert_fingerprint }}
-  SAML_IDP_CERT_FINGERPRINT: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.name_identifier_format }}
-  SAML_NAME_IDENTIFIER_FORMAT: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.cert }}
-  SAML_CERT: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.private_key }}
-  SAML_PRIVATE_KEY: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.want_assertion_signed }}
-  SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.want_assertion_encrypted }}
-  SAML_SECURITY_WANT_ASSERTION_ENCRYPTED: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.assume_email_is_verified }}
-  SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.uid_attribute }}
-  SAML_UID_ATTRIBUTE: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.attributes_statements.uid }}
-  SAML_ATTRIBUTES_STATEMENTS_UID: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.attributes_statements.email }}
-  SAML_ATTRIBUTES_STATEMENTS_EMAIL: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.attributes_statements.full_name }}
-  SAML_ATTRIBUTES_STATEMENTS_FULL_NAME: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.attributes_statements.first_name }}
-  SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.attributes_statements.last_name }}
-  SAML_ATTRIBUTES_STATEMENTS_LAST_NAME: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.attributes_statements.verified }}
-  SAML_ATTRIBUTES_STATEMENTS_VERIFIED: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.saml.attributes_statements.verified_email }}
-  SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL: {{ . | quote }}
-  {{- end }}
-  {{- end }}
-  {{- with .Values.externalAuth.oauth_global.omniauth_only }}
-  OMNIAUTH_ONLY: {{ . | quote }}
-  {{- end }}
-  {{- if .Values.externalAuth.cas.enabled }}
-  CAS_ENABLED: {{ .Values.externalAuth.cas.enabled | quote }}
-  CAS_URL: {{ .Values.externalAuth.cas.url }}
-  CAS_HOST: {{ .Values.externalAuth.cas.host }}
-  CAS_PORT: {{ .Values.externalAuth.cas.port }}
-  CAS_SSL: {{ .Values.externalAuth.cas.ssl | quote }}
-  {{- with .Values.externalAuth.cas.validate_url }}
-  CAS_VALIDATE_URL: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.callback_url }}
-  CAS_CALLBACK_URL: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.logout_url }}
-  CAS_LOGOUT_URL: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.login_url }}
-  CAS_LOGIN_URL: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.uid_field }}
-  CAS_UID_FIELD: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.ca_path }}
-  CAS_CA_PATH: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.disable_ssl_verification }}
-  CAS_DISABLE_SSL_VERIFICATION: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.assume_email_is_verified }}
-  CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.keys.uid }}
-  CAS_UID_KEY: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.keys.name }}
-  CAS_NAME_KEY: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.keys.email }}
-  CAS_EMAIL_KEY: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.keys.nickname }}
-  CAS_NICKNAME_KEY: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.keys.first_name }}
-  CAS_FIRST_NAME_KEY: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.keys.last_name }}
-  CAS_LAST_NAME_KEY: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.keys.location }}
-  CAS_LOCATION_KEY: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.keys.image }}
-  CAS_IMAGE_KEY: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.cas.keys.phone }}
-  CAS_PHONE_KEY: {{ . | quote }}
-  {{- end }}
-  {{- end }}
-  {{- with .Values.externalAuth.pam.enabled }}
-  PAM_ENABLED: {{ . | quote }}
-  {{- with .Values.externalAuth.pam.email_domain }}
-  PAM_EMAIL_DOMAIN: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.pam.default_service }}
-  PAM_DEFAULT_SERVICE: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.pam.controlled_service }}
-  PAM_CONTROLLED_SERVICE: {{ . }}
-  {{- end }}
-  {{- end }}
-  {{- if .Values.externalAuth.ldap.enabled }}
-  LDAP_ENABLED: {{ .Values.externalAuth.ldap.enabled | quote }}
-  LDAP_HOST: {{ .Values.externalAuth.ldap.host }}
-  LDAP_PORT: {{ .Values.externalAuth.ldap.port }}
-  LDAP_METHOD: {{ .Values.externalAuth.ldap.method }}
-  {{- with .Values.externalAuth.ldap.base }}
-  LDAP_BASE: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.ldap.bind_on }}
-  LDAP_BIND_ON: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.ldap.password }}
-  LDAP_PASSWORD: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.ldap.uid }}
-  LDAP_UID: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.ldap.mail }}
-  LDAP_MAIL: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.ldap.search_filter }}
-  LDAP_SEARCH_FILTER: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.ldap.uid_conversion.enabled }}
-  LDAP_UID_CONVERSION_ENABLED: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.externalAuth.ldap.uid_conversion.search }}
-  LDAP_UID_CONVERSION_SEARCH: {{ . }}
-  {{- end }}
-  {{- with .Values.externalAuth.ldap.uid_conversion.replace }}
-  LDAP_UID_CONVERSION_REPLACE: {{ . }}
-  {{- end }}
-  {{- end }}
-  {{- with .Values.mastodon.metrics.statsd.address }}
-  STATSD_ADDR: {{ . }}
-  {{- end }}
--- a/chart/templates/configmap-conf-toml.yaml
+++ b/chart/templates/configmap-conf-toml.yaml
@ -0,0 +1,74 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "fediblockhole.fullname" . }}-conf-toml
+  labels:
+    {{- include "fediblockhole.labels" . | nindent 4 }}
+data:
+  # List of instances to read blocklists from.
+  # If the instance makes its blocklist public, no authorization token is needed.
+  #   Otherwise, `token` is a Bearer token authorised to read domain_blocks.
+  # If `admin` = True, use the more detailed admin API, which requires a token with a 
+  #   higher level of authorization.
+  # If `import_fields` are provided, only import these fields from the instance.
+  #   Overrides the global `import_fields` setting.
+  blocklist_instance_sources = [
+    # { domain = 'public.blocklist'}, # an instance with a public list of domain_blocks
+    # { domain = 'jorts.horse', token = '<a_different_token>' }, # user accessible block list
+    # { domain = 'eigenmagic.net', token = '<a_token_with_read_auth>', admin = true }, # admin access required
+  ]
+
+  # List of URLs to read csv blocklists from
+  # Format tells the parser which format to use when parsing the blocklist
+  # max_severity tells the parser to override any severities that are higher than this value
+  # import_fields tells the parser to only import that set of fields from a specific source
+  blocklist_url_sources = [
+    # { url = 'file:///path/to/fediblockhole/samples/demo-blocklist-01.csv', format = 'csv' },
+    { url = 'https://raw.githubusercontent.com/eigenmagic/fediblockhole/main/samples/demo-blocklist-01.csv', format = 'csv' },
+
+  ]
+
+  ## These global allowlists override blocks from blocklists
+  # These are the same format and structure as blocklists, but they take precedence
+  allowlist_url_sources = [
+    { url = 'https://raw.githubusercontent.com/eigenmagic/fediblockhole/main/samples/demo-allowlist-01.csv', format = 'csv' },
+    { url = 'https://raw.githubusercontent.com/eigenmagic/fediblockhole/main/samples/demo-allowlist-02.csv', format = 'csv' },
+  ]
+
+  # List of instances to write blocklist to
+  blocklist_instance_destinations = [
+    # { domain = 'eigenmagic.net', token = '<read_write_token>', max_followed_severity = 'silence'},
+  ]
+
+  ## Store a local copy of the remote blocklists after we fetch them
+  #save_intermediate = true
+
+  ## Directory to store the local blocklist copies
+  # savedir = '/tmp'
+
+  ## File to save the fully merged blocklist into
+  # blocklist_savefile = '/tmp/merged_blocklist.csv'
+
+  ## Don't push blocklist to instances, even if they're defined above
+  # no_push_instance = false
+
+  ## Don't fetch blocklists from URLs, even if they're defined above
+  # no_fetch_url = false
+
+  ## Don't fetch blocklists from instances, even if they're defined above
+  # no_fetch_instance = false
+
+  ## Set the mergeplan to use when dealing with overlaps between blocklists
+  # The default 'max' mergeplan will use the harshest severity block found for a domain.
+  # The 'min' mergeplan will use the lightest severity block found for a domain.
+  # mergeplan = 'max'
+
+  ## Set which fields we import
+  ## 'domain' and 'severity' are always imported, these are additional
+  ## 
+  import_fields = ['public_comment', 'reject_media', 'reject_reports', 'obfuscate']
+
+  ## Set which fields we export
+  ## 'domain' and 'severity' are always exported, these are additional
+  ## 
+  export_fields = ['public_comment']