image: repository: ghcr.io/cunningpike/fediblockhole # https://github.com/cunningpike/fediblockhole/pkgs/container/fediblockhole/versions # # alternatively, use `latest` for the latest release or `edge` for the image # built from the most recent commit # # tag: latest tag: "" # use `Always` when using `latest` tag pullPolicy: IfNotPresent fediblockhole: # location of the configuration file. Default is /etc/default/fediblockhole.conf.toml conf_file: path: "" filename: "" cron: # -- run `fediblock-sync` every hour sync: # @ignored enabled: false # @ignored schedule: "0 * * * *" # these must be set manually; autogenerated keys are rotated on each upgrade secrets: secret_key_base: "" otp_secret: "" vapid: private_key: "" public_key: "" # -- you can also specify the name of an existing Secret # with keys SECRET_KEY_BASE and OTP_SECRET and # VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY existingSecret: "" # List of instances to read blocklists from. # If the instance makes its blocklist public, no authorization token is needed. # Otherwise, `token` is a Bearer token authorised to read domain_blocks. # If `admin` = True, use the more detailed admin API, which requires a token with a # higher level of authorization. # If `import_fields` are provided, only import these fields from the instance. # Overrides the global `import_fields` setting. blocklist_instance_sources: [ # { domain = 'public.blocklist'}, # an instance with a public list of domain_blocks # { domain = 'jorts.horse', token = '' }, # user accessible block list # { domain = 'eigenmagic.net', token = '', admin = true }, # admin access required ] # List of URLs to read csv blocklists from # Format tells the parser which format to use when parsing the blocklist # max_severity tells the parser to override any severities that are higher than this value # import_fields tells the parser to only import that set of fields from a specific source blocklist_url_sources: [ # { url = 'file:///path/to/fediblockhole/samples/demo-blocklist-01.csv', format = 'csv' }, { url = 'https://raw.githubusercontent.com/eigenmagic/fediblockhole/main/samples/demo-blocklist-01.csv', format = 'csv' }, ] ## These global allowlists override blocks from blocklists # These are the same format and structure as blocklists, but they take precedence allowlist_url_sources: [ { url = 'https://raw.githubusercontent.com/eigenmagic/fediblockhole/main/samples/demo-allowlist-01.csv', format = 'csv' }, { url = 'https://raw.githubusercontent.com/eigenmagic/fediblockhole/main/samples/demo-allowlist-02.csv', format = 'csv' }, ] # List of instances to write blocklist to blocklist_instance_destinations: [ # { domain = 'eigenmagic.net', token = '', max_followed_severity = 'silence'}, ] ## Store a local copy of the remote blocklists after we fetch them #save_intermediate = true ## Directory to store the local blocklist copies # savedir = '/tmp' ## File to save the fully merged blocklist into # blocklist_savefile = '/tmp/merged_blocklist.csv' ## Don't push blocklist to instances, even if they're defined above # no_push_instance = false ## Don't fetch blocklists from URLs, even if they're defined above # no_fetch_url = false ## Don't fetch blocklists from instances, even if they're defined above # no_fetch_instance = false ## Set the mergeplan to use when dealing with overlaps between blocklists # The default 'max' mergeplan will use the harshest severity block found for a domain. # The 'min' mergeplan will use the lightest severity block found for a domain. # mergeplan = 'max' ## Set which fields we import ## 'domain' and 'severity' are always imported, these are additional ## import_fields = ['public_comment', 'reject_media', 'reject_reports', 'obfuscate'] ## Set which fields we export ## 'domain' and 'severity' are always exported, these are additional ## export_fields = ['public_comment'] # if you manually change the UID/GID environment variables, ensure these values # match: podSecurityContext: runAsUser: 991 runAsGroup: 991 fsGroup: 991 # @ignored securityContext: {} # -- Kubernetes manages pods for jobs and pods for deployments differently, so you might # need to apply different annotations to the two different sets of pods. The annotations # set with podAnnotations will be added to all deployment-managed pods. podAnnotations: {} # -- The annotations set with jobAnnotations will be added to all job pods. jobAnnotations: {} # -- Default resources for all Deployments and jobs unless overwritten resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi # @ignored nodeSelector: {} # @ignored tolerations: [] # -- Affinity for all pods unless overwritten affinity: {}