143 lines
5.2 KiB
YAML
143 lines
5.2 KiB
YAML
image:
|
|
repository: ghcr.io/cunningpike/fediblockhole
|
|
# https://github.com/cunningpike/fediblockhole/pkgs/container/fediblockhole/versions
|
|
#
|
|
# alternatively, use `latest` for the latest release or `edge` for the image
|
|
# built from the most recent commit
|
|
#
|
|
# tag: latest
|
|
tag: ""
|
|
# use `Always` when using `latest` tag
|
|
pullPolicy: IfNotPresent
|
|
|
|
fediblockhole:
|
|
# location of the configuration file. Default is /etc/default/fediblockhole.conf.toml
|
|
conf_file:
|
|
path: ""
|
|
filename: ""
|
|
cron:
|
|
# -- run `fediblock-sync` every hour
|
|
sync:
|
|
# @ignored
|
|
enabled: false
|
|
# @ignored
|
|
schedule: "0 * * * *"
|
|
# these must be set manually; autogenerated keys are rotated on each upgrade
|
|
secrets:
|
|
secret_key_base: ""
|
|
otp_secret: ""
|
|
vapid:
|
|
private_key: ""
|
|
public_key: ""
|
|
# -- you can also specify the name of an existing Secret
|
|
# with keys SECRET_KEY_BASE and OTP_SECRET and
|
|
# VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
|
|
existingSecret: ""
|
|
# List of instances to read blocklists from.
|
|
# If the instance makes its blocklist public, no authorization token is needed.
|
|
# Otherwise, `token` is a Bearer token authorised to read domain_blocks.
|
|
# If `admin` = True, use the more detailed admin API, which requires a token with a
|
|
# higher level of authorization.
|
|
# If `import_fields` are provided, only import these fields from the instance.
|
|
# Overrides the global `import_fields` setting.
|
|
blocklist_instance_sources: [
|
|
# { domain: 'public.blocklist'}, # an instance with a public list of domain_blocks
|
|
# { domain: 'jorts.horse', token: '<a_different_token>' }, # user accessible block list
|
|
# { domain: 'eigenmagic.net', token: '<a_token_with_read_auth>', admin: true }, # admin access required
|
|
]
|
|
|
|
# List of URLs to read csv blocklists from
|
|
# Format tells the parser which format to use when parsing the blocklist
|
|
# max_severity tells the parser to override any severities that are higher than this value
|
|
# import_fields tells the parser to only import that set of fields from a specific source
|
|
blocklist_url_sources: [
|
|
# { url: 'file:///path/to/fediblockhole/samples/demo-blocklist-01.csv', format: 'csv' },
|
|
{ url: 'https://raw.githubusercontent.com/eigenmagic/fediblockhole/main/samples/demo-blocklist-01.csv', format: 'csv' },
|
|
|
|
]
|
|
|
|
## These global allowlists override blocks from blocklists
|
|
# These are the same format and structure as blocklists, but they take precedence
|
|
allowlist_url_sources: [
|
|
{ url: 'https://raw.githubusercontent.com/eigenmagic/fediblockhole/main/samples/demo-allowlist-01.csv', format: 'csv' },
|
|
{ url: 'https://raw.githubusercontent.com/eigenmagic/fediblockhole/main/samples/demo-allowlist-02.csv', format: 'csv' },
|
|
]
|
|
|
|
# List of instances to write blocklist to
|
|
blocklist_instance_destinations: [
|
|
# { domain: 'eigenmagic.net', token: '<read_write_token>', max_followed_severity: 'silence'},
|
|
]
|
|
|
|
## Store a local copy of the remote blocklists after we fetch them
|
|
#save_intermediate: true
|
|
|
|
## Directory to store the local blocklist copies
|
|
# savedir: '/tmp'
|
|
|
|
## File to save the fully merged blocklist into
|
|
# blocklist_savefile: '/tmp/merged_blocklist.csv'
|
|
|
|
## Don't push blocklist to instances, even if they're defined above
|
|
# no_push_instance: false
|
|
|
|
## Don't fetch blocklists from URLs, even if they're defined above
|
|
# no_fetch_url: false
|
|
|
|
## Don't fetch blocklists from instances, even if they're defined above
|
|
# no_fetch_instance: false
|
|
|
|
## Set the mergeplan to use when dealing with overlaps between blocklists
|
|
# The default 'max' mergeplan will use the harshest severity block found for a domain.
|
|
# The 'min' mergeplan will use the lightest severity block found for a domain.
|
|
# mergeplan: 'max'
|
|
|
|
## Set which fields we import
|
|
## 'domain' and 'severity' are always imported, these are additional
|
|
##
|
|
import_fields: ['public_comment', 'reject_media', 'reject_reports', 'obfuscate']
|
|
|
|
## Set which fields we export
|
|
## 'domain' and 'severity' are always exported, these are additional
|
|
##
|
|
export_fields: ['public_comment']
|
|
|
|
# if you manually change the UID/GID environment variables, ensure these values
|
|
# match:
|
|
podSecurityContext:
|
|
runAsUser: 991
|
|
runAsGroup: 991
|
|
fsGroup: 991
|
|
|
|
# @ignored
|
|
securityContext: {}
|
|
|
|
# -- Kubernetes manages pods for jobs and pods for deployments differently, so you might
|
|
# need to apply different annotations to the two different sets of pods. The annotations
|
|
# set with podAnnotations will be added to all deployment-managed pods.
|
|
podAnnotations: {}
|
|
|
|
# -- The annotations set with jobAnnotations will be added to all job pods.
|
|
jobAnnotations: {}
|
|
|
|
# -- Default resources for all Deployments and jobs unless overwritten
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
# @ignored
|
|
nodeSelector: {}
|
|
|
|
# @ignored
|
|
tolerations: []
|
|
|
|
# -- Affinity for all pods unless overwritten
|
|
affinity: {}
|