From 0d910fe43e4d5309ec218230e01dda1790f47fe2 Mon Sep 17 00:00:00 2001 From: red Date: Sat, 12 Jul 2025 23:48:03 -0400 Subject: [PATCH] halfway there --- manifests/pleroma/configmap.yaml | 6 +- manifests/pleroma/deployment.yaml | 191 ++++++++++++++++++++++++++++++ 2 files changed, 194 insertions(+), 3 deletions(-) create mode 100644 manifests/pleroma/deployment.yaml diff --git a/manifests/pleroma/configmap.yaml b/manifests/pleroma/configmap.yaml index 51b787e..f8f8fbf 100644 --- a/manifests/pleroma/configmap.yaml +++ b/manifests/pleroma/configmap.yaml @@ -28,7 +28,9 @@ data: registrations_open: false, invites_enabled: true, healthcheck: true, - static_dir: "/static-files/" + static_dir: "/static-files/", + show_scrobbles: false + # config :pleroma, :http, proxy_url: {:socks5h, System.get_env("SOCKS_ADDRESS"), System.get_env("SOCKS_PORT")} @@ -102,8 +104,6 @@ data: "/emoji/niggapack/**/*.gif" ] - config :pleroma, :modules, runtime_dir: "/custom-modules" - config :pleroma, :mrf, policies: [ Pleroma.Web.ActivityPub.MRF.SimplePolicy, diff --git a/manifests/pleroma/deployment.yaml b/manifests/pleroma/deployment.yaml new file mode 100644 index 0000000..d370ca1 --- /dev/null +++ b/manifests/pleroma/deployment.yaml @@ -0,0 +1,191 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pleromax + namespace: darkdork-dev +spec: + replicas: 1 + selector: + matchLabels: + app: pleroma + template: + metadata: + labels: + app: pleroma + spec: + imagePullSecrets: + - name: registry-credentials + initContainers: + - name: init + image: cr.forge.lan/darkdork-dev/pleromax + imagePullPolicy: IfNotPresent + command: [ "sh", "-c", "mix ecto.migrate" ] + env: + - name: MIX_ENV + value: prod + - name: SIGNING_SALT + value: quYau0c + - name: DOMAIN + value: darkdork.dev + - name: INSTANCE_NAME + value: DarkDork.dev + - name: ADMIN_EMAIL + value: pwm@crlf.ninja + - name: NOTIFY_EMAIL + value: pleroma@crlf.ninja + - name: REGISTRATIONS_OPEN + value: "false" + - name: INVITES_ENABLED + value: "true" + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: pleroma + key: secret-key-base + - name: WEB_PUSH_PUBLIC_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-public-key + - name: WEB_PUSH_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-private-key + - name: DEFAULT_SIGNER + valueFrom: + secretKeyRef: + name: pleroma + key: default-signer + - name: MEDIA_URL + value: "https://media.darkdork.dev" + - name: S3_BUCKET + value: pleroma.darkdork.dev + - name: S3_ACCESS_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-access-key + - name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-secret-key + - name: S3_SCHEME + value: "http://" + - name: S3_HOST + value: minio + - name: S3_PORT + value: "80" + - name: DB_HOST + value: postgres + - name: DB_NAME + value: pleroma + - name: DB_USER + value: pleroma + - name: DB_PASS + valueFrom: + secretKeyRef: + name: postgres + key: postgres-password + volumeMounts: + - name: pleroma-config-volume + mountPath: /pleroma/config/prod.secret.exs + subPath: prod.secret.exs + containers: + - name: pleroma + image: cr.forge.lan/darkdork-dev/pleromax + imagePullPolicy: IfNotPresent + command: ["sh", "-c", "elixir --sname pleroma -S mix phx.server --no-compile"] + ports: + - containerPort: 4000 + env: + - name: MIX_ENV + value: prod + - name: SIGNING_SALT + value: quYau0c + - name: DOMAIN + value: darkdork.dev + - name: INSTANCE_NAME + value: DarkDork.dev + - name: ADMIN_EMAIL + value: pwm@crlf.ninja + - name: NOTIFY_EMAIL + value: pleroma@crlf.ninja + - name: REGISTRATIONS_OPEN + value: "false" + - name: INVITES_ENABLED + value: "true" + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: pleroma + key: secret-key-base + - name: WEB_PUSH_PUBLIC_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-public-key + - name: WEB_PUSH_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-private-key + - name: DEFAULT_SIGNER + valueFrom: + secretKeyRef: + name: pleroma + key: default-signer + - name: MEDIA_URL + value: "https://media.darkdork.dev" + - name: S3_BUCKET + value: pleroma.darkdork.dev + - name: S3_ACCESS_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-access-key + - name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-secret-key + - name: S3_SCHEME + value: "http://" + - name: S3_HOST + value: minio + - name: S3_PORT + value: "80" + - name: DB_HOST + value: postgres + - name: DB_NAME + value: pleroma + - name: DB_USER + value: pleroma + - name: DB_PASS + valueFrom: + secretKeyRef: + name: postgres + key: postgres-password + volumeMounts: + - name: pleroma-config-volume + mountPath: /pleroma/config/prod.secret.exs + subPath: prod.secret.exs + - name: pleroma-emoji-volume + mountPath: /static-files/emoji/ + subPath: emoji/ + volumes: + - name: pleroma-config-volume + configMap: + name: pleroma-config + defaultMode: 0640 # Pleroma is picky about config file permissions. + items: + - key: config.exs + path: prod.secret.exs + - name: pleroma-emoji-volume + persistentVolumeClaim: + claimName: pleroma-emoji + securityContext: + fsGroup: 1000 # Ensures peroma can still read the config file +--- \ No newline at end of file