--- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pleroma-pvc namespace: darkdork-dev labels: app: pleroma spec: storageClassName: longhorn-ssd accessModes: - ReadWriteMany resources: requests: storage: 10Gi --- apiVersion: v1 kind: Service metadata: name: pleroma namespace: darkdork-dev spec: ports: - port: 80 targetPort: 4000 protocol: TCP selector: app: pleroma --- apiVersion: apps/v1 kind: Deployment metadata: name: pleroma namespace: darkdork-dev spec: replicas: 1 selector: matchLabels: app: pleroma template: metadata: labels: app: pleroma spec: imagePullSecrets: - name: registry-credentials initContainers: - name: pleroma-static-files image: cr.forge.lan/darkdork-dev/pleroma command: [ "sh", "-c", "mkdir -p ${DATA}/uploads && mkdir -p ${DATA}/static && cp -rf /static-files/* ${DATA}/static" ] - name: pleroma-database-wait image: cr.forge.lan/darkdork-dev/pleroma command: [ "sh", "-c", "while ! pg_isready -U ${DB_USER} -d postgres://${DB_HOST}:${DB_PORT}/${DB_NAME} -t 1; do sleep 1s; done;" ] env: - name: DB_HOST value: postgres - name: DB_NAME value: pleroma - name: DB_USER value: pleroma - name: pleroma-migrate image: cr.forge.lan/darkdork-dev/pleroma command: [ "sh", "-c", "exec", "${HOME}/bin/pleroma_ctl migrate" ] containers: - name: pleroma image: cr.forge.lan/darkdork-dev/pleroma imagePullPolicy: Always ports: - containerPort: 4000 env: - name: DOMAIN value: darkdork.dev - name: INSTANCE_NAME value: DarkDork.dev - name: ADMIN_EMAIL value: pwm@crlf.ninja - name: NOTIFY_EMAIL value: pleroma@crlf.ninja - name: REGISTRATIONS_OPEN value: "false" - name: INVITES_ENABLED value: "true" - name: SECRET_KEY_BASE valueFrom: secretKeyRef: name: pleroma key: secret-key-base - name: WEB_PUSH_PUBLIC_KEY valueFrom: secretKeyRef: name: pleroma key: web-push-public-key - name: WEB_PUSH_PRIVATE_KEY valueFrom: secretKeyRef: name: pleroma key: web-push-private-key - name: DEFAULT_SIGNER valueFrom: secretKeyRef: name: pleroma key: default-signer - name: MEDIA_URL value: "https://media.darkdork.dev" - name: S3_BUCKET value: pleroma.darkdork.dev - name: S3_ACCESS_KEY valueFrom: secretKeyRef: name: pleroma key: minio-access-key - name: S3_SECRET_KEY valueFrom: secretKeyRef: name: pleroma key: minio-secret-key - name: S3_SCHEME value: "http://" - name: S3_HOST value: minio - name: S3_PORT value: "80" - name: DB_HOST value: postgres - name: DB_NAME value: pleroma - name: DB_USER value: pleroma - name: DB_PASS valueFrom: secretKeyRef: name: postgres key: postgres-password volumeMounts: - name: pleroma-data-volume mountPath: /var/lib/pleroma - name: pleroma-config-volume mountPath: /etc/pleroma/config.exs subPath: config.exs volumes: - name: pleroma-data-volume persistentVolumeClaim: claimName: pleroma-pvc - name: pleroma-config-volume configMap: name: pleroma-config defaultMode: 0640 # Pleroma is picky about config file permissions. securityContext: fsGroup: 1000 # Ensures plperoma can still read the config file --- apiVersion: v1 kind: ConfigMap metadata: name: pleroma-config namespace: darkdork-dev data: config.exs: | # Pleroma instance configuration # NOTE: This file should not be committed to a repo or otherwise made public # without removing sensitive information. import Config config :pleroma, Pleroma.Web.Endpoint, url: [host: System.get_env("DOMAIN", "localhost"), scheme: "https", port: 443], http: [ip: {0, 0, 0, 0}, port: 4000], secret_key_base: System.get_env("SECRET_KEY_BASE"), signing_salt: System.get_env("SIGNING_SALT") config :pleroma, :instance, name: System.get_env("INSTANCE_NAME", "Pleroma"), email: System.get_env("ADMIN_EMAIL"), notify_email: System.get_env("NOTIFY_EMAIL"), limit: 5000, upload_limit: 67_108_864, registrations_open: false, invites_enabled: true, healthcheck: true # config :pleroma, :http, proxy_url: {:socks5h, System.get_env("SOCKS_ADDRESS"), System.get_env("SOCKS_PORT")} config :pleroma, :http, proxy_url: "http://privoxy:8118" config :pleroma, :media_proxy, enabled: false, redirect_on_failure: true #base_url: "https://cache.pleroma.social" config :pleroma, Pleroma.Repo, adapter: Ecto.Adapters.Postgres, username: System.get_env("DB_USER", "pleroma"), password: System.get_env("DB_PASS"), database: System.get_env("DB_NAME", "pleroma"), hostname: System.get_env("DB_HOST", "db") # Configure web push notifications config :web_push_encryption, :vapid_details, subject: "mailto:#{System.get_env("NOTIFY_EMAIL")}", public_key: System.get_env("WEB_PUSH_PUBLIC_KEY"), private_key: System.get_env("WEB_PUSH_PRIVATE_KEY") config :pleroma, :database, rum_enabled: false config :pleroma, :instance, static_dir: "/var/lib/pleroma/static" config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads" # Enable Strict-Transport-Security once SSL is working: # config :pleroma, :http_security, # sts: true # Configure S3 support if desired. # The public S3 endpoint (base_url) is different depending on region and provider, # consult your S3 provider's documentation for details on what to use. # config :pleroma, Pleroma.Upload, uploader: Pleroma.Uploaders.S3, base_url: System.get_env("MEDIA_URL") config :pleroma, Pleroma.Uploaders.S3, bucket: System.get_env("S3_BUCKET"), bucket_namespace: nil, truncated_namespace: "", streaming_enabled: true # Configure S3 credentials: config :ex_aws, :s3, access_key_id: System.get_env("S3_ACCESS_KEY"), secret_access_key: System.get_env("S3_SECRET_KEY"), scheme: System.get_env("S3_SCHEME"), host: System.get_env("S3_HOST"), port: System.get_env("S3_PORT") config :joken, default_signer: System.get_env("DEFAULT_SIGNER") config :pleroma, configurable_from_database: false config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.Exiftool.StripLocation, Pleroma.Upload.Filter.Dedupe] config :pleroma, :mrf, policies: [ Pleroma.Web.ActivityPub.MRF.SimplePolicy, Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy, Pleroma.Web.ActivityPub.MRF.TagPolicy, Pleroma.Web.ActivityPub.MRF.InlineQuotePolicy, Pleroma.Web.ActivityPub.MRF.HashtagPolicy ] config :pleroma, :mrf_simple, media_removal: [ {"youjo.love", "nonce"}, {"nnia.space", "https://kiwifarms.st/threads/margarita-molotorenko-margarita-molotorenko-lecter-wierstamann-comrade-lecter-wierstaban-chrono-corner-akhnaton.178049/"}, {"*.freak.university", "nonce"}, {"sad.cab", "nonce"}, {"*.lolison.top", "nonce"}, {"pedo.school", "nonce"}, {"rapemeat.solutions", "nonce"}, {"ghetti.monster", "nonce"}, {"xhais.love", "https://kiwifarms.st/threads/valerie-connor-roundy-hypnotist-sappho-succubus-sappho-vin-r-wolf-f1r3fr0st-v3xarray-r00tlulz.108414/"}, {"horserock.xyz", "nonce"}, {"lolison.network", "nonce"}, {"loli.exposed", "nonce"}, {"lewdieheaven.com", "nonce"}, {"rot.gives", "nonce"}, {"rapemeat.express", "nonce"}, {"pettanko.art", "nonce"}, {"rqd2.net", "nonce"}, {"nnia.cc", "https://kiwifarms.st/threads/margarita-molotorenko-margarita-molotorenko-lecter-wierstamann-comrade-lecter-wierstaban-chrono-corner-akhnaton.178049/"}, {"childlove.space", "nonce"}, {"cannibal.cafe", "nonce"}, {"rape.pet", "https://kiwifarms.st/threads/the-pediverse-radqueers-paraphila-movement.194261/post-19500421"}, {"whitewomen.dog", "nonce"}, {"monk.ey.business", "nonce"}, {"*.ulithsys.moe", "nonce"}, {"paravielfalt.zone", "nonce"}, {"mapsupport.de", "nonce"}, {"*.cunnyborea.space", "nonce"}, {"cunnyborea.top", "nonce"}, {"youjo.observer", "nonce"}, {"*.ating.press", "nonce"}, {"*.cunny.win", "nonce"}, {"cottoncandy.cafe", "nonce"}, {"childlove.su", "nonce"}, {"*.tlespace.xyz", "nonce"}, {"*.tleplace.xyz", "nonce"}, {"oddballs.online", "https://kiwifarms.st/threads/ezra-j-orena-toonimal-critterkiddo-bonzibuddy-runt-funnyanimal-speciose.180429/"}, {"*.cassilda.house", "nonce"}, {"tummy.town", "nonce"}, {"*.yesmap.net", "nonce"}, {"*.tooters.wtf", "nonce"}, {"*.isekco.re", "nonce"}, {"eepy.express", "nonce"}, {"*.nekos.cafe", "nonce"}, {"*.thoughtcrimes.top", "nonce"}, {"imouto.pics", "nonce"}, {"shota.house", "nonce"}, {"*.notacri.me", "nonce"}, {"cutecatgirls.cafe", "nonce"}, {"bunnyanarchy.org", "nonce"}, {"*.offkey.wtf", "https://kiwifarms.st/threads/ezra-j-orena-toonimal-critterkiddo-bonzibuddy-runt-funnyanimal-speciose.180429/"}, {"*.mikonian.ca", "nonce"}, {"*.burggit.moe", "nonce"}, {"miiverse.cafe", "nonce"}, {"*.sexycubs.xyz", "nonce"}, {"*.cubsex.lol", "nonce"}, {"*.sexypokemon.xyz", "nonce (same IP as sexycubs.xyz)"}, {"fstube.net", "nonce"}, {"pacsa.us", "nonce"}, {"childlove.top", "nonce"}, {"imouto.exposed", "nonce"}, {"socks.cafe", "nonce"}, {"cunnyfu.cc", "nonce"}, {"cub.lol", "nonce"}, {"chaotic.buzz", "nonce"}, {"filly.love", "nonce"}, {"kodo.pictures", "nonce"}, {"mesugaki.xyz", "nonce"}, {"*.cutiegarden.rip", "nonce"}, {"*.cutiegarden.org", "nonce"}, {"*.tor.observer", "Tor2web service currently used as a proxy to get unfilterable CSAM instances to federate elsewhere"}, {"minor.cafe", "https://kiwifarms.st/threads/the-pediverse-radqueers-paraphila-movement.194261/post-19500421"}, {"yummyy.cc", "nonce"}, {"*.neechan.top", "nonce"}, {"baise-moi.top", "nonce"}, {"*.cubsex.pictures", "nonce"}, {"cub.cool", "nonce"}, {"outcast.zip", "nonce"}, {"pon.cat", "nonce"}, {"*.faraday.quest", "nonce"}, {"puppyspace.cc", "nonce"}, {"puppyspace.org", "nonce"}, {"netzsphaere.xyz", "nonce"}, {"ponkat.in", "nonce"}, {"paraphili.cc", "nonce"}, {"inumimi.love", "nonce"}, {"snuffster.pw", "nonce"}, {"cuties.zone", "nonce"}, {"cunny.beauty", "nonce"}, {"vampires.pet", "nonce"}, {"poni.cc", "nonce"}, {"kidsarehot.fyi", "nonce"}, {"gimmeloli.top", "nonce"}, {"yotsu.rocks", "nonce"}, {"cutiefest.cc", "nonce"}, {"*.kawaiizenbo.me", "nonce"}, {"pawuwu.net", "nonce"}, {"*.allykotetsu.com", "nonce"}, {"xn--u9jz52grnl.xn--q9jyb4c", "nonce"}, {"*.zooey.cat", "nonce"}, {"yiffy.pet", "nonce"}, {"yotsu.lol", "nonce"}, {"lolihigh.school", "nonce"}, {"gimmeloli.cc", "nonce"}, {"incestlovers.moe", "nonce"}, {"kit.cafe", "nonce"}, {"dellago.casa", "nonce"}, {"*.bongothirteen.net", "nonce"}, {"*.capyborea.space", "nonce"}, {"edens.faith", "nonce"}, {"080984.xyz", "nonce"}, {"pawoo.net", "Alledged illegal content here."}, {"rot.gives", "dawg....."}, {"cunnyborea.space", "sanitization, suspicious instance (pedos) but no evidence they are feds apart from 1 post"}, {"childlove.space", "N/A"}, {"cannibal.cafe", "fed hazard, and of course admitted to using lolis as alternatives to actual illegal material"}, {"ating.press", "N/A"}, {"rape.pet", "N/A"}, {"freak.university", "known pedo instance"}, {"social.isekco.re", "N/A"}, {"cute.lolison.top", "N/A"}, {"eepy.express", "N/A"}, {"whitewomen.dog", "VERY suspicious server"}, {"love.is.notacri.me", "N/A"}, {"aethy.com", "N/A"}, {"imouto.exposed", "N/A"}, {"cunnyfu.cc", "N/A"}, {"cubsex.lol", "i'm tired of dealing with these servers"}, {"cunny.gay", "N/A"}, {"lolison.top", "N/A"}, {"baraag.net", "N/A"}, {"fedi.cutiegarden.rip", "N/A"}, {"cub.lol", "N/A"}, {"kodo.pictures", "N/A"}, {"yummyy.cc", "N/A"}, {"filly.love", "I'm not enabling the media proxy for you to spread your illness onto my servers you chomo"}, {"mapsupport.de", "Cut off one head, two more will take its place."}, {"minor.cafe", "N/A"}, {"childlove.top", "Chomo: Type A (Common)"}, {"cubsex.pictures", "Chomo: Type B (Furry)"}, {"luv.cunnyborea.space", "Chomo: Type A (Common)"}, {"nnia.space", "Chomo: Type A (Common)"}, {"cub.cool", "Chomo: Type B (Furry)"}, {"puppyspace.cc", "Chomo: Type B (Furry)"}, {"inumimi.love", "Chomo: Type A (Common)"}, {"neechan.top", "Chomo: Type A (Common)"}, {"yesmap.net", "Chomo: Type A (Common)"}, {"poni.cc", "looks like the rebirth of filly.love"}, {"cunny.beauty", "Chomo: Type A (Common)"}, {"burggit.moe", "Chomo: Type A (Common)"}, {"mostr.pub", "NNNNGGGGGGHHHHH I KILL YOU"} ]