red/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pleroma/manifests/deployments/pleroma.yaml

413 lines
No EOL
15 KiB
YAML
Raw Blame History

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pleroma-pvc
namespace: darkdork-dev
labels:
app: pleroma
spec:
storageClassName: longhorn-ssd
accessModes:
- ReadWriteMany
resources:
requests:
storage:
10Gi
---
apiVersion: v1
kind: Service
metadata:
name: pleroma
namespace: darkdork-dev
spec:
ports:
- port: 80
targetPort: 4000
protocol: TCP
selector:
app: pleroma
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pleroma
namespace: darkdork-dev
spec:
replicas: 1
selector:
matchLabels:
app: pleroma
template:
metadata:
labels:
app: pleroma
spec:
imagePullSecrets:
- name: registry-credentials
initContainers:
- name: pleroma-static-files
image: cr.forge.lan/darkdork-dev/pleroma
command: [ "sh", "-c", "mkdir -p ${DATA}/uploads && mkdir -p ${DATA}/static && cp -rf /static-files/* ${DATA}/static && chown -R 1000:1000 /var/lib/pleroma" ]
- name: pleroma-database-wait
image: cr.forge.lan/darkdork-dev/pleroma
command: [ "sh", "-c", "while ! pg_isready -U ${DB_USER} -d postgres://${DB_HOST}:${DB_PORT}/${DB_NAME} -t 1; do sleep 1s; done;" ]
env:
- name: DB_HOST
value: postgres
- name: DB_NAME
value: pleroma
- name: DB_USER
value: pleroma
- name: pleroma-migrate
image: cr.forge.lan/darkdork-dev/pleroma
command: [ "sh", "-c", "exec", "${HOME}/bin/pleroma_ctl migrate" ]
containers:
- name: pleroma
image: cr.forge.lan/darkdork-dev/pleroma
imagePullPolicy: Always
ports:
- containerPort: 4000
env:
- name: DOMAIN
value: darkdork.dev
- name: INSTANCE_NAME
value: DarkDork.dev
- name: ADMIN_EMAIL
value: pwm@crlf.ninja
- name: NOTIFY_EMAIL
value: pleroma@crlf.ninja
- name: REGISTRATIONS_OPEN
value: "false"
- name: INVITES_ENABLED
value: "true"
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: pleroma
key: secret-key-base
- name: WEB_PUSH_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: web-push-public-key
- name: WEB_PUSH_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: web-push-private-key
- name: DEFAULT_SIGNER
valueFrom:
secretKeyRef:
name: pleroma
key: default-signer
- name: MEDIA_URL
value: "https://media.darkdork.dev"
- name: S3_BUCKET
value: pleroma.darkdork.dev
- name: S3_ACCESS_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: minio-access-key
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: minio-secret-key
- name: S3_SCHEME
value: "http://"
- name: S3_HOST
value: minio
- name: S3_PORT
value: "80"
- name: DB_HOST
value: postgres
- name: DB_NAME
value: pleroma
- name: DB_USER
value: pleroma
- name: DB_PASS
valueFrom:
secretKeyRef:
name: postgres
key: postgres-password
volumeMounts:
- name: pleroma-data-volume
mountPath: /var/lib/pleroma
- name: pleroma-config-volume
mountPath: /etc/pleroma/config.exs
subPath: config.exs
volumes:
- name: pleroma-data-volume
persistentVolumeClaim:
claimName: pleroma-pvc
- name: pleroma-config-volume
configMap:
name: pleroma-config
defaultMode: 0640 # Pleroma is picky about config file permissions.
securityContext:
fsGroup: 1000 # Ensures plperoma can still read the config file
---
apiVersion: v1
kind: ConfigMap
metadata:
name: pleroma-config
namespace: darkdork-dev
data:
config.exs: |
# Pleroma instance configuration
# NOTE: This file should not be committed to a repo or otherwise made public
# without removing sensitive information.
import Config
config :pleroma, Pleroma.Web.Endpoint,
url: [host: System.get_env("DOMAIN", "localhost"), scheme: "https", port: 443],
http: [ip: {0, 0, 0, 0}, port: 4000],
secret_key_base: System.get_env("SECRET_KEY_BASE"),
signing_salt: System.get_env("SIGNING_SALT")
config :pleroma, :instance,
name: System.get_env("INSTANCE_NAME", "Pleroma"),
email: System.get_env("ADMIN_EMAIL"),
notify_email: System.get_env("NOTIFY_EMAIL"),
limit: 5000,
upload_limit: 67_108_864,
registrations_open: false,
invites_enabled: true,
healthcheck: true
# config :pleroma, :http, proxy_url: {:socks5h, System.get_env("SOCKS_ADDRESS"), System.get_env("SOCKS_PORT")}
config :pleroma, :http,
proxy_url: "http://privoxy:8118"
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true
#base_url: "https://cache.pleroma.social"
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
username: System.get_env("DB_USER", "pleroma"),
password: System.get_env("DB_PASS"),
database: System.get_env("DB_NAME", "pleroma"),
hostname: System.get_env("DB_HOST", "db")
# Configure web push notifications
config :web_push_encryption, :vapid_details,
subject: "mailto:#{System.get_env("NOTIFY_EMAIL")}",
public_key: System.get_env("WEB_PUSH_PUBLIC_KEY"),
private_key: System.get_env("WEB_PUSH_PRIVATE_KEY")
config :pleroma, :database, rum_enabled: false
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
# Enable Strict-Transport-Security once SSL is working:
# config :pleroma, :http_security,
# sts: true
# Configure S3 support if desired.
# The public S3 endpoint (base_url) is different depending on region and provider,
# consult your S3 provider's documentation for details on what to use.
#
config :pleroma, Pleroma.Upload,
uploader: Pleroma.Uploaders.S3,
base_url: System.get_env("MEDIA_URL")
config :pleroma, Pleroma.Uploaders.S3,
bucket: System.get_env("S3_BUCKET"),
bucket_namespace: nil,
truncated_namespace: "",
streaming_enabled: true
# Configure S3 credentials:
config :ex_aws, :s3,
access_key_id: System.get_env("S3_ACCESS_KEY"),
secret_access_key: System.get_env("S3_SECRET_KEY"),
scheme: System.get_env("S3_SCHEME"),
host: System.get_env("S3_HOST"),
port: System.get_env("S3_PORT")
config :joken, default_signer: System.get_env("DEFAULT_SIGNER")
config :pleroma, configurable_from_database: false
config :pleroma, Pleroma.Upload,
filters: [
Pleroma.Upload.Filter.Exiftool.StripLocation,
Pleroma.Upload.Filter.Dedupe
]
config :pleroma, :emoji,
shortcode_globs: [
"/emoji/niggapack/**/*.png",
"/emoji/niggapack/**/*.gif"
]
config :pleroma, :mrf,
policies: [
Pleroma.Web.ActivityPub.MRF.SimplePolicy,
Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy,
Pleroma.Web.ActivityPub.MRF.TagPolicy,
Pleroma.Web.ActivityPub.MRF.InlineQuotePolicy,
Pleroma.Web.ActivityPub.MRF.HashtagPolicy
]
config :pleroma, :mrf_simple,
media_removal: [
{"youjo.love", "nonce"},
{"nnia.space", "https://kiwifarms.st/threads/margarita-molotorenko-margarita-molotorenko-lecter-wierstamann-comrade-lecter-wierstaban-chrono-corner-akhnaton.178049/"},
{"*.freak.university", "nonce"},
{"sad.cab", "nonce"},
{"*.lolison.top", "nonce"},
{"pedo.school", "nonce"},
{"rapemeat.solutions", "nonce"},
{"ghetti.monster", "nonce"},
{"xhais.love", "https://kiwifarms.st/threads/valerie-connor-roundy-hypnotist-sappho-succubus-sappho-vin-r-wolf-f1r3fr0st-v3xarray-r00tlulz.108414/"},
{"horserock.xyz", "nonce"},
{"lolison.network", "nonce"},
{"loli.exposed", "nonce"},
{"lewdieheaven.com", "nonce"},
{"rot.gives", "nonce"},
{"rapemeat.express", "nonce"},
{"pettanko.art", "nonce"},
{"rqd2.net", "nonce"},
{"nnia.cc", "https://kiwifarms.st/threads/margarita-molotorenko-margarita-molotorenko-lecter-wierstamann-comrade-lecter-wierstaban-chrono-corner-akhnaton.178049/"},
{"childlove.space", "nonce"},
{"cannibal.cafe", "nonce"},
{"rape.pet", "https://kiwifarms.st/threads/the-pediverse-radqueers-paraphila-movement.194261/post-19500421"},
{"whitewomen.dog", "nonce"},
{"monk.ey.business", "nonce"},
{"*.ulithsys.moe", "nonce"},
{"paravielfalt.zone", "nonce"},
{"mapsupport.de", "nonce"},
{"*.cunnyborea.space", "nonce"},
{"cunnyborea.top", "nonce"},
{"youjo.observer", "nonce"},
{"*.ating.press", "nonce"},
{"*.cunny.win", "nonce"},
{"cottoncandy.cafe", "nonce"},
{"childlove.su", "nonce"},
{"*.tlespace.xyz", "nonce"},
{"*.tleplace.xyz", "nonce"},
{"oddballs.online", "https://kiwifarms.st/threads/ezra-j-orena-toonimal-critterkiddo-bonzibuddy-runt-funnyanimal-speciose.180429/"},
{"*.cassilda.house", "nonce"},
{"tummy.town", "nonce"},
{"*.yesmap.net", "nonce"},
{"*.tooters.wtf", "nonce"},
{"*.isekco.re", "nonce"},
{"eepy.express", "nonce"},
{"*.nekos.cafe", "nonce"},
{"*.thoughtcrimes.top", "nonce"},
{"imouto.pics", "nonce"},
{"shota.house", "nonce"},
{"*.notacri.me", "nonce"},
{"cutecatgirls.cafe", "nonce"},
{"bunnyanarchy.org", "nonce"},
{"*.offkey.wtf", "https://kiwifarms.st/threads/ezra-j-orena-toonimal-critterkiddo-bonzibuddy-runt-funnyanimal-speciose.180429/"},
{"*.mikonian.ca", "nonce"},
{"*.burggit.moe", "nonce"},
{"miiverse.cafe", "nonce"},
{"*.sexycubs.xyz", "nonce"},
{"*.cubsex.lol", "nonce"},
{"*.sexypokemon.xyz", "nonce (same IP as sexycubs.xyz)"},
{"fstube.net", "nonce"},
{"pacsa.us", "nonce"},
{"childlove.top", "nonce"},
{"imouto.exposed", "nonce"},
{"socks.cafe", "nonce"},
{"cunnyfu.cc", "nonce"},
{"cub.lol", "nonce"},
{"chaotic.buzz", "nonce"},
{"filly.love", "nonce"},
{"kodo.pictures", "nonce"},
{"mesugaki.xyz", "nonce"},
{"*.cutiegarden.rip", "nonce"},
{"*.cutiegarden.org", "nonce"},
{"*.tor.observer", "Tor2web service currently used as a proxy to get unfilterable CSAM instances to federate elsewhere"},
{"minor.cafe", "https://kiwifarms.st/threads/the-pediverse-radqueers-paraphila-movement.194261/post-19500421"},
{"yummyy.cc", "nonce"},
{"*.neechan.top", "nonce"},
{"baise-moi.top", "nonce"},
{"*.cubsex.pictures", "nonce"},
{"cub.cool", "nonce"},
{"outcast.zip", "nonce"},
{"pon.cat", "nonce"},
{"*.faraday.quest", "nonce"},
{"puppyspace.cc", "nonce"},
{"puppyspace.org", "nonce"},
{"netzsphaere.xyz", "nonce"},
{"ponkat.in", "nonce"},
{"paraphili.cc", "nonce"},
{"inumimi.love", "nonce"},
{"snuffster.pw", "nonce"},
{"cuties.zone", "nonce"},
{"cunny.beauty", "nonce"},
{"vampires.pet", "nonce"},
{"poni.cc", "nonce"},
{"kidsarehot.fyi", "nonce"},
{"gimmeloli.top", "nonce"},
{"yotsu.rocks", "nonce"},
{"cutiefest.cc", "nonce"},
{"*.kawaiizenbo.me", "nonce"},
{"pawuwu.net", "nonce"},
{"*.allykotetsu.com", "nonce"},
{"xn--u9jz52grnl.xn--q9jyb4c", "nonce"},
{"*.zooey.cat", "nonce"},
{"yiffy.pet", "nonce"},
{"yotsu.lol", "nonce"},
{"lolihigh.school", "nonce"},
{"gimmeloli.cc", "nonce"},
{"incestlovers.moe", "nonce"},
{"kit.cafe", "nonce"},
{"dellago.casa", "nonce"},
{"*.bongothirteen.net", "nonce"},
{"*.capyborea.space", "nonce"},
{"edens.faith", "nonce"},
{"080984.xyz", "nonce"},
{"pawoo.net", "Alledged illegal content here."},
{"rot.gives", "dawg....."},
{"cunnyborea.space", "sanitization, suspicious instance (pedos) but no evidence they are feds apart from 1 post"},
{"childlove.space", "N/A"},
{"cannibal.cafe", "fed hazard, and of course admitted to using lolis as alternatives to actual illegal material"},
{"ating.press", "N/A"},
{"rape.pet", "N/A"},
{"freak.university", "known pedo instance"},
{"social.isekco.re", "N/A"},
{"cute.lolison.top", "N/A"},
{"eepy.express", "N/A"},
{"whitewomen.dog", "VERY suspicious server"},
{"love.is.notacri.me", "N/A"},
{"aethy.com", "N/A"},
{"imouto.exposed", "N/A"},
{"cunnyfu.cc", "N/A"},
{"cubsex.lol", "i'm tired of dealing with these servers"},
{"cunny.gay", "N/A"},
{"lolison.top", "N/A"},
{"baraag.net", "N/A"},
{"fedi.cutiegarden.rip", "N/A"},
{"cub.lol", "N/A"},
{"kodo.pictures", "N/A"},
{"yummyy.cc", "N/A"},
{"filly.love", "I'm not enabling the media proxy for you to spread your illness onto my servers you chomo"},
{"mapsupport.de", "Cut off one head, two more will take its place."},
{"minor.cafe", "N/A"},
{"childlove.top", "Chomo: Type A (Common)"},
{"cubsex.pictures", "Chomo: Type B (Furry)"},
{"luv.cunnyborea.space", "Chomo: Type A (Common)"},
{"nnia.space", "Chomo: Type A (Common)"},
{"cub.cool", "Chomo: Type B (Furry)"},
{"puppyspace.cc", "Chomo: Type B (Furry)"},
{"inumimi.love", "Chomo: Type A (Common)"},
{"neechan.top", "Chomo: Type A (Common)"},
{"yesmap.net", "Chomo: Type A (Common)"},
{"poni.cc", "looks like the rebirth of filly.love"},
{"cunny.beauty", "Chomo: Type A (Common)"},
{"burggit.moe", "Chomo: Type A (Common)"},
{"mostr.pub", "NNNNGGGGGGHHHHH I KILL YOU"},
{"furville.drinkanddrive.africa", "N/A"}
]
Reference in a new issue View git blame Copy permalink