gotosocial
Usage
Helm must be installed and setup to your kubernetes cluster to use the charts. Refer to Helm’s documentation to get started. Once Helm has been set up correctly, fetch the charts as follows:
helm pull oci://codeberg.org/wrenix/helm-charts/gotosocialYou can install a chart release using the following command:
helm install gotosocial-release oci://codeberg.org/wrenix/helm-charts/gotosocial --values values.yamlTo uninstall a chart release use `helm’s delete command:
helm uninstall gotosocial-releaseValues
| Key | Type | Default | Description |
|---|---|---|---|
affinity |
object |
|
|
autoscaling.enabled |
bool |
|
|
autoscaling.maxReplicas |
int |
|
|
autoscaling.minReplicas |
int |
|
|
autoscaling.targetCPUUtilizationPercentage |
int |
|
|
fullnameOverride |
string |
|
|
global.image.pullPolicy |
string |
|
if set it will overwrite all pullPolicy |
global.image.registry |
string |
|
if set it will overwrite all registry entries |
gotosocial.accountDomain |
string |
|
|
gotosocial.accounts.allowCustomCSS |
bool |
|
Allow accounts on this instance to set custom CSS for their profile pages and statuses. Enabling this setting will allow accounts to upload custom CSS via the /user settings page, which will then be rendered on the web view of the account’s profile and statuses. For instances with public sign ups, it is HIGHLY RECOMMENDED to leave this setting on 'false', since setting it to true allows malicious accounts to make their profile pages misleading, unusable or even dangerous to visitors. In other words, you should only enable this setting if you trust the users on your instance not to produce harmful CSS. Regardless of what this value is set to, any uploaded CSS will not be federated to other instances, it will only be shown on profiles and statuses on this instance. |
gotosocial.accounts.approvalRequired |
bool |
|
Do sign up requests require approval from an admin/moderator before an account can sign in/use the server? |
gotosocial.accounts.customCSSLength |
int |
|
If accounts-allow-custom-css is true, this is the permitted length in characters for CSS uploaded by accounts on this instance. No effect if accounts-allow-custom-css is false. |
gotosocial.accounts.reasonRequired |
bool |
|
Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)? |
gotosocial.accounts.registrationOpen |
bool |
|
Do we want people to be able to just submit sign up requests, or do we want invite only? |
gotosocial.applicationName |
string |
|
|
gotosocial.database.address |
string |
|
Database address or parameters. For Postgres, this should be the address or socket at which the database can be reached. |
gotosocial.database.database |
string |
|
Name of the database to use within the provided database type. |
gotosocial.database.password |
string |
|
Password to use for the database connection |
gotosocial.database.port |
int |
|
Port for database connection. |
gotosocial.database.tlsCACert |
string |
|
Path to a CA certificate on the host machine for db certificate validation. If this is left empty, just the host certificates will be used. If filled in, the certificate will be loaded and added to host certificates. |
gotosocial.database.tlsMode |
string |
|
Disable, enable, or require SSL/TLS connection to the database. If "disable" then no TLS connection will be attempted. If "enable" then TLS will be tried, but the database certificate won’t be checked (for self-signed certs). If "require" then TLS will be required to make a connection, and a valid certificate must be presented. |
gotosocial.database.type |
string |
|
Database type. Options: ["postgres","sqlite"] |
gotosocial.database.username |
string |
|
Username for the database connection. |
gotosocial.host |
string |
|
|
gotosocial.landingPageUser |
string |
|
|
gotosocial.metrics.auth.enabled |
bool |
|
|
gotosocial.metrics.auth.password |
string |
|
|
gotosocial.metrics.auth.username |
string |
|
|
gotosocial.metrics.enabled |
bool |
|
|
gotosocial.oidc.adminGroups |
list |
|
If the returned ID token contains a 'groups' claim that matches one of the groups in oidc-admin-groups, then this user will be granted admin rights on the GtS instance |
gotosocial.oidc.clientID |
string |
|
The ID for this client as registered with the OIDC provider. |
gotosocial.oidc.clientSecret |
string |
|
The secret for this client as registered with the OIDC provider. |
gotosocial.oidc.enabled |
bool |
|
Enable authentication with external OIDC provider. If set to true, then the other OIDC options must be set as well. If this is set to false, then the standard internal oauth flow will be used, where users sign in to GtS with username/password. |
gotosocial.oidc.idpName |
string |
|
Name of the oidc idp (identity provider). This will be shown to users when they log in. |
gotosocial.oidc.issuer |
string |
|
The OIDC issuer URI. This is where GtS will redirect users to for login. Typically this will look like a standard web URL. |
gotosocial.oidc.linkExisting |
bool |
|
Link OIDC authenticated users to existing ones based on their email address. This is mostly intended for migration purposes if you were running previous versions of GTS which only correlated users with their email address. Should be set to false for most usecases. |
gotosocial.oidc.scopes |
list |
|
Scopes to request from the OIDC provider. The returned values will be used to populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required. 'profile' is used to extract a username for the newly created user. 'groups' is optional and can be used to determine if a user is an admin based on oidc-admin-groups. |
gotosocial.oidc.skipVerification |
bool |
|
Skip the normal verification flow of tokens returned from the OIDC provider, ie., don’t check the expiry or signature. This should only be used in debugging or testing, never ever in a production environment as it’s extremely unsafe! |
gotosocial.smtp.discloseRecipients |
bool |
|
If true, when an email is sent that has multiple recipients, each recipient will be included in the To field, so that each recipient can see who else got the email, and they can 'reply all' to the other recipients if they want to. If false, email will be sent to Undisclosed Recipients, and each recipient will not be able to see who else received the email. It might be useful to change this setting to 'true' if you want to be able to discuss new moderation reports with other admins by 'replying-all' to the notification email. |
gotosocial.smtp.from |
string |
|
'From' address for sent emails. |
gotosocial.smtp.host |
string |
|
The hostname of the smtp server you want to use. If this is not set, smtp will not be used to send emails, and you can ignore the other settings. |
gotosocial.smtp.password |
string |
|
Password to use when authenticating with the smtp server. This should have been provided to you by your smtp host. |
gotosocial.smtp.port |
int |
|
Port to use to connect to the smtp server. |
gotosocial.smtp.username |
string |
|
Username to use when authenticating with the smtp server. This should have been provided to you by your smtp host. This is often, but not always, an email address. |
gotosocial.storage.backend |
string |
|
Type of storage backend to use. Examples: ["local", "s3"] Default: "local" (storage on local disk) |
gotosocial.storage.s3.accessKey |
string |
|
Access key part of the S3 credentials. Consider setting this value using environment variables to avoid leaking it via the config file Only required when running with the s3 storage backend. |
gotosocial.storage.s3.bucket |
string |
|
Name of the storage bucket. If you have already encoded your bucket name in the storage-s3-endpoint, this value will be used as a directory containing your data. The bucket must exist prior to starting GoToSocial Only required when running with the s3 storage backend. |
gotosocial.storage.s3.endpoint |
string |
|
API endpoint of the S3 compatible service. Only required when running with the s3 storage backend. GoToSocial uses "DNS-style" when accessing buckets. If you are using Scaleways object storage, please remove the "bucket name" from the endpoint address |
gotosocial.storage.s3.proxy |
bool |
|
If data stored in S3 should be proxied through GoToSocial instead of redirecting to a presigned URL. |
gotosocial.storage.s3.secretKey |
string |
|
Secret key part of the S3 credentials. Consider setting this value using environment variables to avoid leaking it via the config file Only required when running with the s3 storage backend. |
gotosocial.storage.s3.useSSL |
bool |
|
Use SSL for S3 connections. Only set this to 'false' when testing locally. |
gotosocial.tz |
string |
|
|
image.pullPolicy |
string |
|
|
image.registry |
string |
|
|
image.repository |
string |
|
|
image.tag |
string |
|
Overrides the image tag whose default is the chart appVersion. |
imagePullSecrets |
list |
|
|
ingress.annotations |
object |
|
|
ingress.className |
string |
|
|
ingress.enabled |
bool |
|
|
ingress.hosts[0].host |
string |
|
|
ingress.hosts[0].paths[0].path |
string |
|
|
ingress.hosts[0].paths[0].pathType |
string |
|
|
ingress.tls |
list |
|
|
nameOverride |
string |
|
|
nodeSelector |
object |
|
|
persistence.accessMode |
string |
|
accessMode |
persistence.annotations |
object |
|
|
persistence.enabled |
bool |
|
Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
persistence.existingClaim |
string |
|
A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound |
persistence.hostPath |
string |
|
Do not create an PVC, direct use hostPath in Pod |
persistence.size |
string |
|
size |
persistence.storageClass |
string |
|
Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) |
podAnnotations |
object |
|
|
podLabels |
object |
|
|
podSecurityContext |
object |
|
|
prometheus.servicemonitor.enabled |
bool |
|
|
prometheus.servicemonitor.labels |
object |
|
|
replicaCount |
int |
|
|
resources |
object |
|
|
securityContext |
object |
|
|
service.port |
int |
|
|
service.type |
string |
|
|
serviceAccount.annotations |
object |
|
Annotations to add to the service account |
serviceAccount.automount |
bool |
|
Automatically mount a ServiceAccount’s API credentials? |
serviceAccount.create |
bool |
|
Specifies whether a service account should be created |
serviceAccount.name |
string |
|
If not set and create is true, a name is generated using the fullname template |
tolerations |
list |
|
|
volumeMounts |
list |
|
|
volumes |
list |
|
Autogenerated from chart metadata using helm-docs