--- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pleroma-uploads namespace: toots-werts spec: accessModes: - ReadWriteMany resources: requests: storage: 100Gi storageClassName: nfs --- apiVersion: v1 kind: ConfigMap metadata: namespace: toots-werts name: pleroma-config data: config.exs: | import Config config :pleroma, :instance, healthcheck: true config :pleroma, Pleroma.Repo, adapter: Ecto.Adapters.Postgres, ssl: true, ssl_opts: [ verify: :verify_none ] config :pleroma, Pleroma.Web.Endpoint, url: [host: "toots.werts.us", scheme: "https"] config :pleroma, Pleroma.Emails.Mailer, adapter: Swoosh.Adapters.SMTP, enabled: true, relay: "smtp.mailgun.org", username: "pleroma-admin@strudelline.net", password: "245eaf795de6ea505d190a4aa2b2a046-28e9457d-e1805793", port: 465, ssl: true, tls: :always, auth: :always config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth, client_id: System.get_env("KEYCLOAK_CLIENT_ID"), client_secret: System.get_env("KEYCLOAK_CLIENT_SECRET"), site: "https://auth.werts.us/", authorize_url: "https://auth.werts.us/realms/werts/protocol/openid-connect/auth", token_url: "https://auth.werts.us/realms/werts/protocol/openid-connect/token", userinfo_url: "https://auth.werts.us/realms/werts/protocol/openid-connect/userinfo", token_method: :post config :ueberauth, Ueberauth, providers: [ keycloak: {Ueberauth.Strategy.Keycloak, [uid_field: :email, default_scope: "profile"]} ] --- apiVersion: apps/v1 kind: Deployment metadata: namespace: toots-werts name: pleroma annotations: "reloader.stakater.com/auto": "true" spec: replicas: 1 selector: matchLabels: app: pleroma strategy: type: Recreate template: metadata: labels: app: pleroma spec: containers: - name: pleroma image: jamesandariese/pleroma:latest-keycloak imagePullPolicy: Always env: - name: DB_USER valueFrom: secretKeyRef: key: user name: pleroma-db-pguser-pleroma-db - name: DB_PASS valueFrom: secretKeyRef: key: password name: pleroma-db-pguser-pleroma-db - name: DB_HOST valueFrom: secretKeyRef: key: host name: pleroma-db-pguser-pleroma-db - name: DB_NAME valueFrom: secretKeyRef: key: dbname name: pleroma-db-pguser-pleroma-db - name: KEYCLOAK_CLIENT_ID valueFrom: secretKeyRef: key: client_id name: toots-oidc - name: KEYCLOAK_CLIENT_SECRET valueFrom: secretKeyRef: key: client_secret name: toots-oidc - name: OAUTH_CONSUMER_STRATEGIES value: keycloak:ueberauth_keycloak_strategy - name: INSTANCE_NAME value: WerToots - name: ADMIN_EMAIL value: pleroma-admin@strudelline.net - name: NOTIFY_EMAIL value: pleroma-admin@strudelline.net - name: DOMAIN value: toots.werts.us - name: PORT value: "4000" volumeMounts: - mountPath: /var/lib/pleroma/uploads name: pleroma-uploads - mountPath: /var/lib/pleroma/config.exs name: pleroma-config subPath: config.exs volumes: - name: pleroma-uploads persistentVolumeClaim: claimName: pleroma-uploads - name: pleroma-config configMap: name: pleroma-config defaultMode: 0444 restartPolicy: Always --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: toots namespace: toots-werts spec: ingressClassName: haproxy rules: - host: toots.werts.us http: paths: - path: / pathType: Prefix backend: service: name: pleroma port: number: 4000 --- apiVersion: v1 kind: Service metadata: labels: app: pleroma name: pleroma namespace: toots-werts spec: selector: app: pleroma ports: - name: http port: 4000 protocol: TCP targetPort: 4000 clusterIP: None type: ClusterIP