From 3349e3ae12f9776d750d816f45c2a237a94727fb Mon Sep 17 00:00:00 2001
From: Jeremiah Lee <106775223+jeremiahlee@users.noreply.github.com>
Date: Tue, 30 Jul 2024 11:16:57 -0400
Subject: [PATCH] Add TRUSTED_PROXY_IP option (#143)

---
 templates/configmap-env.yaml | 3 +++
 values.yaml                  | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml
index fc719d3..fe365a7 100644
--- a/templates/configmap-env.yaml
+++ b/templates/configmap-env.yaml
@@ -161,6 +161,9 @@ data:
   {{- with .Values.mastodon.streaming.base_url }}
   STREAMING_API_BASE_URL: {{ . | quote }}
   {{- end }}
+  {{- if .Values.mastodon.trusted_proxy_ip }}
+  TRUSTED_PROXY_IP: {{ .Values.mastodon.trusted_proxy_ip }}
+  {{ end }}
   {{- if .Values.externalAuth.oidc.enabled }}
   OIDC_ENABLED: {{ .Values.externalAuth.oidc.enabled | quote }}
   OIDC_DISPLAY_NAME: {{ .Values.externalAuth.oidc.display_name }}
diff --git a/values.yaml b/values.yaml
index 064774d..46674c5 100644
--- a/values.yaml
+++ b/values.yaml
@@ -47,6 +47,9 @@ mastodon:
   # -- If you have multiple domains pointed at your Mastodon server, this setting will allow Mastodon to recognize
   # itself when users are addressed using those other domains.
   alternate_domains: []
+  # -- Comma-separated list of public IP addresses of trusted reverse proxy servers reaching Mastodon web and streaming servers
+  # Specifying overrides default list. More info: https://docs.joinmastodon.org/admin/config/#trusted_proxy_ip
+  # trusted_proxy_ip:
   # -- If set to true, the frontpage of your Mastodon server will always redirect to the first profile in the database and registrations will be disabled.
   singleUserMode: false
   # -- Enables "Secure Mode" for more details see: https://docs.joinmastodon.org/admin/config/#authorized_fetch