diff --git a/charts/incubator/misskey/.helmignore b/charts/incubator/misskey/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/charts/incubator/misskey/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/charts/incubator/misskey/CHANGELOG.md b/charts/incubator/misskey/CHANGELOG.md new file mode 100644 index 00000000000..e69de29bb2d diff --git a/charts/incubator/misskey/Chart.yaml b/charts/incubator/misskey/Chart.yaml new file mode 100644 index 00000000000..1acdad1a7ef --- /dev/null +++ b/charts/incubator/misskey/Chart.yaml @@ -0,0 +1,41 @@ +apiVersion: v2 +appVersion: "12.119.0" +home: https://misskey-hub.net +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 10.7.13 + - condition: postgresql.enabled + name: postgresql + repository: https://charts.truecharts.org/ + version: 8.0.114 + - condition: redis.enabled + name: redis + repository: https://charts.truecharts.org + version: 3.0.111 +deprecated: false +description: "Misskey is an open source, decentralized social media platform that's free forever!" +icon: https://truecharts.org/img/hotlink-ok/chart-icons/misskey.png +keywords: + - Misskey + - Social + - Friend + - Social Media + - Fediverse + - ActivityPub +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: misskey +sources: + - https://github.com/truecharts/charts/tree/master/charts/incubator/misskey + - https://github.com/misskey-dev/misskey/ + - https://hub.docker.com/r/misskey/misskey/ +annotations: + truecharts.org/SCALE-support: "true" + truecharts.org/catagories: | + - Social +type: application +version: 0.0.1 diff --git a/charts/incubator/misskey/README.md b/charts/incubator/misskey/README.md new file mode 100644 index 00000000000..e69de29bb2d diff --git a/charts/incubator/misskey/icon.png b/charts/incubator/misskey/icon.png new file mode 100644 index 00000000000..b4eb18a5cb8 Binary files /dev/null and b/charts/incubator/misskey/icon.png differ diff --git a/charts/incubator/misskey/questions.yaml b/charts/incubator/misskey/questions.yaml new file mode 100644 index 00000000000..01a27a7438e --- /dev/null +++ b/charts/incubator/misskey/questions.yaml @@ -0,0 +1,241 @@ +# Include{groups} +portals: + open: +# Include{portalLink} +questions: +# Include{global} +# Include{controller} +# Include{controllerDeployment} +# Include{replicas} +# Include{replica1} +# Include{strategy} +# Include{recreate} +# Include{controllerExpert} +# Include{controllerExpertExtraArgs} + - variable: misskey + group: Container Configuration + label: Misskey Configuration + schema: + type: dict + attrs: + - variable: url + label: Final Accessible URL (Initial Install Only) + description: Final accessible URL seen by a user. ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE URL SETTINGS AFTER THAT! + schema: + type: string + required: true + - variable: id + label: ID Generation Method (Initial Install Only) + description: Select the ID generation method. DO NOT CHANGE AFTER INSTANCE IS STARTED! + schema: + type: string + enum: + - value: aid + description: Short, Millisecond accuracy + - value: meid + description: Similar to ObjectID, Millisecond accuracy + - value: ulid + description: Millisecond accuracy + - value: objectid + description: This is left for backward compatibility + default: aid + required: true + - variable: other + label: Other Configuration + schema: + type: dict + attrs: + - variable: disableHSTS + label: Disable HSTS + schema: + type: boolean + default: false + - variable: signToActivityPubGet + label: Sign to ActivityPub GET Request + schema: + type: boolean + default: false + - variable: maxFileSize + label: Max file upload/download size (bytes) + schema: + type: int + required: true + default: 262144000 + - variable: clusterLimit + label: Cluster Limit + description: Number of worker processes for server + schema: + type: int + required: true + default: 1 + - variable: deliverJobConcurrency + label: Deliver Job Concurrency + description: Job concurrency per worker + schema: + type: int + required: true + default: 128 + - variable: inboxJobConcurrency + label: Inbox Job Concurrency + description: Inbox job concurrency per worker + schema: + type: int + required: true + default: 16 + - variable: deliverJobPerSec + label: Deliver Jobs Per Second + description: Job rate limiter + schema: + type: int + required: true + default: 128 + - variable: inboxJobPerSec + label: Inbox Jobs Per Second + description: Inbox job rate limiter + schema: + type: int + required: true + default: 16 + - variable: deliverJobMaxAttempts + label: Max Deliver Job Attempts + schema: + type: int + required: true + default: 12 + - variable: inboxJobMaxAttempts + label: Max Inbox Job Attempts + schema: + type: int + required: true + default: 8 + - variable: allowedPrivateNetworks + label: Allowed Private Networks + description: Automatically 127.0.0.1/32 is added + schema: + type: list + default: [] + items: + - variable: privateNet + label: Private Network Entry + schema: + type: string + required: true + default: "" +# Include{containerConfig} +# Include{serviceRoot} + - variable: main + label: Main Service + description: The Primary service on which the healthcheck runs, often the webUI + schema: + additional_attrs: true + type: dict + attrs: +# Include{serviceSelectorLoadBalancer} +# Include{serviceSelectorExtras} + - variable: main + label: Main Service Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 3003 + required: true +# Include{advancedPortHTTP} + - variable: targetPort + label: Target Port + description: The internal(!) port on the container the Application runs on + schema: + type: int + default: 3003 +# Include{serviceExpertRoot} + default: false +# Include{serviceExpert} +# Include{serviceList} +# Include{persistenceRoot} + - variable: misskeyconfig + label: App configuration storage + description: Stores the Application configuration files. + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} +# Include{persistenceAdvanced} + - variable: files + label: Misskey file Storage + description: Stores the Application file data. + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} +# Include{persistenceAdvanced} +# Include{persistenceList} +# Include{ingressRoot} + - variable: main + label: Main Ingress + schema: + additional_attrs: true + type: dict + attrs: +# Include{ingressDefault} +# Include{ingressTLS} +# Include{ingressTraefik} +# Include{ingressExpert} +# Include{ingressList} +# Include{security} +# Include{securityContextAdvancedRoot} + - variable: privileged + label: Privileged mode + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: ReadOnly Root Filesystem + schema: + type: boolean + default: false + - variable: allowPrivilegeEscalation + label: Allow Privilege Escalation + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: runAsNonRoot + schema: + type: boolean + default: false +# Include{securityContextAdvanced} +# Include{podSecurityContextRoot} + - variable: runAsUser + label: runAsUser + description: The UserID of the user running the application + schema: + type: int + default: 0 + - variable: runAsGroup + label: runAsGroup + description: The groupID this App of the user running the application + schema: + type: int + default: 0 + - variable: fsGroup + label: fsGroup + description: The group that should own ALL storage. + schema: + type: int + default: 33 +# Include{podSecurityContextAdvanced} +# Include{resources} +# Include{advanced} +# Include{addons} +# Include{codeserver} +# Include{promtail} +# Include{netshoot} +# Include{vpn} +# Include{documentation} diff --git a/charts/incubator/misskey/templates/_configmap.tpl b/charts/incubator/misskey/templates/_configmap.tpl new file mode 100644 index 00000000000..e545e2f4593 --- /dev/null +++ b/charts/incubator/misskey/templates/_configmap.tpl @@ -0,0 +1,181 @@ +{{/* Define the configmap */}} +{{- define "misskey.configmap" -}} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: misskeyconfig +data: + default.yml: |- + #━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + # Misskey configuration + #━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + + # ┌─────┐ + #───┘ URL └───────────────────────────────────────────────────── + + # Final accessible URL seen by a user. + url: {{ .Values.misskey.url }} + + # ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE + # URL SETTINGS AFTER THAT! + + # ┌───────────────────────┐ + #───┘ Port and TLS settings └─────────────────────────────────── + + # + # Misskey supports two deployment options for public. + # + + # Option 1: With Reverse Proxy + # + # +----- https://example.tld/ ------------+ + # +------+ |+-------------+ +----------------+| + # | User | ---> || Proxy (443) | ---> | Misskey (3000) || + # +------+ |+-------------+ +----------------+| + # +---------------------------------------+ + # + # You need to setup reverse proxy. (eg. nginx) + # You do not define 'https' section. + + # Option 2: Standalone + # + # +- https://example.tld/ -+ + # +------+ | +---------------+ | + # | User | ---> | | Misskey (443) | | + # +------+ | +---------------+ | + # +------------------------+ + # + # You need to run Misskey as root. + # You need to set Certificate in 'https' section. + + # To use option 1, uncomment below line. + port: {{ .Values.service.main.ports.main.port }} # A port that your Misskey server should listen. + + # To use option 2, uncomment below lines. + #port: 443 + + #https: + # # path for certification + # key: /etc/letsencrypt/live/example.tld/privkey.pem + # cert: /etc/letsencrypt/live/example.tld/fullchain.pem + + # ┌──────────────────────────┐ + #───┘ PostgreSQL configuration └──────────────────────────────── + + db: + host: {{ printf "%v-%v" .Release.Name "postgresql" }} + port: 5432 + + # Database name + db: {{ .Values.postgresql.postgresqlDatabase }} + + # Auth + user: {{ .Values.postgresql.postgresqlUsername }} + pass: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" }} + + # Whether disable Caching queries + #disableCache: true + + # Extra Connection options + #extra: + # ssl: true + + # ┌─────────────────────┐ + #───┘ Redis configuration └───────────────────────────────────── + + redis: + host: {{ printf "%v-%v" .Release.Name "redis" }} + port: 6379 + pass: {{ .Values.redis.redisPassword | trimAll "\"" }} + #prefix: example-prefix + #db: 1 + + # ┌─────────────────────────────┐ + #───┘ Elasticsearch configuration └───────────────────────────── + + #elasticsearch: + # host: localhost + # port: 9200 + # ssl: false + # user: + # pass: + + # ┌───────────────┐ + #───┘ ID generation └─────────────────────────────────────────── + + # You can select the ID generation method. + # You don't usually need to change this setting, but you can + # change it according to your preferences. + + # Available methods: + # aid ... Short, Millisecond accuracy + # meid ... Similar to ObjectID, Millisecond accuracy + # ulid ... Millisecond accuracy + # objectid ... This is left for backward compatibility + + # ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE + # ID SETTINGS AFTER THAT! + + id: {{ .Values.misskey.id }} + # ┌─────────────────────┐ + #───┘ Other configuration └───────────────────────────────────── + + # Whether disable HSTS + disableHsts: {{ .Values.misskey.other.disableHSTS }} + + # Number of worker processes + clusterLimit: {{ .Values.misskey.other.clusterLimit }} + + # Job concurrency per worker + deliverJobConcurrency: {{ .Values.misskey.other.deliverJobConcurrency }} + inboxJobConcurrency: {{ .Values.misskey.other.inboxJobConcurrency }} + + # Job rate limiter + deliverJobPerSec: {{ .Values.misskey.other.deliverJobPerSec }} + inboxJobPerSec: {{ .Values.misskey.other.inboxJobPerSec }} + + # Job attempts + deliverJobMaxAttempts: {{ .Values.misskey.other.deliverJobMaxAttempts }} + inboxJobMaxAttempts: {{ .Values.misskey.other.inboxJobMaxAttempts }} + + # IP address family used for outgoing request (ipv4, ipv6 or dual) + #outgoingAddressFamily: ipv4 + + # Syslog option + #syslog: + # host: localhost + # port: 514 + + # Proxy for HTTP/HTTPS + #proxy: http://127.0.0.1:3128 + + #proxyBypassHosts: [ + # 'example.com', + # '192.0.2.8' + #] + + # Proxy for SMTP/SMTPS + #proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT + #proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4 + #proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5 + + # Media Proxy + #mediaProxy: https://example.com/proxy + + # Sign to ActivityPub GET request (default: false) + signToActivityPubGet: {{ .Values.misskey.other.signToActivityPubGet }} + + allowedPrivateNetworks: [ + '127.0.0.1/32', + {{- range .Values.misskey.other.allowedPrivateNetworks }} + {{ . | squote }}, + {{- end }} + ] + + # Upload or download file size limits (bytes) + maxFileSize: {{ .Values.misskey.other.maxFileSize }} + + +{{- end -}} diff --git a/charts/incubator/misskey/templates/common.yaml b/charts/incubator/misskey/templates/common.yaml new file mode 100644 index 00000000000..ae43900cad9 --- /dev/null +++ b/charts/incubator/misskey/templates/common.yaml @@ -0,0 +1,8 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.common.loader.init" . }} + +{{/* Render configmap for misskey */}} +{{- include "misskey.configmap" . }} + +{{/* Render the templates */}} +{{ include "tc.common.loader.apply" . }} diff --git a/charts/incubator/misskey/values.yaml b/charts/incubator/misskey/values.yaml new file mode 100644 index 00000000000..91bcc24ee5c --- /dev/null +++ b/charts/incubator/misskey/values.yaml @@ -0,0 +1,65 @@ +image: + repository: tccr.io/truecharts/misskey + pullPolicy: IfNotPresent + tag: 12.119.0@sha256:e16467a28e7cee4442e29216a292dd725f28c3789fb1da050359c7842c2c0eec + +securityContext: + readOnlyRootFilesystem: false + runAsNonRoot: false + +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + fsGroup: 33 + +service: + main: + ports: + main: + port: 3003 + +misskey: + # Final accessible URL seen by a user. ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE URL SETTINGS AFTER THAT! + url: "https://example.tld/" + # ID generation method. 'aid' recommended. + id: "aid" + other: + disableHSTS: false + signToActivityPubGet: false + maxFileSize: 262144000 + clusterLimit: 1 + deliverJobConcurrency: 128 + inboxJobConcurrency: 16 + deliverJobPerSec: 128 + inboxJobPerSec: 16 + deliverJobMaxAttempts: 12 + inboxJobMaxAttempts: 8 + allowedPrivateNetworks: + - 127.0.0.1/32 + +env: + # NODE_ENV = production | development + NODE_ENV: production + +persistence: + misskeyconfig: + enabled: true + type: configMap + objectName: misskeyconfig + mountPath: "/misskey/.config" + files: + enabled: true + mountPath: "/misskey/files" + +postgresql: + enabled: true + existingSecret: "dbcreds" + postgresqlUsername: misskey + postgresqlDatabase: misskey + +redis: + enabled: true + existingSecret: "rediscreds" + +portal: + enabled: true diff --git a/cspell.config.yaml b/cspell.config.yaml index 3873f52600d..00bdc81dbc4 100644 --- a/cspell.config.yaml +++ b/cspell.config.yaml @@ -153,6 +153,7 @@ words: - mimetypes - minecraft - minio + - Misskey - modelstore - modports - mongosh