dsx.sh / tranquil-pds
forked from tranquil.farm/tranquil-pds
Our Personal Data Server from scratch!
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

rewording, and some sentence simplification

Dylan Shepard 541abaf4 697cf8c2

+10 -10
+7 -7
docs/install-kubernetes.md
··· 20 20 21 21 ## TLS and DNS 22 22 23 - You need a wildcard TLS certificate covering `*.your-pds-hostname.example.com` - user handles resolve as subdomains, so every user's handle requires a matching cert SAN. 23 + You need a wildcard TLS cert covering `*.your-pds-hostname.example.com`. User handles are subdomains, so every handle needs a matching SAN. 24 24 25 25 An approach using Cert Manager would look something like this: 26 26 ··· 37 37 - "*.pds.example.com" 38 38 ``` 39 39 40 - If your PDS hostname is the apex domain (so handles are issued under it, not under a subdomain), include the apex in `dnsNames` alongside the wildcard. 40 + If you're using the apex domain for handles, include it in `dnsNames` alongside the wildcard. 41 41 42 42 --- 43 43 44 44 ## Secrets 45 45 46 - The three secrets primary key secrets (`JWT_SECRET`, `DPOP_SECRET`, `MASTER_KEY`) must never appear in a manifest or config file. Inject them as a Kubernetes Secret, sourced from wherever you manage secrets. 46 + The three primary key secrets (`JWT_SECRET`, `DPOP_SECRET`, `MASTER_KEY`) must never appear in a manifest or config file. Inject them as a Kubernetes Secret, sourced from wherever you manage secrets. 47 47 48 48 To create the Secret directly and manage rotation manually: 49 49 ··· 67 67 68 68 ## PostgreSQL 69 69 70 - CloudNativePG is an easy recommendation, an example for the purpose of Tranquil PDS: 70 + CloudNativePG works well here. Example cluster config: 71 71 72 72 ```yaml 73 73 apiVersion: postgresql.cnpg.io/v1 ··· 90 90 91 91 The `postgres-user-secret` Secret needs `username` and `password` keys. The password you put here is what goes into `DATABASE_URL`. 92 92 93 - Any standard Postgres setup works in place of CNPG. Tranquil does not require anything special for a basic installation. 93 + Any standard Postgres setup works fine here. 94 94 95 95 --- 96 96 ··· 179 179 claimName: pds-blobs 180 180 ``` 181 181 182 - `SERVER_HOST: "0.0.0.0"` is required — the default `127.0.0.1` isn't reachable by either the Kubelet for health checks or your ingress controller. 182 + `SERVER_HOST: "0.0.0.0"` is required. The default `127.0.0.1` won't be reachable by the Kubelet or your ingress controller. 183 183 184 184 --- 185 185 186 186 ## Ingress 187 187 188 - The ingress rule must match both the PDS hostname itself and the wildcard for user handles. 188 + The ingress needs rules for both the PDS hostname and the wildcard for user handles. 189 189 190 190 ```yaml 191 191 apiVersion: networking.k8s.io/v1
+3 -3
example.toml
··· 378 378 [email] 379 379 # Sender email address. When unset, email sending is disabled entirely. 380 380 # 381 - # Email is fully optional. However, at least one comms method (email, 382 - # Discord, Telegram, or Signal) must be configured for account 383 - # verification, password resets, and 2FA backup codes to work. 381 + # Email is optional, but at least one comms method (email, Discord, 382 + # Telegram, or Signal) must be set up for account verification, 383 + # password resets, and 2FA backup codes to work. 384 384 # 385 385 # Can also be specified via environment variable `MAIL_FROM_ADDRESS`. 386 386 #from_address =