dsx.sh / tranquil-pds
forked from tranquil.farm/tranquil-pds
Our Personal Data Server from scratch!
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

expanding example.toml a tiny bit and reworking k8s a little

Dylan Shepard 697cf8c2 44c7255f

+33 -8
+5 -4
docs/install-kubernetes.md
··· 6 6 - a PersistentVolume for blob storage 7 7 - the app itself (it's just a container with some env vars) 8 8 9 - See [configuration.md](configuration.md) for what each env var does and why the secret ones matter. This guide covers the Kubernetes-specific wiring. 9 + See `example.toml` for what each config option does and why the secret ones matter. This guide covers the Kubernetes-specific wiring. 10 10 11 - Simply, the container image expects: 11 + Minimally, the container image expects: 12 12 - A TOML config file mounted at `/etc/tranquil-pds/config.toml` (or passed via `--config`) 13 13 - `DATABASE_URL` - postgres connection string 14 14 - `BLOB_STORAGE_PATH` - path to blob storage (mount a PV here) ··· 20 20 21 21 ## TLS and DNS 22 22 23 - You need a wildcard TLS certificate covering `*.your-pds-hostname.example.com` — user handles resolve as subdomains, so every user's handle requires a matching cert SAN. 23 + You need a wildcard TLS certificate covering `*.your-pds-hostname.example.com` - user handles resolve as subdomains, so every user's handle requires a matching cert SAN. 24 24 25 25 An approach using Cert Manager would look something like this: 26 26 ··· 226 226 227 227 ## Custom homepage 228 228 229 - Mount a ConfigMap with your `homepage.html` into the container's frontend directory and it becomes your landing page. The account dashboard lives at `/app/` so you won't displace it. 229 + Mount a ConfigMap with your `homepage.html` into the container's frontend directory and it becomes your landing page. Go nuts with it. Account dashboard is at `/app/` so you won't break anything. 230 + 230 231 231 232 ```yaml 232 233 apiVersion: v1
+28 -4
example.toml
··· 1 + # Configuration is loaded in this order: 2 + # 3 + # 1. Environment variables (highest priority, always win) 4 + # 2. A custom config file, either passed with --config or the file 5 + # referenced in the TRANQUIL_PDS_CONFIG environment variable 6 + # 3. /etc/tranquil-pds/config.toml (always loaded as a base, even when 7 + # a custom config path is specified) 8 + # 9 + # Useful commands: 10 + # tranquil-pds validate - validate your config without starting 11 + # tranquil-pds config-template - generate a commented example.toml 12 + 1 13 [server] 2 14 # Public hostname of the PDS, such as `pds.example.com`. 3 15 # ··· 142 154 #acquire_timeout_secs = 10 143 155 144 156 [secrets] 145 - # Secret used for signing JWTs. Must be at least 32 characters in 157 + # Secret used for signing session JWTs. Must be at least 32 characters in 146 158 # production. 147 159 # 148 160 # Can also be specified via environment variable `JWT_SECRET`. ··· 355 367 # Default value: 4 356 368 #max_concurrent_repo_exports = 4 357 369 358 - # List of relay / crawler notification URLs. 370 + # List of relay / crawler notification URLs. Notified when new events are 371 + # committed to an account's repo. 372 + # 373 + # Defaults to [ "https://bsky.network" ] when unset. 359 374 # 360 375 # Can also be specified via environment variable `CRAWLERS`. 361 376 #crawlers = 362 377 363 378 [email] 364 - # Sender email address. When unset, email sending is disabled. 379 + # Sender email address. When unset, email sending is disabled entirely. 380 + # 381 + # Email is fully optional. However, at least one comms method (email, 382 + # Discord, Telegram, or Signal) must be configured for account 383 + # verification, password resets, and 2FA backup codes to work. 365 384 # 366 385 # Can also be specified via environment variable `MAIL_FROM_ADDRESS`. 367 386 #from_address = ··· 469 488 #require_tls = false 470 489 471 490 [email.dkim] 472 - # DKIM selector. When unset, outgoing mail is not signed. 491 + # DKIM signing configuration. 492 + # 493 + # The corresponding DNS TXT record at <selector>._domainkey.<domain> must 494 + # be published before mail is sent. 495 + # 496 + # DKIM selector. When unset, outgoing mail is not DKIM-signed. 473 497 # 474 498 # Can also be specified via environment variable `MAIL_DKIM_SELECTOR`. 475 499 #selector =