postiz: controllers: main: type: deployment replicas: 1 strategy: Recreate containers: main: image: repository: ghcr.io/gitroomhq/postiz-app tag: v2.21.4@sha256:a339e9ee256537526d0eda19e5919e01fa7649a40596ebec5d9e1389850836bc env: - name: JWT_SECRET valueFrom: secretKeyRef: name: postiz-config-secret key: JWT_SECRET - name: MAIN_URL value: https://postiz.alexlebens.dev - name: FRONTEND_URL value: https://postiz.alexlebens.dev - name: NEXT_PUBLIC_BACKEND_URL value: https://postiz.alexlebens.dev/api - name: BACKEND_INTERNAL_URL value: http://temporal:3000 - name: TEMPORAL_ADDRESS value: temporal:3000 - name: DATABASE_URL valueFrom: secretKeyRef: name: postiz-postgresql-18-cluster-app key: uri - name: REDIS_URL valueFrom: secretKeyRef: name: postiz-valkey-config key: REDIS_URL - name: IS_GENERAL value: "true" - name: DISABLE_REGISTRATION value: "false" - name: RUN_CRON value: "true" - name: STORAGE_PROVIDER value: local - name: UPLOAD_DIRECTORY value: /uploads - name: NEXT_PUBLIC_UPLOAD_DIRECTORY value: /uploads - name: NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME value: Authentik - name: NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL value: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png - name: POSTIZ_GENERIC_OAUTH value: "true" - name: POSTIZ_OAUTH_URL value: https://auth.alexlebens.dev - name: POSTIZ_OAUTH_AUTH_URL value: https://auth.alexlebens.dev/application/o/authorize/ - name: POSTIZ_OAUTH_TOKEN_URL value: https://auth.alexlebens.dev/application/o/token/ - name: POSTIZ_OAUTH_USERINFO_URL value: https://auth.alexlebens.dev/application/o/userinfo/ - name: POSTIZ_OAUTH_CLIENT_ID valueFrom: secretKeyRef: name: postiz-oidc-secret key: client - name: POSTIZ_OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: name: postiz-oidc-secret key: secret - name: POSTIZ_OAUTH_SCOPE value: openid profile email - name: NEXT_PUBLIC_SENTRY_DSN value: http://spotlight:8969/stream - name: SENTRY_SPOTLIGHT value: "1" resources: requests: cpu: 10m memory: 1Gi spotlight: type: deployment replicas: 1 strategy: Recreate containers: main: image: repository: ghcr.io/getsentry/spotlight tag: 4.11.3@sha256:be6eb5b5d0df882025dcef138c217d493e6dcb684aebc235bc1b2832eb347c7f resources: requests: cpu: 10m memory: 40Mi service: main: controller: main ports: http: port: 80 targetPort: 5000 spotlight: controller: spotlight ports: http: port: 8969 targetPort: 8969 persistence: config: forceRename: postiz-config storageClass: ceph-block accessMode: ReadWriteOnce size: 2Gi advancedMounts: main: main: - path: /config readOnly: false uploads: forceRename: postiz-uploads storageClass: ceph-block accessMode: ReadWriteOnce size: 10Gi advancedMounts: main: main: - path: /uploads readOnly: false temporal: server: image: repository: temporalio/server tag: 1.30.3@sha256:a3d0f727caad0ecca5dc6e94766135aab448551f2c6c0d33d3c67576458e6a0d metrics: serviceMonitor: enabled: true resources: requests: cpu: 10m memory: 60Mi config: logLevel: "debug,info" persistence: datastores: default: sql: pluginName: postgres12 driverName: postgres12 databaseName: temporal connectAddr: postiz-postgresql-18-cluster-rw.postiz:5432 connectProtocol: "tcp" user: postgres existingSecret: postiz-postgresql-18-cluster-superuser secretKey: password tls: enabled: false visibility: sql: pluginName: postgres12 driverName: postgres12 databaseName: temporal_visibility connectAddr: postiz-postgresql-18-cluster-rw.postiz:5432 connectProtocol: "tcp" user: postgres existingSecret: postiz-postgresql-18-cluster-superuser secretKey: password tls: enabled: false frontend: ingress: enabled: false metrics: serviceMonitor: enabled: true resources: requests: cpu: 10m memory: 60Mi history: metrics: serviceMonitor: enabled: true resources: requests: cpu: 10m memory: 60Mi matching: metrics: serviceMonitor: enabled: true resources: requests: cpu: 10m memory: 60Mi worker: metrics: serviceMonitor: enabled: true resources: requests: cpu: 10m memory: 60Mi admintools: image: repository: temporalio/admin-tools tag: 1.30.3@sha256:2c2272b008f1af295b3719963e6feeef64f838d1105d895cf6acfcf96dd31741 resources: requests: cpu: 10m memory: 60Mi web: image: repository: temporalio/ui tag: 2.48.1@sha256:edb5dd1b3e0ddb35611939dde9b573533afd6fbafbbf077b73c7131a30ca91ff resources: requests: cpu: 10m memory: 60Mi postgres-18-cluster: mode: standalone cluster: enableSuperuserAccess: true recovery: method: objectStore objectStore: index: 1 backup: objectStore: - name: garage-local index: 1 destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 20 15 * * *" backupName: garage-local databases: - name: temporal ensure: present owner: app - name: temporal_visibility ensure: present owner: app valkey: valkey: auth: enabled: true usersExistingSecret: postiz-valkey-config aclUsers: default: permissions: "~* &* +@all" # No option to configure metrics when auth is enabled # https://github.com/valkey-io/valkey-helm/issues/135 metrics: enabled: false volsync-target-config: pvcTarget: postiz-config local: enabled: true schedule: 52 8 * * * remote: enabled: true schedule: 52 9 * * * external: enabled: true schedule: 52 10 * * * volsync-target-upload: pvcTarget: postiz-uploads local: enabled: true schedule: 54 8 * * * remote: enabled: true schedule: 54 9 * * * external: enabled: true schedule: 54 10 * * *