infrastructure/clusters/cl01tl/helm/postiz/values.yaml

postiz:
  controllers:
    main:
      type: deployment
      replicas: 1
      strategy: Recreate
      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: ghcr.io/gitroomhq/postiz-app
            tag: v2.21.0
            pullPolicy: IfNotPresent
          env:
            - name: MAIN_URL
              value: https://postiz.alexlebens.dev
            - name: FRONTEND_URL
              value: https://postiz.alexlebens.dev
            - name: NEXT_PUBLIC_BACKEND_URL
              value: https://postiz.alexlebens.dev/api
            - name: JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: postiz-config-secret
                  key: JWT_SECRET
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: postiz-postgresql-18-cluster-app
                  key: uri
            - name: REDIS_URL
              valueFrom:
                secretKeyRef:
                  name: postiz-valkey-config
                  key: REDIS_URL
            - name: BACKEND_INTERNAL_URL
              value: http://localhost:3000
            - name: IS_GENERAL
              value: "true"
            - name: STORAGE_PROVIDER
              value: local
            - name: UPLOAD_DIRECTORY
              value: /uploads
            - name: NEXT_PUBLIC_UPLOAD_DIRECTORY
              value: /uploads
            - name: NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME
              value: Authentik
            - name: NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL
              value: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
            - name: POSTIZ_GENERIC_OAUTH
              value: "true"
            - name: POSTIZ_OAUTH_URL
              value: https://auth.alexlebens.dev
            - name: POSTIZ_OAUTH_AUTH_URL
              value: https://auth.alexlebens.dev/application/o/authorize/
            - name: POSTIZ_OAUTH_TOKEN_URL
              value: https://auth.alexlebens.dev/application/o/token/
            - name: POSTIZ_OAUTH_USERINFO_URL
              value: https://auth.alexlebens.dev/application/o/userinfo/
            - name: POSTIZ_OAUTH_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: postiz-oidc-secret
                  key: client
            - name: POSTIZ_OAUTH_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: postiz-oidc-secret
                  key: secret
            - name: POSTIZ_OAUTH_SCOPE
              value: openid profile email
          resources:
            requests:
              cpu: 10m
              memory: 128Mi
  service:
    main:
      controller: main
      ports:
        http:
          port: 80
          targetPort: 5000
          protocol: HTTP
  route:
    main:
      kind: HTTPRoute
      parentRefs:
        - group: gateway.networking.k8s.io
          kind: Gateway
          name: traefik-gateway
          namespace: traefik
      hostnames:
        - postiz.alexlebens.net
      rules:
        - backendRefs:
            - group: ''
              kind: Service
              name: postiz
              port: 80
              weight: 100
          matches:
            - path:
                type: PathPrefix
                value: /
  persistence:
    config:
      forceRename: postiz-config
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 2Gi
      retain: true
      advancedMounts:
        main:
          main:
            - path: /config
              readOnly: false
    uploads:
      forceRename: postiz-uploads
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 10Gi
      retain: true
      advancedMounts:
        main:
          main:
            - path: /uploads
              readOnly: false
postgres-18-cluster:
  mode: recovery
  recovery:
    method: objectStore
    objectStore:
      index: 1
  backup:
    objectStore:
      - name: garage-local
        index: 1
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
      # - name: garage-remote
      #   index: 1
      #   destinationBucket: postgres-backups
      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
      #   retentionPolicy: "90d"
      #   data:
      #     compression: bzip2
      # - name: external
      #   index: 1
      #   endpointURL: https://nyc3.digitaloceanspaces.com
      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
      #   isWALArchiver: false
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 20 15 * * *"
        backupName: garage-local
      # - name: weekly-backup
      #   suspend: true
      #   immediate: true
      #   schedule: "0 0 4 * * SAT"
      #   backupName: garage-remote
      # - name: daily-backup
      #   suspend: true
      #   immediate: true
      #   schedule: "0 0 0 * * *"
      #   backupName: external
valkey:
  valkey:
    auth:
      enabled: true
      usersExistingSecret: postiz-valkey-config
      aclUsers:
        default:
          permissions: "~* &* +@all"
    metrics:
      enabled: false
volsync-target-config:
  pvcTarget: postiz-config
  local:
    enabled: true
    schedule: 52 8 * * *
  remote:
    enabled: true
    schedule: 52 9 * * *
  external:
    enabled: true
    schedule: 52 10 * * *
volsync-target-upload:
  pvcTarget: postiz-uploads
  local:
    enabled: true
    schedule: 54 8 * * *
  remote:
    enabled: true
    schedule: 54 9 * * *
  external:
    enabled: true
    schedule: 54 10 * * *