fix(gotosocial): begin switch to SQLite

2026-01-27 18:18:26 +00:00 · 2025-11-06 01:50:31 +08:00
parent 6f837cb3d7
commit f44faacea7
2 changed files with 55 additions and 46 deletions
--- a/kube/deploy/apps/gotosocial/app/hr.yaml
+++ b/kube/deploy/apps/gotosocial/app/hr.yaml
@@ -32,10 +32,11 @@ spec:
            prom.home.arpa/kps: "allow"
            fluentbit.io/parser: "logfmt"
        containers:
-          main:
+          app:
            image: &img
              repository: "docker.io/superseriousbusiness/gotosocial"
              tag: "0.18.3@sha256:5eb48f2273092126e71e1290c80c92df90ba3ef72b1e81de070ae38fd5d85d27"
+            command: ["/bin/sh", "-c", "sleep 3600"]
            env: &env
              TZ: "${CONFIG_TZ}"
              GTS_APPLICATION_NAME: "The JJGadgets Hut"
@@ -51,29 +52,30 @@ spec:
              GTS_OIDC_ENABLED: "true"
              GTS_OIDC_IDP_NAME: "JJGadgets Auth"
              # OIDC secrets in ExternalSecret envFrom
-              GTS_DB_TYPE: "postgres"
-              GTS_DB_TLS_MODE: "enable"
-              GTS_DB_TLS_CA_CERT: &pgca /secrets/pg/ca.crt
-              GTS_DB_ADDRESS: "pg-gotosocial-pgbouncer.gotosocial.svc.cluster.local"
-              #  valueFrom:
-              #    secretKeyRef:
-              #      name: &pgsec "pg-gotosocial-pguser-gotosocial"
-              #      key: "pgbouncer-host"
-              GTS_DB_DATABASE:
-                valueFrom:
-                  secretKeyRef:
-                    name: &pgsec "pg-gotosocial-pguser-gotosocial"
-                    key: "dbname"
-              GTS_DB_USER:
-                valueFrom:
-                  secretKeyRef:
-                    name: *pgsec
-                    key: "user"
-              GTS_DB_PASSWORD:
-                valueFrom:
-                  secretKeyRef:
-                    name: *pgsec
-                    key: "password"
+              GTS_DB_TYPE: "sqlite"
+              GTS_DB_ADDRESS: "/gotosocial/storage/sqlite.db"
+              # GTS_DB_TLS_MODE: "enable"
+              # GTS_DB_TLS_CA_CERT: &pgca /secrets/pg/ca.crt
+              # GTS_DB_ADDRESS: "pg-gotosocial-pgbouncer.gotosocial.svc.cluster.local"
+              # #  valueFrom:
+              # #    secretKeyRef:
+              # #      name: &pgsec "pg-gotosocial-pguser-gotosocial"
+              # #      key: "pgbouncer-host"
+              # GTS_DB_DATABASE:
+              #   valueFrom:
+              #     secretKeyRef:
+              #       name: &pgsec "pg-gotosocial-pguser-gotosocial"
+              #       key: "dbname"
+              # GTS_DB_USER:
+              #   valueFrom:
+              #     secretKeyRef:
+              #       name: *pgsec
+              #       key: "user"
+              # GTS_DB_PASSWORD:
+              #   valueFrom:
+              #     secretKeyRef:
+              #       name: *pgsec
+              #       key: "password"
              #GTS_STORAGE_LOCAL_BASE_PATH: &media "/gotosocial/storage"
              GTS_STORAGE_BACKEND: "s3"
              GTS_STORAGE_S3_PROXY: "true"
@@ -106,16 +108,16 @@ spec:
              limits:
                cpu: "1"
                memory: 1536Mi
-            probes:
-              liveness:
-                enabled: true
-              readiness:
-                enabled: true
-              startup: # in case of large DB migrations
-                enabled: true
-                spec:
-                  periodSeconds: 1
-                  failureThreshold: 14400
+            # probes:
+            #   liveness:
+            #     enabled: true
+            #   readiness:
+            #     enabled: true
+            #   startup: # in case of large DB migrations
+            #     enabled: true
+            #     spec:
+            #       periodSeconds: 1
+            #       failureThreshold: 14400
    service:
      app:
        controller: app
@@ -154,18 +156,25 @@ spec:
                path: /api/v1/media
        tls: *tls
    persistence:
+      data:
+        existingClaim: gotosocial-data
+        advancedMounts:
+          app:
+            app:
+              - subPath: data
+                path: /gotosocial/storage
      tmp:
        type: emptyDir
        medium: Memory
        sizeLimit: 128Mi
-      pg-ca:
-        type: secret
-        #name: pg-authentik-pgbouncer
-        name: pg-gotosocial-cluster-cert
-        defaultMode: 0400
-        globalMounts:
-          - subPath: ca.crt
-            path: *pgca
+      # pg-ca:
+      #   type: secret
+      #   #name: pg-authentik-pgbouncer
+      #   name: pg-gotosocial-cluster-cert
+      #   defaultMode: 0400
+      #   globalMounts:
+      #     - subPath: ca.crt
+      #       path: *pgca
    defaultPodOptions:
      automountServiceAccountToken: false
      enableServiceLinks: false
@@ -175,7 +184,7 @@ spec:
      hostUsers: false
      securityContext:
        runAsNonRoot: true # TODO: tmp migrate
-        runAsUser: &uid 1000
+        runAsUser: &uid 65534
        runAsGroup: *uid
        fsGroup: *uid
        fsGroupChangePolicy: Always
--- a/kube/deploy/apps/gotosocial/ks.yaml
+++ b/kube/deploy/apps/gotosocial/ks.yaml
@@ -37,9 +37,9 @@ spec:
      SC: &sc "file"
      SNAP: *sc
      ACCESSMODE: "ReadWriteMany"
-      RUID: "568"
-      RGID: "568"
-      RFSG: "568"
+      RUID: "65534"
+      RGID: "65534"
+      RFSG: "65534"
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization