postiz-helmchart/charts/postiz/values.yaml

replicaCount: 1

image:
  repository: ghcr.io/gitroomhq/postiz-app
  pullPolicy: IfNotPresent
  tag: "latest"

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

serviceAccount:
  create: true
  annotations: {}
  name: ""

podAnnotations: {}

podSecurityContext: {}

securityContext: {}

service:
  type: ClusterIP
  port: 80
  additionalPorts: []

ingress:
  enabled: false
  className: ""
  annotations: {}
  hosts:
    - host: chart-example.local
      paths:
        - path: /
          pathType: Prefix
          port: 80
  tls: []
  extraRules: []

resources: {}

extraContainers: []

extraVolumes: []
extraVolumeMounts: []

autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80

nodeSelector: {}

tolerations: []

affinity: {}

# PostgreSQL configuration (Bitnami sub-chart)
postgresql:
  enabled: true
  auth:
    username: postiz
    password: postiz-password
    database: postiz
    # postgresPassword is used by the temporal init job to create the temporal user.
    # Set this explicitly; if left empty, Bitnami generates a random password
    # that the init job cannot retrieve.
    postgresPassword: ""
  service:
    ports:
      postgresql: 5432

# Redis configuration (Bitnami sub-chart)
redis:
  enabled: true
  auth:
    password: postiz-redis-password
  master:
    service:
      ports:
        redis: 6379

# Temporal workflow orchestration (required since Postiz v2.12.0)
# temporal.enabled=true  → deploys Temporal alongside Postiz using the postgresql sub-chart
# temporal.enabled=false → Temporal must be deployed separately; set temporal.address
temporal:
  enabled: true
  # address: override auto-computed service address (<release>-temporal:7233)
  address: ""
  namespace: "default"
  tls: false
  # apiKey: only required for Temporal Cloud; leave empty for self-hosted
  apiKey: ""
  image:
    repository: temporalio/auto-setup
    tag: "1.28.1"
    pullPolicy: IfNotPresent
  postgresql:
    # Credentials for the temporal user created in the shared PostgreSQL instance.
    # The init job creates this user via the postgres superuser before Temporal starts.
    user: temporal
    password: ""
    # seeds: PostgreSQL hostname. Defaults to the Bitnami postgresql sub-chart service.
    seeds: ""

# Non-sensitive environment variables (injected via ConfigMap)
env:
  # === Required ===
  FRONTEND_URL: "http://localhost:4200"
  NEXT_PUBLIC_BACKEND_URL: "http://localhost:3000"
  BACKEND_INTERNAL_URL: "http://localhost:3000"

  # === Application behaviour ===
  IS_GENERAL: "true"
  NX_ADD_PLUGINS: "false"
  MAIN_URL: ""
  DISABLE_REGISTRATION: "false"
  RUN_CRON: ""
  API_LIMIT: "90"
  RESTRICT_UPLOAD_DOMAINS: ""
  DISALLOW_PLUS: ""
  DISABLE_IMAGE_COMPRESSION: "false"
  MOBILE_APP_SCHEME: ""
  NOT_SECURED: "false"

  # === Storage ===
  STORAGE_PROVIDER: "local"
  UPLOAD_DIRECTORY: ""
  NEXT_PUBLIC_UPLOAD_STATIC_DIRECTORY: ""
  CLOUDFLARE_REGION: "auto"

  # === Email ===
  EMAIL_PROVIDER: "resend"
  EMAIL_HOST: ""
  EMAIL_PORT: ""
  EMAIL_SECURE: "false"
  EMAIL_FROM_ADDRESS: ""
  EMAIL_FROM_NAME: ""

  # === OAuth / OIDC sign-in ===
  POSTIZ_GENERIC_OAUTH: "false"
  POSTIZ_OAUTH_URL: ""
  POSTIZ_OAUTH_AUTH_URL: ""
  POSTIZ_OAUTH_TOKEN_URL: ""
  POSTIZ_OAUTH_USERINFO_URL: ""
  POSTIZ_OAUTH_SCOPE: "openid profile email"
  NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME: ""
  NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL: ""

  # === Social providers — non-sensitive settings ===
  X_URL: ""
  DISABLE_X_ANALYTICS: ""
  STRIP_LINKS_FROM_X_POSTS: ""
  MASTODON_URL: "https://mastodon.social"
  NEYNAR_LOGIN_URL: ""
  MEWE_HOST: ""

  # === MCP / Agent ===
  MCP_URL: ""
  BACKEND_URL: ""

  # === Payments ===
  FEE_AMOUNT: "0.05"

  # === Analytics & tracking (frontend) ===
  NEXT_PUBLIC_SENTRY_DSN: ""
  NEXT_PUBLIC_GTM_ID: ""
  NEXT_PUBLIC_FACEBOOK_PIXEL: ""
  NEXT_PUBLIC_POSTHOG_HOST: ""
  NEXT_PUBLIC_POSTHOG_KEY: ""
  SENTRY_ORG: ""
  SENTRY_PROJECT: ""
  SENTRY_SPOTLIGHT: "false"

  # === Misc frontend ===
  NEXT_PUBLIC_DISCORD_SUPPORT: ""
  NEXT_PUBLIC_POLOTNO: ""
  NEXT_PUBLIC_VERSION: ""
  NEXT_PUBLIC_APP_VERSION: ""
  NEXT_PUBLIC_OVERRIDE_BACKEND_URL: ""

  # === Runtime ===
  PORT: "3000"
  TZ: "UTC"
  NODE_ENV: "production"

# Sensitive environment variables (injected via Secret)
secrets:
  # === Required ===
  DATABASE_URL: ""
  REDIS_URL: ""
  JWT_SECRET: ""

  # === Storage — Cloudflare R2 ===
  CLOUDFLARE_ACCOUNT_ID: ""
  CLOUDFLARE_ACCESS_KEY: ""
  CLOUDFLARE_SECRET_ACCESS_KEY: ""
  CLOUDFLARE_BUCKETNAME: ""
  CLOUDFLARE_BUCKET_URL: ""

  # === Email ===
  RESEND_API_KEY: ""
  EMAIL_USER: ""
  EMAIL_PASS: ""

  # === OAuth / OIDC sign-in ===
  POSTIZ_OAUTH_CLIENT_ID: ""
  POSTIZ_OAUTH_CLIENT_SECRET: ""

  # === Social providers ===
  X_API_KEY: ""
  X_API_SECRET: ""
  LINKEDIN_CLIENT_ID: ""
  LINKEDIN_CLIENT_SECRET: ""
  REDDIT_CLIENT_ID: ""
  REDDIT_CLIENT_SECRET: ""
  GITHUB_CLIENT_ID: ""
  GITHUB_CLIENT_SECRET: ""
  FACEBOOK_APP_ID: ""
  FACEBOOK_APP_SECRET: ""
  INSTAGRAM_APP_ID: ""
  INSTAGRAM_APP_SECRET: ""
  THREADS_APP_ID: ""
  THREADS_APP_SECRET: ""
  YOUTUBE_CLIENT_ID: ""
  YOUTUBE_CLIENT_SECRET: ""
  GOOGLE_GMB_CLIENT_ID: ""
  GOOGLE_GMB_CLIENT_SECRET: ""
  TIKTOK_CLIENT_ID: ""
  TIKTOK_CLIENT_SECRET: ""
  PINTEREST_CLIENT_ID: ""
  PINTEREST_CLIENT_SECRET: ""
  DRIBBBLE_CLIENT_ID: ""
  DRIBBBLE_CLIENT_SECRET: ""
  DISCORD_CLIENT_ID: ""
  DISCORD_CLIENT_SECRET: ""
  DISCORD_BOT_TOKEN_ID: ""
  SLACK_ID: ""
  SLACK_SECRET: ""
  SLACK_SIGNING_SECRET: ""
  TELEGRAM_TOKEN: ""
  TELEGRAM_BOT_NAME: ""
  MASTODON_CLIENT_ID: ""
  MASTODON_CLIENT_SECRET: ""
  NEYNAR_CLIENT_ID: ""
  NEYNAR_SECRET_KEY: ""
  MEWE_APP_ID: ""
  MEWE_API_KEY: ""
  TWITCH_CLIENT_ID: ""
  TWITCH_CLIENT_SECRET: ""
  KICK_CLIENT_ID: ""
  KICK_SECRET: ""
  VK_ID: ""
  WHOP_CLIENT_ID: ""
  BEEHIIVE_API_KEY: ""
  BEEHIIVE_PUBLICATION_ID: ""
  LISTMONK_DOMAIN: ""
  LISTMONK_USER: ""
  LISTMONK_API_KEY: ""
  LISTMONK_LIST_ID: ""
  LISTMONK_WELCOME_TEMPLATE_ID: ""
  EXTENSION_ID: ""

  # === AI / Generation ===
  OPENAI_API_KEY: ""
  OPENAI_APP_CHALLANGE: ""
  ELEVENSLABS_API_KEY: ""
  FAL_KEY: ""
  TAVILY_API_KEY: ""
  KIEAI_API_KEY: ""
  TRANSLOADIT_AUTH: ""
  TRANSLOADIT_SECRET: ""
  TRANSLOADIT_TEMPLATE: ""

  # === Payments ===
  STRIPE_PUBLISHABLE_KEY: ""
  STRIPE_SECRET_KEY: ""
  STRIPE_SIGNING_KEY: ""
  STRIPE_SIGNING_KEY_CONNECT: ""
  STRIPE_DISCOUNT_ID: ""
  NOWPAYMENTS_API_KEY: ""
  NOWPAYMENTS_AMOUNT: ""

  # === Analytics secrets ===
  FACEBOOK_PIXEL_ACCESS_TOKEN: ""
  NEXT_PUBLIC_TRACKING_TRIAL: ""
  DATAFAST_API_KEY: ""
  DATAFAST_WEBSITE_ID: ""
  SENTRY_AUTH_TOKEN: ""

  # === MCP / Agent ===
  AGENT_API_KEY: ""
  AGENT_MEDIA_SSO_KEY: ""

  # === Short-link providers ===
  DUB_TOKEN: ""
  SHORT_IO_SECRET_KEY: ""
  KUTT_API_KEY: ""
  LINK_DRIP_API_KEY: ""