{{- $domain := "club.pati.to" -}} ########################### ##### GENERAL CONFIG ###### ########################### # String. Log level to use throughout the application. Must be lower-case. # Options: ["trace","debug","info","warn","error","fatal"] # Default: "info" log-level: "info" log-db-queries: false application-name: "club patito" # String. Hostname that this server will be reachable at. Defaults to localhost for local testing, # but you should *definitely* change this when running for real, or your server won't work at all. # DO NOT change this after your server has already run once, or you will break things! # Examples: ["gts.example.org","some.server.com"] # Default: "localhost" host: "{{ $domain }}" # String. Domain to use when federating profiles. This is useful when you want your server to be at # eg., "gts.example.org", but you want the domain on accounts to be "example.org" because it looks better # or is just shorter/easier to remember. # To make this setting work properly, you need to redirect requests at "example.org/.well-known/webfinger" # to "gts.example.org/.well-known/webfinger" so that GtS can handle them properly. # You should also redirect requests at "example.org/.well-known/nodeinfo" in the same way. # An empty string (ie., not set) means that the same value as 'host' will be used. # DO NOT change this after your server has already run once, or you will break things! # Examples: ["example.org","server.com"] # Default: "" account-domain: "{{ $domain }}" # String. Protocol to use for the server. Only change to http for local testing! # This should be the protocol part of the URI that your server is actually reachable on. So even if you're # running GoToSocial behind a reverse proxy that handles SSL certificates for you, instead of using built-in # letsencrypt, it should still be https. # Options: ["http","https"] # Default: "https" protocol: "https" # String. Address to bind the GoToSocial server to. # This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname. # Default value will bind to all interfaces. # You probably won't need to change this unless you're setting GoToSocial up in some fancy way or # you have specific networking requirements. # Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"] # Default: "0.0.0.0" bind-address: "0.0.0.0" # Int. Listen port for the GoToSocial webserver + API. If you're running behind a reverse proxy and/or in a docker, # container, just set this to whatever you like (or leave the default), and make sure it's forwarded properly. # If you are running with built-in letsencrypt enabled, and running GoToSocial directly on a host machine, you will # probably want to set this to 443 (standard https port), unless you have other services already using that port. # This *MUST NOT* be the same as the letsencrypt port specified below, unless letsencrypt is turned off. # Examples: [443, 6666, 8080] # Default: 8080 port: {{ env "NOMAD_PORT_gotosocial" }} # Array of string. CIDRs or IP addresses of proxies that should be trusted when determining real client IP from behind a reverse proxy. # If you're running inside a Docker container behind Traefik or Nginx, for example, add the subnet of your docker network, # or the gateway of the docker network, and/or the address of the reverse proxy (if it's not running on the host network). # Example: ["127.0.0.1/32", "172.20.0.1"] # Default: ["127.0.0.1/32", "::1"] (localhost ipv4 + ipv6) trusted-proxies: - "10.100.0.0/20" - "127.0.0.1/32" - "::1" ############################ ##### DATABASE CONFIG ###### ############################ # Config pertaining to the Gotosocial database connection # String. Database type. # Options: ["postgres","sqlite"] # Default: "postgres" db-type: "sqlite" # String. Database address or parameters. # # For Postgres, this should be the address or socket at which the database can be reached. # # For Sqlite, this should be the path to your sqlite database file. Eg., /opt/gotosocial/sqlite.db. # If the file doesn't exist at the specified path, it will be created. # If just a filename is provided (no directory) then the database will be created in the same directory # as the GoToSocial binary. # If address is set to :memory: then an in-memory database will be used (no file). # WARNING: :memory: should NOT BE USED except for testing purposes. # # Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db"] # Default: "" db-address: "/alloc/gotosocial.db" # String. SQLite journaling mode. # SQLite only -- unused otherwise. # If set to empty string, the sqlite default will be used. # See: https://www.sqlite.org/pragma.html#pragma_journal_mode # Examples: ["DELETE", "TRUNCATE", "PERSIST", "MEMORY", "WAL", "OFF"] # Default: "WAL" db-sqlite-journal-mode: "WAL" ###################### ##### WEB CONFIG ##### ###################### # Config pertaining to templating and serving of web pages/email notifications and the like # String. Directory from which gotosocial will attempt to load html templates (.tmpl files). # Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"] # Default: "./web/template/" web-template-base-dir: "/gotosocial/web/template/" # String. Directory from which gotosocial will attempt to serve static web assets (images, scripts). # Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"] # Default: "./web/assets/" web-asset-base-dir: "/gotosocial/web/assets/" ########################### ##### INSTANCE CONFIG ##### ########################### # Config pertaining to instance federation settings, pages to hide/expose, etc. # Bool. Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=open in order # to see a list of instances that this instance 'peers' with. Even if set to 'false', then authenticated # users (members of the instance) will still be able to query the endpoint. # Options: [true, false] # Default: false instance-expose-peers: false # Bool. Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=suspended in order # to see a list of instances that this instance blocks/suspends. This will also allow unauthenticated # users to see the list through the web UI. Even if set to 'false', then authenticated users (members # of the instance) will still be able to query the endpoint. # Options: [true, false] # Default: false instance-expose-suspended: false # Bool. This flag tweaks whether GoToSocial will deliver ActivityPub messages # to the shared inbox of a recipient, if one is available, instead of delivering # each message to each actor who should receive a message individually. # # Shared inbox delivery can significantly reduce network load when delivering # to multiple recipients share an inbox (eg., on large Mastodon instances). # # See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery # # Options: [true, false] # Default: true instance-deliver-to-shared-inboxes: true ########################### ##### ACCOUNTS CONFIG ##### ########################### # Config pertaining to creation and maintenance of accounts on the server, as well as defaults for new accounts. # Bool. Do we want people to be able to just submit sign up requests, or do we want invite only? # Options: [true, false] # Default: true accounts-registration-open: true # Bool. Do sign up requests require approval from an admin/moderator before an account can sign in/use the server? # Options: [true, false] # Default: true accounts-approval-required: true # Bool. Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)? # Options: [true, false] # Default: true accounts-reason-required: true # Bool. Allow accounts on this instance to set custom CSS for their profile pages and statuses. # Enabling this setting will allow accounts to upload custom CSS via the /user settings page, # which will then be rendered on the web view of the account's profile and statuses. # # For instances with public sign ups, it is **HIGHLY RECOMMENDED** to leave this setting on 'false', # since setting it to true allows malicious accounts to make their profile pages misleading, unusable # or even dangerous to visitors. In other words, you should only enable this setting if you trust # the users on your instance not to produce harmful CSS. # # Regardless of what this value is set to, any uploaded CSS will not be federated to other instances, # it will only be shown on profiles and statuses on *this* instance. # # Options: [true, false] # Default: false accounts-allow-custom-css: false ######################## ##### MEDIA CONFIG ##### ######################## # Config pertaining to media uploads (videos, image, image descriptions, emoji). # Int. Maximum allowed image upload size in bytes. # Examples: [2097152, 10485760] # Default: 10485760 -- aka 10MB media-image-max-size: 10485760 # Int. Maximum allowed video upload size in bytes. # Examples: [2097152, 10485760] # Default: 41943040 -- aka 40MB media-video-max-size: 41943040 # Int. Minimum amount of characters required as an image or video description. # Examples: [500, 1000, 1500] # Default: 0 (not required) media-description-min-chars: 0 # Int. Maximum amount of characters permitted in an image or video description. # Examples: [500, 1000, 1500] # Default: 500 media-description-max-chars: 500 # Int. Number of days to cache media from remote instances before they are removed from the cache. # A job will run every day at midnight to clean up any remote media older than the given amount of days. # # When remote media is removed from the cache, it is deleted from storage but the database entries for the media # are kept so that it can be fetched again if requested by a user. # # If this is set to 0, then media from remote instances will be cached indefinitely. # Examples: [30, 60, 7, 0] # Default: 30 media-remote-cache-days: 30 # Int. Max size in bytes of emojis uploaded to this instance via the admin API. # The default is the same as the Mastodon size limit for emojis (50kb), which allows # for good interoperability. Raising this limit may cause issues with federation # of your emojis to other instances, so beware. # Examples: [51200, 102400] # Default: 51200 media-emoji-local-max-size: 51200 # Int. Max size in bytes of emojis to download from other instances. # By default this is 100kb, or twice the size of the default for media-emoji-local-max-size. # This strikes a good balance between decent interoperability with instances that have # higher emoji size limits, and not taking up too much space in storage. # Examples: [51200, 102400] # Default: 51200 media-emoji-remote-max-size: 102400 ########################## ##### STORAGE CONFIG ##### ########################## # Config pertaining to storage of user-created uploads (videos, images, etc). # String. Type of storage backend to use. # Examples: ["local", "s3"] # Default: "local" (storage on local disk) storage-backend: "s3" {{ with secret "cfg/svc/tree/pati.to:club" }} storage-s3-endpoint: "{{ .Data.cdn.endpoint }}" storage-s3-access-key: "{{ .Data.cdn.key }}" storage-s3-secret-key: "{{ .Data.cdn.secret }}" storage-s3-bucket: "{{ .Data.cdn.bucket }}" {{- end }} ########################### ##### STATUSES CONFIG ##### ########################### # Config pertaining to the creation of statuses/posts, and permitted limits. # Int. Maximum amount of characters permitted for a new status. # Note that going way higher than the default might break federation. # Examples: [140, 500, 5000] # Default: 5000 statuses-max-chars: 1024 # Int. Maximum amount of characters allowed in the CW/subject header of a status. # Note that going way higher than the default might break federation. # Examples: [100, 200] # Default: 100 statuses-cw-max-chars: 100 # Int. Maximum amount of options to permit when creating a new poll. # Note that going way higher than the default might break federation. # Examples: [4, 6, 10] # Default: 6 statuses-poll-max-options: 6 # Int. Maximum amount of characters to permit per poll option when creating a new poll. # Note that going way higher than the default might break federation. # Examples: [50, 100, 150] # Default: 50 statuses-poll-option-max-chars: 50 # Int. Maximum amount of media files that can be attached to a new status. # Note that going way higher than the default might break federation. # Examples: [4, 6, 10] # Default: 6 statuses-media-max-files: 6 ####################### ##### SMTP CONFIG ##### ####################### {{ with secret "cfg/svc/tree/pati.to:club" -}} smtp-host: "{{ .Data.smtp.host }}" smtp-port: {{ .Data.smtp.port }} smtp-username: "{{ .Data.smtp.username }}" smtp-password: "{{ .Data.smtp.password }}" smtp-from: "no-reply@mail.{{ $domain }}" {{- end }} ############################# ##### ADVANCED SETTINGS ##### ############################# # Advanced settings pertaining to http timeouts, security, cookies, and more. # # ONLY ADJUST THESE SETTINGS IF YOU KNOW WHAT YOU ARE DOING! # # Most users will not need to (and should not) touch these settings, since # they are set to sensible defaults, and may break if they are changed. # # Nevertheless, they are provided for the sake of allowing server admins to # tweak their instance for performance or security reasons. # String. Value of the SameSite attribute of cookies set by GoToSocial. # Defaults to 'lax' to ensure that the OIDC flow does not break, which is # fine in most cases. If you want to harden your instance against CSRF attacks # and don't mind if some login-related things might break, you can set this # to 'strict' instead. # # For an overview of what this does, see: # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite # # Options: ["lax", "strict"] # Default: "lax" advanced-cookies-samesite: "lax" # Int. Amount of requests to permit from a single IP address within a span of 5 minutes. # If this amount is exceeded, a 429 HTTP error code will be returned. # See https://docs.gotosocial.org/en/latest/api/swagger/#rate-limit. # # If you find yourself adjusting this limit because it's regularly being exceeded, # you should first verify that your settings for `trusted-proxies` (above) are correct. # In many cases, when the rate limit is exceeded it is because your instance sees all # incoming requests as coming from the *same IP address* (you can verify this by looking # at the client IPs in your instance logs). If this is the case, try adding that IP # address to your `trusted-proxies` *BEFORE* you go adjusting this rate limit setting! # # If you set this to 0 or less, rate limiting will be disabled entirely. # # Examples: [1000, 500, 0] # Default: 1000 advanced-rate-limit-requests: 1000