366 lines
15 KiB
YAML
366 lines
15 KiB
YAML
{{- $domain := "club.pati.to" -}}
|
|
###########################
|
|
##### GENERAL CONFIG ######
|
|
###########################
|
|
# String. Log level to use throughout the application. Must be lower-case.
|
|
# Options: ["trace","debug","info","warn","error","fatal"]
|
|
# Default: "info"
|
|
log-level: "info"
|
|
log-db-queries: false
|
|
|
|
# String. Format to use for the timestamp in log lines.
|
|
# If set to the empty string, the timestamp will be
|
|
# ommitted from the logs entirely.
|
|
#
|
|
# The format must be compatible with Go's time.Layout, as
|
|
# documented on https://pkg.go.dev/time#pkg-constants.
|
|
#
|
|
# Examples: [true, false]
|
|
# Default: "02/01/2006 15:04:05.000"
|
|
log-timestamp-format: "2006-01-02T15:04:05Z07:00"
|
|
|
|
|
|
|
|
application-name: "club patito"
|
|
|
|
# String. Hostname that this server will be reachable at. Defaults to localhost for local testing,
|
|
# but you should *definitely* change this when running for real, or your server won't work at all.
|
|
# DO NOT change this after your server has already run once, or you will break things!
|
|
# Examples: ["gts.example.org","some.server.com"]
|
|
# Default: "localhost"
|
|
host: "{{ $domain }}"
|
|
|
|
# String. Domain to use when federating profiles. This is useful when you want your server to be at
|
|
# eg., "gts.example.org", but you want the domain on accounts to be "example.org" because it looks better
|
|
# or is just shorter/easier to remember.
|
|
# To make this setting work properly, you need to redirect requests at "example.org/.well-known/webfinger"
|
|
# to "gts.example.org/.well-known/webfinger" so that GtS can handle them properly.
|
|
# You should also redirect requests at "example.org/.well-known/nodeinfo" in the same way.
|
|
# An empty string (ie., not set) means that the same value as 'host' will be used.
|
|
# DO NOT change this after your server has already run once, or you will break things!
|
|
# Examples: ["example.org","server.com"]
|
|
# Default: ""
|
|
account-domain: "{{ $domain }}"
|
|
|
|
# String. Protocol to use for the server. Only change to http for local testing!
|
|
# This should be the protocol part of the URI that your server is actually reachable on. So even if you're
|
|
# running GoToSocial behind a reverse proxy that handles SSL certificates for you, instead of using built-in
|
|
# letsencrypt, it should still be https.
|
|
# Options: ["http","https"]
|
|
# Default: "https"
|
|
protocol: "https"
|
|
|
|
# String. Address to bind the GoToSocial server to.
|
|
# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname.
|
|
# Default value will bind to all interfaces.
|
|
# You probably won't need to change this unless you're setting GoToSocial up in some fancy way or
|
|
# you have specific networking requirements.
|
|
# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"]
|
|
# Default: "0.0.0.0"
|
|
bind-address: "0.0.0.0"
|
|
|
|
# Int. Listen port for the GoToSocial webserver + API. If you're running behind a reverse proxy and/or in a docker,
|
|
# container, just set this to whatever you like (or leave the default), and make sure it's forwarded properly.
|
|
# If you are running with built-in letsencrypt enabled, and running GoToSocial directly on a host machine, you will
|
|
# probably want to set this to 443 (standard https port), unless you have other services already using that port.
|
|
# This *MUST NOT* be the same as the letsencrypt port specified below, unless letsencrypt is turned off.
|
|
# Examples: [443, 6666, 8080]
|
|
# Default: 8080
|
|
port: {{ env "NOMAD_PORT_gotosocial" }}
|
|
|
|
# Array of string. CIDRs or IP addresses of proxies that should be trusted when determining real client IP from behind a reverse proxy.
|
|
# If you're running inside a Docker container behind Traefik or Nginx, for example, add the subnet of your docker network,
|
|
# or the gateway of the docker network, and/or the address of the reverse proxy (if it's not running on the host network).
|
|
# Example: ["127.0.0.1/32", "172.20.0.1"]
|
|
# Default: ["127.0.0.1/32", "::1"] (localhost ipv4 + ipv6)
|
|
trusted-proxies:
|
|
- "10.100.0.0/20"
|
|
- "127.0.0.1/32"
|
|
- "::1"
|
|
|
|
############################
|
|
##### DATABASE CONFIG ######
|
|
############################
|
|
|
|
# Config pertaining to the Gotosocial database connection
|
|
|
|
# String. Database type.
|
|
# Options: ["postgres","sqlite"]
|
|
# Default: "postgres"
|
|
db-type: "sqlite"
|
|
|
|
# String. Database address or parameters.
|
|
#
|
|
# For Postgres, this should be the address or socket at which the database can be reached.
|
|
#
|
|
# For Sqlite, this should be the path to your sqlite database file. Eg., /opt/gotosocial/sqlite.db.
|
|
# If the file doesn't exist at the specified path, it will be created.
|
|
# If just a filename is provided (no directory) then the database will be created in the same directory
|
|
# as the GoToSocial binary.
|
|
# If address is set to :memory: then an in-memory database will be used (no file).
|
|
# WARNING: :memory: should NOT BE USED except for testing purposes.
|
|
#
|
|
# Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db"]
|
|
# Default: ""
|
|
db-address: "/alloc/gotosocial.db"
|
|
|
|
# String. SQLite journaling mode.
|
|
# SQLite only -- unused otherwise.
|
|
# If set to empty string, the sqlite default will be used.
|
|
# See: https://www.sqlite.org/pragma.html#pragma_journal_mode
|
|
# Examples: ["DELETE", "TRUNCATE", "PERSIST", "MEMORY", "WAL", "OFF"]
|
|
# Default: "WAL"
|
|
db-sqlite-journal-mode: "WAL"
|
|
|
|
|
|
######################
|
|
##### WEB CONFIG #####
|
|
######################
|
|
|
|
# Config pertaining to templating and serving of web pages/email notifications and the like
|
|
|
|
# String. Directory from which gotosocial will attempt to load html templates (.tmpl files).
|
|
# Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
|
|
# Default: "./web/template/"
|
|
web-template-base-dir: "/gotosocial/web/template/"
|
|
|
|
# String. Directory from which gotosocial will attempt to serve static web assets (images, scripts).
|
|
# Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
|
|
# Default: "./web/assets/"
|
|
web-asset-base-dir: "/gotosocial/web/assets/"
|
|
|
|
###########################
|
|
##### INSTANCE CONFIG #####
|
|
###########################
|
|
|
|
# Config pertaining to instance federation settings, pages to hide/expose, etc.
|
|
|
|
# Bool. Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=open in order
|
|
# to see a list of instances that this instance 'peers' with. Even if set to 'false', then authenticated
|
|
# users (members of the instance) will still be able to query the endpoint.
|
|
# Options: [true, false]
|
|
# Default: false
|
|
instance-expose-peers: false
|
|
|
|
# Bool. Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=suspended in order
|
|
# to see a list of instances that this instance blocks/suspends. This will also allow unauthenticated
|
|
# users to see the list through the web UI. Even if set to 'false', then authenticated users (members
|
|
# of the instance) will still be able to query the endpoint.
|
|
# Options: [true, false]
|
|
# Default: false
|
|
instance-expose-suspended: false
|
|
|
|
# Bool. This flag tweaks whether GoToSocial will deliver ActivityPub messages
|
|
# to the shared inbox of a recipient, if one is available, instead of delivering
|
|
# each message to each actor who should receive a message individually.
|
|
#
|
|
# Shared inbox delivery can significantly reduce network load when delivering
|
|
# to multiple recipients share an inbox (eg., on large Mastodon instances).
|
|
#
|
|
# See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery
|
|
#
|
|
# Options: [true, false]
|
|
# Default: true
|
|
instance-deliver-to-shared-inboxes: true
|
|
|
|
# Bool. This flag will inject a Mastodon version into the version field that
|
|
# is included in /api/v1/instance. This version is often used by Mastodon clients
|
|
# to do API feature detection. By injecting a Mastodon compatible version, it is
|
|
# possible to cajole those clients to behave correctly with GoToSocial.
|
|
#
|
|
# Options: [true, false]
|
|
# Default: false
|
|
instance-inject-mastodon-version: true
|
|
|
|
###########################
|
|
##### ACCOUNTS CONFIG #####
|
|
###########################
|
|
|
|
# Config pertaining to creation and maintenance of accounts on the server, as well as defaults for new accounts.
|
|
|
|
# Bool. Do we want people to be able to just submit sign up requests, or do we want invite only?
|
|
# Options: [true, false]
|
|
# Default: true
|
|
accounts-registration-open: true
|
|
|
|
# Bool. Do sign up requests require approval from an admin/moderator before an account can sign in/use the server?
|
|
# Options: [true, false]
|
|
# Default: true
|
|
accounts-approval-required: true
|
|
|
|
# Bool. Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)?
|
|
# Options: [true, false]
|
|
# Default: true
|
|
accounts-reason-required: true
|
|
|
|
# Bool. Allow accounts on this instance to set custom CSS for their profile pages and statuses.
|
|
# Enabling this setting will allow accounts to upload custom CSS via the /user settings page,
|
|
# which will then be rendered on the web view of the account's profile and statuses.
|
|
#
|
|
# For instances with public sign ups, it is **HIGHLY RECOMMENDED** to leave this setting on 'false',
|
|
# since setting it to true allows malicious accounts to make their profile pages misleading, unusable
|
|
# or even dangerous to visitors. In other words, you should only enable this setting if you trust
|
|
# the users on your instance not to produce harmful CSS.
|
|
#
|
|
# Regardless of what this value is set to, any uploaded CSS will not be federated to other instances,
|
|
# it will only be shown on profiles and statuses on *this* instance.
|
|
#
|
|
# Options: [true, false]
|
|
# Default: false
|
|
accounts-allow-custom-css: false
|
|
|
|
########################
|
|
##### MEDIA CONFIG #####
|
|
########################
|
|
|
|
# Config pertaining to media uploads (videos, image, image descriptions, emoji).
|
|
|
|
# Int. Maximum allowed image upload size in bytes.
|
|
# Examples: [2097152, 10485760]
|
|
# Default: 10485760 -- aka 10MB
|
|
media-image-max-size: 10MiB
|
|
|
|
# Int. Maximum allowed video upload size in bytes.
|
|
# Examples: [2097152, 10485760]
|
|
# Default: 41943040 -- aka 40MB
|
|
media-video-max-size: 40MiB
|
|
|
|
# Int. Minimum amount of characters required as an image or video description.
|
|
# Examples: [500, 1000, 1500]
|
|
# Default: 0 (not required)
|
|
media-description-min-chars: 0
|
|
|
|
# Int. Maximum amount of characters permitted in an image or video description.
|
|
# Examples: [500, 1000, 1500]
|
|
# Default: 500
|
|
media-description-max-chars: 1500
|
|
|
|
# Int. Number of days to cache media from remote instances before they are removed from the cache.
|
|
# A job will run every day at midnight to clean up any remote media older than the given amount of days.
|
|
#
|
|
# When remote media is removed from the cache, it is deleted from storage but the database entries for the media
|
|
# are kept so that it can be fetched again if requested by a user.
|
|
#
|
|
# If this is set to 0, then media from remote instances will be cached indefinitely.
|
|
# Examples: [30, 60, 7, 0]
|
|
# Default: 30
|
|
media-remote-cache-days: 30
|
|
|
|
# Int. Max size in bytes of emojis uploaded to this instance via the admin API.
|
|
# The default is the same as the Mastodon size limit for emojis (50kb), which allows
|
|
# for good interoperability. Raising this limit may cause issues with federation
|
|
# of your emojis to other instances, so beware.
|
|
# Examples: [51200, 102400]
|
|
# Default: 51200
|
|
media-emoji-local-max-size: 50KiB
|
|
|
|
# Int. Max size in bytes of emojis to download from other instances.
|
|
# By default this is 100kb, or twice the size of the default for media-emoji-local-max-size.
|
|
# This strikes a good balance between decent interoperability with instances that have
|
|
# higher emoji size limits, and not taking up too much space in storage.
|
|
# Examples: [51200, 102400]
|
|
# Default: 51200
|
|
media-emoji-remote-max-size: 100KiB
|
|
|
|
##########################
|
|
##### STORAGE CONFIG #####
|
|
##########################
|
|
|
|
# Config pertaining to storage of user-created uploads (videos, images, etc).
|
|
|
|
# String. Type of storage backend to use.
|
|
# Examples: ["local", "s3"]
|
|
# Default: "local" (storage on local disk)
|
|
storage-backend: "s3"
|
|
{{ with secret "cfg/svc/tree/pati.to:club" }}
|
|
storage-s3-endpoint: "{{ .Data.cdn.endpoint }}"
|
|
storage-s3-access-key: "{{ .Data.cdn.key }}"
|
|
storage-s3-secret-key: "{{ .Data.cdn.secret }}"
|
|
storage-s3-bucket: "{{ .Data.cdn.bucket }}"
|
|
{{- end }}
|
|
###########################
|
|
##### STATUSES CONFIG #####
|
|
###########################
|
|
|
|
# Config pertaining to the creation of statuses/posts, and permitted limits.
|
|
|
|
# Int. Maximum amount of characters permitted for a new status.
|
|
# Note that going way higher than the default might break federation.
|
|
# Examples: [140, 500, 5000]
|
|
# Default: 5000
|
|
statuses-max-chars: 1024
|
|
|
|
# Int. Maximum amount of options to permit when creating a new poll.
|
|
# Note that going way higher than the default might break federation.
|
|
# Examples: [4, 6, 10]
|
|
# Default: 6
|
|
statuses-poll-max-options: 6
|
|
|
|
# Int. Maximum amount of characters to permit per poll option when creating a new poll.
|
|
# Note that going way higher than the default might break federation.
|
|
# Examples: [50, 100, 150]
|
|
# Default: 50
|
|
statuses-poll-option-max-chars: 50
|
|
|
|
# Int. Maximum amount of media files that can be attached to a new status.
|
|
# Note that going way higher than the default might break federation.
|
|
# Examples: [4, 6, 10]
|
|
# Default: 6
|
|
statuses-media-max-files: 6
|
|
|
|
|
|
#######################
|
|
##### SMTP CONFIG #####
|
|
#######################
|
|
{{ with secret "cfg/svc/tree/pati.to:club" -}}
|
|
smtp-host: "{{ .Data.smtp.host }}"
|
|
smtp-port: {{ .Data.smtp.port }}
|
|
smtp-username: "{{ .Data.smtp.username }}"
|
|
smtp-password: "{{ .Data.smtp.password }}"
|
|
smtp-from: "no-reply@mail.{{ $domain }}"
|
|
{{- end }}
|
|
|
|
#############################
|
|
##### ADVANCED SETTINGS #####
|
|
#############################
|
|
|
|
# Advanced settings pertaining to http timeouts, security, cookies, and more.
|
|
#
|
|
# ONLY ADJUST THESE SETTINGS IF YOU KNOW WHAT YOU ARE DOING!
|
|
#
|
|
# Most users will not need to (and should not) touch these settings, since
|
|
# they are set to sensible defaults, and may break if they are changed.
|
|
#
|
|
# Nevertheless, they are provided for the sake of allowing server admins to
|
|
# tweak their instance for performance or security reasons.
|
|
|
|
# String. Value of the SameSite attribute of cookies set by GoToSocial.
|
|
# Defaults to 'lax' to ensure that the OIDC flow does not break, which is
|
|
# fine in most cases. If you want to harden your instance against CSRF attacks
|
|
# and don't mind if some login-related things might break, you can set this
|
|
# to 'strict' instead.
|
|
#
|
|
# For an overview of what this does, see:
|
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
|
|
#
|
|
# Options: ["lax", "strict"]
|
|
# Default: "lax"
|
|
advanced-cookies-samesite: "lax"
|
|
|
|
# Int. Amount of requests to permit from a single IP address within a span of 5 minutes.
|
|
# If this amount is exceeded, a 429 HTTP error code will be returned.
|
|
# See https://docs.gotosocial.org/en/latest/api/swagger/#rate-limit.
|
|
#
|
|
# If you find yourself adjusting this limit because it's regularly being exceeded,
|
|
# you should first verify that your settings for `trusted-proxies` (above) are correct.
|
|
# In many cases, when the rate limit is exceeded it is because your instance sees all
|
|
# incoming requests as coming from the *same IP address* (you can verify this by looking
|
|
# at the client IPs in your instance logs). If this is the case, try adding that IP
|
|
# address to your `trusted-proxies` *BEFORE* you go adjusting this rate limit setting!
|
|
#
|
|
# If you set this to 0 or less, rate limiting will be disabled entirely.
|
|
#
|
|
# Examples: [1000, 500, 0]
|
|
# Default: 1000
|
|
advanced-rate-limit-requests: 1000
|