forked from superseriousbusiness/gotosocial
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.yaml
403 lines (334 loc) · 15.8 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
# GoToSocial
# Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
###########################
##### GENERAL CONFIG ######
###########################
# String. Log level to use throughout the application. Must be lower-case.
# Options: ["trace","debug","info","warn","error","fatal"]
# Default: "info"
logLevel: "info"
# String. Application name to use internally.
# Examples: ["My Application","gotosocial"]
# Default: "gotosocial"
applicationName: "gotosocial"
# String. Hostname that this server will be reachable at. Defaults to localhost for local testing,
# but you should *definitely* change this when running for real, or your server won't work at all.
# DO NOT change this after your server has already run once, or you will break things!
# Examples: ["gts.example.org","some.server.com"]
# Default: "localhost"
host: "localhost"
# String. Domain to use when federating profiles. This is useful when you want your server to be at
# eg., "gts.example.org", but you want the domain on accounts to be "example.org" because it looks better
# or is just shorter/easier to remember.
# To make this setting work properly, you need to redirect requests at "example.org/.well-known/webfinger"
# to "gts.example.org/.well-known/webfinger" so that GtS can handle them properly.
# You should also redirect requests at "example.org/.well-known/nodeinfo" in the same way.
# An empty string (ie., not set) means that the same value as 'host' will be used.
# DO NOT change this after your server has already run once, or you will break things!
# Examples: ["example.org","server.com"]
# Default: ""
accountDomain: ""
# String. Protocol to use for the server. Only change to http for local testing!
# This should be the protocol part of the URI that your server is actually reachable on. So even if you're
# running GoToSocial behind a reverse proxy that handles SSL certificates for you, instead of using built-in
# letsencrypt, it should still be https.
# Options: ["http","https"]
# Default: "https"
protocol: "https"
# String. Address to bind the GoToSocial server to.
# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname.
# Default value will bind to all interfaces.
# You probably won't need to change this unless you're setting GoToSocial up in some fancy way or
# you have specific networking requirements.
# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"]
# Default: "0.0.0.0"
bindAddress: "0.0.0.0"
# Int. Listen port for the GoToSocial webserver + API. If you're running behind a reverse proxy and/or in a docker,
# container, just set this to whatever you like (or leave the default), and make sure it's forwarded properly.
# If you are running with built-in letsencrypt enabled, and running GoToSocial directly on a host machine, you will
# probably want to set this to 443 (standard https port), unless you have other services already using that port.
# This *MUST NOT* be the same as the letsencrypt port specified below, unless letsencrypt is turned off.
# Examples: [443, 6666, 8080]
# Default: 8080
port: 8080
# Array of string. CIDRs or IP addresses of proxies that should be trusted when determining real client IP from behind a reverse proxy.
# If you're running inside a Docker container behind Traefik or Nginx, for example, add the subnet of your docker network,
# or the gateway of the docker network, and/or the address of the reverse proxy (if it's not running on the host network).
# Example: ["127.0.0.1/32", "172.20.0.1"]
# Default: ["127.0.0.1/32"] (localhost)
trustedProxies:
- "127.0.0.1/32"
############################
##### DATABASE CONFIG ######
############################
# Config pertaining to the Gotosocial database connection
db:
# String. Database type.
# Options: ["postgres","sqlite"]
# Default: "postgres"
type: "postgres"
# String. Database address or parameters.
# Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:"]
# Default: "localhost"
address: "127.0.0.1"
# Int. Port for database connection.
# Examples: [5432, 1234, 6969]
# Default: 5432
port: 5432
# String. Username for the database connection.
# Examples: ["mydbuser","postgres","gotosocial"]
# Default: "postgres"
user: "postgres"
# REQUIRED
# String. Password to use for the database connection
# Examples: ["password123","verysafepassword","postgres"]
# Default: "postgres"
password: "postgres"
# String. Name of the database to use within the provided database type.
# Examples: ["mydb","postgres","gotosocial"]
# Default: "postgres"
database: "postgres"
# String. Disable, enable, or require SSL/TLS connection to the database.
# If "disable" then no TLS connection will be attempted.
# If "enable" then TLS will be tried, but the database certificate won't be checked (for self-signed certs).
# If "require" then TLS will be required to make a connection, and a valid certificate must be presented.
# Options: ["disable", "enable", "require"]
# Default: "disable"
tlsMode: "disable"
# String. Path to a CA certificate on the host machine for db certificate validation.
# If this is left empty, just the host certificates will be used.
# If filled in, the certificate will be loaded and added to host certificates.
# Examples: ["/path/to/some/cert.crt"]
# Default: ""
tlsCACert: ""
###############################
##### WEB TEMPLATE CONFIG #####
###############################
# Config pertaining to templating of web pages/email notifications and the like
template:
# String. Directory from which gotosocial will attempt to load html templates (.tmpl files).
# Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
# Default: "./web/template/"
baseDir: "./web/template/"
# String. Directory from which gotosocial will attempt to serve static web assets (images, scripts).
# Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
# Default: "./web/assets/"
assetBaseDir: "./web/assets/"
###########################
##### ACCOUNTS CONFIG #####
###########################
# Config pertaining to creation and maintenance of accounts on the server, as well as defaults for new accounts.
accounts:
# Bool. Do we want people to be able to just submit sign up requests, or do we want invite only?
# Options: [true, false]
# Default: true
openRegistration: true
# Bool. Do sign up requests require approval from an admin/moderator before an account can sign in/use the server?
# Options: [true, false]
# Default: true
requireApproval: true
# Bool. Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)?
# Options: [true, false]
# Default: true
reasonRequired: true
########################
##### MEDIA CONFIG #####
########################
# Config pertaining to user media uploads (videos, image, image descriptions).
media:
# Int. Maximum allowed image upload size in bytes.
# Examples: [2097152, 10485760]
# Default: 2097152 -- aka 2MB
maxImageSize: 2097152
# Int. Maximum allowed video upload size in bytes.
# Examples: [2097152, 10485760]
# Default: 10485760 -- aka 10MB
maxVideoSize: 10485760
# Int. Minimum amount of characters required as an image or video description.
# Examples: [500, 1000, 1500]
# Default: 0 (not required)
minDescriptionChars: 0
# Int. Maximum amount of characters permitted in an image or video description.
# Examples: [500, 1000, 1500]
# Default: 500
maxDescriptionChars: 500
##########################
##### STORAGE CONFIG #####
##########################
# Config pertaining to storage of user-created uploads (videos, images, etc).
storage:
# String. Type of storage backend to use.
# Examples: ["local", "s3"]
# Default: "local" (storage on local disk)
# NOTE: s3 storage is not yet supported!
backend: "local"
# String. Directory to use as a base path for storing files.
# Make sure whatever user/group gotosocial is running as has permission to access
# this directly, and create new subdirectories and files with in.
# Examples: ["/home/gotosocial/storage", "/opt/gotosocial/datastorage"]
# Default: "/gotosocial/storage"
basePath: "/gotosocial/storage"
# String. Protocol to use for serving stored files.
# It's very unlikely that you'll need to change this ever, but there might be edge cases.
# Examples: ["http", "https"]
serveProtocol: "https"
# String. Host for serving stored files.
# If you're using local storage, this should be THE SAME as the value you've set for Host, above.
# It should only be a different value if you're serving stored files from a host
# other than the one your instance is running on.
# Examples: ["localhost", "example.org"]
# Default: "localhost" -- you should absolutely change this.
serveHost: "localhost"
# String. Base path for serving stored files. This will be added to serveHost and serveProtocol
# to form the prefix url of your stored files. Eg., https://example.org/fileserver/.....
# It's unlikely that you will need to change this.
# Examples: ["/fileserver", "/media"]
# Default: "/fileserver"
serveBasePath: "/fileserver"
###########################
##### STATUSES CONFIG #####
###########################
# Config pertaining to the creation of statuses/posts, and permitted limits.
statuses:
# Int. Maximum amount of characters permitted for a new status.
# Note that going way higher than the default might break federation.
# Examples: [140, 500, 5000]
# Default: 5000
maxChars: 5000
# Int. Maximum amount of characters allowed in the CW/subject header of a status.
# Note that going way higher than the default might break federation.
# Examples: [100, 200]
# Default: 100
cwMaxChars: 100
# Int. Maximum amount of options to permit when creating a new poll.
# Note that going way higher than the default might break federation.
# Examples: [4, 6, 10]
# Default: 6
pollMaxOptions: 6
# Int. Maximum amount of characters to permit per poll option when creating a new poll.
# Note that going way higher than the default might break federation.
# Examples: [50, 100, 150]
# Default: 50
pollOptionMaxChars: 50
# Int. Maximum amount of media files that can be attached to a new status.
# Note that going way higher than the default might break federation.
# Examples: [4, 6, 10]
# Default: 6
maxMediaFiles: 6
##############################
##### LETSENCRYPT CONFIG #####
##############################
# Config pertaining to the automatic acquisition and use of LetsEncrypt HTTPS certificates.
letsEncrypt:
# Bool. Whether or not letsencrypt should be enabled for the server.
# If false, the rest of the settings here will be ignored.
# You should only change this if you want to serve GoToSocial behind a reverse proxy
# like Traefik, HAProxy, or Nginx.
# Options: [true, false]
# Default: true
enabled: true
# Int. Port to listen for letsencrypt certificate challenges on.
# If letsencrypt is enabled, this port must be reachable or you won't be able to obtain certs.
# If letsencrypt is disabled, this port will not be used.
# This *must not* be the same as the webserver/API port specified above.
# Examples: [80, 8000, 1312]
# Default: 80
port: 80
# String. Directory in which to store LetsEncrypt certificates.
# It is a good move to make this a sub-path within your storage directory, as it makes
# backup easier, but you might wish to move them elsewhere if they're also accessed by other services.
# In any case, make sure GoToSocial has permissions to write to / read from this directory.
# Examples: ["/home/gotosocial/storage/certs", "/acmecerts"]
# Default: "/gotosocial/storage/certs"
certDir: "/gotosocial/storage/certs"
# String. Email address to use when registering LetsEncrypt certs.
# Most likely, this will be the email address of the instance administrator.
# LetsEncrypt will send notifications about expiring certificates etc to this address.
# Examples: ["admin@example.org"]
# Default: ""
emailAddress: ""
#######################
##### OIDC CONFIG #####
#######################
# Config for authentication with an external OIDC provider (Dex, Google, Auth0, etc).
oidc:
# Bool. Enable authentication with external OIDC provider. If set to true, then
# the other OIDC options must be set as well. If this is set to false, then the standard
# internal oauth flow will be used, where users sign in to GtS with username/password.
# Options: [true, false]
# Default: false
enabled: false
# String. Name of the oidc idp (identity provider). This will be shown to users when
# they log in.
# Examples: ["Google", "Dex", "Auth0"]
# Default: ""
idpName: ""
# Bool. Skip the normal verification flow of tokens returned from the OIDC provider, ie.,
# don't check the expiry or signature. This should only be used in debugging or testing,
# never ever in a production environment as it's extremely unsafe!
# Options: [true, false]
# Default: false
skipVerification: false
# String. The OIDC issuer URI. This is where GtS will redirect users to for login.
# Typically this will look like a standard web URL.
# Examples: ["https://auth.example.org", "https://example.org/auth"]
# Default: ""
issuer: ""
# String. The ID for this client as registered with the OIDC provider.
# Examples: ["some-client-id", "fda3772a-ad35-41c9-9a59-f1943ad18f54"]
# Default: ""
clientID: ""
# String. The secret for this client as registered with the OIDC provider.
# Examples: ["super-secret-business", "79379cf5-8057-426d-bb83-af504d98a7b0"]
# Default: ""
clientSecret: ""
# Array of string. Scopes to request from the OIDC provider. The returned values will be used to
# populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required.
# 'profile' is used to extract a username for the newly created user.
# 'groups' is optional and can be used to determine if a user is an admin (if they're in the group 'admin' or 'admins').
# Examples: See eg., https://auth0.com/docs/scopes/openid-connect-scopes
# Default: ["openid", "email", "profile", "groups"]
scopes:
- "openid"
- "email"
- "profile"
- "groups"
#######################
##### SMTP CONFIG #####
#######################
# Config for sending emails via an smtp server. See https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
smtp:
# String. The hostname of the smtp server you want to use.
# If this is not set, smtp will not be used to send emails, and you can ignore the other settings.
# Examples: ["mail.example.org", "localhost"]
# Default: ""
host: ""
# Int. Port to use to connect to the smtp server.
# Examples: []
# Default: 0
port: 0
# String. Username to use when authenticating with the smtp server.
# This should have been provided to you by your smtp host.
# This is often, but not always, an email address.
# Examples: ["maillord@example.org"]
# Default: ""
username:
# String. Password to use when authenticating with the smtp server.
# This should have been provided to you by your smtp host.
# Examples: ["1234", "password"]
# Default: ""
password:
# String. 'From' address for sent emails.
# Examples: ["mail@example.org"]
# Default: ""
from: ""