mirror of
https://codeberg.org/yeentown/barkey.git
synced 2025-07-15 00:14:33 +00:00
353 lines
12 KiB
YAML
353 lines
12 KiB
YAML
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
# Sharkey configuration
|
|
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
|
|
# ┌──────────────────────────────┐
|
|
#───┘ a boring but important thing └────────────────────────────
|
|
|
|
#
|
|
# First of all, let me tell you a story that may possibly be
|
|
# boring to you and possibly important to you.
|
|
#
|
|
# Sharkey is licensed under the AGPLv3 license. This license is
|
|
# known to be often misunderstood. Please read the following
|
|
# instructions carefully and select the appropriate option so
|
|
# that you do not negligently cause a license violation.
|
|
#
|
|
|
|
# --------
|
|
# Option 1: If you host Sharkey AS-IS (without any changes to
|
|
# the source code. forks are not included).
|
|
#
|
|
# Step 1: Congratulations! You don't need to do anything.
|
|
|
|
# --------
|
|
# Option 2: If you have made changes to the source code (forks
|
|
# are included) and publish a Git repository of source
|
|
# code. There should be no access restrictions on
|
|
# this repository. Strictly speaking, it doesn't have
|
|
# to be a Git repository, but you'll probably use Git!
|
|
#
|
|
# Step 1: Build and run the Sharkey server first.
|
|
# Step 2: Open <https://your.sharkey.example/admin/settings> in
|
|
# your browser with the administrator account.
|
|
# Step 3: Enter the URL of your Git repository in the
|
|
# "Repository URL" field.
|
|
|
|
# --------
|
|
# Option 3: If neither of the above applies to you.
|
|
# (In this case, the source code should be published
|
|
# on the Sharkey interface. IT IS NOT ENOUGH TO
|
|
# DISCLOSE THE SOURCE CODE WHEN A USER REQUESTS IT BY
|
|
# E-MAIL OR OTHER MEANS. If you are not satisfied
|
|
# with this, it is recommended that you read the
|
|
# license again carefully. Anyway, enabling this
|
|
# option will automatically generate and publish a
|
|
# tarball at build time, protecting you from
|
|
# inadvertent license violations. (There is no legal
|
|
# guarantee, of course.) The tarball will generated
|
|
# from the root directory of your codebase. So it is
|
|
# also recommended to check <built/tarball> directory
|
|
# once after building and before activating the server
|
|
# to avoid ACCIDENTAL LEAKING OF SENSITIVE INFORMATION.
|
|
# To prevent certain files from being included in the
|
|
# tarball, add a glob pattern after line 15 in
|
|
# <scripts/tarball.mjs>. DO NOT FORGET TO BUILD AFTER
|
|
# ENABLING THIS OPTION!)
|
|
#
|
|
# Step 1: Uncomment the following line.
|
|
#
|
|
# publishTarballInsteadOfProvideRepositoryUrl: true
|
|
|
|
# ┌────────────────────────┐
|
|
#───┘ Initial Setup Password └─────────────────────────────────────────────────────
|
|
|
|
# Password to initiate setting up admin account.
|
|
# It will not be used after the initial setup is complete.
|
|
#
|
|
# Be sure to change this when you set up Sharkey via the Internet.
|
|
#
|
|
# The provider of the service who sets up Sharkey on behalf of the customer should
|
|
# set this value to something unique when generating the Sharkey config file,
|
|
# and provide it to the customer.
|
|
#
|
|
# setupPassword: example_password_please_change_this_or_you_will_get_hacked
|
|
|
|
# ┌─────┐
|
|
#───┘ URL └─────────────────────────────────────────────────────
|
|
|
|
# Final accessible URL seen by a user.
|
|
# url: https://example.tld/
|
|
|
|
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
|
|
# URL SETTINGS AFTER THAT!
|
|
|
|
# ┌───────────────────────┐
|
|
#───┘ Port and TLS settings └───────────────────────────────────
|
|
|
|
#
|
|
# Sharkey supports two deployment options for public.
|
|
#
|
|
|
|
# Option 1: With Reverse Proxy
|
|
#
|
|
# +----- https://example.tld/ ------------+
|
|
# +------+ |+-------------+ +----------------+|
|
|
# | User | ---> || Proxy (443) | ---> | Sharkey (3000) ||
|
|
# +------+ |+-------------+ +----------------+|
|
|
# +---------------------------------------+
|
|
#
|
|
# You need to setup reverse proxy. (eg. nginx)
|
|
# You do not define 'https' section.
|
|
|
|
# Option 2: Standalone
|
|
#
|
|
# +- https://example.tld/ -+
|
|
# +------+ | +---------------+ |
|
|
# | User | ---> | | Sharkey (443) | |
|
|
# +------+ | +---------------+ |
|
|
# +------------------------+
|
|
#
|
|
# You need to run Sharkey as root.
|
|
# You need to set Certificate in 'https' section.
|
|
|
|
# To use option 1, uncomment below line.
|
|
port: 3000 # A port that your Sharkey server should listen.
|
|
|
|
# To use option 2, uncomment below lines.
|
|
#port: 443
|
|
|
|
#https:
|
|
# # path for certification
|
|
# key: /etc/letsencrypt/live/example.tld/privkey.pem
|
|
# cert: /etc/letsencrypt/live/example.tld/fullchain.pem
|
|
|
|
# ┌──────────────────────────┐
|
|
#───┘ PostgreSQL configuration └────────────────────────────────
|
|
|
|
db:
|
|
host: localhost
|
|
port: 5432
|
|
|
|
# Database name
|
|
db: misskey
|
|
|
|
# Auth
|
|
user: example-misskey-user
|
|
pass: example-misskey-pass
|
|
|
|
# Whether disable Caching queries
|
|
#disableCache: true
|
|
|
|
# Extra Connection options
|
|
#extra:
|
|
# ssl: true
|
|
|
|
dbReplications: false
|
|
|
|
# You can configure any number of replicas here
|
|
#dbSlaves:
|
|
# -
|
|
# host:
|
|
# port:
|
|
# db:
|
|
# user:
|
|
# pass:
|
|
# -
|
|
# host:
|
|
# port:
|
|
# db:
|
|
# user:
|
|
# pass:
|
|
|
|
# ┌─────────────────────┐
|
|
#───┘ Redis configuration └─────────────────────────────────────
|
|
|
|
redis:
|
|
host: localhost
|
|
port: 6379
|
|
#family: 0 # 0=Both, 4=IPv4, 6=IPv6
|
|
#pass: example-pass
|
|
#prefix: example-prefix
|
|
#db: 1
|
|
|
|
#redisForPubsub:
|
|
# host: localhost
|
|
# port: 6379
|
|
# #family: 0 # 0=Both, 4=IPv4, 6=IPv6
|
|
# #pass: example-pass
|
|
# #prefix: example-prefix
|
|
# #db: 1
|
|
|
|
#redisForJobQueue:
|
|
# host: localhost
|
|
# port: 6379
|
|
# #family: 0 # 0=Both, 4=IPv4, 6=IPv6
|
|
# #pass: example-pass
|
|
# #prefix: example-prefix
|
|
# #db: 1
|
|
|
|
#redisForTimelines:
|
|
# host: redis
|
|
# port: 6379
|
|
# #family: 0 # 0=Both, 4=IPv4, 6=IPv6
|
|
# #pass: example-pass
|
|
# #prefix: example-prefix
|
|
# #db: 1
|
|
|
|
#redisForReactions:
|
|
# host: redis
|
|
# port: 6379
|
|
# #family: 0 # 0=Both, 4=IPv4, 6=IPv6
|
|
# #pass: example-pass
|
|
# #prefix: example-prefix
|
|
# #db: 1
|
|
|
|
# ┌───────────────────────────┐
|
|
#───┘ MeiliSearch configuration └─────────────────────────────
|
|
|
|
#meilisearch:
|
|
# host: localhost
|
|
# port: 7700
|
|
# apiKey: ''
|
|
# ssl: true
|
|
# index: ''
|
|
|
|
# ┌───────────────┐
|
|
#───┘ ID generation └───────────────────────────────────────────
|
|
|
|
# You can select the ID generation method.
|
|
# You don't usually need to change this setting, but you can
|
|
# change it according to your preferences.
|
|
|
|
# Available methods:
|
|
# aid ... Short, Millisecond accuracy
|
|
# aidx ... Millisecond accuracy
|
|
# meid ... Similar to ObjectID, Millisecond accuracy
|
|
# ulid ... Millisecond accuracy
|
|
# objectid ... This is left for backward compatibility
|
|
|
|
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
|
|
# ID SETTINGS AFTER THAT!
|
|
|
|
id: "aidx"
|
|
|
|
# ┌────────────────┐
|
|
#───┘ Error tracking └──────────────────────────────────────────
|
|
|
|
# Sentry is available for error tracking.
|
|
# See the Sentry documentation for more details on options.
|
|
|
|
#sentryForBackend:
|
|
# enableNodeProfiling: true
|
|
# options:
|
|
# dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0'
|
|
|
|
#sentryForFrontend:
|
|
# vueIntegration:
|
|
# tracingOptions:
|
|
# trackComponents: true
|
|
# browserTracingIntegration:
|
|
# replayIntegration:
|
|
# options:
|
|
# dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0'
|
|
|
|
# ┌─────────────────────┐
|
|
#───┘ Other configuration └─────────────────────────────────────
|
|
|
|
# Whether disable HSTS
|
|
#disableHsts: true
|
|
|
|
# Number of worker processes
|
|
#clusterLimit: 1
|
|
|
|
# Job concurrency per worker
|
|
# deliverJobConcurrency: 128
|
|
# inboxJobConcurrency: 16
|
|
|
|
# Job rate limiter
|
|
# deliverJobPerSec: 128
|
|
# inboxJobPerSec: 32
|
|
|
|
# Job attempts
|
|
# deliverJobMaxAttempts: 12
|
|
# inboxJobMaxAttempts: 8
|
|
|
|
# IP address family used for outgoing request (ipv4, ipv6 or dual)
|
|
#outgoingAddressFamily: ipv4
|
|
|
|
# Amount of characters that can be used when writing notes. Longer notes will be rejected. (minimum: 1)
|
|
#maxNoteLength: 3000
|
|
# Amount of characters that will be saved for remote notes. Longer notes will be truncated to this length. (minimum: 1)
|
|
#maxRemoteNoteLength: 100000
|
|
# Amount of characters that can be used when writing content warnings. Longer warnings will be rejected. (minimum: 1)
|
|
#maxCwLength: 500
|
|
# Amount of characters that will be saved for remote content warnings. Longer warnings will be truncated to this length. (minimum: 1)
|
|
#maxRemoteCwLength: 5000
|
|
# Amount of characters that can be used when writing media descriptions (alt text). Longer descriptions will be rejected. (minimum: 1)
|
|
#maxAltTextLength: 20000
|
|
# Amount of characters that will be saved for remote media descriptions (alt text). Longer descriptions will be truncated to this length. (minimum: 1)
|
|
#maxRemoteAltTextLength: 100000
|
|
|
|
# Proxy for HTTP/HTTPS
|
|
#proxy: http://127.0.0.1:3128
|
|
|
|
#proxyBypassHosts: [
|
|
# 'example.com',
|
|
# '192.0.2.8'
|
|
#]
|
|
|
|
# Proxy for SMTP/SMTPS
|
|
#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT
|
|
#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
|
|
#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
|
|
|
|
# Media Proxy
|
|
#mediaProxy: https://example.com/proxy
|
|
|
|
# Sign outgoing ActivityPub GET request (default: true)
|
|
signToActivityPubGet: true
|
|
# Sign outgoing ActivityPub Activities (default: true)
|
|
# Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity.
|
|
# When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances.
|
|
# This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests.
|
|
attachLdSignatureForRelays: true
|
|
# check that inbound ActivityPub GET requests are signed ("authorized fetch")
|
|
checkActivityPubGetSignature: false
|
|
|
|
#allowedPrivateNetworks: [
|
|
# '127.0.0.1/32'
|
|
#]
|
|
|
|
#customMOTD: ['Hello World', 'The sharks rule all', 'Shonks']
|
|
|
|
# Disable automatic redirect for ActivityPub object lookup. (default: false)
|
|
# This is a strong defense against potential impersonation attacks if the viewer instance has inadequate validation.
|
|
# However it will make it impossible for other instances to lookup third-party user and notes through your URL.
|
|
#disallowExternalApRedirect: true
|
|
|
|
# Upload or download file size limits (bytes)
|
|
#maxFileSize: 262144000
|
|
|
|
# timeout (in milliseconds) and maximum size for imports (e.g. note imports)
|
|
#import:
|
|
# downloadTimeout: 30000
|
|
# maxFileSize: 262144000
|
|
|
|
# PID File of master process
|
|
#pidFile: /tmp/misskey.pid
|
|
|
|
# CHMod-style permission bits to apply to uploaded files.
|
|
# Permission bits are specified as a base-8 string representing User/Group/Other permissions.
|
|
# This setting is only useful for custom deployments, such as using a reverse proxy to serve media.
|
|
#filePermissionBits: '644'
|
|
|
|
# Log settings
|
|
# logging:
|
|
# sql:
|
|
# # Outputs query parameters during SQL execution to the log.
|
|
# # default: false
|
|
# enableQueryParamLogging: false
|
|
# # Disable query truncation. If set to true, the full text of the query will be output to the log.
|
|
# # default: false
|
|
# disableQueryTruncation: false
|