forked from mirrors/catstodon
Jeremy Kescher
21a0804210
The CatCatNya~ production config has an IP retention period of one day. That will cause suspicious login emails to be sent out simply because we don't have any known IP data. Therefore, add an option disabling it.
320 lines
10 KiB
Text
320 lines
10 KiB
Text
# This is a sample configuration file. You can generate your configuration
|
||
# with the `rake mastodon:setup` interactive setup wizard, but to customize
|
||
# your setup even further, you'll need to edit it manually. This sample does
|
||
# not demonstrate all available configuration options. Please look at
|
||
# https://docs.joinmastodon.org/admin/config/ for the full documentation.
|
||
|
||
# Note that this file accepts slightly different syntax depending on whether
|
||
# you are using `docker-compose` or not. In particular, if you use
|
||
# `docker-compose`, the value of each declared variable will be taken verbatim,
|
||
# including surrounding quotes.
|
||
# See: https://github.com/mastodon/mastodon/issues/16895
|
||
|
||
# Federation
|
||
# ----------
|
||
# This identifies your server and cannot be changed safely later
|
||
# ----------
|
||
LOCAL_DOMAIN=example.com
|
||
|
||
# Use this only if you need to run mastodon on a different domain than the one used for federation.
|
||
# You can read more about this option on https://docs.joinmastodon.org/admin/config/#web-domain
|
||
# DO *NOT* USE THIS UNLESS YOU KNOW *EXACTLY* WHAT YOU ARE DOING.
|
||
# WEB_DOMAIN=mastodon.example.com
|
||
|
||
# Use this if you want to have several aliases handler@example1.com
|
||
# handler@example2.com etc. for the same user. LOCAL_DOMAIN should not
|
||
# be added. Comma separated values
|
||
# ALTERNATE_DOMAINS=example1.com,example2.com
|
||
|
||
# Use HTTP proxy for outgoing request (optional)
|
||
# http_proxy=http://gateway.local:8118
|
||
# Access control for hidden service.
|
||
# ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
|
||
|
||
# Authorized fetch mode (optional)
|
||
# Require remote servers to authentify when fetching toots, see
|
||
# https://docs.joinmastodon.org/admin/config/#authorized_fetch
|
||
# AUTHORIZED_FETCH=true
|
||
|
||
# Limited federation mode (optional)
|
||
# Only allow federation with specific domains, see
|
||
# https://docs.joinmastodon.org/admin/config/#whitelist_mode
|
||
# LIMITED_FEDERATION_MODE=true
|
||
|
||
# Redis
|
||
# -----
|
||
REDIS_HOST=localhost
|
||
REDIS_PORT=6379
|
||
|
||
|
||
# PostgreSQL
|
||
# ----------
|
||
DB_HOST=/var/run/postgresql
|
||
DB_USER=mastodon
|
||
DB_NAME=mastodon_production
|
||
DB_PASS=
|
||
DB_PORT=5432
|
||
|
||
|
||
# Elasticsearch (optional)
|
||
# ------------------------
|
||
#ES_ENABLED=true
|
||
#ES_HOST=localhost
|
||
#ES_PORT=9200
|
||
# Authentication for ES (optional)
|
||
#ES_USER=elastic
|
||
#ES_PASS=password
|
||
|
||
|
||
# Secrets
|
||
# -------
|
||
# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web bundle exec rake secret` if you use docker compose)
|
||
# -------
|
||
SECRET_KEY_BASE=
|
||
OTP_SECRET=
|
||
|
||
|
||
# Web Push
|
||
# --------
|
||
# Generate with `rake mastodon:webpush:generate_vapid_key` (first is the private key, second is the public one)
|
||
# You should only generate this once per instance. If you later decide to change it, all push subscription will
|
||
# be invalidated, requiring the users to access the website again to resubscribe.
|
||
# --------
|
||
VAPID_PRIVATE_KEY=
|
||
VAPID_PUBLIC_KEY=
|
||
|
||
|
||
# Registrations
|
||
# -------------
|
||
|
||
# Single user mode will disable registrations and redirect frontpage to the first profile
|
||
# SINGLE_USER_MODE=true
|
||
|
||
# Prevent registrations with following e-mail domains
|
||
# EMAIL_DOMAIN_DENYLIST=example1.com|example2.de|etc
|
||
|
||
# Only allow registrations with the following e-mail domains
|
||
# EMAIL_DOMAIN_ALLOWLIST=example1.com|example2.de|etc
|
||
|
||
#TODO move this
|
||
# Optionally change default language
|
||
# DEFAULT_LOCALE=de
|
||
|
||
|
||
# Sending mail
|
||
# ------------
|
||
SMTP_SERVER=
|
||
SMTP_PORT=587
|
||
SMTP_LOGIN=
|
||
SMTP_PASSWORD=
|
||
SMTP_FROM_ADDRESS=notifications@example.com
|
||
|
||
|
||
# File storage (optional)
|
||
# -----------------------
|
||
# The attachment host must allow cross origin request from WEB_DOMAIN or
|
||
# LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the
|
||
# following header field:
|
||
# Access-Control-Allow-Origin: https://192.168.1.123:9000/
|
||
# -----------------------
|
||
#S3_ENABLED=true
|
||
#S3_BUCKET=files.example.com
|
||
#AWS_ACCESS_KEY_ID=
|
||
#AWS_SECRET_ACCESS_KEY=
|
||
#S3_ALIAS_HOST=files.example.com
|
||
|
||
# Swift (optional)
|
||
# The attachment host must allow cross origin request - see the description
|
||
# above.
|
||
# SWIFT_ENABLED=true
|
||
# SWIFT_USERNAME=
|
||
# For Keystone V3, the value for SWIFT_TENANT should be the project name
|
||
# SWIFT_TENANT=
|
||
# SWIFT_PASSWORD=
|
||
# Some OpenStack V3 providers require PROJECT_ID (optional)
|
||
# SWIFT_PROJECT_ID=
|
||
# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid
|
||
# issues with token rate-limiting during high load.
|
||
# SWIFT_AUTH_URL=
|
||
# SWIFT_CONTAINER=
|
||
# SWIFT_OBJECT_URL=
|
||
# SWIFT_REGION=
|
||
# Defaults to 'default'
|
||
# SWIFT_DOMAIN_NAME=
|
||
# Defaults to 60 seconds. Set to 0 to disable
|
||
# SWIFT_CACHE_TTL=
|
||
|
||
# Optional asset host for multi-server setups
|
||
# The asset host must allow cross origin request from WEB_DOMAIN or LOCAL_DOMAIN
|
||
# if WEB_DOMAIN is not set. For example, the server may have the
|
||
# following header field:
|
||
# Access-Control-Allow-Origin: https://example.com/
|
||
# CDN_HOST=https://assets.example.com
|
||
|
||
# Optional list of hosts that are allowed to serve media for your instance
|
||
# This is useful if you include external media in your custom CSS or about page,
|
||
# or if your data storage provider makes use of redirects to other domains.
|
||
# EXTRA_DATA_HOSTS=https://data.example1.com|https://data.example2.com
|
||
|
||
# Optional alias for S3 (e.g. to serve files on a custom domain, possibly using Cloudfront or Cloudflare)
|
||
# S3_ALIAS_HOST=
|
||
|
||
# Streaming API integration
|
||
# STREAMING_API_BASE_URL=
|
||
|
||
|
||
# External authentication (optional)
|
||
# ----------------------------------
|
||
# LDAP authentication (optional)
|
||
# LDAP_ENABLED=true
|
||
# LDAP_HOST=localhost
|
||
# LDAP_PORT=389
|
||
# LDAP_METHOD=simple_tls
|
||
# LDAP_BASE=
|
||
# LDAP_BIND_DN=
|
||
# LDAP_PASSWORD=
|
||
# LDAP_UID=cn
|
||
# LDAP_MAIL=mail
|
||
# LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email}))
|
||
# LDAP_UID_CONVERSION_ENABLED=true
|
||
# LDAP_UID_CONVERSION_SEARCH=., -
|
||
# LDAP_UID_CONVERSION_REPLACE=_
|
||
|
||
# PAM authentication (optional)
|
||
# PAM authentication uses for the email generation the "email" pam variable
|
||
# and optional as fallback PAM_DEFAULT_SUFFIX
|
||
# The pam environment variable "email" is provided by:
|
||
# https://github.com/devkral/pam_email_extractor
|
||
# PAM_ENABLED=true
|
||
# Fallback email domain for email address generation (LOCAL_DOMAIN by default)
|
||
# PAM_EMAIL_DOMAIN=example.com
|
||
# Name of the pam service (pam "auth" section is evaluated)
|
||
# PAM_DEFAULT_SERVICE=rpam
|
||
# Name of the pam service used for checking if an user can register (pam "account" section is evaluated) (nil (disabled) by default)
|
||
# PAM_CONTROLLED_SERVICE=rpam
|
||
|
||
# Global OAuth settings (optional) :
|
||
# If you have only one strategy, you may want to enable this
|
||
# OAUTH_REDIRECT_AT_SIGN_IN=true
|
||
|
||
# Optional CAS authentication (cf. omniauth-cas) :
|
||
# CAS_ENABLED=true
|
||
# CAS_URL=https://sso.myserver.com/
|
||
# CAS_HOST=sso.myserver.com/
|
||
# CAS_PORT=443
|
||
# CAS_SSL=true
|
||
# CAS_VALIDATE_URL=
|
||
# CAS_CALLBACK_URL=
|
||
# CAS_LOGOUT_URL=
|
||
# CAS_LOGIN_URL=
|
||
# CAS_UID_FIELD='user'
|
||
# CAS_CA_PATH=
|
||
# CAS_DISABLE_SSL_VERIFICATION=false
|
||
# CAS_UID_KEY='user'
|
||
# CAS_NAME_KEY='name'
|
||
# CAS_EMAIL_KEY='email'
|
||
# CAS_NICKNAME_KEY='nickname'
|
||
# CAS_FIRST_NAME_KEY='firstname'
|
||
# CAS_LAST_NAME_KEY='lastname'
|
||
# CAS_LOCATION_KEY='location'
|
||
# CAS_IMAGE_KEY='image'
|
||
# CAS_PHONE_KEY='phone'
|
||
|
||
# Optional SAML authentication (cf. omniauth-saml)
|
||
# SAML_ENABLED=true
|
||
# SAML_ACS_URL=http://localhost:3000/auth/auth/saml/callback
|
||
# SAML_ISSUER=https://example.com
|
||
# SAML_IDP_SSO_TARGET_URL=https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO
|
||
# SAML_IDP_CERT=
|
||
# SAML_IDP_CERT_FINGERPRINT=
|
||
# SAML_NAME_IDENTIFIER_FORMAT=
|
||
# SAML_CERT=
|
||
# SAML_PRIVATE_KEY=
|
||
# SAML_SECURITY_WANT_ASSERTION_SIGNED=true
|
||
# SAML_SECURITY_WANT_ASSERTION_ENCRYPTED=true
|
||
# SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
|
||
# SAML_ATTRIBUTES_STATEMENTS_UID="urn:oid:0.9.2342.19200300.100.1.1"
|
||
# SAML_ATTRIBUTES_STATEMENTS_EMAIL="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
|
||
# SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.16.840.1.113730.3.1.241"
|
||
# SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME="urn:oid:2.5.4.42"
|
||
# SAML_ATTRIBUTES_STATEMENTS_LAST_NAME="urn:oid:2.5.4.4"
|
||
# SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
|
||
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
|
||
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
|
||
|
||
|
||
# Custom settings
|
||
# ---------------
|
||
# Various ways to customize Mastodon's behavior
|
||
# ---------------
|
||
|
||
# Maximum allowed character count
|
||
MAX_TOOT_CHARS=500
|
||
|
||
# Maximum allowed hashtags to follow in a feed column
|
||
# Note that setting this value higher may cause significant
|
||
# database load
|
||
MAX_FEED_HASHTAGS=4
|
||
|
||
# Maximum number of pinned posts
|
||
MAX_PINNED_TOOTS=5
|
||
|
||
# Maximum allowed bio characters
|
||
MAX_BIO_CHARS=500
|
||
|
||
# Maximim number of profile fields allowed
|
||
MAX_PROFILE_FIELDS=4
|
||
|
||
# Maximum allowed display name characters
|
||
MAX_DISPLAY_NAME_CHARS=30
|
||
|
||
# Minimum allowed poll options. (Minimum of 1)
|
||
MIN_POLL_OPTIONS=2
|
||
|
||
# Maximum allowed poll options
|
||
MAX_POLL_OPTIONS=5
|
||
|
||
# Maximum allowed poll option characters
|
||
MAX_POLL_OPTION_CHARS=100
|
||
|
||
# Maximum number of emoji reactions per toot and user (minimum 1)
|
||
MAX_REACTIONS=1
|
||
|
||
# Maximum image and video/audio upload sizes
|
||
# Units are in bytes
|
||
# 1048576 bytes equals 1 megabyte
|
||
# MAX_IMAGE_SIZE=8388608
|
||
# MAX_VIDEO_SIZE=41943040
|
||
|
||
# Maximum search results to display
|
||
# Only relevant when elasticsearch is installed
|
||
# MAX_SEARCH_RESULTS=20
|
||
|
||
# Maximum hashtags to display
|
||
# Customize the number of hashtags shown in 'Explore'
|
||
# MAX_TRENDING_TAGS=10
|
||
|
||
# Maximum custom emoji file sizes
|
||
# If undefined or smaller than MAX_EMOJI_SIZE, the value
|
||
# of MAX_EMOJI_SIZE will be used for MAX_REMOTE_EMOJI_SIZE
|
||
# Units are in bytes
|
||
# MAX_EMOJI_SIZE=262144
|
||
# MAX_REMOTE_EMOJI_SIZE=262144
|
||
|
||
# Optional hCaptcha support
|
||
# HCAPTCHA_SECRET_KEY=
|
||
# HCAPTCHA_SITE_KEY=
|
||
|
||
# IP and session retention
|
||
# -----------------------
|
||
# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml (already applied for Catstodon)
|
||
# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
|
||
# -----------------------
|
||
IP_RETENTION_PERIOD=31556952
|
||
SESSION_RETENTION_PERIOD=31556952
|
||
|
||
# In case you've shortened IP retention a lot, you may want to disable the suspicious sign in detector entirely,
|
||
# in order to avoid spurious "suspicious login detected" emails being sent to users.
|
||
# The default is true, because for the default retention period of one year, there is good data for such emails.
|
||
# For instances having a retention period of merely a day, that may not be enough, so you may set it to false.
|
||
#ENABLE_SUSPICIOUS_SIGN_IN=false
|