path: root/.config/ci.yml

#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# Sharkey configuration
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

#   ┌──────────────────────────────┐
#───┘ a boring but important thing └────────────────────────────

#
# First of all, let me tell you a story that may possibly be
# boring to you and possibly important to you.
#
# Sharkey is licensed under the AGPLv3 license. This license is
# known to be often misunderstood.  Please read the following
# instructions carefully and select the appropriate option so
# that you do not negligently cause a license violation.
#

# --------
# Option 1: If you host Sharkey AS-IS (without any changes to
#           the source code. forks are not included).
#
# Step 1: Congratulations! You don't need to do anything.

# --------
# Option 2: If you have made changes to the source code (forks
#           are included) and publish a Git repository of source
#           code.  There should be no access restrictions on
#           this repository.  Strictly speaking, it doesn't have
#           to be a Git repository, but you'll probably use Git!
#
# Step 1: Build and run the Sharkey server first.
# Step 2: Open <https://your.sharkey.example/admin/settings> in
#         your browser with the administrator account.
# Step 3: Enter the URL of your Git repository in the
#         "Repository URL" field.

# --------
# Option 3: If neither of the above applies to you.
#           (In this case, the source code should be published
#           on the Sharkey interface.  IT IS NOT ENOUGH TO
#           DISCLOSE THE SOURCE CODE WHEN A USER REQUESTS IT BY
#           E-MAIL OR OTHER MEANS.  If you are not satisfied
#           with this, it is recommended that you read the
#           license again carefully.  Anyway, enabling this
#           option will automatically generate and publish a
#           tarball at build time, protecting you from
#           inadvertent license violations. (There is no legal
#           guarantee, of course.)  The tarball will generated
#           from the root directory of your codebase.  So it is
#           also recommended to check <built/tarball> directory
#           once after building and before activating the server
#           to avoid ACCIDENTAL LEAKING OF SENSITIVE INFORMATION.
#           To prevent certain files from being included in the
#           tarball, add a glob pattern after line 15 in
#           <scripts/tarball.mjs>.  DO NOT FORGET TO BUILD AFTER
#           ENABLING THIS OPTION!)
#
# Step 1: Uncomment the following line.
#
# publishTarballInsteadOfProvideRepositoryUrl: true

#   ┌────────────────────────┐
#───┘ Initial Setup Password └─────────────────────────────────────────────────────

# Password to initiate setting up admin account.
# It will not be used after the initial setup is complete.
#
# Be sure to change this when you set up Sharkey via the Internet.
#
# The provider of the service who sets up Sharkey on behalf of the customer should
# set this value to something unique when generating the Sharkey config file,
# and provide it to the customer.
#
# setupPassword: example_password_please_change_this_or_you_will_get_hacked

#   ┌─────┐
#───┘ URL └─────────────────────────────────────────────────────

# Final accessible URL seen by a user.
url: http://misskey.local

# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
# URL SETTINGS AFTER THAT!

#   ┌───────────────────────┐
#───┘ Port and TLS settings └───────────────────────────────────

#
# Sharkey requires a reverse proxy to support HTTPS connections.
#
#                 +----- https://example.tld/ ------------+
#   +------+      |+-------------+      +----------------+|
#   | User | ---> || Proxy (443) | ---> | Sharkey (3000) ||
#   +------+      |+-------------+      +----------------+|
#                 +---------------------------------------+
#
#   You need to set up a reverse proxy. (e.g. nginx)
#   An encrypted connection with HTTPS is highly recommended
#   because tokens may be transferred in GET requests.

# The port that your Sharkey server should listen on.
port: 3000

#   ┌──────────────────────────┐
#───┘ PostgreSQL configuration └────────────────────────────────

db:
  host: postgres
  port: 5432

  # Database name
  db: postgres

  # Auth
  user: postgres
  pass: ci

  ## Log a warning to the server console if any query takes longer than this to complete.
  ## Measured in milliseconds; set to 0 to disable. (default: 300)
  #slowQueryThreshold: 300

  # If false, then query results will be cached in redis.
  # If true (default), then queries will not be cached.
  # This will reduce database load at the cost of increased Redis traffic and risk of bugs and unpredictable behavior.
  #disableCache: false

  # Extra Connection options
  #extra:
  #  ssl: true
  #  # Set a higher value if you have timeout issues during migration
  #  statement_timeout: 10000


dbReplications: false

# You can configure any number of replicas here
#dbSlaves:
#  -
#    host:
#    port:
#    db:
#    user:
#    pass:
#  -
#    host:
#    port:
#    db:
#    user:
#    pass:

#   ┌─────────────────────┐
#───┘ Redis configuration └─────────────────────────────────────

redis:
  host: redis
  port: 6379
  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
  #pass: example-pass
  #prefix: example-prefix
  #db: 1

#redisForPubsub:
#  host: redis
#  port: 6379
#  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
#  #pass: example-pass
#  #prefix: example-prefix
#  #db: 1

#redisForJobQueue:
#  host: redis
#  port: 6379
#  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
#  #pass: example-pass
#  #prefix: example-prefix
#  #db: 1

#redisForTimelines:
#  host: redis
#  port: 6379
#  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
#  #pass: example-pass
#  #prefix: example-prefix
#  #db: 1

#redisForRateLimit:
#  host: localhost
#  port: 6379
#  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
#  #pass: example-pass
#  #prefix: example-prefix
#  #db: 1
#  # You can specify more ioredis options...
#  #username: example-username

#   ┌───────────────────────────────┐
#───┘ Fulltext search configuration └─────────────────────────────

# These are the setting items for the full-text search provider.
fulltextSearch:
  # You can select the ID generation method.
  # - sqlLike (default)
  #   Use SQL-like search.
  #   This is a standard feature of PostgreSQL, so no special extensions are required.
  # - sqlPgroonga
  #   Use pgroonga.
  #   You need to install pgroonga and configure it as a PostgreSQL extension.
  #   In addition to the above, you need to create a pgroonga index on the text column of the note table.
  #   see: https://pgroonga.github.io/tutorial/
  # - meilisearch
  #   Use Meilisearch.
  #   You need to install Meilisearch and configure.
  provider: sqlLike

# For Meilisearch settings.
# If you select "meilisearch" for "fulltextSearch.provider", it must be set.
# You can set scope to local or global (default value)
# (include notes from remote).

#meilisearch:
#  host: meilisearch
#  port: 7700
#  apiKey: ''
#  ssl: true
#  index: ''
#  scope: global

#   ┌───────────────┐
#───┘ ID generation └───────────────────────────────────────────

# You can select the ID generation method.
# You don't usually need to change this setting, but you can
# change it according to your preferences.

# Available methods:
# aid ... Short, Millisecond accuracy
# aidx ... Millisecond accuracy
# meid ... Similar to ObjectID, Millisecond accuracy
# ulid ... Millisecond accuracy
# objectid ... This is left for backward compatibility

# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
# ID SETTINGS AFTER THAT!

id: 'aidx'

#   ┌─────────────────────┐
#───┘ Other configuration └─────────────────────────────────────

# Whether disable HSTS
#disableHsts: true

# Number of worker processes
#clusterLimit: 1

# Job concurrency per worker
# deliverJobConcurrency: 128
# inboxJobConcurrency: 16
# relashionshipJobConcurrency: 16
#  What's relashionshipJob?:
#   Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations.

# Job rate limiter
# deliverJobPerSec: 128
# inboxJobPerSec: 32
# relashionshipJobPerSec: 64

# Job attempts
# deliverJobMaxAttempts: 12
# inboxJobMaxAttempts: 8

# Local address used for outgoing requests
#outgoingAddress: 127.0.0.1

# IP address family used for outgoing request (ipv4, ipv6 or dual)
#outgoingAddressFamily: ipv4

# Amount of characters that can be used when writing notes. Longer notes will be rejected. (minimum: 1)
#maxNoteLength: 3000
# Amount of characters that will be saved for remote notes. Longer notes will be truncated to this length. (minimum: 1)
#maxRemoteNoteLength: 100000
# Amount of characters that can be used when writing content warnings. Longer warnings will be rejected. (minimum: 1)
#maxCwLength: 500
# Amount of characters that will be saved for remote content warnings. Longer warnings will be truncated to this length. (minimum: 1)
#maxRemoteCwLength: 5000
# Amount of characters that can be used when writing media descriptions (alt text). Longer descriptions will be rejected. (minimum: 1)
#maxAltTextLength: 20000
# Amount of characters that will be saved for remote media descriptions (alt text). Longer descriptions will be truncated to this length. (minimum: 1)
#maxRemoteAltTextLength: 100000

# Proxy for HTTP/HTTPS
#proxy: http://127.0.0.1:3128

proxyBypassHosts:
  - api.deepl.com
  - api-free.deepl.com
  - www.recaptcha.net
  - hcaptcha.com
  - challenges.cloudflare.com

# Proxy for SMTP/SMTPS
#proxySmtp: http://127.0.0.1:3128   # use HTTP/1.1 CONNECT
#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5

# Path to the directory that uploaded media will be saved to
# Defaults to a folder called "files" in the Sharkey directory
#mediaDirectory: /var/lib/sharkey

# Media Proxy
#mediaProxy: https://example.com/proxy

# Proxy remote files (default: true)
# Proxy remote files by this instance or mediaProxy to prevent remote files from running in remote domains.
proxyRemoteFiles: true

# Movie Thumbnail Generation URL
# There is no reference implementation.
# For example, Sharkey will point to the following URL:
#   https://example.com/thumbnail.webp?thumbnail=1&url=https%3A%2F%2Fstorage.example.com%2Fpath%2Fto%2Fvideo.mp4
#videoThumbnailGenerator: https://example.com

# Sign outgoing ActivityPub GET request (default: true)
signToActivityPubGet: true
# Sign outgoing ActivityPub Activities (default: true)
# Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity.
# When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances.
# This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests.
attachLdSignatureForRelays: true

# For security reasons, uploading attachments from the intranet is prohibited,
# but exceptions can be made from the following settings. Default value is "undefined".
# Read changelog to learn more (Improvements of 12.90.0 (2021/09/04)).
# Some example configurations:
#allowedPrivateNetworks:
#  # Allow connections to 127.0.0.1 on any port
#  - '127.0.0.1/32'
#  # Allow connections to 127.0.0.* on any port
#  - '127.0.0.1/24'
#  # Allow connections to 127.0.0.1 on any port
#  - '127.0.0.1'
#  # Allow connections to 127.0.0.1 on any port
#  - network: '127.0.0.1'
#  # Allow connections to 127.0.0.1 on port 80
#  - network: '127.0.0.1'
#    ports: [80]
#  # Allow connections to 127.0.0.1 on port 80 or 443
#  - network: '127.0.0.1'
#    ports:
#      - 80
#      - 443

#customMOTD: ['Hello World', 'The sharks rule all', 'Shonks']

# Disable automatic redirect for ActivityPub object lookup. (default: false)
# This is a strong defense against potential impersonation attacks if the viewer instance has inadequate validation.
# However it will make it impossible for other instances to lookup third-party user and notes through your URL.
#disallowExternalApRedirect: true

# Upload or download file size limits (bytes)
#maxFileSize: 262144000

# CHMod-style permission bits to apply to uploaded files.
# Permission bits are specified as a base-8 string representing User/Group/Other permissions.
# This setting is only useful for custom deployments, such as using a reverse proxy to serve media.
#filePermissionBits: '644'

# Log settings
# logging:
#   sql:
#     # Outputs query parameters during SQL execution to the log.
#     # default: false
#     enableQueryParamLogging: false
#     # Disable query truncation. If set to true, the full text of the query will be output to the log.
#     # default: false
#     disableQueryTruncation: false
#   # Shows debug log messages after instance startup. To capture earlier debug logs, set the MK_VERBOSE environment variable.
#   # default: false in production, true otherwise.
#   #verbose: false

# Settings for the activity logger, which records inbound activities to the database.
# Disabled by default due to the large volume of data it saves.
#activityLogging:
  # Log activities to the database (default: false)
  #enabled: false

  # Save the activity before processing, then update later with the results.
  # This has the advantage of capturing activities that cause a hard-crash, but doubles the number of queries used.
  # Default: false
  #preSave: false

  # How long to save each log entry before deleting it.
  # Default: 2592000000 (1 week)
  #maxAge: 2592000000