gotosocial/example/config.yaml

#  GoToSocial
#  Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org

#  This program is free software: you can redistribute it and/or modify
#  it under the terms of the GNU Affero General Public License as published by
#  the Free Software Foundation, either version 3 of the License, or
#  (at your option) any later version.

#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU Affero General Public License for more details.

#  You should have received a copy of the GNU Affero General Public License
#  along with this program.  If not, see <http://www.gnu.org/licenses/>.

###########################
##### GENERAL CONFIG ######
###########################

# String. Log level to use throughout the application. Must be lower-case.
# Options: ["trace","debug","info","warn","error","fatal"]
# Default: "info"
logLevel: "info"

# String. Application name to use internally.
# Examples: ["My Application","gotosocial"]
# Default: "gotosocial"
applicationName: "gotosocial"

# String. Hostname that this server will be reachable at. Defaults to localhost for local testing,
# but you should *definitely* change this when running for real, or your server won't work at all.
# DO NOT change this after your server has already run once, or you will break things!
# Examples: ["gts.example.org","some.server.com"]
# Default: "localhost"
host: "localhost"

# String. Domain to use when federating profiles. This is useful when you want your server to be at
# eg., "gts.example.org", but you want the domain on accounts to be "example.org" because it looks better
# or is just shorter/easier to remember.
# To make this setting work properly, you need to redirect requests at "example.org/.well-known/webfinger"
# to "gts.example.org/.well-known/webfinger" so that GtS can handle them properly.
# You should also redirect requests at "example.org/.well-known/nodeinfo" in the same way.
# An empty string (ie., not set) means that the same value as 'host' will be used.
# DO NOT change this after your server has already run once, or you will break things!
# Examples: ["example.org","server.com"]
# Default: ""
accountDomain: ""

# String. Protocol to use for the server. Only change to http for local testing!
# This should be the protocol part of the URI that your server is actually reachable on. So even if you're
# running GoToSocial behind a reverse proxy that handles SSL certificates for you, instead of using built-in
# letsencrypt, it should still be https.
# Options: ["http","https"]
# Default: "https"
protocol: "https"

# Int. Listen port for the GoToSocial webserver + API. If you're running behind a reverse proxy and/or in a docker,
# container, just set this to whatever you like (or leave the default), and make sure it's forwarded properly.
# If you are running with built-in letsencrypt enabled, and running GoToSocial directly on a host machine, you will
# probably want to set this to 443 (standard https port), unless you have other services already using that port.
# This *MUST NOT* be the same as the letsencrypt port specified below, unless letsencrypt is turned off.
# Examples: [443, 6666, 8080]
# Default: 8080
port: 8080

# Array of string. CIDRs or IP addresses of proxies that should be trusted when determining real client IP from behind a reverse proxy.
# If you're running inside a Docker container behind Traefik or Nginx, for example, add the subnet of your docker network,
# or the gateway of the docker network, and/or the address of the reverse proxy (if it's not running on the host network).
# Example: ["127.0.0.1/32", "172.20.0.1"]
# Default: ["127.0.0.1/32"] (localhost)
trustedProxies:
  - "127.0.0.1/32"

############################
##### DATABASE CONFIG ######
############################

# Config pertaining to the Gotosocial database connection
db:

  # String. Database type.
  # Options: ["postgres"]
  # Default: "postgres"
  type: "postgres"

  # String. Database address. Can be either an ipv4 address or a hostname.
  # Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110"]
  # Default: "localhost"
  address: "127.0.0.1"

  # Int. Port for database connection.
  # Examples: [5432, 1234, 6969]
  # Default: 5432
  port: 5432

  # String. Username for the database connection.
  # Examples: ["mydbuser","postgres","gotosocial"]
  # Default: "postgres"
  user: "postgres"

  # REQUIRED
  # String. Password to use for the database connection
  # Examples: ["password123","verysafepassword","postgres"]
  # Default: "postgres"
  password: "postgres"

  # String. Name of the database to use within the provided database type.
  # Examples: ["mydb","postgres","gotosocial"]
  # Default: "postgres"
  database: "postgres"

  # String. Disable, enable, or require SSL/TLS connection to the database.
  # If "disable" then no TLS connection will be attempted.
  # If "enable" then TLS will be tried, but the database certificate won't be checked (for self-signed certs).
  # If "require" then TLS will be required to make a connection, and a valid certificate must be presented.
  # Options: ["disable", "enable", "require"]
  # Default: "disable"
  tlsMode: "disable"

  # String. Path to a CA certificate on the host machine for db certificate validation.
  # If this is left empty, just the host certificates will be used.
  # If filled in, the certificate will be loaded and added to host certificates.
  # Examples: ["/path/to/some/cert.crt"]
  # Default: ""
  tlsCACert: ""

###############################
##### WEB TEMPLATE CONFIG #####
###############################

# Config pertaining to templating of web pages/email notifications and the like
template:

  # String. Directory from which gotosocial will attempt to load html templates (.tmpl files).
  # Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
  # Default: "./web/template/"
  baseDir: "./web/template/"

  # String. Directory from which gotosocial will attempt to serve static web assets (images, scripts).
  # Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
  # Default: "./web/assets/"
  assetBaseDir: "./web/assets/"

###########################
##### ACCOUNTS CONFIG #####
###########################

# Config pertaining to creation and maintenance of accounts on the server, as well as defaults for new accounts.
accounts:

  # Bool. Do we want people to be able to just submit sign up requests, or do we want invite only?
  # Options: [true, false]
  # Default: true
  openRegistration: true

  # Bool. Do sign up requests require approval from an admin/moderator before an account can sign in/use the server?
  # Options: [true, false]
  # Default: true
  requireApproval: true

  # Bool. Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)?
  # Options: [true, false]
  # Default: true
  reasonRequired: true

########################
##### MEDIA CONFIG #####
########################

# Config pertaining to user media uploads (videos, image, image descriptions).
media:

  # Int. Maximum allowed image upload size in bytes.
  # Examples: [2097152, 10485760]
  # Default: 2097152 -- aka 2MB
  maxImageSize: 2097152

  # Int. Maximum allowed video upload size in bytes.
  # Examples: [2097152, 10485760]
  # Default: 10485760 -- aka 10MB
  maxVideoSize: 10485760

  # Int. Minimum amount of characters required as an image or video description.
  # Examples: [500, 1000, 1500]
  # Default: 0 (not required)
  minDescriptionChars: 0

  # Int. Maximum amount of characters permitted in an image or video description.
  # Examples: [500, 1000, 1500]
  # Default: 500
  maxDescriptionChars: 500

##########################
##### STORAGE CONFIG #####
##########################

# Config pertaining to storage of user-created uploads (videos, images, etc).
storage:

  # String. Type of storage backend to use.
  # Examples: ["local", "s3"]
  # Default: "local" (storage on local disk)
  # NOTE: s3 storage is not yet supported!
  backend: "local"

  # String. Directory to use as a base path for storing files.
  # Make sure whatever user/group gotosocial is running as has permission to access
  # this directly, and create new subdirectories and files with in.
  # Examples: ["/home/gotosocial/storage", "/opt/gotosocial/datastorage"]
  # Default: "/gotosocial/storage"
  basePath: "/gotosocial/storage"

  # String. Protocol to use for serving stored files.
  # It's very unlikely that you'll need to change this ever, but there might be edge cases.
  # Examples: ["http", "https"]
  serveProtocol: "https"

  # String. Host for serving stored files.
  # If you're using local storage, this should be THE SAME as the value you've set for Host, above.
  # It should only be a different value if you're serving stored files from a host
  # other than the one your instance is running on.
  # Examples: ["localhost", "example.org"]
  # Default: "localhost" -- you should absolutely change this.
  serveHost: "localhost"

  # String. Base path for serving stored files. This will be added to serveHost and serveProtocol
  # to form the prefix url of your stored files. Eg., https://example.org/fileserver/.....
  # It's unlikely that you will need to change this.
  # Examples: ["/fileserver", "/media"]
  # Default: "/fileserver"
  serveBasePath: "/fileserver"

###########################
##### STATUSES CONFIG #####
###########################

# Config pertaining to the creation of statuses/posts, and permitted limits.
statuses:

  # Int. Maximum amount of characters permitted for a new status.
  # Note that going way higher than the default might break federation.
  # Examples: [140, 500, 5000]
  # Default: 5000
  maxChars: 5000

  # Int. Maximum amount of characters allowed in the CW/subject header of a status.
  # Note that going way higher than the default might break federation.
  # Examples: [100, 200]
  # Default: 100
  cwMaxChars: 100

  # Int. Maximum amount of options to permit when creating a new poll.
  # Note that going way higher than the default might break federation.
  # Examples: [4, 6, 10]
  # Default: 6
  pollMaxOptions: 6

  # Int. Maximum amount of characters to permit per poll option when creating a new poll.
  # Note that going way higher than the default might break federation.
  # Examples: [50, 100, 150]
  # Default: 50
  pollOptionMaxChars: 50

  # Int. Maximum amount of media files that can be attached to a new status.
  # Note that going way higher than the default might break federation.
  # Examples: [4, 6, 10]
  # Default: 6
  maxMediaFiles: 6

##############################
##### LETSENCRYPT CONFIG #####
##############################

# Config pertaining to the automatic acquisition and use of LetsEncrypt HTTPS certificates.
letsEncrypt:

  # Bool. Whether or not letsencrypt should be enabled for the server.
  # If false, the rest of the settings here will be ignored.
  # You should only change this if you want to serve GoToSocial behind a reverse proxy
  # like Traefik, HAProxy, or Nginx.
  # Options: [true, false]
  # Default: true
  enabled: true

  # Int. Port to listen for letsencrypt certificate challenges on.
  # If letsencrypt is enabled, this port must be reachable or you won't be able to obtain certs.
  # If letsencrypt is disabled, this port will not be used.
  # This *must not* be the same as the webserver/API port specified above.
  # Examples: [80, 8000, 1312]
  # Default: 80
  port: 80

  # String. Directory in which to store LetsEncrypt certificates.
  # It is a good move to make this a sub-path within your storage directory, as it makes
  # backup easier, but you might wish to move them elsewhere if they're also accessed by other services.
  # In any case, make sure GoToSocial has permissions to write to / read from this directory.
  # Examples: ["/home/gotosocial/storage/certs", "/acmecerts"]
  # Default: "/gotosocial/storage/certs"
  certDir: "/gotosocial/storage/certs"

  # String. Email address to use when registering LetsEncrypt certs.
  # Most likely, this will be the email address of the instance administrator.
  # LetsEncrypt will send notifications about expiring certificates etc to this address.
  # Examples: ["admin@example.org"]
  # Default: ""
  emailAddress: ""

#######################
##### OIDC CONFIG #####
#######################

# Config for authentication with an external OIDC provider (Dex, Google, Auth0, etc).
oidc:

  # Bool. Enable authentication with external OIDC provider. If set to true, then
  # the other OIDC options must be set as well. If this is set to false, then the standard
  # internal oauth flow will be used, where users sign in to GtS with username/password.
  # Options: [true, false]
  # Default: false
  enabled: false

  # String. Name of the oidc idp (identity provider). This will be shown to users when
  # they log in.
  # Examples: ["Google", "Dex", "Auth0"]
  # Default: ""
  idpName: ""

  # Bool. Skip the normal verification flow of tokens returned from the OIDC provider, ie.,
  # don't check the expiry or signature. This should only be used in debugging or testing,
  # never ever in a production environment as it's extremely unsafe!
  # Options: [true, false]
  # Default: false
  skipVerification: false

  # String. The OIDC issuer URI. This is where GtS will redirect users to for login.
  # Typically this will look like a standard web URL.
  # Examples: ["https://auth.example.org", "https://example.org/auth"]
  # Default: ""
  issuer: ""

  # String. The ID for this client as registered with the OIDC provider.
  # Examples: ["some-client-id", "fda3772a-ad35-41c9-9a59-f1943ad18f54"]
  # Default: ""
  clientID: ""

  # String. The secret for this client as registered with the OIDC provider.
  # Examples: ["super-secret-business", "79379cf5-8057-426d-bb83-af504d98a7b0"]
  # Default: ""
  clientSecret: ""

  # Array of string. Scopes to request from the OIDC provider. The returned values will be used to
  # populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required.
  # 'profile' is used to extract a username for the newly created user.
  # 'groups' is optional and can be used to determine if a user is an admin (if they're in the group 'admin' or 'admins').
  # Examples: See eg., https://auth0.com/docs/scopes/openid-connect-scopes
  # Default: ["openid", "email", "profile", "groups"]
  scopes:
    - "openid"
    - "email"
    - "profile"
    - "groups"