YunoHost-Apps/diaspora_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/diaspora_ynh.git synced 2024-09-03 16:26:13 +00:00
Code Issues Activity Actions 1

diaspora.yml -> diaspora.toml

Browse source
This commit is contained in:
Félix Piédallu 2024-07-01 02:07:18 +02:00
parent 1c8c734582
commit 0bf906f5ba
5 changed files with 616 additions and 667 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

598
conf/diaspora.toml Normal file
View file

@ -0,0 +1,598 @@
## Some notes about this file:
## - All comments start with a double #
## - All settings are commented out with a single #
## To change the default settings, you need both to uncomment the lines
## AND, in most cases, to change the value that is given.
## - Take care to keep proper quoting. All " must have a matching " at
## the end of the same line. The same goes for '
## - The values true, false and numbers should have no quote marks.
## Everything else should.
##
## You can set and/or override all these settings through environment variables
## with the following conversion rules:
## - Strip the top level namespace (configuration, production, etc.)
## - Build the path to the setting, for example environment.s3.enable
## - Replace the dots with underscores: environment_s3_enable
## - Convert to upper case: ENVIRONMENT_S3_ENABLE
## - Specify lists/arrays as comma-separated values
##
## - For example, on Heroku:
## heroku config:set SERVICES_TWITTER_KEY=yourkey SERVICES_TWITTER_SECRET=yoursecret
## You need to change or at least review the settings in this section
## in order for your pod to work.
[configuration.environment]
## Set the hostname of the machine you're running Diaspora on, as seen
## from the internet. This should be the URL you want to use to
## access the pod. So if you plan to use a reverse proxy, it should be
## the URL the proxy listens on. DO NOT CHANGE THIS AFTER INITIAL SETUP!
## However changing http to https is okay and has no consequences.
## If you do change the URL, you will have to start again as the URL
## will be hardcoded into the database.
url = "https://__DOMAIN__"
## Set the bundle of certificate authorities (CA) certificates.
## This is specific to your operating system.
## Examples (uncomment the relevant one or add your own):
## For Debian, Ubuntu, Archlinux, Gentoo (package ca-certificates):
certificate_authorities = "/etc/ssl/certs/ca-certificates.crt"
## For CentOS, Fedora:
# certificate_authorities = "/etc/pki/tls/certs/ca-bundle.crt"
## URL for a remote Redis (default="localhost").
## Don't forget to restrict IP access if you uncomment these!
#redis = "redis://example_host"
#redis = "redis://username:password@host:6379/0"
#redis = "unix:///tmp/redis.sock"
## Require SSL (default=true).
## When set, your pod will force the use of HTTPS in production mode.
## Since OAuth2 requires SSL, Diaspora's future API might not work if
## you're not using SSL. Also there is no guarantee that posting to
## services will be possible if SSL is disabled.
## Do not change this default unless you are sure!
#require_ssl = true
## Set redirect URL for an external image host (Amazon S3 or other).
## If hosting images for your pod on an external server (even your own),
## add its URL here. All requests made to images under /uploads/images
## will be redirected to https://images.example.org/uploads/images/
#image_redirect_url = "https://images.example.org"
## Pubsub server (default="https://pubsubhubbub.appspot.com/"").
## Diaspora is only tested against the default pubsub server.
## You probably don't want to uncomment or change this.
#pubsub_server = "https://pubsubhubbub.appspot.com/"
## Sidekiq - background processing
[configuration.environment.sidekiq]
## Number of parallel threads Sidekiq uses (default=5).
## If you touch this, please set the pool setting in your database.yml
## to a value that's at minimum close to this! You can safely increase
## it to 25 and more on a medium-sized pod. This applies per started
## Sidekiq worker, so if you set it to 25 and start two workers, you'll
## process up to 50 jobs in parallel.
#concurrency = 5
## Number of times a job is retried (default=10).
## There's an exponential effect to this: if you set this too high you
## might get too many jobs building up in the queue.
## Set it to 0 to disable it completely.
#retry = 10
## Lines of backtrace that are stored on failure (default=15).
## Set n to the required value. Set this to false to reduce Redis memory
## usage (and log size) if you're not interested in this data.
#backtrace = 15
## Number of jobs to keep in the dead queue (default=5000).
## Jobs get into the dead queue after they failed and exhausted all retries.
## Increasing this setting will increase the memory usage of Redis.
## Once gone from the dead queue, a failed job is permanently lost and
## cannot be retried manually.
#dead_jobs_limit = 1000
## Number of seconds a job remains in the dead queue (default=3628800 (six weeks)).
## Jobs get into the dead queue after they failed and exhausted all retries.
## Increasing this setting will increase the memory usage of Redis.
## Once gone from the dead queue, a failed job is permanently lost and
## cannot be retried manually.
#dead_jobs_timeout = 15552000 # 6 months
## Log file for Sidekiq (default="log/sidekiq.log")
#log = "log/sidekiq.log"
## Use Amazon S3 instead of your local filesystem
## to handle uploaded pictures (disabled by default).
[configuration.environment.s3]
#enable = true
#key = "change_me"
#secret = "change_me"
#bucket = "my_photos"
#region = "us-east-1"
## Use max-age header on Amazon S3 resources (default=true).
## When true, this allows locally cached images to be served for up to
## one year. This can improve load speed and save requests to the image
## host. Set to false to revert to browser defaults (usually less than
## one year).
#cache = true
[configuration.environment.assets]
## Serve static assets via the appserver (default=false).
## This is highly discouraged for production use. Let your reverse
## proxy/webserver do it by serving the files under public/ directly.
#serve = false
## Upload your assets to S3 (default=false).
#upload = false
## Specify an asset host. Ensure it does not have a trailing slash (/).
#host = "http://cdn.example.org/diaspora"
## Logger configuration
[configuration.environment.logging]
## Roll the application log on a daily basis (default=true).
#logrotate.enable = true
## The number of days to keep (default=7)
#logrotate.days = 7
## Enables the debug-logging for SQL (default=false)
## This logs every SQL-statement!
#debug.sql = true
## Enables the federation-debug-log (default=false)
## This logs all XMLs that are used for the federation
#debug.federation = true
## Settings affecting how ./script/server behaves.
[configuration.server]
## Where the appserver should listen to (default="unix://tmp/diaspora.sock")
#listen = "unix://tmp/diaspora.sock"
listen = "unix:///run/__APP__/diaspora.sock"
#listen = "tcp://127.0.0.1:3000"
## Set the path for the PID file of the web master process (default=tmp/pids/web.pid)
pid = "/run/__APP__/diaspora.pid"
## Rails environment (default="development").
## The environment in which the server should be started by default.
## Change this to "production" if you wish to run a production environment.
rails_environment = "production"
## Write web stderr and stdout log.
stderr_log = "log/web-stderr.log"
stdout_log = "log/web-stdout.log"
## Number of seconds before a request is aborted (default=90).
## Increase if you get empty responses, or if large image uploads fail.
## Decrease if you're under heavy load and don't care if some
## requests fail.
#web_timeout = 90
## Number of Sidekiq worker processes (default=1).
## In most cases it is better to
## increase environment.sidekiq.concurrency instead!
#sidekiq_workers = 1
## Displays the location of a post in a map.
## If you enable this setting you use the map tiles of https://www.mapbox.com
## which is reliable. There you have to create an account to get
## an access token which is limited. If you want to get an unlimited account
## you can write an email to team@diasporafoundation.org.
## Please enable mapbox and fill out your access_token.
[configuration.map.mapbox]
#enabled = false
#access_token = "youraccesstoken"
#style = "mapbox/streets-v11"
## Settings potentially affecting the privacy of your users.
[configuration.privacy]
## Include jQuery from jquery.com's CDN (default=false).
## Enabling this can reduce traffic and speed up load time since most
## clients already have this one cached. When set to false (the default),
## the jQuery library will be loaded from your pod's own resources.
#jquery_cdn = false
## Google Analytics (disabled by default).
## Provide a key to enable tracking by Google Analytics.
#google_analytics_key = "yourkey"
## Piwik Tracking (disabled by default).
## Provide a site ID and the host piwik is running on to enable
## tracking through Piwik.
#piwik.enable = true
#piwik.host = "stats.example.org"
#piwik.site_id = 1
## Statistics
## Your pod will report its name, software version and whether
## or not registrations are open via /statistics and NodeInfo.
## Uncomment the options below to enable more statistics.
[configuration.privacy.statistics]
## Local user total and 6 month active counts.
#user_counts = true
## Local post total count.
#post_counts = true
#comment_counts = true
## Use Camo to proxy embedded remote images.
## Do not enable this setting unless you have a working Camo setup. Using
## camo to proxy embedded images will improve the privacy and security of
## your pod's frontend, but it will increase the traffic on your server.
## Check out https://wiki.diasporafoundation.org/Installation/Camo for
## more details and installation instructions.
[configuration.privacy.camo]
## Proxy images embedded via markdown (default=false).
## Embedded images are quite often from non-SSL sites and may cause a
## partial content warning, so this is recommended.
#proxy_markdown_images = true
## Proxy Open Graph thumbnails (default=false).
## Open Graph thumbnails may or may not be encrypted and loaded from
## servers outside the network. Recommended.
#proxy_opengraph_thumbnails = true
## Proxy remote pod's images (default=false).
## Profile pictures and photos from other pods usually are encrypted,
## so enabling this is only useful if you want to avoid HTTP requests to
## third-party servers. This will create a lot of traffic on your camo
## instance. You have been warned.
#proxy_remote_pod_images = true
## Root of your Camo installation
#root = "https://example.com/camo/"
## Shared key of your Camo installation
#key = "example123example456example!"
## General settings
[configuration.settings]
## Pod name (default="diaspora*")
## The pod name displayed in various locations, including the header.
#pod_name = "diaspora*"
## Allow registrations (default=true)
## Set this to false to prevent people from signing up to your pod
## without an invitation. Note that this needs to be set to true
## (or commented out) to enable the first registration (you).
enable_registrations = false
## Show local posts stream (default="disabled")
## If any other setting than disabled local public posts
## created on this pod can be shown.
## Setting this to admins shows the local posts stream only to users with the admin role.
## Setting this to moderators shows the local posts stream only to users with the moderator or admin role.
## Setting this to everyone shows the local posts stream to all users.
# enable_local_posts_stream= "disabled"|"admins"|"moderators"|"everyone"
## Auto-follow on sign-up (default=true)
## Users will automatically follow a specified account on creation.
## Set this to false if you don't want your users to automatically
## follow an account upon creation.
#autofollow_on_join = true
## Auto-follow account (default="hq@pod.diaspora.software")
## The diaspora* HQ account keeps users up to date with news about Diaspora.
## If you set another auto-follow account (for example your podmin account),
## please consider resharing diaspora* HQ's posts for your pod's users!
#autofollow_on_join_user = "hq@pod.diaspora.software"
## Liberapay.com is a free platform which allow donations like patreon
## Set your username to include your Liberapay button
#liberapay_username = "change_me"
## Bitcoin donations
## You can provide a bitcoin address here to allow your users to provide
## donations towards the running of their pod.
#bitcoin_address = "change_me"
## Source code URL
## URL to the source code your pod is currently running.
## If not set your pod will provide a downloadable archive.
source_url = "https://github.com/diaspora/diaspora"
## Changelog URL
## URL to the changelog of the diaspora-version your pod is currently running.
## If not set an auto-generated url to github is used.
#changelog_url = "https://github.com/diaspora/diaspora/blob/master/Changelog.md"
## Default color theme
## You can change which color theme is displayed when a user is not signed in
## or has not selected any color theme from the available ones. You simply have
## to enter the name of the theme's folder in "app/assets/stylesheets/color_themes/".
## ("original" for the theme in "app/assets/stylesheets/color_themes/original/", for
## example).
#default_color_theme = "original"
## CURL debug (default=false)
## Turn on extra verbose output when sending stuff. Note: you
## don't need to touch this unless explicitly told to.
#typhoeus_verbose = false
## Maximum number of parallel HTTP requests made to other pods (default=20)
## Be careful, raising this setting will heavily increase the memory usage
## of your Sidekiq workers.
#typhoeus_concurrency = 20
## Maximum number of parallel user data import/export jobs (default=1)
## Be careful, imports and exports of big/old profiles can use a lot of memory,
## running many of them in parallel can be a problem for small servers.
#archive_jobs_concurrency = 1
## Welcome Message settings
[configuration.settings.welcome_message]
## Welcome Message on registration (default=false)
## Send a message to new users after registration
## to tell them about your pod and how things
## are handled on it.
#enabled = false
## Welcome Message subject (default="Welcome Message")
## The subject of the conversation that is started
## by your welcome message.
#subject = "Welcome Message"
## Welcome Message text (default="Hello %{username}, welcome to diaspora*.")
## The content of your welcome message.
## The placeholder "%{username}" will be replaced by the username
## of the new user.
#text = "Hello %{username}, welcome to diaspora*."
## Invitation settings
[configuration.settings.invitations]
## Enable invitations (default=true)
## Set this to false if you don't want users to be able to send invites.
#open = true
## Number of invitations per invite link (default=25)
## Every user will see such a link if you have enabled
## invitations on your pod.
#count = 25
## Paypal donations (disabled by default)
## You can set details for a Paypal button here to allow donations
## towards running the pod.
## First, enable the function, then set the currency in which you
## wish to receive donations, and **either** a hosted button id
## **or** an encrypted key for an unhosted button.
[configuration.settings.paypal_donations]
#enable = false
## Currency used (USD, EUR...)
#currency = "USD"
## Hosted Paypal button ID
#paypal_hosted_button_id = "change_me"
## OR encrypted key of unhosted button
#paypal_unhosted_button_encrypted = "-----BEGIN PKCS7-----"
## Community spotlight (disabled by default)
## The community spotlight shows new users public posts from people you
## think are interesting in Diaspora's community. To add an account
## to the community spotlight add the "spotlight" role to it.
[configuration.settings.community_spotlight]
#enable = true
## E-mail address to which users can make suggestions about who
## should be in the community spotlight (optional).
#suggest_email = "admin@example.org"
## Captcha settings
[configuration.settings.captcha]
## Enable captcha (default=true)
## Set this to false if you don't want to use captcha for signup process.
#enable = true
## Captcha image size (default="120x20")
#image_size = "120x20"
## Length of captcha text (default=5)(max=12)
#captcha_length = 5
## Captcha image style (default="simply_green")
## Available options for captcha image styles are: "simply_blue",
## "simply_red" "simply_green", "charcoal_grey", "embossed_silver",
## "all_black", "distorted_black", "almost_invisible", "random".
#image_style = "simply_green"
## Captcha image distortion (default="low")
## Sets the level of image distortion used in the captcha.
## Available options are: "low", "medium", "high", "random".
#distortion = "low"
## Terms of Service
## Show a default or customized terms of service for users.
## You can create a custom Terms of Service by placing a template
## as app/views/terms/terms.haml or app/views/terms/terms.erb
## The default terms of service that can be extended is
## at app/views/terms/default.haml
## NOTE! The default terms have not been checked over by a lawyer and
## thus are unlikely to provide full legal protection for all situations
## for a podmin using them. They are also not specific to all countries
## and jurisdictions. If you are unsure, please check with a lawyer.
## We provide these for podmins as some basic rules that podmins
## can communicate to users easily via the diaspora* server software.
## Uncomment to enable this feature.
[configuration.settings.terms]
## First enable it by uncommenting below.
#enable = true
## Important! If you enable the terms, you should always
## set a location under which laws any disputes are governed
## under. For example, country or state/country, depending
## on the country in question.
## If this is not set, the whole paragraph about governing
## laws *is not shown* in the terms page.
#jurisdiction = ""
## Age limit for signups.
## Set a number to activate this setting. This age limit is shown
## in the default ToS document.
#minimum_age = false
## Maintenance
## Various pod maintenance related settings are controlled from here.
[configuration.settings.maintenance]
## Removing old inactive users can be done automatically by background
## processing. The amount of inactivity is set by `after_days`. A warning
## email will be sent to the user and after an additional `warn_days`, the
## account will be automatically closed.
## This maintenance is not enabled by default.
#remove_old_users.enable = true
#remove_old_users.after_days = 730
#remove_old_users.warn_days = 30
#remove_old_users.limit_removals_to_per_day = 100 ## Limit queuing for removal per day.
## Default meta tags
## You can change here the default meta tags content included on the pages of your pod.
## Title will be used for the opengraph og:site_name property while description will be used
## for description and og:description.
[configuration.settings.default_metas]
#title = "diaspora* social network"
#description = "diaspora* is the online social world where you are in control."
## CSP (Content Security Policy) header
## CSP allows limiting origins from where resources are allowed to be loaded. This
## improves security, since it helps to detect and mitigate cross-site scripting
## and data injection attacks. The default policy of diaspora* allows all third
## party domains from services that are included in diaspora*, like OEmbed
## scripts, so you can safely activate it by setting `report_only` to false. If
## you customized diaspora* (edited templates or added own JS), additional work
## may be required. You can test the policy with the `report_uri`. Our default CSP
## does not work with Google analytics or Piwik, because they inject JS code that
## is blocked by CSP.
[configuration.settings.csp]
## Report-Only header (default=false)
## By default diaspora* adds a "Content-Security-Policy" header. If you set
## this to true, the "Content-Security-Policy-Report-Only" header is added instead.
#report_only = true
## CSP report URI
## You can set an URI here, where the user agent reports violations as JSON document via a POST request.
#report_uri = "/csp_violation_reports"
## Posting from Diaspora to external services (all are disabled by default).
[configuration.services]
## OAuth credentials for Twitter
#twitter.enable = true
#twitter.key = "change_me"
#twitter.secret = "change_me"
## OAuth credentials for Tumblr
#tumblr.enable = true
#tumblr.key = "change_me"
#tumblr.secret = "change_me"
## OAuth credentials for Wordpress
#wordpress.enable = true
#wordpress.client_id = "change_me"
#wordpress.secret = "change_me"
## Allow your pod to send emails for notifications, password recovery
## and other purposes (disabled by default).
[configuration.mail]
## First you need to enable it.
enable = true
## Sender address used in mail sent by Diaspora.
sender_address = "no-reply@__DOMAIN__"
## This selects which mailer should be used. Use "smtp" for a smtp
## connection or "sendmail" to use the sendmail binary.
method = "smtp"
## Ignored if method isn't "smtp".
[configuration.mail.smtp]
## Host and port of the smtp server handling outgoing mail.
## This should match the common name of the certificate sent by
## the SMTP server, if it sends one. (default port=587)
host = "localhost"
port = 25
## Authentication required to send mail (default="plain").
## Use one of "plain", "login" or "cram_md5". Use "none"
## if server does not support authentication.
authentication = "plain"
## Credentials to log in to the SMTP server.
## May be necessary if authentication is not "none".
username = "__APP__"
password = "__MAIL_PWD__"
## Automatically enable TLS (default=true).
## Leave this commented out if authentication is set to "none".
#starttls_auto = true
## The domain for the HELO command, if needed.
domain = "__DOMAIN__"
## OpenSSL verify mode used when connecting to a SMTP server with TLS (default="peer").
## Set this to "none" if and only if you have a self-signed certificate.
## Possible values: "none", "peer".
openssl_verify_mode = "none"
## Ignored if method isn't "sendmail".
[configuration.mail.sendmail]
## The path to the sendmail binary (default="/usr/sbin/sendmail")
#location = "/usr/sbin/sendmail"
## Use exim and sendmail (default=false)
#exim_fix = false
## Administrator settings
[configuration.admins]
## Set the admin account.
## This doesn't make the user an admin but is used when a generic
## admin contact is needed, much like the postmaster role in mail
## systems. Set only the username, NOT the full ID.
account = "__ADMIN__"
## E-mail address via which the administrator can be contacted.
podmin_email = "__ADMIN_MAIL__"
## Advanced - ignore unless you know better
## You can override settings defined above if you need
## them to be different in different environments. "configuration"
## in the namespaces above refers to all environments, replace it with a
## specific environment here.
[production]
#environment.redis = "redis://production.example.org:6379"
[production.mail.sendmail]
#location = "/usr/local/bin/sendmail"
[development]
#environment.redis = "redis://dev.example.org:6379"
[development.mail.sendmail]
#location = "/opt/bin/sendmail"

657
conf/diaspora.yml
View file

@ -1,657 +0,0 @@
## Some notes about this file:
## - All comments start with a double #
## - All settings are commented out with a single #
## To change the default settings, you need both to uncomment the lines
## AND, in most cases, to change the value that is given.
## - Take care to keep proper indentation, that is by simply deleting
## the original #, with no additional space before the setting's name.
## - Take care to keep proper quoting. All ' must have a matching ' at
## the end of the same line. The same goes for "
## - Lines containing "## Section" are section headings. Do not edit them!
## - Lists need the space after the -
## - The values true, false and numbers should have no quote marks.
## Single words don't need quote marks, but it doesn't do any harm to have them.
##
## You can set and/or override all these settings through environment variables
## with the following conversion rules:
## - Strip the top level namespace (configuration, production, etc.)
## - Build the path to the setting, for example environment.s3.enable
## - Replace the dots with underscores: environment_s3_enable
## - Convert to upper case: ENVIRONMENT_S3_ENABLE
## - Specify lists/arrays as comma-separated values
##
## - For example, on Heroku:
## heroku config:set SERVICES_TWITTER_KEY=yourkey SERVICES_TWITTER_SECRET=yoursecret
configuration: ## Section
## You need to change or at least review the settings in this section
## in order for your pod to work.
environment: ## Section
## Set the hostname of the machine you're running Diaspora on, as seen
## from the internet. This should be the URL you want to use to
## access the pod. So if you plan to use a reverse proxy, it should be
## the URL the proxy listens on. DO NOT CHANGE THIS AFTER INITIAL SETUP!
## However changing http to https is okay and has no consequences.
## If you do change the URL, you will have to start again as the URL
## will be hardcoded into the database.
url: "https://__DOMAIN__"
## Set the bundle of certificate authorities (CA) certificates.
## This is specific to your operating system.
## Examples (uncomment the relevant one or add your own):
## For Debian, Ubuntu, Archlinux, Gentoo (package ca-certificates):
certificate_authorities: '/etc/ssl/certs/ca-certificates.crt'
## For CentOS, Fedora:
#certificate_authorities: '/etc/pki/tls/certs/ca-bundle.crt'
## URL for a remote Redis (default=localhost).
## Don't forget to restrict IP access if you uncomment these!
#redis: 'redis://example_host'
#redis: 'redis://username:password@host:6379/0'
#redis: 'unix:///tmp/redis.sock'
## Require SSL (default=true).
## When set, your pod will force the use of HTTPS in production mode.
## Since OAuth2 requires SSL, Diaspora's future API might not work if
## you're not using SSL. Also there is no guarantee that posting to
## services will be possible if SSL is disabled.
## Do not change this default unless you are sure!
#require_ssl: true
## Single-process mode (default=false).
## If set to true, Diaspora will work with just the appserver (Unicorn by
## default) running. However, this makes it quite slow as intensive jobs
## must be run all the time inside the request cycle. We strongly
## recommended you leave this disabled for production setups.
## Set to true to enable.
#single_process_mode: false
## Sidekiq - background processing
sidekiq: ## Section
## Number of parallel threads Sidekiq uses (default=5).
## If you touch this, please set the pool setting in your database.yml
## to a value that's at minimum close to this! You can safely increase
## it to 25 and more on a medium-sized pod. This applies per started
## Sidekiq worker, so if you set it to 25 and start two workers, you'll
## process up to 50 jobs in parallel.
#concurrency: 5
## Number of times a job is retried (default=10).
## There's an exponential effect to this: if you set this too high you
## might get too many jobs building up in the queue.
## Set it to 0 to disable it completely.
#retry: 10
## Lines of backtrace that are stored on failure (default=15).
## Set n to the required value. Set this to false to reduce Redis memory
## usage (and log size) if you're not interested in this data.
#backtrace: 15
## Number of jobs to keep in the dead queue (default=5000).
## Jobs get into the dead queue after they failed and exhausted all retries.
## Increasing this setting will increase the memory usage of Redis.
## Once gone from the dead queue, a failed job is permanently lost and
## cannot be retried manually.
# dead_jobs_limit: 1000
## Number of seconds a job remains in the dead queue (default=3628800 (six weeks)).
## Jobs get into the dead queue after they failed and exhausted all retries.
## Increasing this setting will increase the memory usage of Redis.
## Once gone from the dead queue, a failed job is permanently lost and
## cannot be retried manually.
# dead_jobs_timeout: 15552000 # 6 months
## Log file for Sidekiq (default="log/sidekiq.log")
#log: "log/sidekiq.log"
## Use Amazon S3 instead of your local filesystem
## to handle uploaded pictures (disabled by default).
s3: ## Section
#enable: true
#key: 'change_me'
#secret: 'change_me'
#bucket: 'my_photos'
#region: 'us-east-1'
## Use max-age header on Amazon S3 resources (default=true).
## When true, this allows locally cached images to be served for up to
## one year. This can improve load speed and save requests to the image
## host. Set to false to revert to browser defaults (usually less than
## one year).
#cache : true
## Set redirect URL for an external image host (Amazon S3 or other).
## If hosting images for your pod on an external server (even your own),
## add its URL here. All requests made to images under /uploads/images
## will be redirected to https://yourhost.tld/uploads/images/
#image_redirect_url: 'https://images.example.org'
assets: ## Section
## Serve static assets via the appserver (default=false).
## This is highly discouraged for production use. Let your reverse
## proxy/webserver do it by serving the files under public/ directly.
#serve: false
## Upload your assets to S3 (default=false).
#upload: false
## Specify an asset host. Ensure it does not have a trailing slash (/).
#host: http://cdn.example.org/diaspora
## Pubsub server (default='https://pubsubhubbub.appspot.com/').
## Diaspora is only tested against the default pubsub server.
## You probably don't want to uncomment or change this.
#pubsub_server: 'https://pubsubhubbub.appspot.com/'
## Logger configuration
logging: ## Section
logrotate: ## Section
## Roll the application log on a daily basis (default=true).
#enable: true
## The number of days to keep (default=7)
#days: 7
## Debug logging
debug: ## Section
## Enables the debug-logging for SQL (default=false)
## This logs every SQL-statement!
#sql: true
## Enables the federation-debug-log (default=false)
## This logs all XMLs that are used for the federation
#federation: true
## Settings affecting how ./script/server behaves.
server: ## Section
## Where the appserver should listen to (default=unix:tmp/diaspora.sock)
#listen: 'unix:tmp/diaspora.sock'
#listen: 'unix:/run/diaspora/diaspora.sock'
#listen: '127.0.0.1:3000'
listen: unix:/run/__APP__/diaspora.sock
## Set the path for the PID file of the unicorn master process (default=tmp/pids/web.pid)
pid: '/run/__APP__/diaspora.pid'
## Rails environment (default='development').
## The environment in which the server should be started by default.
## Change this to 'production' if you wish to run a production environment.
rails_environment: 'production'
## Write unicorn stderr and stdout log.
stderr_log: 'log/unicorn-stderr.log'
stdout_log: 'log/unicorn-stdout.log'
## Number of Unicorn worker processes (default=2).
## Increase this if you have many users.
#unicorn_worker: 2
## Number of seconds before a request is aborted (default=90).
## Increase if you get empty responses, or if large image uploads fail.
## Decrease if you're under heavy load and don't care if some
## requests fail.
#unicorn_timeout: 90
## Embed a Sidekiq worker inside the unicorn process (default=false).
## Useful for minimal Heroku setups.
#embed_sidekiq_worker: false
## Number of Sidekiq worker processes (default=1).
## In most cases it is better to
## increase environment.sidekiq.concurrency instead!
#sidekiq_workers: 1
## Displays the location of a post in a map. Per default we are using the map
## tiles of the Heidelberg University (http://giscience.uni-hd.de).
## You also have the possibility to use the map tiles of https://www.mapbox.com
## which is probably more reliable. There you have to create an account to get
## an access token which is limited. If you want to get an unlimited account
## you can write an email to team@diasporafoundation.org.
## Please enable mapbox and fill out your access_token.
map: ##Section
mapbox:
#enabled: false
#access_token: "youraccesstoken"
#style: "mapbox/streets-v9"
## Settings potentially affecting the privacy of your users.
privacy: ## Section
## Include jQuery from jquery.com's CDN (default=false).
## Enabling this can reduce traffic and speed up load time since most
## clients already have this one cached. When set to false (the default),
## the jQuery library will be loaded from your pod's own resources.
#jquery_cdn: false
## Google Analytics (disabled by default).
## Provide a key to enable tracking by Google Analytics.
#google_analytics_key:
## Piwik Tracking (disabled by default).
## Provide a site ID and the host piwik is running on to enable
## tracking through Piwik.
# TODO ? Check implications...
piwik: ## Section
#enable: true
#host: 'stats.example.org'
#site_id: 1
## Statistics
## Your pod will report its name, software version and whether
## or not registrations are open via /statistics and NodeInfo.
## Uncomment the options below to enable more statistics.
statistics: ## Section
## Local user total and 6 month active counts.
#user_counts: true
## Local post total count.
#post_counts: true
#comment_counts: true
## Use Camo to proxy embedded remote images.
## Do not enable this setting unless you have a working Camo setup. Using
## camo to proxy embedded images will improve the privacy and security of
## your pod's frontend, but it will increase the traffic on your server.
## Check out https://wiki.diasporafoundation.org/Installation/Camo for
## more details and installation instructions.
camo: ## Section
## Proxy images embedded via markdown (default=false).
## Embedded images are quite often from non-SSL sites and may cause a
## partial content warning, so this is recommended.
#proxy_markdown_images: true
## Proxy Open Graph thumbnails (default=false).
## Open Graph thumbnails may or may not be encrypted and loaded from
## servers outside the network. Recommended.
#proxy_opengraph_thumbnails: true
## Proxy remote pod's images (default=false).
## Profile pictures and photos from other pods usually are encrypted,
## so enabling this is only useful if you want to avoid HTTP requests to
## third-party servers. This will create a lot of traffic on your camo
## instance. You have been warned.
#proxy_remote_pod_images: true
## Root of your Camo installation
#root: "https://example.com/camo/"
## Shared key of your Camo installation
#key: "example123example456example!"
## General settings
settings: ## Section
## Pod name (default="diaspora*")
## The pod name displayed in various locations, including the header.
#pod_name: "diaspora*"
## Allow registrations (default=true)
## Set this to false to prevent people from signing up to your pod
## without an invitation. Note that this needs to be set to true
## (or commented out) to enable the first registration (you).
# TODO ynh settings
enable_registrations: false
## Auto-follow on sign-up (default=true)
## Users will automatically follow a specified account on creation.
## Set this to false if you don't want your users to automatically
## follow an account upon creation.
#autofollow_on_join: true
## Auto-follow account (default='hq@pod.diaspora.software')
## The diaspora* HQ account keeps users up to date with news about Diaspora.
## If you set another auto-follow account (for example your podmin account),
## please consider resharing diaspora* HQ's posts for your pod's users!
#autofollow_on_join_user: 'hq@pod.diaspora.software'
## Welcome Message settings
welcome_message: ##Section
## Welcome Message on registration (default=false)
## Send a message to new users after registration
## to tell them about your pod and how things
## are handled on it.
#enabled: false
## Welcome Message subject (default='Welcome Message')
## The subject of the conversation that is started
## by your welcome message.
#subject: "Welcome Message"
## Welcome Message text (default='Hello %{username}, welcome to diaspora.')
## The content of your welcome message.
## The placeholder "%{username}" will be replaced by the username
## of the new user.
#text: "Hello %{username}, welcome to diaspora."
## Invitation settings
invitations: ## Section
## Enable invitations (default=true)
## Set this to false if you don't want users to be able to send invites.
#open: true
## Number of invitations per invite link (default=25)
## Every user will see such a link if you have enabled
## invitations on your pod.
#count: 25
## Paypal donations (disabled by default)
## You can set details for a Paypal button here to allow donations
## towards running the pod.
## First, enable the function, then set the currency in which you
## wish to receive donations, and **either** a hosted button id
## **or** an encrypted key for an unhosted button.
paypal_donations: ## Section
#enable: false
## Currency used (USD, EUR...)
#currency: USD
## hosted Paypal button id
#paypal_hosted_button_id: "change_me"
## OR encrypted key of unhosted button
#paypal_unhosted_button_encrypted: "-----BEGIN PKCS7-----"
## Liberapay.com is a free platform which allow donations like patreon
## Set your username to include your liberapay button
# liberapay_username: "change_me"
## Bitcoin donations
## You can provide a bitcoin address here to allow your users to provide
## donations towards the running of their pod.
#bitcoin_address: "change_me"
## Community spotlight (disabled by default)
## The community spotlight shows new users public posts from people you
## think are interesting in Diaspora's community. To add an account
## to the community spotlight add the 'spotlight' role to it.
community_spotlight: ## Section
#enable: true
## E-mail address to which users can make suggestions about who
## should be in the community spotlight (optional).
#suggest_email: 'admin@example.org'
## CURL debug (default=false)
## Turn on extra verbose output when sending stuff. Note: you
## don't need to touch this unless explicitly told to.
#typhoeus_verbose: false
## Maximum number of parallel HTTP requests made to other pods (default=20)
## Be careful, raising this setting will heavily increase the memory usage
## of your Sidekiq workers.
#typhoeus_concurrency: 20
## Maximum number of parallel user data export jobs (default=1)
## Be careful, exports of big/old profiles can use a lot of memory, running
## many of them in parallel can be a problem for small servers.
#export_concurrency: 1
## Captcha settings
captcha: ## Section
## Enable captcha (default=true)
## Set this to false if you don't want to use captcha for signup process.
#enable: true
## Captcha image size (default='120x20')
#image_size: '120x20'
## Length of captcha text (default=5)(max=12)
#captcha_length: 5
## Captcha image style (default='simply_green')
## Available options for captcha image styles are: 'simply_blue',
## 'simply_red' 'simply_green', 'charcoal_grey', 'embossed_silver',
## 'all_black', 'distorted_black', 'almost_invisible', 'random'.
#image_style: 'simply_green'
## Captcha image distortion (default='low')
## Sets the level of image distortion used in the captcha.
## Available options are: 'low', 'medium', 'high', 'random'.
#distortion: 'low'
## Terms of Service
## Show a default or customized terms of service for users.
## You can create a custom Terms of Service by placing a template
## as app/views/terms/terms.haml or app/views/terms/terms.erb
## The default terms of service that can be extended is
## at app/views/terms/default.haml
## NOTE! The default terms have not been checked over by a lawyer and
## thus are unlikely to provide full legal protection for all situations
## for a podmin using them. They are also not specific to all countries
## and jurisdictions. If you are unsure, please check with a lawyer.
## We provide these for podmins as some basic rules that podmins
## can communicate to users easily via the diaspora* server software.
## Uncomment to enable this feature.
terms: ## Section
## First enable it by uncommenting below.
#enable: true
## Important! If you enable the terms, you should always
## set a location under which laws any disputes are governed
## under. For example, country or state/country, depending
## on the country in question.
## If this is not set, the whole paragraph about governing
## laws *is not shown* in the terms page.
#jurisdiction: ""
## Age limit for signups.
## Set a number to activate this setting. This age limit is shown
## in the default ToS document.
#minimum_age: false
## Maintenance
## Various pod maintenance related settings are controlled from here.
maintenance: ## Section
## Removing old inactive users can be done automatically by background
## processing. The amount of inactivity is set by `after_days`. A warning
## email will be sent to the user and after an additional `warn_days`, the
## account will be automatically closed.
## This maintenance is not enabled by default.
remove_old_users: ## Section
#enable: true
#after_days: 730
#warn_days: 30
## Limit queuing for removal per day.
#limit_removals_to_per_day: 100
## Source code URL
## URL to the source code your pod is currently running.
## If not set your pod will provide a downloadable archive.
source_url: 'https://github.com/diaspora/diaspora'
## Changelog URL
## URL to the changelog of the diaspora-version your pod is currently running.
## If not set an auto-generated url to github is used.
#changelog_url: "https://github.com/diaspora/diaspora/blob/master/Changelog.md"
## Default color theme
## You can change which color theme is displayed when a user is not signed in
## or has not selected any color theme from the available ones. You simply have
## to enter the name of the theme's folder in "app/assets/stylesheets/color_themes/".
## ("original" for the theme in "app/assets/stylesheets/color_themes/original/", for
## example).
#default_color_theme: "original"
## Default meta tags
## You can change here the default meta tags content included on the pages of your pod.
## Title will be used for the opengraph og:site_name property while description will be used
## for description and og:description.
default_metas:
#title: 'diaspora* social network'
#description: 'diaspora* is the online social world where you are in control.'
## CSP (Content Security Policy) header
## CSP allows limiting origins from where resources are allowed to be loaded. This
## improves security, since it helps to detect and mitigate cross-site scripting
## and data injection attacks. The default policy of diaspora* allows all third
## party domains from services that are included in diaspora*, like OEmbed
## scripts, so you can safely activate it by setting `report_only` to false. If
## you customized diaspora* (edited templates or added own JS), additional work
## may be required. You can test the policy with the `report_uri`. Our default CSP
## does not work with Google analytics or Piwik, because they inject JS code that
## is blocked by CSP.
csp:
## Report-Only header (default=false)
## By default diaspora* adds a "Content-Security-Policy" header. If you set
## this to true, the "Content-Security-Policy-Report-Only" header is added instead.
#report_only: true
## CSP report URI (default=)
## You can set an URI here, where the user agent reports violations as JSON document via a POST request.
#report_uri: "/csp_violation_reports"
## Posting from Diaspora to external services (all are disabled by default).
services: ## Section
## OAuth credentials for Twitter
twitter: ## Section
#enable: true
#key: 'abcdef'
#secret: 'change_me'
## OAuth credentials for Tumblr
tumblr: ## Section
#enable: true
#key: 'abcdef'
#secret: 'change_me'
## OAuth credentials for Wordpress
wordpress: ## Section
#enable: true
#client_id: 'abcdef'
#secret: 'change_me'
## Allow your pod to send emails for notifications, password recovery
## and other purposes (disabled by default).
mail: ## Section
## First you need to enable it.
enable: true
## Sender address used in mail sent by Diaspora.
sender_address: 'no-reply@__DOMAIN__'
## This selects which mailer should be used. Use 'smtp' for a smtp
## connection or 'sendmail' to use the sendmail binary.
method: 'smtp'
## Ignore if method isn't 'smtp'.
smtp: ## Section
## Host and port of the smtp server handling outgoing mail.
## This should match the common name of the certificate sent by
## the SMTP server, if it sends one. (default port=587)
# we use localhost because I don't know an easy way to determine the main domain of an ynh instance
# it forces us to disable certificate verification below though...
host: 'localhost'
port: 25
## Authentication required to send mail (default='plain').
## Use one of 'plain', 'login' or 'cram_md5'. Use 'none'
## if server does not support authentication.
authentication: 'plain'
## Credentials to log in to the SMTP server.
## May be necessary if authentication is not 'none'.
username: '__APP__'
password: '__MAIL_PWD__'
## Automatically enable TLS (default=true).
## Leave this commented out if authentication is set to 'none'.
#starttls_auto: true
## The domain for the HELO command, if needed.
domain: '__DOMAIN__'
## OpenSSL verify mode used when connecting to a SMTP server with TLS.
## Set this to 'none' if you have a self-signed certificate. Possible
## values: 'none', 'peer'.
# We use localhost because I don't
openssl_verify_mode: 'none'
## Ignore if method isn't 'sendmail'
# sendmail: ## Section
## The path to the sendmail binary (default='/usr/sbin/sendmail')
# location: '/usr/sbin/sendmail'
## Use exim and sendmail (default=false)
#exim_fix: false
## Administrator settings
admins: ## Section
## Set the admin account.
## This doesn't make the user an admin but is used when a generic
## admin contact is needed, much like the postmaster role in mail
## systems. Set only the username, NOT the full ID.
account: "__ADMIN__"
## E-mail address to contact the administrator.
podmin_email: '__ADMIN_MAIL__'
## Settings related to relays
relay: ## Section
## Relays are applications that exist to push public posts around to
## pods which want to subscribe to them but would not otherwise
## receive them due to not having direct contact with the remote pods.
##
## See more regarding relays: https://wiki.diasporafoundation.org/Relay_servers_for_public_posts
outbound: ## Section
## Enable this setting to send out public posts from this pod to a relay
send: true
## Change default remote relay url used for sending out here
#url: 'https://relay.iliketoast.net/receive/public'
inbound: ## Section
## Enable this to receive public posts from relays
subscribe: true
## Scope is either 'all' or 'tags' (default).
## - 'all', means this pod wants to receive all public posts from a relay
## - 'tags', means this pod wants only posts tagged with certain tags
#scope: tags
## If scope is 'tags', should we include tags that users on this pod follow?
## These are added in addition to 'pod_tags', if set.
include_user_tags: true
## If scope is 'tags', a comma separated list of tags here can be set.
## For example "linux,diaspora", to receive posts related to these tags
#pod_tags:
## Here you can override settings defined above if you need
## to have them different in different environments.
production: ## Section
environment: ## Section
#redis: 'redis://production.example.org:6379'
development: ## Section
environment: ## Section
#redis: 'redis://production.example.org:6379'

6
scripts/change_url
View file

@ -33,9 +33,9 @@ ynh_change_url_nginx_config
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
ynh_add_config --template="diaspora.yml" --destination="$install_dir/live/config/diaspora.yml"
chmod 400 "$install_dir/live/config/diaspora.yml"
chown "$app:$app" "$install_dir/live/config/diaspora.yml"
ynh_add_config --template="diaspora.toml" --destination="$install_dir/live/config/diaspora.toml"
chmod 400 "$install_dir/live/config/diaspora.toml"
chown "$app:$app" "$install_dir/live/config/diaspora.toml"
#=================================================
# START SYSTEMD SERVICE

6
scripts/install
View file

@ -42,9 +42,9 @@ chown -R "$app:www-data" "$install_dir"
#=================================================
ynh_script_progression --message="Adding $app's configuration file..." --weight=1
ynh_add_config --template="diaspora.yml" --destination="$install_dir/live/config/diaspora.yml"
chmod 400 "$install_dir/live/config/diaspora.yml"
chown "$app:$app" "$install_dir/live/config/diaspora.yml"
ynh_add_config --template="diaspora.toml" --destination="$install_dir/live/config/diaspora.toml"
chmod 400 "$install_dir/live/config/diaspora.toml"
chown "$app:$app" "$install_dir/live/config/diaspora.toml"
ynh_add_config --template="database.yml" --destination="$install_dir/live/config/database.yml"
chmod 400 "$install_dir/live/config/database.yml"

16
scripts/upgrade
View file

@ -53,6 +53,14 @@ if ! [ -d "$install_dir/live" ]; then
ynh_store_file_checksum --file="$install_dir/live/config/database.yml"
fi
if [ -f "$install_dir/live/config/diaspora.yml" ]; then
ynh_backup_if_checksum_is_different --file="$install_dir/live/config/diaspora.yml"
ynh_delete_file_checksum --file="$install_dir/live/config/diaspora.yml"
ynh_secure_remove --file="$install_dir/live/config/diaspora.yml"
ynh_print_warn "diaspora.yml is being migrated to diapora.toml. Please handle changes if you manually edited this file."
fi
ynh_secure_remove "$install_dir/Experimental_helpers"
if [[ -z "${admin:-}" ]]; then
@ -77,7 +85,7 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
ynh_script_progression --message="Upgrading source files..." --weight=1
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$install_dir/live" --full_replace=1 --keep="config/diaspora.yml config/database.yml"
ynh_setup_source --dest_dir="$install_dir/live" --full_replace=1 --keep="config/diaspora.toml config/database.yml"
# create upload folder and link it
mkdir -p "$install_dir/uploads"
@ -91,9 +99,9 @@ chown -R "$app:www-data" "$install_dir"
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
ynh_add_config --template="diaspora.yml" --destination="$install_dir/live/config/diaspora.yml"
chmod 400 "$install_dir/live/config/diaspora.yml"
chown "$app:$app" "$install_dir/live/config/diaspora.yml"
ynh_add_config --template="diaspora.toml" --destination="$install_dir/live/config/diaspora.toml"
chmod 400 "$install_dir/live/config/diaspora.toml"
chown "$app:$app" "$install_dir/live/config/diaspora.toml"
ynh_add_config --template="database.yml" --destination="$install_dir/live/config/database.yml"
chmod 400 "$install_dir/live/config/database.yml"