## Some notes about this file: ## - All comments start with a double # ## - All settings are commented out with a single # ## To change the default settings, you need both to uncomment the lines ## AND, in most cases, to change the value that is given. ## - Take care to keep proper indentation, that is by simply deleting ## the original #, with no additional space before the setting's name. ## - Take care to keep proper quoting. All ' must have a matching ' at ## the end of the same line. The same goes for " ## - Lines containing "## Section" are section headings. Do not edit them! ## - Lists need the space after the - ## - The values true, false and numbers should have no quote marks. ## Single words don't need quote marks, but it doesn't do any harm to have them. ## ## You can set and/or override all these settings through environment variables ## with the following conversion rules: ## - Strip the top level namespace (configuration, production, etc.) ## - Build the path to the setting, for example environment.s3.enable ## - Replace the dots with underscores: environment_s3_enable ## - Convert to upper case: ENVIRONMENT_S3_ENABLE ## - Specify lists/arrays as comma-separated values ## ## - For example, on Heroku: ## heroku config:set SERVICES_TWITTER_KEY=yourkey SERVICES_TWITTER_SECRET=yoursecret configuration: ## Section ## You need to change or at least review the settings in this section ## in order for your pod to work. environment: ## Section ## Set the hostname of the machine you're running Diaspora on, as seen ## from the internet. This should be the URL you want to use to ## access the pod. So if you plan to use a reverse proxy, it should be ## the URL the proxy listens on. DO NOT CHANGE THIS AFTER INITIAL SETUP! ## However changing http to https is okay and has no consequences. ## If you do change the URL, you will have to start again as the URL ## will be hardcoded into the database. url: "https://{{ domain }}{{ path_url }}" ## Set the bundle of certificate authorities (CA) certificates. ## This is specific to your operating system. ## Examples (uncomment the relevant one or add your own): ## For Debian, Ubuntu, Archlinux, Gentoo (package ca-certificates): certificate_authorities: '/etc/ssl/certs/ca-certificates.crt' ## For CentOS, Fedora: #certificate_authorities: '/etc/pki/tls/certs/ca-bundle.crt' ## URL for a remote Redis (default=localhost). ## Don't forget to restrict IP access if you uncomment these! #redis: 'redis://example_host' #redis: 'redis://username:password@host:6379/0' #redis: 'unix:///tmp/redis.sock' ## Require SSL (default=true). ## When set, your pod will force the use of HTTPS in production mode. ## Since OAuth2 requires SSL, Diaspora's future API might not work if ## you're not using SSL. Also there is no guarantee that posting to ## services will be possible if SSL is disabled. ## Do not change this default unless you are sure! #require_ssl: true ## Single-process mode (default=false). ## If set to true, Diaspora will work with just the appserver (Unicorn by ## default) running. However, this makes it quite slow as intensive jobs ## must be run all the time inside the request cycle. We strongly ## recommended you leave this disabled for production setups. ## Set to true to enable. #single_process_mode: false ## Sidekiq - background processing sidekiq: ## Section ## Number of parallel threads Sidekiq uses (default=5). ## If you touch this, please set the pool setting in your database.yml ## to a value that's at minimum close to this! You can safely increase ## it to 25 and more on a medium-sized pod. This applies per started ## Sidekiq worker, so if you set it to 25 and start two workers, you'll ## process up to 50 jobs in parallel. #concurrency: 5 ## Number of times a job is retried (default=10). ## There's an exponential effect to this: if you set this too high you ## might get too many jobs building up in the queue. ## Set it to 0 to disable it completely. #retry: 10 ## Lines of backtrace that are stored on failure (default=15). ## Set n to the required value. Set this to false to reduce Redis memory ## usage (and log size) if you're not interested in this data. #backtrace: 15 ## Number of jobs to keep in the dead queue (default=5000). ## Jobs get into the dead queue after they failed and exhausted all retries. ## Increasing this setting will increase the memory usage of Redis. ## Once gone from the dead queue, a failed job is permanently lost and ## cannot be retried manually. # dead_jobs_limit: 1000 ## Number of seconds a job remains in the dead queue (default=3628800 (six weeks)). ## Jobs get into the dead queue after they failed and exhausted all retries. ## Increasing this setting will increase the memory usage of Redis. ## Once gone from the dead queue, a failed job is permanently lost and ## cannot be retried manually. # dead_jobs_timeout: 15552000 # 6 months ## Log file for Sidekiq (default="log/sidekiq.log") #log: "log/sidekiq.log" ## Use Amazon S3 instead of your local filesystem ## to handle uploaded pictures (disabled by default). s3: ## Section #enable: true #key: 'change_me' #secret: 'change_me' #bucket: 'my_photos' #region: 'us-east-1' ## Use max-age header on Amazon S3 resources (default=true). ## When true, this allows locally cached images to be served for up to ## one year. This can improve load speed and save requests to the image ## host. Set to false to revert to browser defaults (usually less than ## one year). #cache : true ## Set redirect URL for an external image host (Amazon S3 or other). ## If hosting images for your pod on an external server (even your own), ## add its URL here. All requests made to images under /uploads/images ## will be redirected to https://yourhost.tld/uploads/images/ #image_redirect_url: 'https://images.example.org' assets: ## Section ## Serve static assets via the appserver (default=false). ## This is highly discouraged for production use. Let your reverse ## proxy/webserver do it by serving the files under public/ directly. #serve: false ## Upload your assets to S3 (default=false). #upload: false ## Specify an asset host. Ensure it does not have a trailing slash (/). #host: http://cdn.example.org/diaspora ## Pubsub server (default='https://pubsubhubbub.appspot.com/'). ## Diaspora is only tested against the default pubsub server. ## You probably don't want to uncomment or change this. #pubsub_server: 'https://pubsubhubbub.appspot.com/' ## Logger configuration logging: ## Section logrotate: ## Section ## Roll the application log on a daily basis (default=true). #enable: true ## The number of days to keep (default=7) #days: 7 ## Debug logging debug: ## Section ## Enables the debug-logging for SQL (default=false) ## This logs every SQL-statement! #sql: true ## Enables the federation-debug-log (default=false) ## This logs all XMLs that are used for the federation #federation: true ## Settings affecting how ./script/server behaves. server: ## Section ## Where the appserver should listen to (default=unix:tmp/diaspora.sock) #listen: 'unix:tmp/diaspora.sock' #listen: 'unix:/run/diaspora/diaspora.sock' #listen: '127.0.0.1:3000' listen: unix:/run/{{ app }}/diaspora.sock ## Set the path for the PID file of the unicorn master process (default=tmp/pids/web.pid) pid: '/run/{{ app }}/diaspora.pid' ## Rails environment (default='development'). ## The environment in which the server should be started by default. ## Change this to 'production' if you wish to run a production environment. rails_environment: 'production' # TODO check ## Write unicorn stderr and stdout log. stderr_log: 'log/unicorn-stderr.log' stdout_log: 'log/unicorn-stdout.log' ## Number of Unicorn worker processes (default=2). ## Increase this if you have many users. #unicorn_worker: 2 ## Number of seconds before a request is aborted (default=90). ## Increase if you get empty responses, or if large image uploads fail. ## Decrease if you're under heavy load and don't care if some ## requests fail. #unicorn_timeout: 90 ## Embed a Sidekiq worker inside the unicorn process (default=false). ## Useful for minimal Heroku setups. #embed_sidekiq_worker: false ## Number of Sidekiq worker processes (default=1). ## In most cases it is better to ## increase environment.sidekiq.concurrency instead! #sidekiq_workers: 1 ## Displays the location of a post in a map. Per default we are using the map ## tiles of the Heidelberg University (http://giscience.uni-hd.de). ## You also have the possibility to use the map tiles of https://www.mapbox.com ## which is probably more reliable. There you have to create an account to get ## an access token which is limited. If you want to get an unlimited account ## you can write an email to team@diasporafoundation.org. ## Please enable mapbox and fill out your access_token. map: ##Section mapbox: #enabled: false #access_token: "youraccesstoken" #style: "mapbox/streets-v9" ## Settings potentially affecting the privacy of your users. privacy: ## Section ## Include jQuery from jquery.com's CDN (default=false). ## Enabling this can reduce traffic and speed up load time since most ## clients already have this one cached. When set to false (the default), ## the jQuery library will be loaded from your pod's own resources. #jquery_cdn: false ## Google Analytics (disabled by default). ## Provide a key to enable tracking by Google Analytics. #google_analytics_key: ## Piwik Tracking (disabled by default). ## Provide a site ID and the host piwik is running on to enable ## tracking through Piwik. # TODO ? Check implications... piwik: ## Section #enable: true #host: 'stats.example.org' #site_id: 1 ## Statistics ## Your pod will report its name, software version and whether ## or not registrations are open via /statistics and NodeInfo. ## Uncomment the options below to enable more statistics. statistics: ## Section ## Local user total and 6 month active counts. #user_counts: true ## Local post total count. #post_counts: true #comment_counts: true ## Use Camo to proxy embedded remote images. ## Do not enable this setting unless you have a working Camo setup. Using ## camo to proxy embedded images will improve the privacy and security of ## your pod's frontend, but it will increase the traffic on your server. ## Check out https://wiki.diasporafoundation.org/Installation/Camo for ## more details and installation instructions. camo: ## Section ## Proxy images embedded via markdown (default=false). ## Embedded images are quite often from non-SSL sites and may cause a ## partial content warning, so this is recommended. #proxy_markdown_images: true ## Proxy Open Graph thumbnails (default=false). ## Open Graph thumbnails may or may not be encrypted and loaded from ## servers outside the network. Recommended. #proxy_opengraph_thumbnails: true ## Proxy remote pod's images (default=false). ## Profile pictures and photos from other pods usually are encrypted, ## so enabling this is only useful if you want to avoid HTTP requests to ## third-party servers. This will create a lot of traffic on your camo ## instance. You have been warned. #proxy_remote_pod_images: true ## Root of your Camo installation #root: "https://example.com/camo/" ## Shared key of your Camo installation #key: "example123example456example!" ## General settings settings: ## Section ## Pod name (default="diaspora*") ## The pod name displayed in various locations, including the header. #pod_name: "diaspora*" ## Allow registrations (default=true) ## Set this to false to prevent people from signing up to your pod ## without an invitation. Note that this needs to be set to true ## (or commented out) to enable the first registration (you). # TODO ynh settings? #enable_registrations: true ## Auto-follow on sign-up (default=true) ## Users will automatically follow a specified account on creation. ## Set this to false if you don't want your users to automatically ## follow an account upon creation. #autofollow_on_join: true ## Auto-follow account (default='hq@pod.diaspora.software') ## The diaspora* HQ account keeps users up to date with news about Diaspora. ## If you set another auto-follow account (for example your podmin account), ## please consider resharing diaspora* HQ's posts for your pod's users! #autofollow_on_join_user: 'hq@pod.diaspora.software' ## Welcome Message settings welcome_message: ##Section ## Welcome Message on registration (default=false) ## Send a message to new users after registration ## to tell them about your pod and how things ## are handled on it. #enabled: false ## Welcome Message subject (default='Welcome Message') ## The subject of the conversation that is started ## by your welcome message. #subject: "Welcome Message" ## Welcome Message text (default='Hello %{username}, welcome to diaspora.') ## The content of your welcome message. ## The placeholder "%{username}" will be replaced by the username ## of the new user. #text: "Hello %{username}, welcome to diaspora." ## Invitation settings invitations: ## Section ## Enable invitations (default=true) ## Set this to false if you don't want users to be able to send invites. #open: true ## Number of invitations per invite link (default=25) ## Every user will see such a link if you have enabled ## invitations on your pod. #count: 25 ## Paypal donations (disabled by default) ## You can set details for a Paypal button here to allow donations ## towards running the pod. ## First, enable the function, then set the currency in which you ## wish to receive donations, and **either** a hosted button id ## **or** an encrypted key for an unhosted button. paypal_donations: ## Section #enable: false ## Currency used (USD, EUR...) #currency: USD ## hosted Paypal button id #paypal_hosted_button_id: "change_me" ## OR encrypted key of unhosted button #paypal_unhosted_button_encrypted: "-----BEGIN PKCS7-----" ## Liberapay.com is a free platform which allow donations like patreon ## Set your username to include your liberapay button # liberapay_username: "change_me" ## Bitcoin donations ## You can provide a bitcoin address here to allow your users to provide ## donations towards the running of their pod. #bitcoin_address: "change_me" ## Community spotlight (disabled by default) ## The community spotlight shows new users public posts from people you ## think are interesting in Diaspora's community. To add an account ## to the community spotlight add the 'spotlight' role to it. community_spotlight: ## Section #enable: true ## E-mail address to which users can make suggestions about who ## should be in the community spotlight (optional). #suggest_email: 'admin@example.org' ## CURL debug (default=false) ## Turn on extra verbose output when sending stuff. Note: you ## don't need to touch this unless explicitly told to. #typhoeus_verbose: false ## Maximum number of parallel HTTP requests made to other pods (default=20) ## Be careful, raising this setting will heavily increase the memory usage ## of your Sidekiq workers. #typhoeus_concurrency: 20 ## Maximum number of parallel user data export jobs (default=1) ## Be careful, exports of big/old profiles can use a lot of memory, running ## many of them in parallel can be a problem for small servers. #export_concurrency: 1 ## Captcha settings captcha: ## Section ## Enable captcha (default=true) ## Set this to false if you don't want to use captcha for signup process. #enable: true ## Captcha image size (default='120x20') #image_size: '120x20' ## Length of captcha text (default=5)(max=12) #captcha_length: 5 ## Captcha image style (default='simply_green') ## Available options for captcha image styles are: 'simply_blue', ## 'simply_red' 'simply_green', 'charcoal_grey', 'embossed_silver', ## 'all_black', 'distorted_black', 'almost_invisible', 'random'. #image_style: 'simply_green' ## Captcha image distortion (default='low') ## Sets the level of image distortion used in the captcha. ## Available options are: 'low', 'medium', 'high', 'random'. #distortion: 'low' ## Terms of Service ## Show a default or customized terms of service for users. ## You can create a custom Terms of Service by placing a template ## as app/views/terms/terms.haml or app/views/terms/terms.erb ## The default terms of service that can be extended is ## at app/views/terms/default.haml ## NOTE! The default terms have not been checked over by a lawyer and ## thus are unlikely to provide full legal protection for all situations ## for a podmin using them. They are also not specific to all countries ## and jurisdictions. If you are unsure, please check with a lawyer. ## We provide these for podmins as some basic rules that podmins ## can communicate to users easily via the diaspora* server software. ## Uncomment to enable this feature. terms: ## Section ## First enable it by uncommenting below. #enable: true ## Important! If you enable the terms, you should always ## set a location under which laws any disputes are governed ## under. For example, country or state/country, depending ## on the country in question. ## If this is not set, the whole paragraph about governing ## laws *is not shown* in the terms page. #jurisdiction: "" ## Age limit for signups. ## Set a number to activate this setting. This age limit is shown ## in the default ToS document. #minimum_age: false ## Maintenance ## Various pod maintenance related settings are controlled from here. maintenance: ## Section ## Removing old inactive users can be done automatically by background ## processing. The amount of inactivity is set by `after_days`. A warning ## email will be sent to the user and after an additional `warn_days`, the ## account will be automatically closed. ## This maintenance is not enabled by default. remove_old_users: ## Section #enable: true #after_days: 730 #warn_days: 30 ## Limit queuing for removal per day. #limit_removals_to_per_day: 100 ## Source code URL ## URL to the source code your pod is currently running. ## If not set your pod will provide a downloadable archive. source_url: 'https://github.com/diaspora/diaspora' ## Changelog URL ## URL to the changelog of the diaspora-version your pod is currently running. ## If not set an auto-generated url to github is used. #changelog_url: "https://github.com/diaspora/diaspora/blob/master/Changelog.md" ## Default color theme ## You can change which color theme is displayed when a user is not signed in ## or has not selected any color theme from the available ones. You simply have ## to enter the name of the theme's folder in "app/assets/stylesheets/color_themes/". ## ("original" for the theme in "app/assets/stylesheets/color_themes/original/", for ## example). #default_color_theme: "original" ## Default meta tags ## You can change here the default meta tags content included on the pages of your pod. ## Title will be used for the opengraph og:site_name property while description will be used ## for description and og:description. default_metas: #title: 'diaspora* social network' #description: 'diaspora* is the online social world where you are in control.' ## CSP (Content Security Policy) header ## CSP allows limiting origins from where resources are allowed to be loaded. This ## improves security, since it helps to detect and mitigate cross-site scripting ## and data injection attacks. The default policy of diaspora* allows all third ## party domains from services that are included in diaspora*, like OEmbed ## scripts, so you can safely activate it by setting `report_only` to false. If ## you customized diaspora* (edited templates or added own JS), additional work ## may be required. You can test the policy with the `report_uri`. Our default CSP ## does not work with Google analytics or Piwik, because they inject JS code that ## is blocked by CSP. csp: ## Report-Only header (default=false) ## By default diaspora* adds a "Content-Security-Policy" header. If you set ## this to true, the "Content-Security-Policy-Report-Only" header is added instead. #report_only: true ## CSP report URI (default=) ## You can set an URI here, where the user agent reports violations as JSON document via a POST request. #report_uri: "/csp_violation_reports" ## Posting from Diaspora to external services (all are disabled by default). services: ## Section ## OAuth credentials for Twitter twitter: ## Section #enable: true #key: 'abcdef' #secret: 'change_me' ## OAuth credentials for Tumblr tumblr: ## Section #enable: true #key: 'abcdef' #secret: 'change_me' ## OAuth credentials for Wordpress wordpress: ## Section #enable: true #client_id: 'abcdef' #secret: 'change_me' ## Allow your pod to send emails for notifications, password recovery ## and other purposes (disabled by default). mail: ## Section ## First you need to enable it. enable: true ## Sender address used in mail sent by Diaspora. sender_address: 'no-reply@{{ domain }}' ## This selects which mailer should be used. Use 'smtp' for a smtp ## connection or 'sendmail' to use the sendmail binary. method: 'sendmail' ## Ignore if method isn't 'smtp'. smtp: ## Section ## Host and port of the smtp server handling outgoing mail. ## This should match the common name of the certificate sent by ## the SMTP server, if it sends one. (default port=587) #host: 'smtp.example.org' #port: 587 ## Authentication required to send mail (default='plain'). ## Use one of 'plain', 'login' or 'cram_md5'. Use 'none' ## if server does not support authentication. #authentication: 'plain' ## Credentials to log in to the SMTP server. ## May be necessary if authentication is not 'none'. #username: 'change_me' #password: 'change_me' ## Automatically enable TLS (default=true). ## Leave this commented out if authentication is set to 'none'. #starttls_auto: true ## The domain for the HELO command, if needed. #domain: 'smtp.example.org' ## OpenSSL verify mode used when connecting to a SMTP server with TLS. ## Set this to 'none' if you have a self-signed certificate. Possible ## values: 'none', 'peer'. #openssl_verify_mode: 'none' ## Ignore if method isn't 'sendmail' sendmail: ## Section ## The path to the sendmail binary (default='/usr/sbin/sendmail') location: '/usr/sbin/sendmail' ## Use exim and sendmail (default=false) #exim_fix: false ## Administrator settings admins: ## Section ## Set the admin account. ## This doesn't make the user an admin but is used when a generic ## admin contact is needed, much like the postmaster role in mail ## systems. Set only the username, NOT the full ID. account: "{{ admin }}" ## E-mail address to contact the administrator. podmin_email: '{{ admin_email }}' ## Settings related to relays relay: ## Section ## Relays are applications that exist to push public posts around to ## pods which want to subscribe to them but would not otherwise ## receive them due to not having direct contact with the remote pods. ## ## See more regarding relays: https://wiki.diasporafoundation.org/Relay_servers_for_public_posts outbound: ## Section ## Enable this setting to send out public posts from this pod to a relay #send: false ## Change default remote relay url used for sending out here #url: 'https://relay.iliketoast.net/receive/public' inbound: ## Section ## Enable this to receive public posts from relays #subscribe: false ## Scope is either 'all' or 'tags' (default). ## - 'all', means this pod wants to receive all public posts from a relay ## - 'tags', means this pod wants only posts tagged with certain tags #scope: tags ## If scope is 'tags', should we include tags that users on this pod follow? ## These are added in addition to 'pod_tags', if set. #include_user_tags: false ## If scope is 'tags', a comma separated list of tags here can be set. ## For example "linux,diaspora", to receive posts related to these tags #pod_tags: ## Here you can override settings defined above if you need ## to have them different in different environments. production: ## Section environment: ## Section #redis: 'redis://production.example.org:6379' development: ## Section environment: ## Section #redis: 'redis://production.example.org:6379'