server/config/config.example.toml

[database]
# Main PostgreSQL database connection
host = "localhost"
port = 5432
username = "lysand"
password = "mycoolpassword"
database = "lysand"

[redis.queue]
# Redis instance for storing the federation queue
# Required for federation
host = "localhost"
port = 6379
password = ""
database = 0
enabled = true

[redis.cache]
# Redis instance to be used as a timeline cache
# Optional, can be the same as the queue instance
host = "localhost"
port = 40004
password = ""
database = 1
enabled = false

[meilisearch]
# If Meilisearch is not configured, search will not be enabled
host = "localhost"
port = 40007
api_key = ""
enabled = true

[signups]
# URL of your Terms of Service
tos_url = "https://social.lysand.org/tos"
# Whether to enable registrations or not
registration = true
rules = [
    "Do not harass others",
    "Be nice to people",
    "Don't spam",
    "Don't post illegal content",
]

[oidc]
# Run Lysand with this value missing to generate a new key
jwt_key = ""

# If enabled, Lysand will require users to log in with an OAuth provider
# Note that registering with an OAuth provider is not supported yet, so
# this will lock out users who are not already registered or who do not have
# an OAuth account linked
forced = false

# Delete this section if you don't want to use custom OAuth providers
# This is an example configuration
# The provider MUST support OpenID Connect with .well-known discovery
# Most notably, GitHub does not support this
# Redirect URLs in your OAuth provider can be set to this:
# <base_url>/oauth/sso/<provider_id>/callback*
# The asterisk is important, as it allows for any query parameters to be passed
# Authentik for example uses regex so it can be set to (regex):
# <base_url>/oauth/sso/<provider_id>/callback.*
[[oidc.providers]]
# name = "CPlusPatch ID"
# id = "cpluspatch-id"
# url = "https://id.cpluspatch.com/application/o/lysand-testing/"
# client_id = "XXXX"
# client_secret = "XXXXX"
# icon = "https://cpluspatch.com/images/icons/logo.svg"

[http]
# The full URL Lysand will be reachable by (paths are not supported)
base_url = "https://lysand.localhost:9900"
# Address to bind to (0.0.0.0 is suggested for proxies)
bind = "lysand.localhost"
bind_port = 9900

# Bans IPv4 or IPv6 IPs (wildcards, networks and ranges are supported)
banned_ips = []
# Banned user agents, regex format
banned_user_agents = [
    # "curl\/7.68.0",
    # "wget\/1.20.3",
]

[http.tls]
# If these values are set, Lysand will use these files for TLS
enabled = false
key = ""
cert = ""
passphrase = ""
ca = ""

[http.bait]
# Enable the bait feature (sends fake data to those who are flagged)
enabled = false
# Path to file of bait data (if not provided, Lysand will send the entire Bee Movie script)
send_file = ""
# IPs to send bait data to (wildcards, networks and ranges are supported)
bait_ips = ["127.0.0.1", "::1"]
# User agents to send bait data to (regex format)
bait_user_agents = ["curl", "wget"]

[frontend]
# Enable custom frontends (warning: not enabling this or Glitch will make Lysand only accessible via the Mastodon API)
# Frontends also control the OAuth flow, so if you disable this, you will need to use the Mastodon frontend
enabled = true
# The URL to reach the frontend at (should be on a local network)
url = "http://localhost:3000"

[frontend.routes]
# Special routes for your frontend, below are the defaults for Lysand-FE
# Can be set to a route already used by Lysand, as long as it is on a different HTTP method
# e.g. /oauth/authorize is a POST-only route, so you can serve a GET route at /oauth/authorize
# home = "/"
# login = "/oauth/authorize"
# consent = "/oauth/consent"
# register = "/register"
# password_reset = "/oauth/reset"

[frontend.settings]
# Arbitrary key/value pairs to be passed to the frontend
# This can be used to set up custom themes, etc on supported frontends.
# theme = "dark"

[frontend.glitch]
# Enable the Glitch frontend integration
enabled = false
# Glitch assets folder
assets = "glitch"
# Server the assets were ripped from (and any eventual CDNs)
server = ["https://tech.lgbt"]

[smtp]
# SMTP server to use for sending emails
server = "smtp.example.com"
port = 465
username = "test@example.com"
password = "password123"
tls = true
# Disable all email functions (this will allow people to sign up without verifying
# their email)
enabled = false

[media]
# Can be "s3" or "local", where "local" uploads the file to the local filesystem
# If you need to change this value after setting up your instance, you must move all the files
# from one backend to the other manually (the CLI will have an option to do this later)
# TODO: Add CLI command to move files
backend = "s3"
# Whether to check the hash of media when uploading to avoid duplication
deduplicate_media = true
# If media backend is "local", this is the folder where the files will be stored
# Can be any path
local_uploads_folder = "uploads"

[media.conversion]
# Whether to automatically convert images to another format on upload
convert_images = true
# Can be: "image/jxl", "image/webp", "image/avif", "image/png", "image/jpeg", "image/heif", "image/gif"
# JXL support will likely not work
convert_to = "image/webp"

# [s3]
# Can be left blank if you don't use the S3 media backend
# endpoint = ""
# access_key = "XXXXX"
# secret_access_key = "XXX"
# region = ""
# bucket_name = "lysand"
# public_url = "https://cdn.example.com"

[validation]
# Checks user data
# Does not retroactively apply to previously entered data
max_displayname_size = 50
max_bio_size = 160
max_note_size = 5000
max_avatar_size = 5_000_000
max_header_size = 5_000_000
max_media_size = 40_000_000
max_media_attachments = 10
max_media_description_size = 1000
max_poll_options = 20
max_poll_option_size = 500
min_poll_duration = 60
max_poll_duration = 1893456000
max_username_size = 30
max_field_count = 10
max_field_name_size = 1000
max_field_value_size = 1000
# Forbidden usernames, defaults are from Akkoma
username_blacklist = [
    ".well-known",
    "~",
    "about",
    "activities",
    "api",
    "auth",
    "dev",
    "inbox",
    "internal",
    "main",
    "media",
    "nodeinfo",
    "notice",
    "oauth",
    "objects",
    "proxy",
    "push",
    "registration",
    "relay",
    "settings",
    "status",
    "tag",
    "users",
    "web",
    "search",
    "mfa",
]
# Whether to blacklist known temporary email providers
blacklist_tempmail = false
# Additional email providers to blacklist (list of domains)
email_blacklist = []
# Valid URL schemes, otherwise the URL is parsed as text
url_scheme_whitelist = [
    "http",
    "https",
    "ftp",
    "dat",
    "dweb",
    "gopher",
    "hyper",
    "ipfs",
    "ipns",
    "irc",
    "xmpp",
    "ircs",
    "magnet",
    "mailto",
    "mumble",
    "ssb",
    "gemini",
]
# Only allow those MIME types of data to be uploaded
# This can easily be spoofed, but if it is spoofed it will appear broken
# to normal clients until despoofed
enforce_mime_types = false
# Defaults to all valid MIME types
# allowed_mime_types = []

[defaults]
# Default visibility for new notes
# Can be public, unlisted, private or direct
# Private only sends to followers, unlisted doesn't show up in timelines
visibility = "public"
# Default language for new notes (ISO code)
language = "en"
# Default avatar, must be a valid URL or left out for a placeholder avatar
# avatar = ""
# Default header, must be a valid URL or left out for none
# header = ""
# A style name from https://www.dicebear.com/styles
placeholder_style = "thumbs"

[federation]
# This is a list of domain names, such as "mastodon.social" or "pleroma.site"
# These changes will not retroactively apply to existing data before they were changed
# For that, please use the CLI

# These instances will not be federated with
blocked = []
# These instances' data will only be shown to followers, not in public timelines
followers_only = []

[federation.discard]
# These objects will be discarded when received from these instances
reports = []
deletes = []
updates = []
media = []
follows = []
# If instance reactions are blocked, likes will also be discarded
likes = []
reactions = []
banners = []
avatars = []

# For bridge software, such as lysand-org/activitypub
# Bridges must be hosted separately from the main Lysand process
[federation.bridge]
enabled = false
# Only lysand-ap exists for now
software = "lysand-ap"
# If this is empty, any bridge with the correct token
# will be able to send data to your instance
allowed_ips = ["192.168.1.0/24"]
# Token for the bridge software
# Bridge must have the same token!
token = "mycooltoken"

[instance]
name = "Lysand"
description = "A Lysand instance"
# Path to a file containing a longer description of your instance
# This will be parsed as Markdown
# extended_description_path = "config/description.md"
# URL to your instance logo
# logo = ""
# URL to your instance banner
# banner = ""


[filters]
# Regex filters for federated and local data
# Drops data matching the filters
# Does not apply retroactively to existing data

# Note contents
note_content = [
    # "(https?://)?(www\\.)?youtube\\.com/watch\\?v=[a-zA-Z0-9_-]+",
    # "(https?://)?(www\\.)?youtu\\.be/[a-zA-Z0-9_-]+",
]
emoji = []
# These will drop users matching the filters
username = []
displayname = []
bio = []

[logging]
# Log all requests (warning: this is a lot of data)
log_requests = false
# Log request and their contents (warning: this is a lot of data)
log_requests_verbose = false
# Available levels: debug, info, warning, error, critical
log_level = "debug"
# For GDPR compliance, you can disable logging of IPs
log_ip = false

# Log all filtered objects
log_filters = true

[logging.storage]
# Path to logfile for requests
requests = "logs/requests.log"

[ratelimits]
# These settings apply to every route at once
# Amount to multiply every route's duration by
duration_coeff = 1.0
# Amount to multiply every route's max requests per [duration] by
max_coeff = 1.0

[custom_ratelimits]
# Add in any API route in this style here
# Applies before the global ratelimit changes
# "/api/v1/accounts/:id/block" = { duration = 30, max = 60 }
# "/api/v1/timelines/public" = { duration = 60, max = 200 }