server/config/config.example.toml

# Lysand Config
# All of these values can be changed via the CLI (they will be saved in a file named config.internal.toml
# in the same directory as this one)
# Changing this file does not require a restart, but might take a few seconds to apply
# This file will be merged with the CLI configuration, taking precedence over it

[database]
# Main PostgreSQL database connection
host = "localhost"
port = 5432
username = "lysand"
password = "lysand"
database = "lysand"

[redis.queue]
# Redis instance for storing the federation queue
# Required for federation
host = "localhost"
port = 6379
password = ""
database = 0

[redis.cache]
# Redis instance to be used as a timeline cache
# Optional, can be the same as the queue instance
host = "localhost"
port = 6379
password = ""
database = 1
enabled = false

[meilisearch]
# If Meilisearch is not configured, search will not be enabled
host = "localhost"
port = 7700
api_key = "______________________________"
enabled = false

[signups]
# URL of your Terms of Service
tos_url = "https://my-site.com/tos"
# Whether to enable registrations or not
registration = true
rules = [
    "Do not harass others",
    "Be nice to people",
    "Don't spam",
    "Don't post illegal content",
]

# Delete this section if you don't want to use custom OAuth providers
# This is an example configuration
# The provider MUST support OpenID Connect with .well-known discovery
# Most notably, GitHub does not support this
[[oidc.providers]]
# Test with custom Authentik instance
name = "CPlusPatch ID"
id = "cpluspatch-id"
url = "https://id.cpluspatch.com/application/o/lysand-testing/"
client_id = "______________________________"
client_secret = "__________________________________"
icon = "https://cpluspatch.com/images/icons/logo.svg"

[http]
# The full URL Lysand will be reachable by (paths are not supported)
base_url = "https://lysand.social"
# Address to bind to
bind = "0.0.0.0"
bind_port = "8080"

# Bans IPv4 or IPv6 IPs (wildcards, networks and ranges are supported)
banned_ips = []
# Banned user agents, regex format
banned_user_agents = [
    # "curl\/7.68.0",
    # "wget\/1.20.3",
]

[http.bait]
# Enable the bait feature (sends fake data to those who are flagged)
enabled = false
# Path to file of bait data (if not provided, Lysand will send the entire Bee Movie script)
send_file = ""
# IPs to send bait data to (wildcards, networks and ranges are supported)
bait_ips = ["127.0.0.1", "::1"]
# User agents to send bait data to (regex format)
bait_user_agents = ["curl", "wget"]

[smtp]
# SMTP server to use for sending emails
server = "smtp.example.com"
port = 465
username = "test@example.com"
password = "____________"
tls = true
# Disable all email functions (this will allow people to sign up without verifying
# their email)
enabled = false

[media]
# Can be "s3" or "local", where "local" uploads the file to the local filesystem
# If you need to change this value after setting up your instance, you must move all the files
# from one backend to the other manually (the CLI will have an option to do this later)
# TODO: Add CLI command to move files
backend = "local"
# Whether to check the hash of media when uploading to avoid duplication
deduplicate_media = true
# If media backend is "local", this is the folder where the files will be stored
# Can be any path
local_uploads_folder = "uploads"

[media.conversion]
# Whether to automatically convert images to another format on upload
convert_images = false
# Can be: "jxl", "webp", "avif", "png", "jpg", "heif"
# JXL support will likely not work
convert_to = "webp"

[s3]
# Can be left blank if you don't use the S3 media backend
endpoint = "myhostname.banana.com"
access_key = "_____________"
secret_access_key = "_________________"
region = ""
bucket_name = "lysand"
public_url = "https://cdn.test.com"

[email]
# Sends an email to moderators when a report is received
send_on_report = false
# Sends an email to moderators when a user is suspended
send_on_suspend = false
# Sends an email to moderators when a user is unsuspended
send_on_unsuspend = false
# Verify user emails when signing up (except via OIDC)
verify_email = false

[validation]
# Checks user data
# Does not retroactively apply to previously entered data
max_displayname_size = 50
max_bio_size = 160
max_note_size = 5000
max_avatar_size = 5_000_000
max_header_size = 5_000_000
max_media_size = 40_000_000
max_media_attachments = 10
max_media_description_size = 1000
max_poll_options = 20
max_poll_option_size = 500
min_poll_duration = 60
max_poll_duration = 1893456000
max_username_size = 30
max_field_count = 10
max_field_name_size = 1000
max_field_value_size = 1000
# Forbidden usernames, defaults are from Akkoma
username_blacklist = [
    ".well-known",
    "~",
    "about",
    "activities",
    "api",
    "auth",
    "dev",
    "inbox",
    "internal",
    "main",
    "media",
    "nodeinfo",
    "notice",
    "oauth",
    "objects",
    "proxy",
    "push",
    "registration",
    "relay",
    "settings",
    "status",
    "tag",
    "users",
    "web",
    "search",
    "mfa",
]
# Whether to blacklist known temporary email providers
blacklist_tempmail = false
# Additional email providers to blacklist (list of domains)
email_blacklist = []
# Valid URL schemes, otherwise the URL is parsed as text
url_scheme_whitelist = [
    "http",
    "https",
    "ftp",
    "dat",
    "dweb",
    "gopher",
    "hyper",
    "ipfs",
    "ipns",
    "irc",
    "xmpp",
    "ircs",
    "magnet",
    "mailto",
    "mumble",
    "ssb",
    "gemini",
]
# Only allow those MIME types of data to be uploaded
# This can easily be spoofed, but if it is spoofed it will appear broken
# to normal clients until despoofed
enforce_mime_types = false
allowed_mime_types = [
    "image/jpeg",
    "image/png",
    "image/gif",
    "image/heic",
    "image/heif",
    "image/webp",
    "image/avif",
    "video/webm",
    "video/mp4",
    "video/quicktime",
    "video/ogg",
    "audio/wave",
    "audio/wav",
    "audio/x-wav",
    "audio/x-pn-wave",
    "audio/vnd.wave",
    "audio/ogg",
    "audio/vorbis",
    "audio/mpeg",
    "audio/mp3",
    "audio/webm",
    "audio/flac",
    "audio/aac",
    "audio/m4a",
    "audio/x-m4a",
    "audio/mp4",
    "audio/3gpp",
    "video/x-ms-asf",
]

[defaults]
# Default visibility for new notes
# Can be public, unlisted, private or direct
# Private only sends to followers, unlisted doesn't show up in timelines
visibility = "public"
# Default language for new notes (ISO code)
language = "en"
# Default avatar, must be a valid URL or "" for a placeholder avatar
avatar = ""
# Default header, must be a valid URL or "" for none
header = ""
# A style name from https://www.dicebear.com/styles
placeholder_style = "thumbs"

[federation]
# This is a list of domain names, such as "mastodon.social" or "pleroma.site"
# These changes will not retroactively apply to existing data before they were changed
# For that, please use the CLI

# These instances will not be federated with
blocked = []
# These instances' data will only be shown to followers, not in public timelines
followers_only = []

[federation.discard]
# These objects will be discarded when received from these instances
reports = []
deletes = []
updates = []
media = []
follows = []
# If instance reactions are blocked, likes will also be discarded
likes = []
reactions = []
banners = []
avatars = []

[instance]
name = "Lysand"
description = "A test instance of Lysand"
# URL to your instance logo (jpg files should be renamed to jpeg)
logo = ""
# URL to your instance banner (jpg files should be renamed to jpeg)
banner = ""


[filters]
# Regex filters for federated and local data
# Does not apply retroactively (try the CLI for that)

# Note contents
note_content = [
    # "(https?://)?(www\\.)?youtube\\.com/watch\\?v=[a-zA-Z0-9_-]+",
    # "(https?://)?(www\\.)?youtu\\.be/[a-zA-Z0-9_-]+",
]
emoji = []
# These will drop users matching the filters
username = []
displayname = []
bio = []

[logging]
# Log all requests (warning: this is a lot of data)
log_requests = false
# Log request and their contents (warning: this is a lot of data)
log_requests_verbose = false
# Available levels: debug, info, warning, error, critical
log_level = "info"
# For GDPR compliance, you can disable logging of IPs
log_ip = false

# Log all filtered objects
log_filters = true

[logging.storage]
# Path to logfile for requests
requests = "logs/requests.log"

[ratelimits]
# These settings apply to every route at once
# Amount to multiply every route's duration by
duration_coeff = 1.0
# Amount to multiply every route's max requests per [duration] by
max_coeff = 1.0

[custom_ratelimits]
# Add in any API route in this style here
# Applies before the global ratelimit changes
"/api/v1/accounts/:id/block" = { duration = 30, max = 60 }
"/api/v1/timelines/public" = { duration = 60, max = 200 }