[database] # Main PostgreSQL database connection host = "localhost" port = 5432 username = "lysand" password = "mycoolpassword" database = "lysand" [redis.queue] # Redis instance for storing the federation queue # Required for federation host = "localhost" port = 6379 password = "" database = 0 enabled = true [redis.cache] # Redis instance to be used as a timeline cache # Optional, can be the same as the queue instance host = "localhost" port = 40004 password = "" database = 1 enabled = false [meilisearch] # If Meilisearch is not configured, search will not be enabled host = "localhost" port = 40007 api_key = "" enabled = true [signups] # URL of your Terms of Service tos_url = "https://social.lysand.org/tos" # Whether to enable registrations or not registration = true rules = [ "Do not harass others", "Be nice to people", "Don't spam", "Don't post illegal content", ] [oidc] # Run Lysand with this value missing to generate a new key jwt_key = "" # If enabled, Lysand will require users to log in with an OAuth provider # Note that registering with an OAuth provider is not supported yet, so # this will lock out users who are not already registered or who do not have # an OAuth account linked forced = false # Delete this section if you don't want to use custom OAuth providers # This is an example configuration # The provider MUST support OpenID Connect with .well-known discovery # Most notably, GitHub does not support this # Redirect URLs in your OAuth provider can be set to this: # /oauth/sso//callback* # The asterisk is important, as it allows for any query parameters to be passed # Authentik for example uses regex so it can be set to (regex): # /oauth/sso//callback.* [[oidc.providers]] # name = "CPlusPatch ID" # id = "cpluspatch-id" # url = "https://id.cpluspatch.com/application/o/lysand-testing/" # client_id = "XXXX" # client_secret = "XXXXX" # icon = "https://cpluspatch.com/images/icons/logo.svg" [http] # The full URL Lysand will be reachable by (paths are not supported) base_url = "https://lysand.localhost:9900" # Address to bind to (0.0.0.0 is suggested for proxies) bind = "lysand.localhost" bind_port = 9900 # Bans IPv4 or IPv6 IPs (wildcards, networks and ranges are supported) banned_ips = [] # Banned user agents, regex format banned_user_agents = [ # "curl\/7.68.0", # "wget\/1.20.3", ] [http.tls] # If these values are set, Lysand will use these files for TLS enabled = false key = "" cert = "" passphrase = "" ca = "" [http.bait] # Enable the bait feature (sends fake data to those who are flagged) enabled = false # Path to file of bait data (if not provided, Lysand will send the entire Bee Movie script) send_file = "" # IPs to send bait data to (wildcards, networks and ranges are supported) bait_ips = ["127.0.0.1", "::1"] # User agents to send bait data to (regex format) bait_user_agents = ["curl", "wget"] [frontend] # Enable custom frontends (warning: not enabling this or Glitch will make Lysand only accessible via the Mastodon API) # Frontends also control the OAuth flow, so if you disable this, you will need to use the Mastodon frontend enabled = true # The URL to reach the frontend at (should be on a local network) url = "http://localhost:3000" [frontend.routes] # Special routes for your frontend, below are the defaults for Lysand-FE # Can be set to a route already used by Lysand, as long as it is on a different HTTP method # e.g. /oauth/authorize is a POST-only route, so you can serve a GET route at /oauth/authorize # home = "/" # login = "/oauth/authorize" # consent = "/oauth/consent" # register = "/register" # password_reset = "/oauth/reset" [frontend.settings] # Arbitrary key/value pairs to be passed to the frontend # This can be used to set up custom themes, etc on supported frontends. # theme = "dark" [frontend.glitch] # Enable the Glitch frontend integration enabled = false # Glitch assets folder assets = "glitch" # Server the assets were ripped from (and any eventual CDNs) server = ["https://tech.lgbt"] [smtp] # SMTP server to use for sending emails server = "smtp.example.com" port = 465 username = "test@example.com" password = "password123" tls = true # Disable all email functions (this will allow people to sign up without verifying # their email) enabled = false [media] # Can be "s3" or "local", where "local" uploads the file to the local filesystem # If you need to change this value after setting up your instance, you must move all the files # from one backend to the other manually (the CLI will have an option to do this later) # TODO: Add CLI command to move files backend = "s3" # Whether to check the hash of media when uploading to avoid duplication deduplicate_media = true # If media backend is "local", this is the folder where the files will be stored # Can be any path local_uploads_folder = "uploads" [media.conversion] # Whether to automatically convert images to another format on upload convert_images = true # Can be: "image/jxl", "image/webp", "image/avif", "image/png", "image/jpeg", "image/heif", "image/gif" # JXL support will likely not work convert_to = "image/webp" # [s3] # Can be left blank if you don't use the S3 media backend # endpoint = "" # access_key = "XXXXX" # secret_access_key = "XXX" # region = "" # bucket_name = "lysand" # public_url = "https://cdn.example.com" [validation] # Checks user data # Does not retroactively apply to previously entered data max_displayname_size = 50 max_bio_size = 160 max_note_size = 5000 max_avatar_size = 5_000_000 max_header_size = 5_000_000 max_media_size = 40_000_000 max_media_attachments = 10 max_media_description_size = 1000 max_poll_options = 20 max_poll_option_size = 500 min_poll_duration = 60 max_poll_duration = 1893456000 max_username_size = 30 max_field_count = 10 max_field_name_size = 1000 max_field_value_size = 1000 # Forbidden usernames, defaults are from Akkoma username_blacklist = [ ".well-known", "~", "about", "activities", "api", "auth", "dev", "inbox", "internal", "main", "media", "nodeinfo", "notice", "oauth", "objects", "proxy", "push", "registration", "relay", "settings", "status", "tag", "users", "web", "search", "mfa", ] # Whether to blacklist known temporary email providers blacklist_tempmail = false # Additional email providers to blacklist (list of domains) email_blacklist = [] # Valid URL schemes, otherwise the URL is parsed as text url_scheme_whitelist = [ "http", "https", "ftp", "dat", "dweb", "gopher", "hyper", "ipfs", "ipns", "irc", "xmpp", "ircs", "magnet", "mailto", "mumble", "ssb", "gemini", ] # Only allow those MIME types of data to be uploaded # This can easily be spoofed, but if it is spoofed it will appear broken # to normal clients until despoofed enforce_mime_types = false # Defaults to all valid MIME types # allowed_mime_types = [] [defaults] # Default visibility for new notes # Can be public, unlisted, private or direct # Private only sends to followers, unlisted doesn't show up in timelines visibility = "public" # Default language for new notes (ISO code) language = "en" # Default avatar, must be a valid URL or left out for a placeholder avatar # avatar = "" # Default header, must be a valid URL or left out for none # header = "" # A style name from https://www.dicebear.com/styles placeholder_style = "thumbs" [federation] # This is a list of domain names, such as "mastodon.social" or "pleroma.site" # These changes will not retroactively apply to existing data before they were changed # For that, please use the CLI # These instances will not be federated with blocked = [] # These instances' data will only be shown to followers, not in public timelines followers_only = [] [federation.discard] # These objects will be discarded when received from these instances reports = [] deletes = [] updates = [] media = [] follows = [] # If instance reactions are blocked, likes will also be discarded likes = [] reactions = [] banners = [] avatars = [] # For bridge software, such as lysand-org/activitypub # Bridges must be hosted separately from the main Lysand process [federation.bridge] enabled = false # Only lysand-ap exists for now software = "lysand-ap" # WARNING: These IPs will have signature checks disabled. # Only use the bridge software if you trust it. allowed_ips = ["192.168.1.0/24"] [instance] name = "Lysand" description = "A Lysand instance" # Path to a file containing a longer description of your instance # This will be parsed as Markdown # extended_description_path = "config/description.md" # URL to your instance logo # logo = "" # URL to your instance banner # banner = "" [filters] # Regex filters for federated and local data # Drops data matching the filters # Does not apply retroactively to existing data # Note contents note_content = [ # "(https?://)?(www\\.)?youtube\\.com/watch\\?v=[a-zA-Z0-9_-]+", # "(https?://)?(www\\.)?youtu\\.be/[a-zA-Z0-9_-]+", ] emoji = [] # These will drop users matching the filters username = [] displayname = [] bio = [] [logging] # Log all requests (warning: this is a lot of data) log_requests = false # Log request and their contents (warning: this is a lot of data) log_requests_verbose = false # Available levels: debug, info, warning, error, critical log_level = "debug" # For GDPR compliance, you can disable logging of IPs log_ip = false # Log all filtered objects log_filters = true [logging.storage] # Path to logfile for requests requests = "logs/requests.log" [ratelimits] # These settings apply to every route at once # Amount to multiply every route's duration by duration_coeff = 1.0 # Amount to multiply every route's max requests per [duration] by max_coeff = 1.0 [custom_ratelimits] # Add in any API route in this style here # Applies before the global ratelimit changes # "/api/v1/accounts/:id/block" = { duration = 30, max = 60 } # "/api/v1/timelines/public" = { duration = 60, max = 200 }