update sharkey configurations

2025-08-14 01:43:53 -05:00 · 2025-08-14 01:43:53 -05:00 · 4185f835d5
commit 4185f835d5
parent e50dbd6fed
7 changed files with 252 additions and 38 deletions
--- a/phosphorus/srv/docker/caddy/conf/sites-enabled/sharkey
+++ b/phosphorus/srv/docker/caddy/conf/sites-enabled/sharkey
@ -1,7 +1,28 @@
 booping.synth.download {
    reverse_proxy 127.0.0.1:60628
    import common-settings
    import log sharkey
    import robots-txt
 	@activity_pub `header({'Content-Type': 'application/activity+json*'}) || header({'Content-Type': 'application/ld+json*'}) || header({'Accept': 'application/activity+json*'}) || header({'Accept': 'application/ld+json*'})`
 	route {
 		# media service
 		reverse_proxy /files/* 127.0.0.1:57378
 		reverse_proxy /avatar/* 127.0.0.1:57378
 		reverse_proxy /url 127.0.0.1:57378
 		reverse_proxy /twemoji-badge/* 127.0.0.1:57378
 		reverse_proxy /identicon/* 127.0.0.1:57378
 		# activitypub service
 		reverse_proxy @activity_pub 127.0.0.1:47815
 		reverse_proxy /api/v2/search 127.0.0.1:47815
 		reverse_proxy /api/admin/federation/refresh-remote-instance-metadata 127.0.0.1:47815
 		reverse_proxy /api/notes/polls/refresh 127.0.0.1:47815
 		reverse_proxy /api/federation/update-remote-user 127.0.0.1:47815
 		reverse_proxy /api/ap/get 127.0.0.1:47815
 		reverse_proxy /api/ap/show 127.0.0.1:47815
 		# api + web frontend (+ general fallback)
 		reverse_proxy 127.0.0.1:60628
 	}
 }
--- a/phosphorus/srv/docker/sharkey/activity/sharkey-activity.yml
+++ b/phosphorus/srv/docker/sharkey/activity/sharkey-activity.yml
@ -0,0 +1,12 @@
 # The port that your Misskey server should listen on.
 port: 3002
 # Job concurrency per worker
 deliverJobConcurrency: 0
 inboxJobConcurrency: 0
 relationshipJobConcurrency: 0
 # Job rate limiter
 deliverJobPerSec: 0
 inboxJobPerSec: 0
 relationshipJobPerSec: 0
--- a/phosphorus/srv/docker/sharkey/api/sharkey-api.yml
+++ b/phosphorus/srv/docker/sharkey/api/sharkey-api.yml
@ -0,0 +1,12 @@
 # The port that your Misskey server should listen on.
 port: 3001
 # Job concurrency per worker
 deliverJobConcurrency: 0
 inboxJobConcurrency: 0
 relationshipJobConcurrency: 0
 # Job rate limiter
 deliverJobPerSec: 0
 inboxJobPerSec: 0
 relationshipJobPerSec: 0
--- a/phosphorus/srv/docker/sharkey/compose.yaml
+++ b/phosphorus/srv/docker/sharkey/compose.yaml
@ -1,31 +1,121 @@
 # since sharkey/misskey lacks documentation, i'll describe how this works here
 #
 # basically: we're splitting up the different things sharkey does into their own seperate services, which makes things more responsive (although heavier) rather than being one giant service doing everything.
 #
 # we keep our default.yml config intact then provide extra *.yml configs for each service respectively
 # - each process will load the values of default.yml first, then load other configs and override default.yml's values
 #   - we keep our default.yml to provide character/file size limits, moto of the day, etc. (db/redis/search settings are confined to .env.secrets in our setup but if you don't need/have it you can remove it from here)
 # - our config points each service to their own config, we mount default.yml for each service as well which is read first
 #
 # then caddy (or if you're using this yourself, whatever reverse proxy is preferred) just reverse proxies each endpoint into their respective "service"
 services:
-  web:
+  # api obviously handles most api endpoints, as well as serving the web frontend
  api:
    image: registry.activitypub.software/transfem-org/sharkey:latest
    restart: always
    links:
      - redis
    depends_on:
      redis:
        condition: service_healthy
    ports:
-      - "127.0.0.1:60628:60628"
+      - "127.0.0.1:60628:3001"
    networks:
      - shonk
      - ip6net
      - db
      - sharkey
    env_file:
      - .env.secrets # secrets contains our db password and stuff like that
    environment:
-      - NODE_OPTIONS="--max-old-space-size=8192"
+      - MISSKEY_CONFIG_YML=*.yml
      - MISSKEY_CONFIG_DIR=/sharkey/.config
      - MK_ONLY_SERVER=1
      - MK_DISABLE_CLUSTERING=1
    volumes:
      - ./files:/sharkey/files # unsure which actually needs access to files, so we share with all services just in case
      - ./api:/sharkey/.config
      - ./default.yml:/sharkey/.config/default.yml:ro # default/generic config
  # queue/process handling. basically the actual backend
  worker:
    image: registry.activitypub.software/transfem-org/sharkey:latest
    restart: always
    depends_on:
      redis:
        condition: service_healthy
    networks:
      - db
      - sharkey
    env_file:
      - .env.secrets
    environment:
      - MISSKEY_CONFIG_YML=*.yml
      - MISSKEY_CONFIG_DIR=/sharkey/.config
      - MK_ONLY_QUEUE=1
    volumes:
      - ./files:/sharkey/files
-      - ./.config:/sharkey/.config:ro
+      - ./worker:/sharkey/.config
      - ./default.yml:/sharkey/.config/default.yml:ro
  # handles federation/activitypub requests
  activity:
    image: registry.activitypub.software/transfem-org/sharkey:latest
    restart: always
    depends_on:
      redis:
        condition: service_healthy
    ports:
      - "127.0.0.1:47815:3002"
    networks:
      - ip6net
      - db
      - sharkey
    env_file:
      - .env.secrets
    environment:
      - MISSKEY_CONFIG_YML=*.yml
      - MISSKEY_CONFIG_DIR=/sharkey/.config
      - MK_ONLY_SERVER=1
      - MK_DISABLE_CLUSTERING=1
      - MK_NO_DAEMONS=1
    volumes:
      - ./files:/sharkey/files
      - ./activity:/sharkey/.config
      - ./default.yml:/sharkey/.config/default.yml:ro
  # handles media/reverse proxy (/files/*)
  media:
    image: registry.activitypub.software/transfem-org/sharkey:latest
    restart: always
    depends_on:
      redis:
        condition: service_healthy
    ports:
      - "127.0.0.1:57378:3003"
    networks:
      - ip6net
      - db
      - sharkey
    env_file:
      - .env.secrets
    environment:
      - MISSKEY_CONFIG_YML=*.yml
      - MISSKEY_CONFIG_DIR=/sharkey/.config
      - MK_ONLY_SERVER=1
      - MK_DISABLE_CLUSTERING=1
      - MK_NO_DAEMONS=1
    volumes:
      - ./files:/sharkey/files
      - ./media:/sharkey/.config
      - ./default.yml:/sharkey/.config/default.yml:ro
  # redis is used for caching
  redis:
    restart: always
    image: redis:alpine
    networks:
      - shonk
    volumes:
      - ./redis:/data
    networks:
      - sharkey
    healthcheck:
      test: "redis-cli ping"
      interval: 5s
@ -38,4 +128,4 @@ networks:
  ip6net:
    name: ip6net
    external: true
-  shonk:
+  sharkey:
--- a/phosphorus/srv/docker/sharkey/.config/default.yml
+++ b/phosphorus/srv/docker/sharkey/.config/default.yml
@ -73,11 +73,11 @@ url: https://booping.synth.download/
 #───┘ Port and TLS settings └───────────────────────────────────
 #
-# Misskey requires a reverse proxy to support HTTPS connections.
+# Sharkey requires a reverse proxy to support HTTPS connections.
 #
 #                 +----- https://example.tld/ ------------+
 #   +------+      |+-------------+      +----------------+|
-#   | User | ---> || Proxy (443) | ---> | Misskey (3000) ||
+#   | User | ---> || Proxy (443) | ---> | Sharkey (3000) ||
 #   +------+      |+-------------+      +----------------+|
 #                 +---------------------------------------+
 #
@ -85,14 +85,14 @@ url: https://booping.synth.download/
 #   An encrypted connection with HTTPS is highly recommended
 #   because tokens may be transferred in GET requests.
-# The port that your Misskey server should listen on.
+# The port that your Sharkey server should listen on.
-port: 60628
+port: 3000
 #   ┌──────────────────────────┐
 #───┘ PostgreSQL configuration └────────────────────────────────
 db:
-  host: gyattabase
+  host: db
  port: 5432
  # Database name
@ -101,15 +101,24 @@ db:
  # Auth
  # You can set user and pass from environment variables instead.
-  user: misskey
+  user: example-misskey-user
-  pass: rizzrizzrizz
+  pass: example-misskey-pass
-  # Whether disable Caching queries
+  ## Log a warning to the server console if any query takes longer than this to complete.
-  #disableCache: true
+  ## Measured in milliseconds; set to 0 to disable. (default: 300)
  #slowQueryThreshold: 300
  # If false, then query results will be cached in redis.
  # If true (default), then queries will not be cached.
  # This will reduce database load at the cost of increased Redis traffic and risk of bugs and unpredictable behavior.
  #disableCache: false
  # Extra Connection options
  #extra:
  #  ssl: true
  #  # Set a higher value if you have timeout issues during migration
  #  statement_timeout: 10000
 dbReplications: false
@ -138,6 +147,8 @@ redis:
  #pass: example-pass
  #prefix: example-prefix
  #db: 1
  # You can specify more ioredis options...
  #username: example-username
 #redisForPubsub:
 #  host: redis
@ -146,6 +157,8 @@ redis:
 #  #pass: example-pass
 #  #prefix: example-prefix
 #  #db: 1
 #  # You can specify more ioredis options...
 #  #username: example-username
 #redisForJobQueue:
 #  host: redis
@ -154,6 +167,8 @@ redis:
 #  #pass: example-pass
 #  #prefix: example-prefix
 #  #db: 1
 #  # You can specify more ioredis options...
 #  #username: example-username
 #redisForTimelines:
 #  host: redis
@ -162,6 +177,28 @@ redis:
 #  #pass: example-pass
 #  #prefix: example-prefix
 #  #db: 1
 #  # You can specify more ioredis options...
 #  #username: example-username
 #redisForReactions:
 #  host: redis
 #  port: 6379
 #  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
 #  #pass: example-pass
 #  #prefix: example-prefix
 #  #db: 1
 #  # You can specify more ioredis options...
 #  #username: example-username
 #redisForRateLimit:
 #  host: localhost
 #  port: 6379
 #  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
 #  #pass: example-pass
 #  #prefix: example-prefix
 #  #db: 1
 #  # You can specify more ioredis options...
 #  #username: example-username
 #   ┌───────────────────────────────┐
 #───┘ Fulltext search configuration └─────────────────────────────
@ -236,23 +273,23 @@ id: 'aidx'
 #disableHsts: true
 # Number of worker processes
-clusterLimit: 6
+#clusterLimit: 1
 # Job concurrency per worker
-deliverJobConcurrency: 96
+#deliverJobConcurrency: 128
-inboxJobConcurrency: 16
+#inboxJobConcurrency: 16
-relationshipJobConcurrency: 16
+#relationshipJobConcurrency: 16
-#  What's relationshipJob?:
+# What's relationshipJob?:
-#   Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations.
+#  Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations.
 # Job rate limiter
-deliverJobPerSec: 96
+#deliverJobPerSec: 128
-inboxJobPerSec: 32
+#inboxJobPerSec: 32
-relationshipJobPerSec: 64
+#relationshipJobPerSec: 64
 # Job attempts
-deliverJobMaxAttempts: 12
+#deliverJobMaxAttempts: 12
-inboxJobMaxAttempts: 8
+#inboxJobMaxAttempts: 8
 # Local address used for outgoing requests
 #outgoingAddress: 127.0.0.1
@ -288,8 +325,15 @@ proxyBypassHosts:
 #proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
 #proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
 # Path to the directory that uploaded media will be saved to
 # Defaults to a folder called "files" in the Sharkey directory
 #mediaDirectory: /var/lib/sharkey
 # Media Proxy
-#mediaProxy: https://booping.synth.download/proxy
+# Reference Implementation: https://github.com/misskey-dev/media-proxy
 # * Deliver a common cache between instances
 # * Perform image compression (on a different server resource than the main process)
 #mediaProxy: https://example.com/proxy
 # Proxy remote files (default: true)
 # Proxy remote files by this instance or mediaProxy to prevent remote files from running in remote domains.
@ -297,9 +341,9 @@ proxyRemoteFiles: true
 # Movie Thumbnail Generation URL
 # There is no reference implementation.
-# For example, Misskey will point to the following URL:
+# For example, Sharkey will point to the following URL:
 #   https://example.com/thumbnail.webp?thumbnail=1&url=https%3A%2F%2Fstorage.example.com%2Fpath%2Fto%2Fvideo.mp4
-#videoThumbnailGenerator: https://booping.synth.download
+#videoThumbnailGenerator: https://example.com
 # Sign outgoing ActivityPub GET request (default: true)
 signToActivityPubGet: true
@ -442,14 +486,19 @@ customMOTD: [
  'You''re going to have to speak into the void for that one.'
 ]
 # Disable automatic redirect for ActivityPub object lookup. (default: false)
 # This is a strong defense against potential impersonation attacks if the viewer instance has inadequate validation.
 # However it will make it impossible for other instances to lookup third-party user and notes through your URL.
 #disallowExternalApRedirect: true
 # Upload or download file size limits (bytes)
 # 2GB
 maxFileSize: 2147483648
 # timeout (in milliseconds) and maximum size for imports (e.g. note imports)
-#import:
+import:
-#  downloadTimeout: 30000
+  downloadTimeout: 30000
-#  maxFileSize: 262144000
+  maxFileSize: 262144000
 # CHMod-style permission bits to apply to uploaded files.
 # Permission bits are specified as a base-8 string representing User/Group/Other permissions.
--- a/phosphorus/srv/docker/sharkey/media/sharkey-media.yml
+++ b/phosphorus/srv/docker/sharkey/media/sharkey-media.yml
@ -0,0 +1,12 @@
 # The port that your Misskey server should listen on.
 port: 3003
 # Job concurrency per worker
 deliverJobConcurrency: 0
 inboxJobConcurrency: 0
 relationshipJobConcurrency: 0
 # Job rate limiter
 deliverJobPerSec: 0
 inboxJobPerSec: 0
 relationshipJobPerSec: 0
--- a/phosphorus/srv/docker/sharkey/worker/sharkey-worker.yml
+++ b/phosphorus/srv/docker/sharkey/worker/sharkey-worker.yml
@ -0,0 +1,18 @@
 # Number of worker processes
 clusterLimit: 2
 # Job concurrency per worker
 # What's relationshipJob?:
 #  Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations.
 deliverJobConcurrency: 128
 inboxJobConcurrency: 8
 relationshipJobConcurrency: 32
 # Job rate limiter
 deliverJobPerSec: 4096
 inboxJobPerSec: 4096
 relationshipJobPerSec: 4096
 # Job attempts
 #deliverJobMaxAttempts: 12
 #inboxJobMaxAttempts: 8