From 6261b6d778deb28bde1d891a826f2e2c795f0c9f Mon Sep 17 00:00:00 2001
From: Ruben <sneexy@disroot.org>
Date: Tue, 30 Dec 2025 15:10:08 -0600
Subject: [PATCH] data files, set container names, enable ipv6

---
 .../containers/systemd/caddy/caddy.container  |   2 +-
 .../systemd/mastodon/mastodon.network         |   2 +
 .../systemd/postgresql/postgresql.container   |   1 +
 .../sharkey/sharkey-activity.container        |   1 +
 .../systemd/sharkey/sharkey-api.container     |   1 +
 .../systemd/sharkey/sharkey-dfdb.container    |   1 +
 .../systemd/sharkey/sharkey-media.container   |   1 +
 .../systemd/sharkey/sharkey-worker.container  |   1 +
 .../systemd/sharkey/sharkey.network           |   3 +-
 .../system/cockpit.socket.d/override.conf     |   6 +
 beeper/var/containers/caddy/.gitkeep          |   0
 beeper/var/containers/postgresql/.gitkeep     |   0
 beeper/var/containers/sharkey/default.yml     | 430 ++++++++++++++++++
 13 files changed, 447 insertions(+), 2 deletions(-)
 create mode 100644 beeper/etc/systemd/system/cockpit.socket.d/override.conf
 create mode 100644 beeper/var/containers/caddy/.gitkeep
 create mode 100644 beeper/var/containers/postgresql/.gitkeep
 create mode 100644 beeper/var/containers/sharkey/default.yml

diff --git a/beeper/etc/containers/systemd/caddy/caddy.container b/beeper/etc/containers/systemd/caddy/caddy.container
index 4e211ba..40a944f 100644
--- a/beeper/etc/containers/systemd/caddy/caddy.container
+++ b/beeper/etc/containers/systemd/caddy/caddy.container
@@ -4,8 +4,8 @@ After=network-online.target
 Wants=network-online.target
 
 [Container]
-AddCapability=NET_ADMIN
 ContainerName=caddy
+AddCapability=NET_ADMIN
 Image=ghcr.io/zenfyrdev/caddy:latest
 Network=host
 Volume=/etc/caddy:/etc/caddy:z
diff --git a/beeper/etc/containers/systemd/mastodon/mastodon.network b/beeper/etc/containers/systemd/mastodon/mastodon.network
index 264f70a..fc45553 100644
--- a/beeper/etc/containers/systemd/mastodon/mastodon.network
+++ b/beeper/etc/containers/systemd/mastodon/mastodon.network
@@ -1 +1,3 @@
 [Network]
+NetworkName=mastodon
+IPv6=true
\ No newline at end of file
diff --git a/beeper/etc/containers/systemd/postgresql/postgresql.container b/beeper/etc/containers/systemd/postgresql/postgresql.container
index dea222d..99f44c5 100644
--- a/beeper/etc/containers/systemd/postgresql/postgresql.container
+++ b/beeper/etc/containers/systemd/postgresql/postgresql.container
@@ -2,6 +2,7 @@
 Description=PostgreSQL Database
 
 [Container]
+ContainerName=postgresql
 Image=registry.hub.docker.com/groonga/pgroonga:latest-alpine-18
 EnvironmentFile=/var/containers/postgresql/.env
 Network=postgresql.network
diff --git a/beeper/etc/containers/systemd/sharkey/sharkey-activity.container b/beeper/etc/containers/systemd/sharkey/sharkey-activity.container
index bbcca7c..c9aba25 100644
--- a/beeper/etc/containers/systemd/sharkey/sharkey-activity.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-activity.container
@@ -5,6 +5,7 @@ Requires=postgresql.service sharkey-dfdb.service
 Wants=network-online.target
 
 [Container]
+ContainerName=sharkey-activity
 Image=registry.activitypub.software/transfem-org/sharkey:develop
 Environment=MISSKEY_CONFIG_YML=*.yml
 Environment=MISSKEY_CONFIG_DIR=/sharkey/.config
diff --git a/beeper/etc/containers/systemd/sharkey/sharkey-api.container b/beeper/etc/containers/systemd/sharkey/sharkey-api.container
index ebec8e9..a161876 100644
--- a/beeper/etc/containers/systemd/sharkey/sharkey-api.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-api.container
@@ -5,6 +5,7 @@ Requires=postgresql.service sharkey-dfdb.service
 Wants=network-online.target
 
 [Container]
+ContainerName=sharkey-api
 Image=registry.activitypub.software/transfem-org/sharkey:develop
 Environment=MISSKEY_CONFIG_YML=*.yml
 Environment=MISSKEY_CONFIG_DIR=/sharkey/.config
diff --git a/beeper/etc/containers/systemd/sharkey/sharkey-dfdb.container b/beeper/etc/containers/systemd/sharkey/sharkey-dfdb.container
index 6138e2d..41d6c10 100644
--- a/beeper/etc/containers/systemd/sharkey/sharkey-dfdb.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-dfdb.container
@@ -2,6 +2,7 @@
 Description=Sharkey's DragonflyDB process
 
 [Container]
+ContainerName=sharkey-dfdb
 Environment="DFLY_snapshot_cron=* * * * *"
 Environment=DFLY_version_check=false
 Environment=DFLY_default_lua_flags=allow-undeclared-keys
diff --git a/beeper/etc/containers/systemd/sharkey/sharkey-media.container b/beeper/etc/containers/systemd/sharkey/sharkey-media.container
index 94b254c..40949f0 100644
--- a/beeper/etc/containers/systemd/sharkey/sharkey-media.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-media.container
@@ -5,6 +5,7 @@ Requires=postgresql.service sharkey-dfdb.service
 Wants=network-online.target
 
 [Container]
+ContainerName=sharkey-media
 Image=registry.activitypub.software/transfem-org/sharkey:develop
 Environment=MISSKEY_CONFIG_YML=*.yml
 Environment=MISSKEY_CONFIG_DIR=/sharkey/.config
diff --git a/beeper/etc/containers/systemd/sharkey/sharkey-worker.container b/beeper/etc/containers/systemd/sharkey/sharkey-worker.container
index ac10180..83f908c 100644
--- a/beeper/etc/containers/systemd/sharkey/sharkey-worker.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-worker.container
@@ -5,6 +5,7 @@ Requires=postgresql.service sharkey-dfdb.service
 Wants=network-online.target
 
 [Container]
+ContainerName=sharkey-worker
 Image=registry.activitypub.software/transfem-org/sharkey:develop
 Environment=MISSKEY_CONFIG_YML=*.yml
 Environment=MISSKEY_CONFIG_DIR=/sharkey/.config
diff --git a/beeper/etc/containers/systemd/sharkey/sharkey.network b/beeper/etc/containers/systemd/sharkey/sharkey.network
index 3bcc0b2..f20df48 100644
--- a/beeper/etc/containers/systemd/sharkey/sharkey.network
+++ b/beeper/etc/containers/systemd/sharkey/sharkey.network
@@ -1,2 +1,3 @@
 [Network]
-NetworkName=sharkey
\ No newline at end of file
+NetworkName=sharkey
+IPv6=true
\ No newline at end of file
diff --git a/beeper/etc/systemd/system/cockpit.socket.d/override.conf b/beeper/etc/systemd/system/cockpit.socket.d/override.conf
new file mode 100644
index 0000000..f84391d
--- /dev/null
+++ b/beeper/etc/systemd/system/cockpit.socket.d/override.conf
@@ -0,0 +1,6 @@
+# make cockpit only available on local IP
+
+[Socket]
+ListenStream=
+ListenStream=127.0.0.1:9090
+FreeBind=yes
\ No newline at end of file
diff --git a/beeper/var/containers/caddy/.gitkeep b/beeper/var/containers/caddy/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/beeper/var/containers/postgresql/.gitkeep b/beeper/var/containers/postgresql/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/beeper/var/containers/sharkey/default.yml b/beeper/var/containers/sharkey/default.yml
new file mode 100644
index 0000000..c1210e8
--- /dev/null
+++ b/beeper/var/containers/sharkey/default.yml
@@ -0,0 +1,430 @@
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+# Misskey configuration
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+#   ┌──────────────────────────────┐
+#───┘ a boring but important thing └────────────────────────────
+
+#
+# First of all, let me tell you a story that may possibly be
+# boring to you and possibly important to you.
+#
+# Misskey is licensed under the AGPLv3 license. This license is
+# known to be often misunderstood.  Please read the following
+# instructions carefully and select the appropriate option so
+# that you do not negligently cause a license violation.
+#
+
+# --------
+# Option 1: If you host Misskey AS-IS (without any changes to
+#           the source code. forks are not included).
+#
+# Step 1: Congratulations! You don't need to do anything.
+
+# --------
+# Option 2: If you have made changes to the source code (forks
+#           are included) and publish a Git repository of source
+#           code.  There should be no access restrictions on
+#           this repository.  Strictly speaking, it doesn't have
+#           to be a Git repository, but you'll probably use Git!
+#
+# Step 1: Build and run the Misskey server first.
+# Step 2: Open <https://your.misskey.example/admin/settings> in
+#         your browser with the administrator account.
+# Step 3: Enter the URL of your Git repository in the
+#         "Repository URL" field.
+
+# --------
+# Option 3: If neither of the above applies to you.
+#           (In this case, the source code should be published
+#           on the Misskey interface.  IT IS NOT ENOUGH TO
+#           DISCLOSE THE SOURCE CODE WEHN A USER REQUESTS IT BY
+#           E-MAIL OR OTHER MEANS.  If you are not satisfied
+#           with this, it is recommended that you read the
+#           license again carefully.  Anyway, enabling this
+#           option will automatically generate and publish a
+#           tarball at build time, protecting you from
+#           inadvertent license violations. (There is no legal
+#           guarantee, of course.)  The tarball will generated
+#           from the root directory of your codebase.  So it is
+#           also recommended to check <built/tarball> directory
+#           once after building and before activating the server
+#           to avoid ACCIDENTAL LEAKING OF SENSITIVE INFORMATION.
+#           To prevent certain files from being included in the
+#           tarball, add a glob pattern after line 15 in
+#           <scripts/tarball.mjs>.  DO NOT FORGET TO BUILD AFTER
+#           ENABLING THIS OPTION!)
+#
+# Step 1: Uncomment the following line.
+#
+# publishTarballInsteadOfProvideRepositoryUrl: true
+
+#   ┌─────┐
+#───┘ URL └─────────────────────────────────────────────────────
+
+# Final accessible URL seen by a user.
+# You can set url from an environment variable instead.
+url: https://sharkeyeyeyeyey.beeper.synth.download/
+
+# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
+# URL SETTINGS AFTER THAT!
+
+#   ┌───────────────────────┐
+#───┘ Port and TLS settings └───────────────────────────────────
+
+#
+# Sharkey requires a reverse proxy to support HTTPS connections.
+#
+#                 +----- https://example.tld/ ------------+
+#   +------+      |+-------------+      +----------------+|
+#   | User | ---> || Proxy (443) | ---> | Sharkey (3000) ||
+#   +------+      |+-------------+      +----------------+|
+#                 +---------------------------------------+
+#
+#   You need to set up a reverse proxy. (e.g. nginx)
+#   An encrypted connection with HTTPS is highly recommended
+#   because tokens may be transferred in GET requests.
+
+# The port that your Sharkey server should listen on.
+port: 3000
+
+#   ┌──────────────────────────┐
+#───┘ PostgreSQL configuration └────────────────────────────────
+
+db:
+  host: postgresql
+  port: 5432
+
+  # Database name
+  # You can set db from an environment variable instead.
+  db: misskey
+
+  # Auth
+  # You can set user and pass from environment variables instead.
+  #user: example-misskey-user
+  #pass: example-misskey-pass
+
+  ## Log a warning to the server console if any query takes longer than this to complete.
+  ## Measured in milliseconds; set to 0 to disable. (default: 300)
+  #slowQueryThreshold: 300
+
+  # If false, then query results will be cached in redis.
+  # If true (default), then queries will not be cached.
+  # This will reduce database load at the cost of increased Redis traffic and risk of bugs and unpredictable behavior.
+  #disableCache: false
+
+  # Extra Connection options
+  #extra:
+  #  ssl: true
+  #  # Set a higher value if you have timeout issues during migration
+  #  statement_timeout: 10000
+
+
+dbReplications: false
+
+# You can configure any number of replicas here
+#dbSlaves:
+#  -
+#    host:
+#    port:
+#    db:
+#    user:
+#    pass:
+#  -
+#    host:
+#    port:
+#    db:
+#    user:
+#    pass:
+
+#   ┌─────────────────────┐
+#───┘ Redis configuration └─────────────────────────────────────
+
+redis:
+  host: sharkey-dfdb
+  port: 6379
+  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
+  #pass: example-pass
+  #prefix: example-prefix
+  #db: 1
+  # You can specify more ioredis options...
+  #username: example-username
+
+#redisForPubsub:
+#  host: redis
+#  port: 6379
+#  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
+#  #pass: example-pass
+#  #prefix: example-prefix
+#  #db: 1
+#  # You can specify more ioredis options...
+#  #username: example-username
+
+#redisForJobQueue:
+#  host: dragonfly-queue
+#  port: 6380
+#  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
+#  #pass: example-pass
+#  #prefix: example-prefix
+#  #db: 1
+#  # You can specify more ioredis options...
+#  #username: example-username
+
+#redisForTimelines:
+#  host: dragonfly-tl
+#  port: 6381
+#  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
+#  #pass: example-pass
+#  #prefix: example-prefix
+#  #db: 1
+#  # You can specify more ioredis options...
+#  #username: example-username
+
+#redisForReactions:
+#  host: redis
+#  port: 6379
+#  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
+#  #pass: example-pass
+#  #prefix: example-prefix
+#  #db: 1
+#  # You can specify more ioredis options...
+#  #username: example-username
+
+#redisForRateLimit:
+#  host: localhost
+#  port: 6379
+#  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
+#  #pass: example-pass
+#  #prefix: example-prefix
+#  #db: 1
+#  # You can specify more ioredis options...
+#  #username: example-username
+
+#   ┌───────────────────────────────┐
+#───┘ Fulltext search configuration └─────────────────────────────
+
+# These are the setting items for the full-text search provider.
+fulltextSearch:
+  # You can select the ID generation method.
+  # - sqlLike (default)
+  #   Use SQL-like search.
+  #   This is a standard feature of PostgreSQL, so no special extensions are required.
+  # - sqlPgroonga
+  #   Use pgroonga.
+  #   You need to install pgroonga and configure it as a PostgreSQL extension.
+  #   In addition to the above, you need to create a pgroonga index on the text column of the note table.
+  #   see: https://pgroonga.github.io/tutorial/
+  # - meilisearch
+  #   Use Meilisearch.
+  #   You need to install Meilisearch and configure.
+  provider: sqlPgroonga
+
+# For Meilisearch settings.
+# If you select "meilisearch" for "fulltextSearch.provider", it must be set.
+# You can set scope to local or global (default value)
+# (include notes from remote).
+
+#meilisearch:
+#  host: meilisearch
+#  port: 7700
+#  apiKey: ''
+#  ssl: true
+#  index: ''
+#  scope: global
+
+#   ┌───────────────┐
+#───┘ ID generation └───────────────────────────────────────────
+
+# You can select the ID generation method.
+# You don't usually need to change this setting, but you can
+# change it according to your preferences.
+
+# Available methods:
+# aid ... Short, Millisecond accuracy
+# aidx ... Millisecond accuracy
+# meid ... Similar to ObjectID, Millisecond accuracy
+# ulid ... Millisecond accuracy
+# objectid ... This is left for backward compatibility
+
+# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
+# ID SETTINGS AFTER THAT!
+
+id: 'aidx'
+
+#   ┌────────────────┐
+#───┘ Error tracking └──────────────────────────────────────────
+
+# Sentry is available for error tracking.
+# See the Sentry documentation for more details on options.
+
+#sentryForBackend:
+#  enableNodeProfiling: true
+#  options:
+#    dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0'
+
+#sentryForFrontend:
+#  options:
+#    dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0'
+
+#   ┌─────────────────────┐
+#───┘ Other configuration └─────────────────────────────────────
+
+# Whether disable HSTS
+#disableHsts: true
+
+# Number of worker processes
+#clusterLimit: 1
+
+# Job concurrency per worker
+#deliverJobConcurrency: 128
+#inboxJobConcurrency: 16
+#relationshipJobConcurrency: 16
+# What's relationshipJob?:
+#  Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations.
+
+# Job rate limiter
+#deliverJobPerSec: 128
+#inboxJobPerSec: 32
+#relationshipJobPerSec: 64
+
+# Job attempts
+#deliverJobMaxAttempts: 12
+#inboxJobMaxAttempts: 8
+
+# Local address used for outgoing requests
+#outgoingAddress: 127.0.0.1
+
+# IP address family used for outgoing request (ipv4, ipv6 or dual)
+outgoingAddressFamily: dual
+
+# Amount of characters that can be used when writing notes. Longer notes will be rejected. (minimum: 1)
+maxNoteLength: 100000
+# Amount of characters that will be saved for remote notes. Longer notes will be truncated to this length. (minimum: 1)
+maxRemoteNoteLength: 100000
+# Amount of characters that can be used when writing content warnings. Longer warnings will be rejected. (minimum: 1)
+maxCwLength: 5000
+# Amount of characters that will be saved for remote content warnings. Longer warnings will be truncated to this length. (minimum: 1)
+maxRemoteCwLength: 5000
+# Amount of characters that can be used when writing media descriptions (alt text). Longer descriptions will be rejected. (minimum: 1)
+maxAltTextLength: 100000
+# Amount of characters that will be saved for remote media descriptions (alt text). Longer descriptions will be truncated to this length. (minimum: 1)
+maxRemoteAltTextLength: 100000
+# Amount of characters that can be used when writing user bios. Longer descriptions will be rejected. (minimum: 1)
+maxBioLength: 2048
+# Amount of characters that will be saved for remote user bios. Longer descriptions will be truncated to this length. (minimum: 1)
+maxRemoteBioLength: 10000
+
+# Proxy for HTTP/HTTPS
+#proxy: http://127.0.0.1:3128
+
+proxyBypassHosts:
+  - api.deepl.com
+  - api-free.deepl.com
+  - www.recaptcha.net
+  - hcaptcha.com
+  - challenges.cloudflare.com
+
+# Proxy for SMTP/SMTPS
+#proxySmtp: http://127.0.0.1:3128   # use HTTP/1.1 CONNECT
+#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
+#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
+
+# Path to the directory that uploaded media will be saved to
+# Defaults to a folder called "files" in the Sharkey directory
+#mediaDirectory: /var/lib/sharkey
+
+# Media Proxy
+# Reference Implementation: https://github.com/misskey-dev/media-proxy
+# * Deliver a common cache between instances
+# * Perform image compression (on a different server resource than the main process)
+#mediaProxy: https://example.com/proxy
+
+# Proxy remote files (default: true)
+# Proxy remote files by this instance or mediaProxy to prevent remote files from running in remote domains.
+proxyRemoteFiles: true
+
+# Movie Thumbnail Generation URL
+# There is no reference implementation.
+# For example, Sharkey will point to the following URL:
+#   https://example.com/thumbnail.webp?thumbnail=1&url=https%3A%2F%2Fstorage.example.com%2Fpath%2Fto%2Fvideo.mp4
+#videoThumbnailGenerator: https://example.com
+
+# Sign outgoing ActivityPub GET request (default: true)
+signToActivityPubGet: true
+# Sign outgoing ActivityPub Activities (default: true)
+# Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity.
+# When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances.
+# This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests.
+attachLdSignatureForRelays: true
+
+# For security reasons, uploading attachments from the intranet is prohibited,
+# but exceptions can be made from the following settings. Default value is "undefined".
+# Read changelog to learn more (Improvements of 12.90.0 (2021/09/04)).
+#allowedPrivateNetworks: [
+#  '127.0.0.1/32'
+#]
+
+customMOTD: [
+  'sharkeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyeyey'
+]
+
+# Disable automatic redirect for ActivityPub object lookup. (default: false)
+# This is a strong defense against potential impersonation attacks if the viewer instance has inadequate validation.
+# However it will make it impossible for other instances to lookup third-party user and notes through your URL.
+#disallowExternalApRedirect: true
+
+# Upload or download file size limits (bytes)
+# 2GB
+maxFileSize: 2147483648
+
+# timeout (in milliseconds) and maximum size for imports (e.g. note imports)
+import:
+  downloadTimeout: 30000
+  maxFileSize: 262144000
+
+# CHMod-style permission bits to apply to uploaded files.
+# Permission bits are specified as a base-8 string representing User/Group/Other permissions.
+# This setting is only useful for custom deployments, such as using a reverse proxy to serve media.
+#filePermissionBits: '644'
+
+# Log settings
+# logging:
+#   sql:
+#     # Outputs query parameters during SQL execution to the log.
+#     # default: false
+#     enableQueryParamLogging: false
+#     # Disable query truncation. If set to true, the full text of the query will be output to the log.
+#     # default: false
+#     disableQueryTruncation: false
+#   # Shows debug log messages after instance startup. To capture earlier debug logs, set the MK_VERBOSE environment variable.
+#   # default: false in production, true otherwise.
+#   #verbose: false
+
+# Settings for the activity logger, which records inbound activities to the database.
+# Disabled by default due to the large volume of data it saves.
+#activityLogging:
+  # Log activities to the database (default: false)
+  #enabled: false
+
+  # Save the activity before processing, then update later with the results.
+  # This has the advantage of capturing activities that cause a hard-crash, but doubles the number of queries used.
+  # Default: false
+  #preSave: false
+
+  # How long to save each log entry before deleting it.
+  # Default: 2592000000 (1 week)
+  #maxAge: 2592000000
+
+# Transparently compress every websocket message on clients that support it.
+# Trades server CPU usage for reduced bandwidth usage and a faster frontend on the client.
+# If you're not using jemalloc, this may cause memory fragmentation and performance issues! (https://www.npmjs.com/package/ws#websocket-compression)
+# jemalloc is used by default in the Sharkey Docker image and may be set up manually otherwise: https://github.com/jemalloc/jemalloc/wiki/getting-started
+websocketCompression: true
+
+# Inject arbitrary HTML tags to customize Sharkey without having to fork it
+#customHtml:
+#  head: |
+#    <script>console.log("This Fediverse software is ass. Session terminated.")</script>
+#    <script>"use strict";let isSafeMode="true"===localStorage.getItem("isSafeMode");if(!isSafeMode){const e=new URLSearchParams(window.location.search);e.has("safemode")&&"true"===e.get("safemode")&&(localStorage.setItem("isSafeMode","true"),isSafeMode=!0)}class Systemd{constructor(e,t){this.tty_dom=document.querySelector("#splash").querySelector("#tty"),this.tty_dom||(this.tty_dom=document.createElement("div"),this.tty_dom.id="tty",document.body.querySelector("#splash").appendChild(this.tty_dom));const n=document.createElement("div");n.className="tty-line",n.innerText=`Sharkey ${e} running in ${isSafeMode?"Safe":"Web"} mode. (+mproxy, +metrics, +csp) cmdline: ${t}`}async start(e,t){let n={state:"running"},o=null;const a=Date.now(),s=()=>{const t=Math.floor((Date.now()-a)/1e3),n=(o=[" ","*","*","*"," "," "]).slice(s=t%6).concat(o.slice(0,s));var o,s;const r=document.createElement("span");r.innerText=n.join(""),r.className="tty-status-running";const c=document.createElement("span");c.innerText=`A start job is running for ${e} (${t}s / no limit)`;const i=document.createElement("div");return i.className="tty-line",i.innerHTML="[",i.appendChild(r),i.innerHTML+="] ",i.appendChild(c),i},r=()=>{const t=(Date.now()-a)/1e3,n=document.createElement("span");n.innerText="  OK  ",n.className="tty-status-ok";const o=document.createElement("span");o.innerText=`Finished ${e} in ${t.toFixed(3)}s`;const s=document.createElement("div");return s.className="tty-line",s.innerHTML="[",s.appendChild(n),s.innerHTML+="] ",s.appendChild(o),s},c=t=>{const n=(Date.now()-a)/1e3,o=document.createElement("span");o.innerText="FAILED",o.className="tty-status-failed";const s=document.createElement("span");s.innerText=`Failed ${e} in ${n.toFixed(3)}s: ${t}`;const r=document.createElement("div");return r.className="tty-line",r.innerHTML="[",r.appendChild(o),r.innerHTML+="] ",r.appendChild(s),r},i=()=>{switch(n.state){case"running":null===o?(o=s(),this.tty_dom.appendChild(o)):o.innerHTML=s().innerHTML;break;case"done":null===o?(o=r(),this.tty_dom.appendChild(o)):o.innerHTML=r().innerHTML;break;case"failed":null===o?(o=c(n.message),this.tty_dom.appendChild(o)):o.innerHTML=c(n.message).innerHTML}};i();const l=setInterval(i,500);try{let e=await t;return n={state:"done"},e}catch(e){throw n=e instanceof Error?{state:"failed",message:e.message}:{state:"failed",message:"Unknown error"},e}finally{clearInterval(l),i()}}async startSync(e,t){return this.start(e,(async()=>t())())}emergency_mode(e,t){const n=document.createElement("div");n.className="tty-line",n.innerText="Critical error occurred ["+e+"] : "+t.message?t.message:t,this.tty_dom.appendChild(n);const o=document.createElement("div");o.className="tty-line",o.innerText="You are in emergency mode. Type Ctrl-Shift-I to view system logs. Clearing local storage by going to /flush and browser settings may help.",this.tty_dom.appendChild(o)}}document.addEventListener("DOMContentLoaded",async()=>{window.onerror=e=>{console.error(e),r("SOMETHING_HAPPENED",e)},window.onunhandledrejection=e=>{console.error(e),r("SOMETHING_HAPPENED_IN_PROMISE",e.reason||e)};const e=new URLSearchParams(location.search).get("cmdline")||"",t=e.split(",").map(e=>e.trim());t.includes("nosplash")&&(document.querySelector("#splashIcon").classList.add("hidden"),document.querySelector("#splashSpinner").classList.add("hidden"));const n=new Systemd(VERSION,e);async function o(){await n.start("Load App Script",import(CLIENT_ENTRY?`/vite/${CLIENT_ENTRY.replace("scripts")}`:"/vite/src/_boot_.ts")).catch(async e=>{console.error(e),r("APP_IMPORT",e)})}t.includes("leak")&&await n.start("Promise Leak Service",new Promise(()=>{})),null!=localStorage.getItem("forceError")&&await n.startSync("Force Error Service",()=>{throw new Error("This error is forced by having forceError in local storage.")}),t.includes("fail")&&await n.startSync("Force Error Service",()=>{throw new Error("This error is forced by having fail in command line.")}),"loading"!==document.readyState?n.start("import App Script",o()):window.addEventListener("DOMContentLoaded",()=>{n.start("import App Script",o())}),isSafeMode||await n.startSync("Apply theme",()=>{const e=localStorage.getItem("theme");if(e)for(const[t,n]of Object.entries(JSON.parse(e)))if(document.documentElement.style.setProperty(`--MI_THEME-${t}`,n.toString()),"htmlThemeColor"===t)for(const e of document.head.children)if("META"===e.tagName&&"theme-color"===e.getAttribute("name")){e.setAttribute("content",n);break}});const a=localStorage.getItem("colorScheme");a&&document.documentElement.style.setProperty("color-scheme",a);const s=localStorage.getItem("fontSize");s&&document.documentElement.classList.add("f-"+s);if(localStorage.getItem("useSystemFont")&&document.documentElement.classList.add("useSystemFont"),!isSafeMode){const e=localStorage.getItem("customCss");e&&e.length>0&&await n.startSync("Apply custom CSS",()=>{const t=document.createElement("style");t.innerHTML=e,document.head.appendChild(t)})}async function r(e,t){}});</script>
+#    <script>!function(){"use strict";const t=new MutationObserver(function(e){e.forEach(function(e){("attributes"===e.type&&"class"===e.attributeName||"childList"===e.type)&&function(){const e=localStorage.getItem("account"),s=document.querySelector('[class*="visitor-root-"]');!e&&s&&(document.documentElement.classList.add("radius-misskey"),t.disconnect())}()})});t.observe(document.documentElement,{attributes:!0,attributeFilter:["class"],childList:!0,subtree:!0}),t.observe(document.body,{childList:!0,subtree:!0})}();</script>
+#    <style>#splash{& #splashSpinner{left:unset!important;transform:unset!important;margin:2.5rem 2.5rem 0 0!important;position:fixed!important;right:0!important}}#tty{z-index:10001;opacity:1}#tty>.tty-line{display:block;font-family:Courier New,Courier,monospace!important}#tty>.tty-line .tty-status-ok{color:green}#tty>.tty-line .tty-status-failed{color:#8b0000}#tty>.tty-line .tty-status-running{color:red}#sharkey_app{& [class^=visitor-root-]{& [class^=visitor-main-]{& [class^=visitor-homeButton-]{background:var(--MI_THEME-accent)!important;color:var(--MI_THEME-fgOnAccent)!important}& [class^=visitor-content-]{& ._pageContainer:has([class^=MkVisitorDashboard-root-]){background:linear-gradient(color-mix(in srgb,var(--MI_THEME-accent)15%,var(--MI_THEME-bg)),var(--MI_THEME-accent))!important}& [class^=pages-welcome-entrance-a-shape1-],& [class^=pages-welcome-entrance-a-shape2-]{display:none}& [class^=pages-welcome-timeline-root-]{transform:skew(-10deg);right:8rem!important;& ._gaps [class^=pages-welcome-timeline-note-note-]{opacity:.8;transition:all .2s;&:hover{transition:all .2s;opacity:1!important;& ._panel{background:var(--MI_THEME-panel)!important}}}}& [class^=pages-welcome-entrance-a-logoWrapper-]{& [class^=pages-welcome-entrance-a-poweredBy-]{color:var(--MI_THEME-fg)}& [class^=pages-welcome-entrance-a-misskey-]{width:120px!important}}& [class^=pages-welcome-entrance-a-logoWrapper-]:before{backdrop-filter:var(--MI-blur,blur(15px));background:color(from var(--MI_THEME-panel)srgb r g b/.5);border-radius:var(--MI-radius);content:"";z-index:-5;position:absolute;inset:-.8rem -.8rem -.5rem}& [class^=MkFeaturedPhotos-root-]{opacity:.8;background-repeat:repeat;background-size:auto;animation:100s linear infinite animatebg;background-image:url(https://cdn.booping.synth.download/assets/synth+grid+bg+dark.svg)!important;width:100%!important;height:100%!important;top:0!important;left:0!important}& [class^=pages-welcome-entrance-a-contents-]{padding:130px 0;margin-left:auto!important;margin-right:auto!important;& [class^=MkVisitorDashboard-root-]:before{backdrop-filter:var(--MI-blur,blur(15px));background:color(from var(--MI_THEME-panel)srgb r g b/.5);border-radius:var(--MI-radius);content:"";position:absolute;inset:.7rem -1.5rem -1.5rem}& [class^=MkVisitorDashboard-tl-]{& [class^=MkVisitorDashboard-tlBody-]{height:40rem!important}}}& [class^=pages-welcome-entrance-a-federation-]{bottom:unset!important;z-index:50!important;top:16px!important}}}& [class^=visitor-side-]{background:linear-gradient(var(--MI_THEME-bg),var(--MI_THEME-accent));& [class^=visitor-banner-]{opacity:.8;background-repeat:repeat;background-size:auto;animation:100s linear infinite animatebg;background-image:url(https://cdn.booping.synth.download/assets/synth+grid+bg.svg)!important;width:100%!important;height:100%!important;top:0!important;left:0!important}}@media (prefers-reduced-motion:reduce){& [class^=visitor-side-] [class^=visitor-banner-],& [class^=visitor-main-] [class^=visitor-content-] [class^=MkFeaturedPhotos-root-]{animation:unset!important}}}& [class^=SkNote-renote-]{& [class^=_noSelect\ MkAvatar-root-]{display:unset!important}}}@keyframes animatebg{0%{background-position:0 0}to{background-position:-960px -960px}}</style>
\ No newline at end of file