diff --git a/helperbot b/helperbot index 7d9f78f..3d1082a 100755 --- a/helperbot +++ b/helperbot @@ -113,6 +113,9 @@ function info_help { echo "${bold}-v${normal}, ${bold}--vacuum${normal}" echo " Vacuum the postgresql databases." echo + echo "${bold}--psql${normal}" + echo " Enter the postgresql shell." + echo echo "${bold}--docker-cleanup${normal}" echo " Cleans up and purges all unused Docker images, networks, containers and volumes." echo @@ -363,6 +366,16 @@ function system_backup { cp $backup_local_folder/mastodon/compose.yaml $backup_working_directory/mastodon cp $backup_local_folder/mastodon/.env $backup_working_directory/mastodon # ============================================================================= + # bonfire social + echo "${blue}Pulling in Bonfire...${normal}" + mkdir -p $backup_working_directory/bonfire + # database + postgres_backup postgres-db-1 bonfire bonfire $backup_working_directory + # configs, extra + cp $backup_local_folder/bonfire/compose.yaml $backup_working_directory/bonfire + cp $backup_local_folder/bonfire/.env $backup_working_directory/bonfire + cp $backup_local_folder/bonfire/.env.secrets $backup_working_directory/bonfire + # ============================================================================= # pds echo "${blue}Pulling in PDS...${normal}" mkdir -p $backup_working_directory/pds @@ -606,6 +619,17 @@ function update_certificates { fi } +# ╭────────────╮ +# │ enter psql │ +# ╰────────────╯ +function enter_psql { + if [[ ${UID} != 0 ]]; then + sudo docker exec -it postgres-db-1 /bin/bash -c "psql -U postgres" + else + docker exec -it postgres-db-1 /bin/bash -c "psql -U postgres" + fi +} + # ╭──────────────────╮ # │ update helperbot │ # ╰──────────────────╯ @@ -758,6 +782,8 @@ while [ -n "$1" ]; do detect_system fi system_vacuum;; + --psql) # enter the psql shell + enter_psql;; --docker-cleanup) # docker cleanup root_check if [ ! -v synth_current_system ]; then diff --git a/notes.md b/notes.md index bfeccc1..87e9a80 100644 --- a/notes.md +++ b/notes.md @@ -1 +1,30 @@ -# notes \ No newline at end of file +# Notes + +## Postgresql + +### Creating a user and the database + +To create a new user within postgresql, enter the shell via `helperbot --psql`. + +First we'll create the user. Use the following: +```sql +CREATE USER WITH ENCRYPTED PASSWORD ''; +``` + +Now within the shell, you can just. Type in `\q` to quit. +```sql +CREATE DATABASE ; +``` + +Now you need to give the user proper permissions to access the database, otherwise it will fail to work with whatever application we want to hook it up with. +```sql +GRANT ALL PRIVILEGES ON DATABASE TO ; +\c -- switch to the database +GRANT ALL ON SCHEMA public TO ; +``` + +If you ever need to delete a user and their database: +```sql +DROP DATABASE ; +DROP USER ; +``` \ No newline at end of file diff --git a/phosphorus/.gitkeep b/phosphorus/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/phosphorus/etc/systemd/system/3days@.timer b/phosphorus/etc/systemd/system/3days@.timer new file mode 100644 index 0000000..4495c18 --- /dev/null +++ b/phosphorus/etc/systemd/system/3days@.timer @@ -0,0 +1,12 @@ +[Unit] +Description=Runs service every 3 days for %i service + +[Timer] +OnCalendar=*-*-1,3,6,9,12,15,18,21,24,27,30 00:00:00 +AccuracySec=6h +RandomizedDelaySec=1h +Persistent=true +Unit=%i.service + +[Install] +WantedBy=default.target \ No newline at end of file diff --git a/phosphorus/etc/systemd/system/daily@.timer b/phosphorus/etc/systemd/system/daily@.timer new file mode 100644 index 0000000..8d07fe8 --- /dev/null +++ b/phosphorus/etc/systemd/system/daily@.timer @@ -0,0 +1,12 @@ +[Unit] +Description=Runs service daily for %i service + +[Timer] +OnCalendar=daily +AccuracySec=6h +RandomizedDelaySec=1h +Persistent=true +Unit=%i.service + +[Install] +WantedBy=default.target \ No newline at end of file diff --git a/phosphorus/etc/systemd/system/helperbot-backup.service b/phosphorus/etc/systemd/system/helperbot-backup.service deleted file mode 100644 index 58afa68..0000000 --- a/phosphorus/etc/systemd/system/helperbot-backup.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=helperbot backup command - -[Service] -Type=oneshot -ExecStart=/usr/local/bin/helperbot --backup \ No newline at end of file diff --git a/phosphorus/etc/systemd/system/helperbot-backup.timer b/phosphorus/etc/systemd/system/helperbot-backup.timer deleted file mode 100644 index 31680a5..0000000 --- a/phosphorus/etc/systemd/system/helperbot-backup.timer +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=helperbot backup command - -[Timer] -OnCalendar=daily -Persistent=true - -[Install] -WantedBy=timers.target \ No newline at end of file diff --git a/phosphorus/etc/systemd/system/helperbot-docker-cleanup.service b/phosphorus/etc/systemd/system/helperbot-docker-cleanup.service deleted file mode 100644 index e0c0cfa..0000000 --- a/phosphorus/etc/systemd/system/helperbot-docker-cleanup.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=helperbot docker cleanup command - -[Service] -Type=oneshot -ExecStart=/usr/local/bin/helperbot --docker-cleanup \ No newline at end of file diff --git a/phosphorus/etc/systemd/system/helperbot-docker-cleanup.timer b/phosphorus/etc/systemd/system/helperbot-docker-cleanup.timer deleted file mode 100644 index bfa581f..0000000 --- a/phosphorus/etc/systemd/system/helperbot-docker-cleanup.timer +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=helperbot docker cleanup command - -[Timer] -OnBootSec=15min -OnUnitActiveSec=3d - -[Install] -WantedBy=timers.target \ No newline at end of file diff --git a/phosphorus/etc/systemd/system/helperbot-vacuum.service b/phosphorus/etc/systemd/system/helperbot-vacuum.service deleted file mode 100644 index a4f49e0..0000000 --- a/phosphorus/etc/systemd/system/helperbot-vacuum.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=helperbot vacuum command - -[Service] -Type=oneshot -ExecStart=/usr/local/bin/helperbot --vacuum \ No newline at end of file diff --git a/phosphorus/etc/systemd/system/helperbot-vacuum.timer b/phosphorus/etc/systemd/system/helperbot-vacuum.timer deleted file mode 100644 index 0a04858..0000000 --- a/phosphorus/etc/systemd/system/helperbot-vacuum.timer +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=helperbot vacuum command - -[Timer] -OnBootSec=15min -OnUnitActiveSec=3d - -[Install] -WantedBy=timers.target \ No newline at end of file diff --git a/phosphorus/etc/systemd/system/helperbot@.service b/phosphorus/etc/systemd/system/helperbot@.service new file mode 100644 index 0000000..10f27cc --- /dev/null +++ b/phosphorus/etc/systemd/system/helperbot@.service @@ -0,0 +1,18 @@ +# The systemd unit for running helperbot via systemd +# Automatically ran using timer services, ensure that body daily@.timer and 3days@.timer are also in /etc/systemd/systemd +# Then do sudo systemctl daemon-reload +# +# Enable as so: +# sudo systemctl enable {3days|daily}@helperbot@{}.timer +# +# For example, to create and start immediately: +# sudo systemctl enable --now 3days@helperbot@--docker-cleanup.timer +# sudo systemctl enable --now 3days@helperbot@--vacuum.timer +# sudo systemctl enable --now daily@helperbot@--backup.timer + +[Unit] +Description=Synth.Download helperbot maintenance script + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/helperbot %i \ No newline at end of file diff --git a/phosphorus/srv/docker/caddy/compose.yaml b/phosphorus/srv/docker/caddy/compose.yaml new file mode 100644 index 0000000..8471b24 --- /dev/null +++ b/phosphorus/srv/docker/caddy/compose.yaml @@ -0,0 +1,15 @@ +services: + caddy: + image: caddy:alpine + container_name: caddy + restart: unless-stopped + network_mode: host + cap_add: + - NET_ADMIN + volumes: + - ./conf:/etc/caddy # configurations + - ./caddy_data:/data # internal caddy data + - ./caddy_config:/config # ^ + - /srv/docker/mastodon/public:/srv/docker/mastodon/public # mastodon web frontend + - /var/www:/var/www # generic web system directory + - /var/log/caddy:/var/log/caddy # log directory \ No newline at end of file diff --git a/phosphorus/srv/docker/caddy/conf/Caddyfile b/phosphorus/srv/docker/caddy/conf/Caddyfile new file mode 100644 index 0000000..8ae5255 --- /dev/null +++ b/phosphorus/srv/docker/caddy/conf/Caddyfile @@ -0,0 +1,56 @@ +# ╭──────────────────────────────────────────────────────────╮ +# │ _ _ │ +# │ _ __ | |__ ___ ___ _ __ | |__ ___ _ __ _ _ ___ │ +# │ | '_ \| '_ \ / _ \/ __| '_ \| '_ \ / _ \| '__| | | / __| │ +# │ | |_) | | | | (_) \__ \ |_) | | | | (_) | | | |_| \__ \ │ +# │ | .__/|_| |_|\___/|___/ .__/|_| |_|\___/|_| \__,_|___/ │ +# │ |_| |_| │ +# ╰──────────────────────────────────────────────────────────╯ +# caddy configurations for phosphorus + +# ============================================================================= + +# ╭────────────────────────────────╮ +# │ commonly reused rules/snippets │ +# ╰────────────────────────────────╯ + +# common settings - globally enables settings that are commonly used in every snippet +(common-settings) { + encode zstd gzip +} + +# log - reused log settings +(log) { + log { + output file /var/log/caddy/{args[0]} { + roll_size 10MB + roll_keep 3 + } + } +} + +# robots-txt - link /robots.txt to the same file +(robots-txt) { + handle_path /robots.txt { + root * /var/www/robots.txt + file_server + } +} + +# ============================================================================= + +# ╭──────────────────────────╮ +# │ main/general information │ +# ╰──────────────────────────╯ + +{ + email merp@merpmerp.merp + import log caddy +} + +# ╭───────────────────────────────────────────────────────────────────────────╮ +# │ do an nginx and seperate snippets for sites into /etc/caddy/sites-enabled │ +# ╰───────────────────────────────────────────────────────────────────────────╯ +# to "disable" anything, just move the file to /etc/caddy/sites-disabled and reload caddy + +import /etc/caddy/sites-enabled/* \ No newline at end of file diff --git a/phosphorus/srv/docker/caddy/conf/sites-enabled/fedi-frontends b/phosphorus/srv/docker/caddy/conf/sites-enabled/fedi-frontends new file mode 100644 index 0000000..7b8ac51 --- /dev/null +++ b/phosphorus/srv/docker/caddy/conf/sites-enabled/fedi-frontends @@ -0,0 +1,84 @@ +# mastodon (chuckya) frontend +masto.beeping.synth.download, masto.booping.synth.download { + root * /var/www/fedi-frontends/chuckya-fe + file_server + try_files {path} / + + handle_path /favicon.png { + root * /var/www/site/assets/synth.download/synth.png + file_server + import common-settings + } + + handle_path /packs { + root * /var/www/fedi-frontends/chuckya-fe/packs + file_server + import common-settings + } + + import common-settings + import log mastofe + import robots-txt +} + +# akkoma fe for iceshrimp +akko.beeping.synth.download { + # redirect api endpoints to iceshrimp + @redir { + path /oauth/* + path /api/* + path /nodeinfo/* + } + handle @redir { + reverse_proxy 127.0.0.1:24042 + import common-settings + } + + # favicon + handle_path /favicon.png { + root * /var/www/site/assets/synth.download/synth.png + file_server + import common-settings + } + + # akkoma frontend + handle { + header Cache-Control "max-age=3600" + try_files {path} / + root * /var/www/fedi-frontends/akkoma-fe + file_server + import common-settings + } + handle_path /static/* { + header Cache-Control "max-age=3600" + root * /var/www/fedi-frontends/akkoma-fe/static + file_server + import common-settings + } + + import common-settings + import log akkofe + import robots-txt +} + +# phanpy +phanpy.beeping.synth.download, phanpy.booping.synth.download { + root * /var/www/fedi-frontends/phanpy + file_server + try_files {path} / + + import common-settings + import log phanpy + import robots-txt +} + +# pl-fe +pl-fe.beeping.synth.download, pl-fe.booping.synth.download { + root * /var/www/fedi-frontends/pl-fe + file_server + try_files {path} / + + import common-settings + import log pl-fe + import robots-txt +} \ No newline at end of file diff --git a/phosphorus/srv/docker/caddy/conf/sites-enabled/iceshrimp b/phosphorus/srv/docker/caddy/conf/sites-enabled/iceshrimp new file mode 100644 index 0000000..04f70ab --- /dev/null +++ b/phosphorus/srv/docker/caddy/conf/sites-enabled/iceshrimp @@ -0,0 +1,14 @@ +beeping.synth.download { + reverse_proxy 127.0.0.1:24042 + + # favicon stuff + handle_path /assets/synth.download/synth.png { + root * /var/www/site/assets/synth.download/synth.png + file_server + import common-settings + } + + import common-settings + import log iceshrimp + import robots-txt +} \ No newline at end of file diff --git a/phosphorus/srv/docker/caddy/conf/sites-enabled/mastodon b/phosphorus/srv/docker/caddy/conf/sites-enabled/mastodon new file mode 100644 index 0000000..919db70 --- /dev/null +++ b/phosphorus/srv/docker/caddy/conf/sites-enabled/mastodon @@ -0,0 +1,53 @@ +merping.synth.download { + @local { + file + not path / + } + @local_media { + path_regexp /system/(.*) + } + @streaming { + path /api/v1/streaming + path /api/v1/streaming/* + } + @cache_control { + path_regexp ^/(emoji|packs|/system/accounts/avatars|/system/media_attachments/files) + } + + root * /srv/docker/mastodon/public + + handle_errors { + rewrite 500.html + file_server + } + + header { + Strict-Transport-Security "max-age=31536000" + } + header /sw.js Cache-Control "public, max-age=0" + header @cache_control Cache-Control "public, max-age=31536000, immutable" + + handle @local { + file_server + } + + handle @streaming { + reverse_proxy 127.0.0.1:58834 { + header_up Accept-Encoding identity + } + } + + reverse_proxy 127.0.0.1:46098 { + header_up Accept-Encoding identity + header_up X-Forwarded-Port 443 + + transport http { + keepalive 5s + keepalive_idle_conns 10 + } + } + + import common-settings + import log mastodon + import robots-txt +} \ No newline at end of file diff --git a/phosphorus/srv/docker/caddy/conf/sites-enabled/pds b/phosphorus/srv/docker/caddy/conf/sites-enabled/pds new file mode 100644 index 0000000..afa729c --- /dev/null +++ b/phosphorus/srv/docker/caddy/conf/sites-enabled/pds @@ -0,0 +1,15 @@ +*.pds.synth.download, pds.synth.download { + #root * /var/www/pds-dash + file_server + + # since we utilize pds-dash to provide a proper "frontend" page for the pds, we need to manually redirect all known endpoints back to the pds + # probably a better way to do this; haven't discovered it yet + reverse_proxy /xrpc/* 127.0.0.1:24318 + reverse_proxy /oauth/* 127.0.0.1:24318 + reverse_proxy /.well-known/* 127.0.0.1:24318 + reverse_proxy /@atproto/* 127.0.0.1:24318 + + import common-settings + import log pds + import robots-txt +} \ No newline at end of file diff --git a/phosphorus/srv/docker/caddy/conf/sites-enabled/sharkey b/phosphorus/srv/docker/caddy/conf/sites-enabled/sharkey new file mode 100644 index 0000000..0d27fdf --- /dev/null +++ b/phosphorus/srv/docker/caddy/conf/sites-enabled/sharkey @@ -0,0 +1,7 @@ +booping.synth.download { + reverse_proxy 127.0.0.1:60628 + + import common-settings + import log sharkey + import robots-txt +} \ No newline at end of file diff --git a/phosphorus/srv/docker/iceshrimp/compose.yaml b/phosphorus/srv/docker/iceshrimp/compose.yaml new file mode 100644 index 0000000..a2de20c --- /dev/null +++ b/phosphorus/srv/docker/iceshrimp/compose.yaml @@ -0,0 +1,23 @@ +services: + web: + image: iceshrimp.dev/iceshrimp/iceshrimp.net:dev + container_name: iceshrimp.net_web + restart: unless-stopped + networks: + - db + - ip6net + ports: + - "127.0.0.1:24042:24042" + environment: + - ICESHRIMP_CONFIG_OVERRIDES=/app/config/configuration.ini + volumes: + - ./data/media:/data/media + - ./config:/app/config:ro # This must be a directory for hot reload to work + +networks: + db: + name: postgres_db + external: true + ip6net: + name: ip6net + external: true \ No newline at end of file diff --git a/phosphorus/srv/docker/iceshrimp/config/configuration.ini b/phosphorus/srv/docker/iceshrimp/config/configuration.ini new file mode 100644 index 0000000..0c711fe --- /dev/null +++ b/phosphorus/srv/docker/iceshrimp/config/configuration.ini @@ -0,0 +1,299 @@ +[Instance] +ListenPort = 24042 +ListenHost = 0.0.0.0 + +;; If you want to have the application listen on a unix socket instead, uncomment the line below. Make sure to configure filesystem permissions correctly! +;;ListenSocket = /var/run/iceshrimp/iceshrimp.net.sock + +;; Caution: changing these settings after initial setup *will* break federation +WebDomain = beeping.synth.download +AccountDomain = synth.download +;; End of problematic settings block + +;; Additional domains this instance allows API access from, separated by commas. +;; Certain frontends such as Akkoma-FE may require reverse proxy configurations that send requests through the frontend domain. +;; By default, such requests would be blocked in the production environment. This option allows you to permit them. +AdditionalDomains = akko.beeping.synth.download + +;; Maximum number of characters allowed for local notes (must not be larger than the global limit, which is 100000 characters) +CharacterLimit = 100000 + +;; Redirect unauthenticated requests to the index page to a custom URL. Especially useful for single user instances. +;; Can be a relative url (e.g. /@username), or an absolute url (e.g. https://example.org). +RedirectIndexTo = https://synth.download/iceshrimp + +[Security] +;; Whether to require incoming ActivityPub requests carry a valid HTTP or LD signature +;; It is highly recommend you keep this enabled if you intend to use block- or allowlist federation +AuthorizedFetch = true + +;; Whether to attach LD signatures to outgoing activities. Outgoing relayed activities get signed regardless of this option. +AttachLdSignatures = true + +;; Whether to accept activities signed using LD signatures. Needs to be enabled for relayed activities to be accepted. +AcceptLdSignatures = true + +;; Whether to allow requests to IPv4 & IPv6 loopback addresses +AllowLoopback = false + +;; Whether to allow requests to local IPv4 addresses (RFC1918, link-local) +AllowLocalIPv4 = false + +;; Whether to allow requests to local IPv6 addresses (RFC3513, ULA, link-local) +AllowLocalIPv6 = false + +;; The level of detail in API error responses +;; Options: [None, Basic, Full] +ExceptionVerbosity = Full + +;; Whether to allow instance registrations +;; Options: [Closed, Invite, Open] +Registrations = Invite + +;; Whether to use a blocklist or allowlist for controlling who can federate with this instance +;; Options: [BlockList, AllowList] +FederationMode = BlockList + +;; Whether to expose the list of blocked/allowed instances publicly, for registered users only, or not at all +;; Options: [Public, Registered, Hide] +ExposeFederationList = Registered + +;; Whether to expose the reason for instance blocks publicly, for registered users only, or not at all +;; Options: [Public, Registered, Hide] +ExposeBlockReasons = Registered + +;; Whether to enable public preview of locally originating notes +;; +;; Public = No restrictions +;; Restricted = Hide replies from remote instances +;; RestrictedNoMedia = Hide replies remote instances & hide media +;; Lockdown = Public preview is disabled, all unauthenticated API access (except authentication) is disabled +;; +;; Options: [Public, Restricted, RestrictedNoMedia, Lockdown] +PublicPreview = Public + +[Performance] +;; Maximum number of incoming federation requests to handle concurrently. +;; When exceeded, incoming requests are buffered in memory until they can be executed. +;; While not recommended, this setting can enable lower-end hardware to sustain higher request load, as cryptography operations can be CPU-intensive. +;; (0 = no limit) +FederationRequestHandlerConcurrency = 0 + +;; Maximum number of jobs to process concurrently, for each queue. +[Performance:QueueConcurrency] +Inbox = 4 +Deliver = 20 +PreDeliver = 4 +BackgroundTask = 4 +Backfill = 10 +Backfilluser = 10 + +[Backfill:Replies] +;; Enables backfilling of replies. This is disabled by default as it may have a significant performance impact. +;; This is an experimental feature that hasn't had too much time to bake, so only enable if you're open for instability. +;; Note that replies can only be fetched from remote instances that expose a replies collection. +Enabled = true + +;; Identifies the user who asked to see the replies when backfilling them, instead of using an instance-wide anonymous actor. +;; This provides information for remote instances to potentially list any private replies this user is allowed to see, +;; however, a remote instance can track this as a "read receipt" if it so chooses. +;; Single user instances may choose to enable this as the overall privacy impact is minimal in that context. +FetchAsUser = false + +;; Notes newer than this threshold will have reply backfilling delayed, to allow them time to accumulate replies. +NewNoteDelay = 5m + +;; The cooldown between multiple backfill attempts. +RefreshAfter = 15m + +;; How many completed & failed jobs to keep around, per queue. +;; Excess is trimmed every 15 minutes, oldest jobs first. +;; (-1 = no limit) +[Queue:JobRetention] +Completed = 10 +Failed = 100 + +[Database] +;; Hostname, IP address or path to unix socket directory (specifying port is required even for unix sockets) +Host = gyattabase +Port = 5432 +Database = iceshrimp +Username = iceshrimp +Password = beepbeepbeep + +;; The maximum amount of connections for the connection pool. Valid range: 1-1000. Defaults to 100 if unset. +MaxConnections = 100 + +;; Whether to enable connection multiplexing, which allows for more efficient use of the connection pool. +;; It's strongly recommended to keep this enabled unless you are experiencing issues, as it's quite easy to exhaust the connection pool otherwise. +Multiplexing = true + +;; Whether to log parameter information on errors. +;; Caution: this may contain sensitive information, it's recommended to keep this disabled except for debugging purposes +ParameterLogging = false + +[Storage] +;; Where to store media attachments +;; Options: [Local, ObjectStorage] +Provider = ObjectStorage + +;; Max file size for locally originating media, files larger than this will error on upload (-1 = no limit) +MaxUploadSize = 100M + +;; Max file size for remote media, files larger than this will never be cached (-1 = no limit) +MaxCacheSize = 0 + +;; Amount of stripped remote media is retained in the cache (0 = disabled, -1 = infinite) +MediaRetention = 0 + +;; Whether to cleanup remote avatars & banners past the media retention time +CleanAvatars = true +CleanBanners = true + +;; Whether to proxy remote media. This can prevent leaking the IP address of users, at the cost of higher bandwidth use. +;; It is recommended to disable this for instances hosted on residential connections. +ProxyRemoteMedia = true + +[Storage:Local] +;; Path where media is stored at. Must be writable for the service user. +Path = /data/media + +[Storage:ObjectStorage] +Endpoint = cdn.merp.com +Region = us-east-1 +KeyId = isthatamotherfuckingmisskeyreference +SecretKey = veryveryverysecretkey +Bucket = beeping +Prefix = files +AccessUrl = https://cdn.beeping.synth.download +;;SetAcl = public-read + +;; Disables the validation of the object storage configuration. +;; Only enable this if you have a cache in front of the object storage access URL that makes the validation fail on restart. +DisableValidation = true + +[Storage:MediaProcessing] +;; Which image processor to use. +;; +;; ImageSharp = .NET library, slower, lower memory footprint. No external dependencies. +;; LibVips = Native library, faster, higher and spikier memory footprint. Requires compilation with -p:BundleNativeDeps=true, or for libvips to be installed on the system. +;; None = Disables image processing, fastest, lowest memory footprint. Caution: metadata (e.g. location data) for locally originating images will *not* be stripped! +;; +;; Options: [ImageSharp, LibVips, None] +ImageProcessor = ImageSharp + +;; Whether to only process locally originating media. This is useful if you're working with a cpu-constrained environment, +;; and want both remote media caching and local media processing. +LocalOnly = false + +;; Maximum file size for files to be considered for image processing. +;; Caution: metadata (e.g. location data) for locally originating images will *not* be stripped for files larger than this +MaxFileSize = 10M + +;; Maximum resolution for files to be considered for image processing, in megapixels +;; Note that processing an image requires up to 4MB of system memory per megapixel, in some edge case scenarios. +;; Caution: metadata (e.g. location data) for locally originating images will *not* be stripped for files larger than this. +;; If this is unwanted behavior, enable FailIfImageExceedsMaxRes. +MaxResolutionMpx = 30 + +;; Should you prefer to reject locally originating images that exceed MaxResolutionMpx, set this option to true. +;; Note that this does not apply to remote images, or to local images in a format not supported by the configured image processor. +FailIfImageExceedsMaxRes = false + +;; Maxmimum concurrent image encode tasks to run. (0 = no limit) +ImageProcessorConcurrency = 8 + +;; --------------------------------------------------------------------------------------------------------------------------------------------------------- ;; +;; The below section allows for detailed customization of the image processing pipeline. The respective defaults are listed below. ;; +;; Caution: this is an advanced feature, it's quite easy to break media / media federation by messing with this. Make sure you know what you are doing. ;; +;; ;; +;; Section keys follow the pattern Storage:MediaProcessing:ImagePipeline:: ;; +;; Versions: ;; +;; - 'Original' is the canonical file. It's used when there is no 'Public' version available. ;; +;; - 'Thumbnail' is a compact thumbnail. It's used when a client requests it, usually for timeline rendering. ;; +;; - 'Public' is used in place of 'Original'. Its default purpose is to serve as a smaller version with stripped metadata for locally originating images. ;; +;; Origins: ;; +;; - 'Local' means that the owner of the file is a local user. ;; +;; - 'Remote' means that the owner of the file is a remote user. ;; +;; The full selection of encoding options is only specified once (for brevity). ;; +;; --------------------------------------------------------------------------------------------------------------------------------------------------------- ;; + +;;[Storage:MediaProcessing:ImagePipeline::] +;; Which image format to use. +;; Options: [None, Keep, Webp, Avif, Jxl] +;; - 'None' doesn't store an image of the respective type. It is not valid for the 'Original' image version. +;; - 'Keep' doesn't transcode the image, but still performs other image processing tasks (e.g. blurhash computation & deduplication). +;; - 'Webp' encodes the image as WebP +;; - 'Avif' encodes the image as AVIF. Only available when ImageProcessor is set to LibVips. +;; - 'Jxl' encodes the image as JPEG-XL. Only available when ImageProcessor is set to LibVips. +;;Format = Keep + +;;; - Generic encoding options - ;;; + +;; The quality factor. Valid range: 1-100 +;;QualityFactor = 75 + +;; The quality factor, when processing lossless png images. Valid range: 1-100 +;;QualityFactorPngSource = 100 + +;; The resolution to scale the largest dimension to, in pixels. If the source image is smaller, no scaling is performed. +;;TargetRes = 2048 + +;;; - Webp encoding options - ;;; + +;; The compression mode. +;; Options: [Lossy, NearLossless, Lossless] +;;WebpCompressionMode = Lossy + +;;; - Avif encoding options - ;;; + +;; The compression mode. +;; Options: [Lossy, Lossless] +;;AvifCompressionMode = Lossy + +;; The bit depth. Valid range: 8-12. Leave unset to use source image bit depth. +;;AvifBitDepth = 8 + +;;; - Jxl encoding options - ;;; + +;; The compression mode. +;; Options: [Lossy, Lossless] +;;JxlCompressionMode = Lossy + +;; The encoding effort. Valid range: 1-9 +;;JxlEffort = 7 + +[Storage:MediaProcessing:ImagePipeline:Original:Local] +Format = Keep + +[Storage:MediaProcessing:ImagePipeline:Original:Remote] +Format = Keep + +[Storage:MediaProcessing:ImagePipeline:Thumbnail:Local] +Format = Webp +TargetRes = 1000 + +[Storage:MediaProcessing:ImagePipeline:Thumbnail:Remote] +Format = Webp +TargetRes = 1000 +QualityFactorPngSource = 75 + +[Storage:MediaProcessing:ImagePipeline:Public:Local] +;; Caution: locally originating public images are federated. +;; If remote instance software doesn't understand the format, they might fail to ingest the image or associated note. + +Format = Webp +TargetRes = 2048 + +[Storage:MediaProcessing:ImagePipeline:Public:Remote] +Format = None + +[Logging:LogLevel] +Default = Debug +Iceshrimp = Debug +Microsoft.AspNetCore = Warning +Microsoft.EntityFrameworkCore = Warning +Microsoft.EntityFrameworkCore.Update = Critical +Microsoft.EntityFrameworkCore.Migrations = Information +Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager = Critical +Iceshrimp.Backend.SignalR.Authentication.HubAuthenticationHandler = Warning \ No newline at end of file diff --git a/phosphorus/srv/docker/mastodon/.env b/phosphorus/srv/docker/mastodon/.env new file mode 100644 index 0000000..6e3b346 --- /dev/null +++ b/phosphorus/srv/docker/mastodon/.env @@ -0,0 +1,31 @@ +LOCAL_DOMAIN=merping.synth.download + +AUTHORIZED_FETCH=true + +MAX_TOOT_CHARS=100000 +MAX_BIO_CHARS=100000 + +# 5mb, 5mb +MAX_EMOJI_SIZE=5242880 +MAX_REMOTE_EMOJI_SIZE=5242880 + +# 200mb, 200mb +MAX_IMAGE_SIZE=209715200 +MAX_VIDEO_SIZE=209715200 + +MAX_POLL_OPTIONS=25 +MAX_REACTIONS=6 + +MAX_MEDIA_ATTACHMENTS=16 +MAX_REMOTE_MEDIA_ATTACHMENTS=16 + +FETCH_REPLIES_ENABLED=true +FETCH_REPLIES_COOLDOWN_MINUTES=15 +FETCH_REPLIES_INITIAL_WAIT_MINUTES=5 +FETCH_REPLIES_MAX_GLOBAL=1000 +FETCH_REPLIES_MAX_SINGLE=500 +FETCH_REPLIES_MAX_PAGES=500 + +SIDEKIQ_CONCURRENCY=20 + +GITHUB_REPOSITORY=melontini/mastodon \ No newline at end of file diff --git a/phosphorus/srv/docker/mastodon/compose.yaml b/phosphorus/srv/docker/mastodon/compose.yaml new file mode 100644 index 0000000..1e37337 --- /dev/null +++ b/phosphorus/srv/docker/mastodon/compose.yaml @@ -0,0 +1,99 @@ +services: + web: + # we use our own synth-soc fork + image: ghcr.io/melontini/mastodon:nightly + restart: always + env_file: + - .env.secrets + - .env + command: bundle exec puma -C config/puma.rb + networks: + - masto + - ip6net + - db + healthcheck: + test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1"] + ports: + - "127.0.0.1:46098:3000" + depends_on: + redis: + condition: service_healthy + volumes: + - ./public/system:/mastodon/public/system + + streaming: + image: ghcr.io/melontini/mastodon-streaming:nightly + restart: always + env_file: + - .env.secrets + - .env + command: node ./streaming/index.js + networks: + - masto + - ip6net + - db + healthcheck: + test: ['CMD-SHELL', "curl -s --noproxy localhost localhost:4000/api/v1/streaming/health | grep -q 'OK' || exit 1"] + ports: + - "127.0.0.1:58834:4000" + depends_on: + redis: + condition: service_healthy + + sidekiq: + image: ghcr.io/melontini/mastodon:nightly + restart: always + env_file: + - .env.secrets + - .env + command: bundle exec sidekiq + depends_on: + redis: + condition: service_healthy + networks: + - masto + - ip6net + - db + volumes: + - ./public/system:/mastodon/public/system + healthcheck: + test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 7' || false"] + + redis: + restart: always + image: redis:alpine + networks: + - masto + volumes: + - ./redis:/data + healthcheck: + test: "redis-cli ping" + interval: 5s + retries: 20 + + # tor is a wip - consider setting up later + ## Uncomment to enable federation with tor instances along with adding the following ENV variables + ## http_hidden_proxy=http://privoxy:8118 + ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true + # tor: + # image: sirboops/tor + # networks: + # - external_network + # - internal_network + # + # privoxy: + # image: sirboops/privoxy + # volumes: + # - ./priv-config:/opt/config + # networks: + # - external_network + # - internal_network + +networks: + db: + name: postgres_db + external: true + ip6net: + name: ip6net + external: true + masto: \ No newline at end of file diff --git a/phosphorus/srv/docker/pds/.env b/phosphorus/srv/docker/pds/.env new file mode 100644 index 0000000..28e02cc --- /dev/null +++ b/phosphorus/srv/docker/pds/.env @@ -0,0 +1,14 @@ +PDS_DATADIR=/pds +PDS_HOSTNAME=pds.synth.download + +PDS_DATA_DIRECTORY=/pds +#PDS_BLOBSTORE_DISK_LOCATION=/pds/blocks +PDS_BLOB_UPLOAD_LIMIT=52428800 + +PDS_DID_PLC_URL=https://plc.directory +PDS_BSKY_APP_VIEW_URL=https://api.bsky.app +PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app +PDS_REPORT_SERVICE_URL=https://mod.bsky.app +PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac +PDS_CRAWLERS=https://bsky.network +LOG_ENABLED=true \ No newline at end of file diff --git a/phosphorus/srv/docker/pds/compose.yaml b/phosphorus/srv/docker/pds/compose.yaml new file mode 100644 index 0000000..58b5a96 --- /dev/null +++ b/phosphorus/srv/docker/pds/compose.yaml @@ -0,0 +1,19 @@ +services: + pds: + container_name: pds + image: ghcr.io/bluesky-social/pds:latest + restart: unless-stopped + ports: + - "127.0.0.1:24318:3000" + networks: + - ip6net + volumes: + - ./pds:/pds:z + env_file: + - .env.secrets + - .env + +networks: + ip6net: + name: ip6net + external: true \ No newline at end of file diff --git a/phosphorus/srv/docker/postgres/compose.yaml b/phosphorus/srv/docker/postgres/compose.yaml new file mode 100644 index 0000000..0fbd260 --- /dev/null +++ b/phosphorus/srv/docker/postgres/compose.yaml @@ -0,0 +1,21 @@ +services: + db: + # custom image for docker with pgroonga support + image: groonga/pgroonga:latest-alpine-17 + restart: always + shm_size: 6GB + volumes: + - ./db:/var/lib/postgresql/data + networks: + - postgres_db + env_file: + - .env + healthcheck: + test: "pg_isready -U postgres -d postgres" + interval: 40s + retries: 20 + +networks: + postgres_db: + name: postgres_db + driver: bridge \ No newline at end of file diff --git a/phosphorus/srv/docker/postgres/psql.sh b/phosphorus/srv/docker/postgres/psql.sh new file mode 100644 index 0000000..e346efa --- /dev/null +++ b/phosphorus/srv/docker/postgres/psql.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +docker exec -it postgres-db-1 /bin/bash -c "psql -U postgres" \ No newline at end of file diff --git a/phosphorus/srv/docker/sharkey/.config/default.yml b/phosphorus/srv/docker/sharkey/.config/default.yml new file mode 100644 index 0000000..5aeb0bc --- /dev/null +++ b/phosphorus/srv/docker/sharkey/.config/default.yml @@ -0,0 +1,449 @@ +#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +# Misskey configuration +#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +# ┌──────────────────────────────┐ +#───┘ a boring but important thing └──────────────────────────── + +# +# First of all, let me tell you a story that may possibly be +# boring to you and possibly important to you. +# +# Misskey is licensed under the AGPLv3 license. This license is +# known to be often misunderstood. Please read the following +# instructions carefully and select the appropriate option so +# that you do not negligently cause a license violation. +# + +# -------- +# Option 1: If you host Misskey AS-IS (without any changes to +# the source code. forks are not included). +# +# Step 1: Congratulations! You don't need to do anything. + +# -------- +# Option 2: If you have made changes to the source code (forks +# are included) and publish a Git repository of source +# code. There should be no access restrictions on +# this repository. Strictly speaking, it doesn't have +# to be a Git repository, but you'll probably use Git! +# +# Step 1: Build and run the Misskey server first. +# Step 2: Open in +# your browser with the administrator account. +# Step 3: Enter the URL of your Git repository in the +# "Repository URL" field. + +# -------- +# Option 3: If neither of the above applies to you. +# (In this case, the source code should be published +# on the Misskey interface. IT IS NOT ENOUGH TO +# DISCLOSE THE SOURCE CODE WEHN A USER REQUESTS IT BY +# E-MAIL OR OTHER MEANS. If you are not satisfied +# with this, it is recommended that you read the +# license again carefully. Anyway, enabling this +# option will automatically generate and publish a +# tarball at build time, protecting you from +# inadvertent license violations. (There is no legal +# guarantee, of course.) The tarball will generated +# from the root directory of your codebase. So it is +# also recommended to check directory +# once after building and before activating the server +# to avoid ACCIDENTAL LEAKING OF SENSITIVE INFORMATION. +# To prevent certain files from being included in the +# tarball, add a glob pattern after line 15 in +# . DO NOT FORGET TO BUILD AFTER +# ENABLING THIS OPTION!) +# +# Step 1: Uncomment the following line. +# +# publishTarballInsteadOfProvideRepositoryUrl: true + +# ┌─────┐ +#───┘ URL └───────────────────────────────────────────────────── + +# Final accessible URL seen by a user. +# You can set url from an environment variable instead. +url: https://booping.synth.download/ + +# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE +# URL SETTINGS AFTER THAT! + +# ┌───────────────────────┐ +#───┘ Port and TLS settings └─────────────────────────────────── + +# +# Misskey requires a reverse proxy to support HTTPS connections. +# +# +----- https://example.tld/ ------------+ +# +------+ |+-------------+ +----------------+| +# | User | ---> || Proxy (443) | ---> | Misskey (3000) || +# +------+ |+-------------+ +----------------+| +# +---------------------------------------+ +# +# You need to set up a reverse proxy. (e.g. nginx) +# An encrypted connection with HTTPS is highly recommended +# because tokens may be transferred in GET requests. + +# The port that your Misskey server should listen on. +port: 60628 + +# ┌──────────────────────────┐ +#───┘ PostgreSQL configuration └──────────────────────────────── + +db: + host: gyattabase + port: 5432 + + # Database name + # You can set db from an environment variable instead. + db: misskey + + # Auth + # You can set user and pass from environment variables instead. + user: misskey + pass: rizzrizzrizz + + # Whether disable Caching queries + #disableCache: true + + # Extra Connection options + #extra: + # ssl: true + +dbReplications: false + +# You can configure any number of replicas here +#dbSlaves: +# - +# host: +# port: +# db: +# user: +# pass: +# - +# host: +# port: +# db: +# user: +# pass: + +# ┌─────────────────────┐ +#───┘ Redis configuration └───────────────────────────────────── + +redis: + host: redis + port: 6379 + #family: 0 # 0=Both, 4=IPv4, 6=IPv6 + #pass: example-pass + #prefix: example-prefix + #db: 1 + +#redisForPubsub: +# host: redis +# port: 6379 +# #family: 0 # 0=Both, 4=IPv4, 6=IPv6 +# #pass: example-pass +# #prefix: example-prefix +# #db: 1 + +#redisForJobQueue: +# host: redis +# port: 6379 +# #family: 0 # 0=Both, 4=IPv4, 6=IPv6 +# #pass: example-pass +# #prefix: example-prefix +# #db: 1 + +#redisForTimelines: +# host: redis +# port: 6379 +# #family: 0 # 0=Both, 4=IPv4, 6=IPv6 +# #pass: example-pass +# #prefix: example-prefix +# #db: 1 + +# ┌───────────────────────────────┐ +#───┘ Fulltext search configuration └───────────────────────────── + +# These are the setting items for the full-text search provider. +fulltextSearch: + # You can select the ID generation method. + # - sqlLike (default) + # Use SQL-like search. + # This is a standard feature of PostgreSQL, so no special extensions are required. + # - sqlPgroonga + # Use pgroonga. + # You need to install pgroonga and configure it as a PostgreSQL extension. + # In addition to the above, you need to create a pgroonga index on the text column of the note table. + # see: https://pgroonga.github.io/tutorial/ + # - meilisearch + # Use Meilisearch. + # You need to install Meilisearch and configure. + provider: sqlPgroonga + +# For Meilisearch settings. +# If you select "meilisearch" for "fulltextSearch.provider", it must be set. +# You can set scope to local or global (default value) +# (include notes from remote). + +#meilisearch: +# host: meilisearch +# port: 7700 +# apiKey: '' +# ssl: true +# index: '' +# scope: global + +# ┌───────────────┐ +#───┘ ID generation └─────────────────────────────────────────── + +# You can select the ID generation method. +# You don't usually need to change this setting, but you can +# change it according to your preferences. + +# Available methods: +# aid ... Short, Millisecond accuracy +# aidx ... Millisecond accuracy +# meid ... Similar to ObjectID, Millisecond accuracy +# ulid ... Millisecond accuracy +# objectid ... This is left for backward compatibility + +# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE +# ID SETTINGS AFTER THAT! + +id: 'aidx' + +# ┌────────────────┐ +#───┘ Error tracking └────────────────────────────────────────── + +# Sentry is available for error tracking. +# See the Sentry documentation for more details on options. + +#sentryForBackend: +# enableNodeProfiling: true +# options: +# dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0' + +#sentryForFrontend: +# options: +# dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0' + +# ┌─────────────────────┐ +#───┘ Other configuration └───────────────────────────────────── + +# Whether disable HSTS +#disableHsts: true + +# Number of worker processes +clusterLimit: 6 + +# Job concurrency per worker +deliverJobConcurrency: 96 +inboxJobConcurrency: 16 +relationshipJobConcurrency: 16 +# What's relationshipJob?: +# Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations. + +# Job rate limiter +deliverJobPerSec: 96 +inboxJobPerSec: 32 +relationshipJobPerSec: 64 + +# Job attempts +deliverJobMaxAttempts: 12 +inboxJobMaxAttempts: 8 + +# Local address used for outgoing requests +#outgoingAddress: 127.0.0.1 + +# IP address family used for outgoing request (ipv4, ipv6 or dual) +outgoingAddressFamily: dual + +# Amount of characters that can be used when writing notes. Longer notes will be rejected. (minimum: 1) +maxNoteLength: 100000 +# Amount of characters that will be saved for remote notes. Longer notes will be truncated to this length. (minimum: 1) +maxRemoteNoteLength: 100000 +# Amount of characters that can be used when writing content warnings. Longer warnings will be rejected. (minimum: 1) +maxCwLength: 5000 +# Amount of characters that will be saved for remote content warnings. Longer warnings will be truncated to this length. (minimum: 1) +maxRemoteCwLength: 5000 +# Amount of characters that can be used when writing media descriptions (alt text). Longer descriptions will be rejected. (minimum: 1) +maxAltTextLength: 100000 +# Amount of characters that will be saved for remote media descriptions (alt text). Longer descriptions will be truncated to this length. (minimum: 1) +maxRemoteAltTextLength: 100000 + +# Proxy for HTTP/HTTPS +#proxy: http://127.0.0.1:3128 + +proxyBypassHosts: + - api.deepl.com + - api-free.deepl.com + - www.recaptcha.net + - hcaptcha.com + - challenges.cloudflare.com + +# Proxy for SMTP/SMTPS +#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT +#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4 +#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5 + +# Media Proxy +#mediaProxy: https://booping.synth.download/proxy + +# Proxy remote files (default: true) +# Proxy remote files by this instance or mediaProxy to prevent remote files from running in remote domains. +proxyRemoteFiles: true + +# Movie Thumbnail Generation URL +# There is no reference implementation. +# For example, Misskey will point to the following URL: +# https://example.com/thumbnail.webp?thumbnail=1&url=https%3A%2F%2Fstorage.example.com%2Fpath%2Fto%2Fvideo.mp4 +#videoThumbnailGenerator: https://booping.synth.download + +# Sign outgoing ActivityPub GET request (default: true) +signToActivityPubGet: true +# Sign outgoing ActivityPub Activities (default: true) +# Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity. +# When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances. +# This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests. +attachLdSignatureForRelays: true + +# For security reasons, uploading attachments from the intranet is prohibited, +# but exceptions can be made from the following settings. Default value is "undefined". +# Read changelog to learn more (Improvements of 12.90.0 (2021/09/04)). +#allowedPrivateNetworks: [ +# '127.0.0.1/32' +#] + +customMOTD: [ + '“Heartfelt apology”', + '[Insert debit or credit card to purchase infinite lives.]', + '[Space] Say Apple', + 'Fun Fact: Booping Synths was originally made with', + 'Tip: Whenever freezing, opening any Misskey-based instance on a laptop is a great heat source. Does not apply to Iceshrimp.NET instances.', + '* It''s locked.', + 'cd /srv/docker/sharkey && docker compose pull && docker compose down && docker compose up -d', + '', + '', + '', + '', + '', + '', + '', + 'Also check out chitter.xyz!', + 'Also check out critter.cafe!', + 'Also check out critters.gay!', + 'Also check out lethallava.land!', + 'Also check out remlit.site!', + 'Also check out wetdry.world!', + 'Also check out yeen.town!', + 'Ants.', + 'aren''t you supposed to be eating cardboard?', + 'Attach a bee to your post? (Y/N)', + 'Beeeeep?', + 'BEEP BEEP BEEP BEEP BEEP', + 'Beep!', + 'Booping.Synth.Download will now swap to using Safety Scissors. Please.', + 'bossfight ', + 'brush your teeth and try again later', + 'can you watch my shoes for a bit, they''re entertaining', + 'Controller 2 disconnected. Please reconnect to resume gameplay.', + 'Dinosaurs!?', + 'dude can you tie my shoes im bored', + 'Find my glasses to receive a prize!', + 'Give it a moment I just ran systemctl reboot', + 'Go into your [I]nventory screen to view your items. If you want to, anyways...', + 'hello_world', + 'HOW THE FU', + 'I bet you could be a baggage claim if you tried hard enough', + 'i love my kitchen appliance', + 'I''m afraid.', + 'its okay to sin if its funny. probably', + 'just did systemctl reload caddy', + 'loading canceled. bitch', + 'Loading Firefish v1.0.5-rc', + 'Loading Lockpick', + 'Loading Mastodon v4.3.3', + 'look into my eyes and tell me about your hyperfixation', + 'Merp!', + 'Mrrrrrrr...', + 'Mrrrrrrrf...', + 'No smoking while inside.', + 'ooooOHHHH MY PCCCCCC', + 'Packets are approaching your location at 299,792,458m/s', + 'Peggle Dinners', + 'Put your synth in airplane mode before proceeding, please.', + 'Read A Book Instead?', + 'Remember Greek Philosophy? Imagine what they''re up to nowadays.', + 'Send me refs of your Pegglesona', + 'She may have been moved or deleted.', + 'Sorry', + 'stop looking at me like that :\', + 'stop looking at me like that >:(', + 'supported by gordon freeman', + 'Swap public bathrooms to private bathrooms in settings.', + 'They call me the parfait :parfait_emoji:', + 'throw your phone into a wall immediately', + 'Use [LS] to move', + 'What are you... БЛЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯТЬ', + 'Where the fuck is my toaster', + 'Whoops, Memory leak!', + 'You''ll need to spend one HotDog to enter the chat. Are you sure you want to continue?', + 'You''re going to have to speak into the void for that one.', + 'You know you can suggest what appears here, right?' +] + +# Upload or download file size limits (bytes) +# 2GB +maxFileSize: 2147483648 + +# timeout (in milliseconds) and maximum size for imports (e.g. note imports) +#import: +# downloadTimeout: 30000 +# maxFileSize: 262144000 + +# CHMod-style permission bits to apply to uploaded files. +# Permission bits are specified as a base-8 string representing User/Group/Other permissions. +# This setting is only useful for custom deployments, such as using a reverse proxy to serve media. +#filePermissionBits: '644' + +# Log settings +# logging: +# sql: +# # Outputs query parameters during SQL execution to the log. +# # default: false +# enableQueryParamLogging: false +# # Disable query truncation. If set to true, the full text of the query will be output to the log. +# # default: false +# disableQueryTruncation: false +# # Shows debug log messages after instance startup. To capture earlier debug logs, set the MK_VERBOSE environment variable. +# # default: false in production, true otherwise. +# #verbose: false + +# Settings for the activity logger, which records inbound activities to the database. +# Disabled by default due to the large volume of data it saves. +#activityLogging: + # Log activities to the database (default: false) + #enabled: false + + # Save the activity before processing, then update later with the results. + # This has the advantage of capturing activities that cause a hard-crash, but doubles the number of queries used. + # Default: false + #preSave: false + + # How long to save each log entry before deleting it. + # Default: 2592000000 (1 week) + #maxAge: 2592000000 + +# Transparently compress every websocket message on clients that support it. +# Trades server CPU usage for reduced bandwidth usage and a faster frontend on the client. +# If you're not using jemalloc, this may cause memory fragmentation and performance issues! (https://www.npmjs.com/package/ws#websocket-compression) +# jemalloc is used by default in the Sharkey Docker image and may be set up manually otherwise: https://github.com/jemalloc/jemalloc/wiki/getting-started +websocketCompression: true + +# Inject arbitrary HTML tags to customize Sharkey without having to fork it +customHtml: + head: | + + \ No newline at end of file diff --git a/phosphorus/srv/docker/sharkey/compose.yaml b/phosphorus/srv/docker/sharkey/compose.yaml new file mode 100644 index 0000000..2dd4a2d --- /dev/null +++ b/phosphorus/srv/docker/sharkey/compose.yaml @@ -0,0 +1,41 @@ +services: + web: + image: registry.activitypub.software/transfem-org/sharkey:latest + restart: always + links: + - redis + depends_on: + redis: + condition: service_healthy + ports: + - "127.0.0.1:60628:60628" + networks: + - shonk + - ip6net + - db + environment: + - NODE_OPTIONS="--max-old-space-size=8192" + volumes: + - ./files:/sharkey/files + - ./.config:/sharkey/.config:ro + + redis: + restart: always + image: redis:alpine + networks: + - shonk + volumes: + - ./redis:/data + healthcheck: + test: "redis-cli ping" + interval: 5s + retries: 20 + +networks: + db: + name: postgres_db + external: true + ip6net: + name: ip6net + external: true + shonk: \ No newline at end of file