sd/synth.download
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

update notes, helperbot, phosphorus

Browse source
This commit is contained in:
Ruben 2025-07-19 23:52:19 -05:00
commit 8dab75afb0
No known key found for this signature in database
GPG key ID: 8EA836555FB6D9A5
29 changed files with 1340 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

15
phosphorus/srv/docker/caddy/compose.yaml Normal file
View file

@ -0,0 +1,15 @@
services:
caddy:
image: caddy:alpine
container_name: caddy
restart: unless-stopped
network_mode: host
cap_add:
- NET_ADMIN
volumes:
- ./conf:/etc/caddy # configurations
- ./caddy_data:/data # internal caddy data
- ./caddy_config:/config # ^
- /srv/docker/mastodon/public:/srv/docker/mastodon/public # mastodon web frontend
- /var/www:/var/www # generic web system directory
- /var/log/caddy:/var/log/caddy # log directory

56
phosphorus/srv/docker/caddy/conf/Caddyfile Normal file
View file

@ -0,0 +1,56 @@
# ╭──────────────────────────────────────────────────────────╮
# │ _ _ │
# │ _ __ | |__ ___ ___ _ __ | |__ ___ _ __ _ _ ___ │
# │ | '_ \| '_ \ / _ \/ __| '_ \| '_ \ / _ \| '__| | | / __| │
# │ | |_) | | | | (_) \__ \ |_) | | | | (_) | | | |_| \__ \ │
# │ | .__/|_| |_|\___/|___/ .__/|_| |_|\___/|_| \__,_|___/ │
# │ |_| |_| │
# ╰──────────────────────────────────────────────────────────╯
# caddy configurations for phosphorus
# =============================================================================
# ╭────────────────────────────────╮
# │ commonly reused rules/snippets │
# ╰────────────────────────────────╯
# common settings - globally enables settings that are commonly used in every snippet
(common-settings) {
encode zstd gzip
}
# log - reused log settings
(log) {
log {
output file /var/log/caddy/{args[0]} {
roll_size 10MB
roll_keep 3
}
}
}
# robots-txt - link /robots.txt to the same file
(robots-txt) {
handle_path /robots.txt {
root * /var/www/robots.txt
file_server
}
}
# =============================================================================
# ╭──────────────────────────╮
# │ main/general information │
# ╰──────────────────────────╯
{
email merp@merpmerp.merp
import log caddy
}
# ╭───────────────────────────────────────────────────────────────────────────╮
# │ do an nginx and seperate snippets for sites into /etc/caddy/sites-enabled │
# ╰───────────────────────────────────────────────────────────────────────────╯
# to "disable" anything, just move the file to /etc/caddy/sites-disabled and reload caddy
import /etc/caddy/sites-enabled/*

84
phosphorus/srv/docker/caddy/conf/sites-enabled/fedi-frontends Normal file
View file

@ -0,0 +1,84 @@
# mastodon (chuckya) frontend
masto.beeping.synth.download, masto.booping.synth.download {
root * /var/www/fedi-frontends/chuckya-fe
file_server
try_files {path} /
handle_path /favicon.png {
root * /var/www/site/assets/synth.download/synth.png
file_server
import common-settings
}
handle_path /packs {
root * /var/www/fedi-frontends/chuckya-fe/packs
file_server
import common-settings
}
import common-settings
import log mastofe
import robots-txt
}
# akkoma fe for iceshrimp
akko.beeping.synth.download {
# redirect api endpoints to iceshrimp
@redir {
path /oauth/*
path /api/*
path /nodeinfo/*
}
handle @redir {
reverse_proxy 127.0.0.1:24042
import common-settings
}
# favicon
handle_path /favicon.png {
root * /var/www/site/assets/synth.download/synth.png
file_server
import common-settings
}
# akkoma frontend
handle {
header Cache-Control "max-age=3600"
try_files {path} /
root * /var/www/fedi-frontends/akkoma-fe
file_server
import common-settings
}
handle_path /static/* {
header Cache-Control "max-age=3600"
root * /var/www/fedi-frontends/akkoma-fe/static
file_server
import common-settings
}
import common-settings
import log akkofe
import robots-txt
}
# phanpy
phanpy.beeping.synth.download, phanpy.booping.synth.download {
root * /var/www/fedi-frontends/phanpy
file_server
try_files {path} /
import common-settings
import log phanpy
import robots-txt
}
# pl-fe
pl-fe.beeping.synth.download, pl-fe.booping.synth.download {
root * /var/www/fedi-frontends/pl-fe
file_server
try_files {path} /
import common-settings
import log pl-fe
import robots-txt
}

14
phosphorus/srv/docker/caddy/conf/sites-enabled/iceshrimp Normal file
View file

@ -0,0 +1,14 @@
beeping.synth.download {
reverse_proxy 127.0.0.1:24042
# favicon stuff
handle_path /assets/synth.download/synth.png {
root * /var/www/site/assets/synth.download/synth.png
file_server
import common-settings
}
import common-settings
import log iceshrimp
import robots-txt
}

53
phosphorus/srv/docker/caddy/conf/sites-enabled/mastodon Normal file
View file

@ -0,0 +1,53 @@
merping.synth.download {
@local {
file
not path /
}
@local_media {
path_regexp /system/(.*)
}
@streaming {
path /api/v1/streaming
path /api/v1/streaming/*
}
@cache_control {
path_regexp ^/(emoji|packs|/system/accounts/avatars|/system/media_attachments/files)
}
root * /srv/docker/mastodon/public
handle_errors {
rewrite 500.html
file_server
}
header {
Strict-Transport-Security "max-age=31536000"
}
header /sw.js Cache-Control "public, max-age=0"
header @cache_control Cache-Control "public, max-age=31536000, immutable"
handle @local {
file_server
}
handle @streaming {
reverse_proxy 127.0.0.1:58834 {
header_up Accept-Encoding identity
}
}
reverse_proxy 127.0.0.1:46098 {
header_up Accept-Encoding identity
header_up X-Forwarded-Port 443
transport http {
keepalive 5s
keepalive_idle_conns 10
}
}
import common-settings
import log mastodon
import robots-txt
}

15
phosphorus/srv/docker/caddy/conf/sites-enabled/pds Normal file
View file

@ -0,0 +1,15 @@
*.pds.synth.download, pds.synth.download {
#root * /var/www/pds-dash
file_server
# since we utilize pds-dash to provide a proper "frontend" page for the pds, we need to manually redirect all known endpoints back to the pds
# probably a better way to do this; haven't discovered it yet
reverse_proxy /xrpc/* 127.0.0.1:24318
reverse_proxy /oauth/* 127.0.0.1:24318
reverse_proxy /.well-known/* 127.0.0.1:24318
reverse_proxy /@atproto/* 127.0.0.1:24318
import common-settings
import log pds
import robots-txt
}

7
phosphorus/srv/docker/caddy/conf/sites-enabled/sharkey Normal file
View file

@ -0,0 +1,7 @@
booping.synth.download {
reverse_proxy 127.0.0.1:60628
import common-settings
import log sharkey
import robots-txt
}

23
phosphorus/srv/docker/iceshrimp/compose.yaml Normal file
View file

@ -0,0 +1,23 @@
services:
web:
image: iceshrimp.dev/iceshrimp/iceshrimp.net:dev
container_name: iceshrimp.net_web
restart: unless-stopped
networks:
- db
- ip6net
ports:
- "127.0.0.1:24042:24042"
environment:
- ICESHRIMP_CONFIG_OVERRIDES=/app/config/configuration.ini
volumes:
- ./data/media:/data/media
- ./config:/app/config:ro # This must be a directory for hot reload to work
networks:
db:
name: postgres_db
external: true
ip6net:
name: ip6net
external: true

299
phosphorus/srv/docker/iceshrimp/config/configuration.ini Normal file
View file

@ -0,0 +1,299 @@
[Instance]
ListenPort = 24042
ListenHost = 0.0.0.0
;; If you want to have the application listen on a unix socket instead, uncomment the line below. Make sure to configure filesystem permissions correctly!
;;ListenSocket = /var/run/iceshrimp/iceshrimp.net.sock
;; Caution: changing these settings after initial setup *will* break federation
WebDomain = beeping.synth.download
AccountDomain = synth.download
;; End of problematic settings block
;; Additional domains this instance allows API access from, separated by commas.
;; Certain frontends such as Akkoma-FE may require reverse proxy configurations that send requests through the frontend domain.
;; By default, such requests would be blocked in the production environment. This option allows you to permit them.
AdditionalDomains = akko.beeping.synth.download
;; Maximum number of characters allowed for local notes (must not be larger than the global limit, which is 100000 characters)
CharacterLimit = 100000
;; Redirect unauthenticated requests to the index page to a custom URL. Especially useful for single user instances.
;; Can be a relative url (e.g. /@username), or an absolute url (e.g. https://example.org).
RedirectIndexTo = https://synth.download/iceshrimp
[Security]
;; Whether to require incoming ActivityPub requests carry a valid HTTP or LD signature
;; It is highly recommend you keep this enabled if you intend to use block- or allowlist federation
AuthorizedFetch = true
;; Whether to attach LD signatures to outgoing activities. Outgoing relayed activities get signed regardless of this option.
AttachLdSignatures = true
;; Whether to accept activities signed using LD signatures. Needs to be enabled for relayed activities to be accepted.
AcceptLdSignatures = true
;; Whether to allow requests to IPv4 & IPv6 loopback addresses
AllowLoopback = false
;; Whether to allow requests to local IPv4 addresses (RFC1918, link-local)
AllowLocalIPv4 = false
;; Whether to allow requests to local IPv6 addresses (RFC3513, ULA, link-local)
AllowLocalIPv6 = false
;; The level of detail in API error responses
;; Options: [None, Basic, Full]
ExceptionVerbosity = Full
;; Whether to allow instance registrations
;; Options: [Closed, Invite, Open]
Registrations = Invite
;; Whether to use a blocklist or allowlist for controlling who can federate with this instance
;; Options: [BlockList, AllowList]
FederationMode = BlockList
;; Whether to expose the list of blocked/allowed instances publicly, for registered users only, or not at all
;; Options: [Public, Registered, Hide]
ExposeFederationList = Registered
;; Whether to expose the reason for instance blocks publicly, for registered users only, or not at all
;; Options: [Public, Registered, Hide]
ExposeBlockReasons = Registered
;; Whether to enable public preview of locally originating notes
;;
;; Public = No restrictions
;; Restricted = Hide replies from remote instances
;; RestrictedNoMedia = Hide replies remote instances & hide media
;; Lockdown = Public preview is disabled, all unauthenticated API access (except authentication) is disabled
;;
;; Options: [Public, Restricted, RestrictedNoMedia, Lockdown]
PublicPreview = Public
[Performance]
;; Maximum number of incoming federation requests to handle concurrently.
;; When exceeded, incoming requests are buffered in memory until they can be executed.
;; While not recommended, this setting can enable lower-end hardware to sustain higher request load, as cryptography operations can be CPU-intensive.
;; (0 = no limit)
FederationRequestHandlerConcurrency = 0
;; Maximum number of jobs to process concurrently, for each queue.
[Performance:QueueConcurrency]
Inbox = 4
Deliver = 20
PreDeliver = 4
BackgroundTask = 4
Backfill = 10
Backfilluser = 10
[Backfill:Replies]
;; Enables backfilling of replies. This is disabled by default as it may have a significant performance impact.
;; This is an experimental feature that hasn't had too much time to bake, so only enable if you're open for instability.
;; Note that replies can only be fetched from remote instances that expose a replies collection.
Enabled = true
;; Identifies the user who asked to see the replies when backfilling them, instead of using an instance-wide anonymous actor.
;; This provides information for remote instances to potentially list any private replies this user is allowed to see,
;; however, a remote instance can track this as a "read receipt" if it so chooses.
;; Single user instances may choose to enable this as the overall privacy impact is minimal in that context.
FetchAsUser = false
;; Notes newer than this threshold will have reply backfilling delayed, to allow them time to accumulate replies.
NewNoteDelay = 5m
;; The cooldown between multiple backfill attempts.
RefreshAfter = 15m
;; How many completed & failed jobs to keep around, per queue.
;; Excess is trimmed every 15 minutes, oldest jobs first.
;; (-1 = no limit)
[Queue:JobRetention]
Completed = 10
Failed = 100
[Database]
;; Hostname, IP address or path to unix socket directory (specifying port is required even for unix sockets)
Host = gyattabase
Port = 5432
Database = iceshrimp
Username = iceshrimp
Password = beepbeepbeep
;; The maximum amount of connections for the connection pool. Valid range: 1-1000. Defaults to 100 if unset.
MaxConnections = 100
;; Whether to enable connection multiplexing, which allows for more efficient use of the connection pool.
;; It's strongly recommended to keep this enabled unless you are experiencing issues, as it's quite easy to exhaust the connection pool otherwise.
Multiplexing = true
;; Whether to log parameter information on errors.
;; Caution: this may contain sensitive information, it's recommended to keep this disabled except for debugging purposes
ParameterLogging = false
[Storage]
;; Where to store media attachments
;; Options: [Local, ObjectStorage]
Provider = ObjectStorage
;; Max file size for locally originating media, files larger than this will error on upload (-1 = no limit)
MaxUploadSize = 100M
;; Max file size for remote media, files larger than this will never be cached (-1 = no limit)
MaxCacheSize = 0
;; Amount of stripped remote media is retained in the cache (0 = disabled, -1 = infinite)
MediaRetention = 0
;; Whether to cleanup remote avatars & banners past the media retention time
CleanAvatars = true
CleanBanners = true
;; Whether to proxy remote media. This can prevent leaking the IP address of users, at the cost of higher bandwidth use.
;; It is recommended to disable this for instances hosted on residential connections.
ProxyRemoteMedia = true
[Storage:Local]
;; Path where media is stored at. Must be writable for the service user.
Path = /data/media
[Storage:ObjectStorage]
Endpoint = cdn.merp.com
Region = us-east-1
KeyId = isthatamotherfuckingmisskeyreference
SecretKey = veryveryverysecretkey
Bucket = beeping
Prefix = files
AccessUrl = https://cdn.beeping.synth.download
;;SetAcl = public-read
;; Disables the validation of the object storage configuration.
;; Only enable this if you have a cache in front of the object storage access URL that makes the validation fail on restart.
DisableValidation = true
[Storage:MediaProcessing]
;; Which image processor to use.
;;
;; ImageSharp = .NET library, slower, lower memory footprint. No external dependencies.
;; LibVips = Native library, faster, higher and spikier memory footprint. Requires compilation with -p:BundleNativeDeps=true, or for libvips to be installed on the system.
;; None = Disables image processing, fastest, lowest memory footprint. Caution: metadata (e.g. location data) for locally originating images will *not* be stripped!
;;
;; Options: [ImageSharp, LibVips, None]
ImageProcessor = ImageSharp
;; Whether to only process locally originating media. This is useful if you're working with a cpu-constrained environment,
;; and want both remote media caching and local media processing.
LocalOnly = false
;; Maximum file size for files to be considered for image processing.
;; Caution: metadata (e.g. location data) for locally originating images will *not* be stripped for files larger than this
MaxFileSize = 10M
;; Maximum resolution for files to be considered for image processing, in megapixels
;; Note that processing an image requires up to 4MB of system memory per megapixel, in some edge case scenarios.
;; Caution: metadata (e.g. location data) for locally originating images will *not* be stripped for files larger than this.
;; If this is unwanted behavior, enable FailIfImageExceedsMaxRes.
MaxResolutionMpx = 30
;; Should you prefer to reject locally originating images that exceed MaxResolutionMpx, set this option to true.
;; Note that this does not apply to remote images, or to local images in a format not supported by the configured image processor.
FailIfImageExceedsMaxRes = false
;; Maxmimum concurrent image encode tasks to run. (0 = no limit)
ImageProcessorConcurrency = 8
;; --------------------------------------------------------------------------------------------------------------------------------------------------------- ;;
;; The below section allows for detailed customization of the image processing pipeline. The respective defaults are listed below. ;;
;; Caution: this is an advanced feature, it's quite easy to break media / media federation by messing with this. Make sure you know what you are doing. ;;
;; ;;
;; Section keys follow the pattern Storage:MediaProcessing:ImagePipeline:<Version>:<Origin> ;;
;; Versions: ;;
;; - 'Original' is the canonical file. It's used when there is no 'Public' version available. ;;
;; - 'Thumbnail' is a compact thumbnail. It's used when a client requests it, usually for timeline rendering. ;;
;; - 'Public' is used in place of 'Original'. Its default purpose is to serve as a smaller version with stripped metadata for locally originating images. ;;
;; Origins: ;;
;; - 'Local' means that the owner of the file is a local user. ;;
;; - 'Remote' means that the owner of the file is a remote user. ;;
;; The full selection of encoding options is only specified once (for brevity). ;;
;; --------------------------------------------------------------------------------------------------------------------------------------------------------- ;;
;;[Storage:MediaProcessing:ImagePipeline:<Version>:<Origin>]
;; Which image format to use.
;; Options: [None, Keep, Webp, Avif, Jxl]
;; - 'None' doesn't store an image of the respective type. It is not valid for the 'Original' image version.
;; - 'Keep' doesn't transcode the image, but still performs other image processing tasks (e.g. blurhash computation & deduplication).
;; - 'Webp' encodes the image as WebP
;; - 'Avif' encodes the image as AVIF. Only available when ImageProcessor is set to LibVips.
;; - 'Jxl' encodes the image as JPEG-XL. Only available when ImageProcessor is set to LibVips.
;;Format = Keep
;;; - Generic encoding options - ;;;
;; The quality factor. Valid range: 1-100
;;QualityFactor = 75
;; The quality factor, when processing lossless png images. Valid range: 1-100
;;QualityFactorPngSource = 100
;; The resolution to scale the largest dimension to, in pixels. If the source image is smaller, no scaling is performed.
;;TargetRes = 2048
;;; - Webp encoding options - ;;;
;; The compression mode.
;; Options: [Lossy, NearLossless, Lossless]
;;WebpCompressionMode = Lossy
;;; - Avif encoding options - ;;;
;; The compression mode.
;; Options: [Lossy, Lossless]
;;AvifCompressionMode = Lossy
;; The bit depth. Valid range: 8-12. Leave unset to use source image bit depth.
;;AvifBitDepth = 8
;;; - Jxl encoding options - ;;;
;; The compression mode.
;; Options: [Lossy, Lossless]
;;JxlCompressionMode = Lossy
;; The encoding effort. Valid range: 1-9
;;JxlEffort = 7
[Storage:MediaProcessing:ImagePipeline:Original:Local]
Format = Keep
[Storage:MediaProcessing:ImagePipeline:Original:Remote]
Format = Keep
[Storage:MediaProcessing:ImagePipeline:Thumbnail:Local]
Format = Webp
TargetRes = 1000
[Storage:MediaProcessing:ImagePipeline:Thumbnail:Remote]
Format = Webp
TargetRes = 1000
QualityFactorPngSource = 75
[Storage:MediaProcessing:ImagePipeline:Public:Local]
;; Caution: locally originating public images are federated.
;; If remote instance software doesn't understand the format, they might fail to ingest the image or associated note.
Format = Webp
TargetRes = 2048
[Storage:MediaProcessing:ImagePipeline:Public:Remote]
Format = None
[Logging:LogLevel]
Default = Debug
Iceshrimp = Debug
Microsoft.AspNetCore = Warning
Microsoft.EntityFrameworkCore = Warning
Microsoft.EntityFrameworkCore.Update = Critical
Microsoft.EntityFrameworkCore.Migrations = Information
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager = Critical
Iceshrimp.Backend.SignalR.Authentication.HubAuthenticationHandler = Warning

31
phosphorus/srv/docker/mastodon/.env Normal file
View file

@ -0,0 +1,31 @@
LOCAL_DOMAIN=merping.synth.download
AUTHORIZED_FETCH=true
MAX_TOOT_CHARS=100000
MAX_BIO_CHARS=100000
# 5mb, 5mb
MAX_EMOJI_SIZE=5242880
MAX_REMOTE_EMOJI_SIZE=5242880
# 200mb, 200mb
MAX_IMAGE_SIZE=209715200
MAX_VIDEO_SIZE=209715200
MAX_POLL_OPTIONS=25
MAX_REACTIONS=6
MAX_MEDIA_ATTACHMENTS=16
MAX_REMOTE_MEDIA_ATTACHMENTS=16
FETCH_REPLIES_ENABLED=true
FETCH_REPLIES_COOLDOWN_MINUTES=15
FETCH_REPLIES_INITIAL_WAIT_MINUTES=5
FETCH_REPLIES_MAX_GLOBAL=1000
FETCH_REPLIES_MAX_SINGLE=500
FETCH_REPLIES_MAX_PAGES=500
SIDEKIQ_CONCURRENCY=20
GITHUB_REPOSITORY=melontini/mastodon

99
phosphorus/srv/docker/mastodon/compose.yaml Normal file
View file

@ -0,0 +1,99 @@
services:
web:
# we use our own synth-soc fork
image: ghcr.io/melontini/mastodon:nightly
restart: always
env_file:
- .env.secrets
- .env
command: bundle exec puma -C config/puma.rb
networks:
- masto
- ip6net
- db
healthcheck:
test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1"]
ports:
- "127.0.0.1:46098:3000"
depends_on:
redis:
condition: service_healthy
volumes:
- ./public/system:/mastodon/public/system
streaming:
image: ghcr.io/melontini/mastodon-streaming:nightly
restart: always
env_file:
- .env.secrets
- .env
command: node ./streaming/index.js
networks:
- masto
- ip6net
- db
healthcheck:
test: ['CMD-SHELL', "curl -s --noproxy localhost localhost:4000/api/v1/streaming/health | grep -q 'OK' || exit 1"]
ports:
- "127.0.0.1:58834:4000"
depends_on:
redis:
condition: service_healthy
sidekiq:
image: ghcr.io/melontini/mastodon:nightly
restart: always
env_file:
- .env.secrets
- .env
command: bundle exec sidekiq
depends_on:
redis:
condition: service_healthy
networks:
- masto
- ip6net
- db
volumes:
- ./public/system:/mastodon/public/system
healthcheck:
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 7' || false"]
redis:
restart: always
image: redis:alpine
networks:
- masto
volumes:
- ./redis:/data
healthcheck:
test: "redis-cli ping"
interval: 5s
retries: 20
# tor is a wip - consider setting up later
## Uncomment to enable federation with tor instances along with adding the following ENV variables
## http_hidden_proxy=http://privoxy:8118
## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
# tor:
# image: sirboops/tor
# networks:
# - external_network
# - internal_network
#
# privoxy:
# image: sirboops/privoxy
# volumes:
# - ./priv-config:/opt/config
# networks:
# - external_network
# - internal_network
networks:
db:
name: postgres_db
external: true
ip6net:
name: ip6net
external: true
masto:

14
phosphorus/srv/docker/pds/.env Normal file
View file

@ -0,0 +1,14 @@
PDS_DATADIR=/pds
PDS_HOSTNAME=pds.synth.download
PDS_DATA_DIRECTORY=/pds
#PDS_BLOBSTORE_DISK_LOCATION=/pds/blocks
PDS_BLOB_UPLOAD_LIMIT=52428800
PDS_DID_PLC_URL=https://plc.directory
PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app
PDS_REPORT_SERVICE_URL=https://mod.bsky.app
PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
PDS_CRAWLERS=https://bsky.network
LOG_ENABLED=true

19
phosphorus/srv/docker/pds/compose.yaml Normal file
View file

@ -0,0 +1,19 @@
services:
pds:
container_name: pds
image: ghcr.io/bluesky-social/pds:latest
restart: unless-stopped
ports:
- "127.0.0.1:24318:3000"
networks:
- ip6net
volumes:
- ./pds:/pds:z
env_file:
- .env.secrets
- .env
networks:
ip6net:
name: ip6net
external: true

21
phosphorus/srv/docker/postgres/compose.yaml Normal file
View file

@ -0,0 +1,21 @@
services:
db:
# custom image for docker with pgroonga support
image: groonga/pgroonga:latest-alpine-17
restart: always
shm_size: 6GB
volumes:
- ./db:/var/lib/postgresql/data
networks:
- postgres_db
env_file:
- .env
healthcheck:
test: "pg_isready -U postgres -d postgres"
interval: 40s
retries: 20
networks:
postgres_db:
name: postgres_db
driver: bridge

2
phosphorus/srv/docker/postgres/psql.sh Normal file
View file

@ -0,0 +1,2 @@
#!/usr/bin/env bash
docker exec -it postgres-db-1 /bin/bash -c "psql -U postgres"

449
phosphorus/srv/docker/sharkey/.config/default.yml Normal file
View file

@ -0,0 +1,449 @@
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# Misskey configuration
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# ┌──────────────────────────────┐
#───┘ a boring but important thing └────────────────────────────
#
# First of all, let me tell you a story that may possibly be
# boring to you and possibly important to you.
#
# Misskey is licensed under the AGPLv3 license. This license is
# known to be often misunderstood. Please read the following
# instructions carefully and select the appropriate option so
# that you do not negligently cause a license violation.
#
# --------
# Option 1: If you host Misskey AS-IS (without any changes to
# the source code. forks are not included).
#
# Step 1: Congratulations! You don't need to do anything.
# --------
# Option 2: If you have made changes to the source code (forks
# are included) and publish a Git repository of source
# code. There should be no access restrictions on
# this repository. Strictly speaking, it doesn't have
# to be a Git repository, but you'll probably use Git!
#
# Step 1: Build and run the Misskey server first.
# Step 2: Open <https://your.misskey.example/admin/settings> in
# your browser with the administrator account.
# Step 3: Enter the URL of your Git repository in the
# "Repository URL" field.
# --------
# Option 3: If neither of the above applies to you.
# (In this case, the source code should be published
# on the Misskey interface. IT IS NOT ENOUGH TO
# DISCLOSE THE SOURCE CODE WEHN A USER REQUESTS IT BY
# E-MAIL OR OTHER MEANS. If you are not satisfied
# with this, it is recommended that you read the
# license again carefully. Anyway, enabling this
# option will automatically generate and publish a
# tarball at build time, protecting you from
# inadvertent license violations. (There is no legal
# guarantee, of course.) The tarball will generated
# from the root directory of your codebase. So it is
# also recommended to check <built/tarball> directory
# once after building and before activating the server
# to avoid ACCIDENTAL LEAKING OF SENSITIVE INFORMATION.
# To prevent certain files from being included in the
# tarball, add a glob pattern after line 15 in
# <scripts/tarball.mjs>. DO NOT FORGET TO BUILD AFTER
# ENABLING THIS OPTION!)
#
# Step 1: Uncomment the following line.
#
# publishTarballInsteadOfProvideRepositoryUrl: true
# ┌─────┐
#───┘ URL └─────────────────────────────────────────────────────
# Final accessible URL seen by a user.
# You can set url from an environment variable instead.
url: https://booping.synth.download/
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
# URL SETTINGS AFTER THAT!
# ┌───────────────────────┐
#───┘ Port and TLS settings └───────────────────────────────────
#
# Misskey requires a reverse proxy to support HTTPS connections.
#
# +----- https://example.tld/ ------------+
# +------+ |+-------------+ +----------------+|
# | User | ---> || Proxy (443) | ---> | Misskey (3000) ||
# +------+ |+-------------+ +----------------+|
# +---------------------------------------+
#
# You need to set up a reverse proxy. (e.g. nginx)
# An encrypted connection with HTTPS is highly recommended
# because tokens may be transferred in GET requests.
# The port that your Misskey server should listen on.
port: 60628
# ┌──────────────────────────┐
#───┘ PostgreSQL configuration └────────────────────────────────
db:
host: gyattabase
port: 5432
# Database name
# You can set db from an environment variable instead.
db: misskey
# Auth
# You can set user and pass from environment variables instead.
user: misskey
pass: rizzrizzrizz
# Whether disable Caching queries
#disableCache: true
# Extra Connection options
#extra:
# ssl: true
dbReplications: false
# You can configure any number of replicas here
#dbSlaves:
# -
# host:
# port:
# db:
# user:
# pass:
# -
# host:
# port:
# db:
# user:
# pass:
# ┌─────────────────────┐
#───┘ Redis configuration └─────────────────────────────────────
redis:
host: redis
port: 6379
#family: 0 # 0=Both, 4=IPv4, 6=IPv6
#pass: example-pass
#prefix: example-prefix
#db: 1
#redisForPubsub:
# host: redis
# port: 6379
# #family: 0 # 0=Both, 4=IPv4, 6=IPv6
# #pass: example-pass
# #prefix: example-prefix
# #db: 1
#redisForJobQueue:
# host: redis
# port: 6379
# #family: 0 # 0=Both, 4=IPv4, 6=IPv6
# #pass: example-pass
# #prefix: example-prefix
# #db: 1
#redisForTimelines:
# host: redis
# port: 6379
# #family: 0 # 0=Both, 4=IPv4, 6=IPv6
# #pass: example-pass
# #prefix: example-prefix
# #db: 1
# ┌───────────────────────────────┐
#───┘ Fulltext search configuration └─────────────────────────────
# These are the setting items for the full-text search provider.
fulltextSearch:
# You can select the ID generation method.
# - sqlLike (default)
# Use SQL-like search.
# This is a standard feature of PostgreSQL, so no special extensions are required.
# - sqlPgroonga
# Use pgroonga.
# You need to install pgroonga and configure it as a PostgreSQL extension.
# In addition to the above, you need to create a pgroonga index on the text column of the note table.
# see: https://pgroonga.github.io/tutorial/
# - meilisearch
# Use Meilisearch.
# You need to install Meilisearch and configure.
provider: sqlPgroonga
# For Meilisearch settings.
# If you select "meilisearch" for "fulltextSearch.provider", it must be set.
# You can set scope to local or global (default value)
# (include notes from remote).
#meilisearch:
# host: meilisearch
# port: 7700
# apiKey: ''
# ssl: true
# index: ''
# scope: global
# ┌───────────────┐
#───┘ ID generation └───────────────────────────────────────────
# You can select the ID generation method.
# You don't usually need to change this setting, but you can
# change it according to your preferences.
# Available methods:
# aid ... Short, Millisecond accuracy
# aidx ... Millisecond accuracy
# meid ... Similar to ObjectID, Millisecond accuracy
# ulid ... Millisecond accuracy
# objectid ... This is left for backward compatibility
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
# ID SETTINGS AFTER THAT!
id: 'aidx'
# ┌────────────────┐
#───┘ Error tracking └──────────────────────────────────────────
# Sentry is available for error tracking.
# See the Sentry documentation for more details on options.
#sentryForBackend:
# enableNodeProfiling: true
# options:
# dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0'
#sentryForFrontend:
# options:
# dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0'
# ┌─────────────────────┐
#───┘ Other configuration └─────────────────────────────────────
# Whether disable HSTS
#disableHsts: true
# Number of worker processes
clusterLimit: 6
# Job concurrency per worker
deliverJobConcurrency: 96
inboxJobConcurrency: 16
relationshipJobConcurrency: 16
# What's relationshipJob?:
# Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations.
# Job rate limiter
deliverJobPerSec: 96
inboxJobPerSec: 32
relationshipJobPerSec: 64
# Job attempts
deliverJobMaxAttempts: 12
inboxJobMaxAttempts: 8
# Local address used for outgoing requests
#outgoingAddress: 127.0.0.1
# IP address family used for outgoing request (ipv4, ipv6 or dual)
outgoingAddressFamily: dual
# Amount of characters that can be used when writing notes. Longer notes will be rejected. (minimum: 1)
maxNoteLength: 100000
# Amount of characters that will be saved for remote notes. Longer notes will be truncated to this length. (minimum: 1)
maxRemoteNoteLength: 100000
# Amount of characters that can be used when writing content warnings. Longer warnings will be rejected. (minimum: 1)
maxCwLength: 5000
# Amount of characters that will be saved for remote content warnings. Longer warnings will be truncated to this length. (minimum: 1)
maxRemoteCwLength: 5000
# Amount of characters that can be used when writing media descriptions (alt text). Longer descriptions will be rejected. (minimum: 1)
maxAltTextLength: 100000
# Amount of characters that will be saved for remote media descriptions (alt text). Longer descriptions will be truncated to this length. (minimum: 1)
maxRemoteAltTextLength: 100000
# Proxy for HTTP/HTTPS
#proxy: http://127.0.0.1:3128
proxyBypassHosts:
- api.deepl.com
- api-free.deepl.com
- www.recaptcha.net
- hcaptcha.com
- challenges.cloudflare.com
# Proxy for SMTP/SMTPS
#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT
#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
# Media Proxy
#mediaProxy: https://booping.synth.download/proxy
# Proxy remote files (default: true)
# Proxy remote files by this instance or mediaProxy to prevent remote files from running in remote domains.
proxyRemoteFiles: true
# Movie Thumbnail Generation URL
# There is no reference implementation.
# For example, Misskey will point to the following URL:
# https://example.com/thumbnail.webp?thumbnail=1&url=https%3A%2F%2Fstorage.example.com%2Fpath%2Fto%2Fvideo.mp4
#videoThumbnailGenerator: https://booping.synth.download
# Sign outgoing ActivityPub GET request (default: true)
signToActivityPubGet: true
# Sign outgoing ActivityPub Activities (default: true)
# Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity.
# When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances.
# This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests.
attachLdSignatureForRelays: true
# For security reasons, uploading attachments from the intranet is prohibited,
# but exceptions can be made from the following settings. Default value is "undefined".
# Read changelog to learn more (Improvements of 12.90.0 (2021/09/04)).
#allowedPrivateNetworks: [
# '127.0.0.1/32'
#]
customMOTD: [
'“Heartfelt apology”',
'[Insert debit or credit card to purchase infinite lives.]',
'[Space] Say Apple',
'<b>Fun Fact:</b> Booping Synths was originally made with',
'<b>Tip:</b> Whenever freezing, opening any Misskey-based instance on a laptop is a great heat source. <small><i>Does not apply to Iceshrimp.NET instances.</i></small>',
'<code style="display:inline-block;font-family:Consolas,Monaco,Andale Mono,Ubuntu Mono,monospace;overflow-wrap:anywhere;background:var(--MI_THEME-bg);padding:.1em;border-radius:.3em;">* It''s locked.</code>',
'<code style="display:inline-block;font-family:Consolas,Monaco,Andale Mono,Ubuntu Mono,monospace;overflow-wrap:anywhere;background:var(--MI_THEME-bg);padding:.1em;border-radius:.3em;">cd /srv/docker/sharkey && docker compose pull && docker compose down && docker compose up -d</code>',
'<img style="height:2em;vertical-align:middle;-webkit-user-drag:none;" src="https://cdn.booping.synth.download/files/0328c21e-81b0-48b5-95d4-326032304433.png" decoding="async" draggable="false">',
'<img style="height:2em;vertical-align:middle;-webkit-user-drag:none;" src="https://cdn.booping.synth.download/files/4ed317bb-4eca-48b6-b9d2-d8a63b0f5739.webp" decoding="async" draggable="false">',
'<img style="height:2em;vertical-align:middle;-webkit-user-drag:none;" src="https://cdn.booping.synth.download/files/605d6eb6-49ec-4c9c-8f39-90f8b3232bcc.png" decoding="async" draggable="false">',
'<img style="height:2em;vertical-align:middle;-webkit-user-drag:none;" src="https://cdn.booping.synth.download/files/ae3166cc-ef6c-457c-bb23-3e80bc661b7b.webp" decoding="async" draggable="false">',
'<img style="height:2em;vertical-align:middle;-webkit-user-drag:none;" src="https://cdn.booping.synth.download/files/b67b67b1-60d4-43aa-9cee-59cc7bd30637.webp" decoding="async" draggable="false">',
'<img style="height:2em;vertical-align:middle;-webkit-user-drag:none;" src="https://cdn.booping.synth.download/files/db430365-d057-4e26-9882-205c99529a1a.gif" decoding="async" draggable="false">',
'<img style="height:2em;vertical-align:middle;-webkit-user-drag:none;" src="https://cdn.booping.synth.download/files/e52b9b1a-1a18-43a0-8231-a797d789c8bc.webp" decoding="async" draggable="false">',
'Also check out <a class="_link" href="https://chitter.xyz" rel="nofollow noopener" target="_blank">chitter.xyz</a>!',
'Also check out <a class="_link" href="https://critter.cafe" rel="nofollow noopener" target="_blank">critter.cafe</a>!',
'Also check out <a class="_link" href="https://critters.gay" rel="nofollow noopener" target="_blank">critters.gay</a>!',
'Also check out <a class="_link" href="https://lethallava.land" rel="nofollow noopener" target="_blank">lethallava.land</a>!',
'Also check out <a class="_link" href="https://remlit.site" rel="nofollow noopener" target="_blank">remlit.site</a>!',
'Also check out <a class="_link" href="https://wetdry.world" rel="nofollow noopener" target="_blank">wetdry.world</a>!',
'Also check out <a class="_link" href="https://yeen.town" rel="nofollow noopener" target="_blank">yeen.town</a>!',
'Ants.',
'aren''t you supposed to be eating cardboard?',
'Attach a bee to your post? <i>(<b>Y</b>/<b>N</b>)</i>',
'Beeeeep?',
'BEEP BEEP BEEP BEEP BEEP',
'Beep!',
'Booping.Synth.Download will now swap to using Safety Scissors. Please.',
'bossfight <img style="height:2em;vertical-align:middle;-webkit-user-drag:none;" src="https://cdn.booping.synth.download/files/f04f2157-f4d6-4063-a5c7-5a58e31afea9.webp" decoding="async" draggable="false">',
'brush your teeth and try again later',
'can you watch my shoes for a bit, they''re entertaining',
'Controller 2 disconnected. Please reconnect to resume gameplay.',
'Dinosaurs!?',
'dude can you tie my shoes im bored',
'Find my glasses to receive a prize!',
'Give it a moment I just ran <code style="display:inline-block;font-family:Consolas,Monaco,Andale Mono,Ubuntu Mono,monospace;overflow-wrap:anywhere;background:var(--MI_THEME-bg);padding:.1em;border-radius:.3em;">systemctl reboot</code>',
'Go into your [I]nventory screen to view your items. <small>If you want to, anyways...</small>',
'hello_world',
'HOW THE FU',
'I bet you could be a baggage claim if you tried hard enough',
'i love my kitchen appliance',
'I''m afraid.',
'its okay to sin if its funny. probably',
'just did <code style="display:inline-block;font-family:Consolas,Monaco,Andale Mono,Ubuntu Mono,monospace;overflow-wrap:anywhere;background:var(--MI_THEME-bg);padding:.1em;border-radius:.3em;">systemctl reload caddy</code>',
'loading canceled. bitch',
'Loading Firefish v1.0.5-rc',
'Loading Lockpick',
'Loading Mastodon v4.3.3',
'look into my eyes and tell me about your hyperfixation',
'Merp!',
'Mrrrrrrr...',
'Mrrrrrrrf...',
'No smoking while inside.',
'ooooOHHHH MY PCCCCCC',
'Packets are approaching your location at 299,792,458m/s',
'Peggle Dinners',
'Put your synth in airplane mode before proceeding, please.',
'Read A Book Instead?',
'Remember Greek Philosophy? Imagine what they''re up to nowadays.',
'Send me refs of your Pegglesona',
'She may have been moved or deleted.',
'Sorry',
'stop looking at me like that :\',
'stop looking at me like that >:(',
'supported by gordon freeman',
'Swap public bathrooms to private bathrooms in settings.',
'They call me the parfait :parfait_emoji:',
'throw your phone into a wall immediately',
'Use [LS] to move',
'What are you... БЛЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯЯТЬ',
'Where the fuck is my toaster',
'Whoops, Memory leak!',
'You''ll need to spend one HotDog to enter the chat. Are you sure you want to continue?',
'You''re going to have to speak into the void for that one.',
'You know you can suggest what appears here, right?'
]
# Upload or download file size limits (bytes)
# 2GB
maxFileSize: 2147483648
# timeout (in milliseconds) and maximum size for imports (e.g. note imports)
#import:
# downloadTimeout: 30000
# maxFileSize: 262144000
# CHMod-style permission bits to apply to uploaded files.
# Permission bits are specified as a base-8 string representing User/Group/Other permissions.
# This setting is only useful for custom deployments, such as using a reverse proxy to serve media.
#filePermissionBits: '644'
# Log settings
# logging:
# sql:
# # Outputs query parameters during SQL execution to the log.
# # default: false
# enableQueryParamLogging: false
# # Disable query truncation. If set to true, the full text of the query will be output to the log.
# # default: false
# disableQueryTruncation: false
# # Shows debug log messages after instance startup. To capture earlier debug logs, set the MK_VERBOSE environment variable.
# # default: false in production, true otherwise.
# #verbose: false
# Settings for the activity logger, which records inbound activities to the database.
# Disabled by default due to the large volume of data it saves.
#activityLogging:
# Log activities to the database (default: false)
#enabled: false
# Save the activity before processing, then update later with the results.
# This has the advantage of capturing activities that cause a hard-crash, but doubles the number of queries used.
# Default: false
#preSave: false
# How long to save each log entry before deleting it.
# Default: 2592000000 (1 week)
#maxAge: 2592000000
# Transparently compress every websocket message on clients that support it.
# Trades server CPU usage for reduced bandwidth usage and a faster frontend on the client.
# If you're not using jemalloc, this may cause memory fragmentation and performance issues! (https://www.npmjs.com/package/ws#websocket-compression)
# jemalloc is used by default in the Sharkey Docker image and may be set up manually otherwise: https://github.com/jemalloc/jemalloc/wiki/getting-started
websocketCompression: true
# Inject arbitrary HTML tags to customize Sharkey without having to fork it
customHtml:
head: |
<script>console.log("This Fediverse software is ass. Session terminated.")</script>
<style>#splash{& #splashSpinner{transform:unset!important;margin:1.5rem 0 0 1.5rem!important}}#sharkey_app{& [class^=visitor-root-]{& [class^=visitor-main-]{& [class^=visitor-homeButton-]{background:var(--MI_THEME-accent)!important;color:var(--MI_THEME-fgOnAccent)!important}& [class^=visitor-content-]{& [class^=pages-welcome-entrance-a-shape1-],& [class^=pages-welcome-entrance-a-shape2-],& [class^=pages-welcome-timeline-root-]{display:none}& [class^=pages-welcome-entrance-a-logoWrapper-]{& [class^=pages-welcome-entrance-a-poweredBy-]{color:var(--MI_THEME-fg)}& [class^=pages-welcome-entrance-a-misskey-]{width:120px!important}}& [class^=pages-welcome-entrance-a-logoWrapper-]:before{backdrop-filter:var(--MI-blur,blur(15px));background:var(--MI_THEME-acrylicPanel);border-radius:var(--MI-radius-ellipse);content:"";z-index:-5;width:10.6rem;height:6.5rem;position:absolute;top:-1rem;left:-1rem}& [class^=MkFeaturedPhotos-root-]{opacity:.8;background-repeat:repeat;background-size:auto;animation:100s linear infinite animatebg;background-image:url(https://cdn.booping.synth.download/assets/synth+grid+bg.png)!important;width:100%!important;height:100%!important;top:0!important;left:0!important}& [class^=pages-welcome-entrance-a-contents-]{padding:130px 0;margin-left:auto!important;margin-right:auto!important;& [class^=MkVisitorDashboard-root-]:before{backdrop-filter:var(--MI-blur,blur(15px));background:var(--MI_THEME-acrylicPanel);border-radius:var(--MI-radius-ellipse);content:"";width:34.1rem;height:122.4rem;transition:padding .2s;position:absolute;top:.5rem;left:-1.7rem}& [class^=MkVisitorDashboard-tl-]{& [class^=MkVisitorDashboard-tlBody-]{height:50rem!important}}}& [class^=pages-welcome-entrance-a-federation-]{bottom:unset!important;z-index:50!important;top:16px!important}}}& [class^=visitor-side-]{background:linear-gradient(var(--MI_THEME-bg),var(--MI_THEME-accent));& [class^=visitor-banner-]{opacity:.8;background-repeat:repeat;background-size:auto;animation:100s linear infinite animatebg;background-image:url(https://cdn.booping.synth.download/assets/synth+grid+bg.png)!important;width:100%!important;height:100%!important;top:0!important;left:0!important}}@media (prefers-reduced-motion:reduce){& [class^=visitor-side-] [class^=visitor-banner-],& [class^=visitor-main-] [class^=visitor-content-] [class^=MkFeaturedPhotos-root-]{animation:unset!important}}}& [class^=SkNote-renote-]{& [class^=_noSelect\ MkAvatar-root-]{display:unset!important}}}@keyframes animatebg{0%{background-position:0 0}to{background-position:-960px -960px}}</style>

41
phosphorus/srv/docker/sharkey/compose.yaml Normal file
View file

@ -0,0 +1,41 @@
services:
web:
image: registry.activitypub.software/transfem-org/sharkey:latest
restart: always
links:
- redis
depends_on:
redis:
condition: service_healthy
ports:
- "127.0.0.1:60628:60628"
networks:
- shonk
- ip6net
- db
environment:
- NODE_OPTIONS="--max-old-space-size=8192"
volumes:
- ./files:/sharkey/files
- ./.config:/sharkey/.config:ro
redis:
restart: always
image: redis:alpine
networks:
- shonk
volumes:
- ./redis:/data
healthcheck:
test: "redis-cli ping"
interval: 5s
retries: 20
networks:
db:
name: postgres_db
external: true
ip6net:
name: ip6net
external: true
shonk: