mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-10-31 18:29:21 +00:00
Kevin Veen-Birkenbach
7ca8b7c71d
config(ports): add Nextcloud websocket port (4003); canonical domains (nextcloud/talk/whiteboard) refactor: unify get_app_conf usage & Jinja spacing; migrate paths/handlers to new NEXTCLOUD_* vars feat(plugins): split plugin routines; configure Whiteboard via occ (URL + JWT) fix(oidc): use NEXTCLOUD_URL for logout; correct LDAP attribute mappings; add OIDC flavor switch feat: Whiteboard container & reverse-proxy location; Talk STUN/WS ports; Redis URL for Whiteboard chore: drop obsolete TODO; minor cleanups in oauth2-proxy, matrix, peertube, pgadmin, phpldapadmin, pixelfed, phpmyadmin security(schema): Bluesky jwt_secret now base64_prefixed_32; add Nextcloud whiteboard_jwt_secret db: normalize postgres image tag templating; central DB host checks spacing fixes ops: add full-stack bootstrap (certs, proxy, volumes); internal nginx config reload handler update refs: https://chatgpt.com/share/68b5f5b7-8d64-800f-b001-1241f818dc0e
154 lines
3.6 KiB
Django/Jinja
154 lines
3.6 KiB
Django/Jinja
## Crypto
|
|
APP_KEY={{ applications | get_app_conf(application_id, 'credentials.app_key', True)}}
|
|
|
|
## General Settings
|
|
APP_NAME="{{ PIXELFED_TITEL }}"
|
|
APP_ENV={{ ENVIRONMENT | lower }}
|
|
APP_DEBUG={{MODE_DEBUG | string | lower }}
|
|
APP_URL={{ domains | get_url(application_id, WEB_PROTOCOL) }}
|
|
APP_DOMAIN="{{ domains | get_domain(application_id) }}"
|
|
ADMIN_DOMAIN="{{ domains | get_domain(application_id) }}"
|
|
SESSION_DOMAIN="{{ domains | get_domain(application_id) }}"
|
|
|
|
OPEN_REGISTRATION=false
|
|
ENFORCE_EMAIL_VERIFICATION=false
|
|
PF_MAX_USERS=1000
|
|
OAUTH_ENABLED=true
|
|
|
|
APP_TIMEZONE={{ HOST_TIMEZONE }}
|
|
APP_LOCALE={{ HOST_LL }}
|
|
|
|
## Pixelfed Tweaks
|
|
LIMIT_ACCOUNT_SIZE=true
|
|
MAX_ACCOUNT_SIZE=1000000
|
|
MAX_PHOTO_SIZE=15000
|
|
MAX_AVATAR_SIZE=2000
|
|
MAX_CAPTION_LENGTH=500
|
|
MAX_BIO_LENGTH=125
|
|
MAX_NAME_LENGTH=30
|
|
MAX_ALBUM_LENGTH=4
|
|
IMAGE_QUALITY=80
|
|
PF_OPTIMIZE_IMAGES=true
|
|
PF_OPTIMIZE_VIDEOS=true
|
|
ADMIN_ENV_EDITOR=false
|
|
ACCOUNT_DELETION=true
|
|
ACCOUNT_DELETE_AFTER=false
|
|
MAX_LINKS_PER_POST=0
|
|
|
|
## Instance
|
|
#INSTANCE_DESCRIPTION=
|
|
INSTANCE_PUBLIC_HASHTAGS=false
|
|
#INSTANCE_CONTACT_EMAIL=
|
|
INSTANCE_PUBLIC_LOCAL_TIMELINE=false
|
|
#BANNED_USERNAMES=
|
|
STORIES_ENABLED=false
|
|
RESTRICTED_INSTANCE=false
|
|
|
|
## Mail
|
|
MAIL_DRIVER=log
|
|
MAIL_HOST={{ SYSTEM_EMAIL.HOST }}
|
|
MAIL_PORT={{ SYSTEM_EMAIL.PORT }}
|
|
MAIL_FROM_ADDRESS="{{ users['no-reply'].email }}"
|
|
MAIL_FROM_NAME={{ service_provider.company.titel }} - Pixelfed
|
|
MAIL_USERNAME={{ users['no-reply'].email }}
|
|
MAIL_PASSWORD={{ users['no-reply'].mailu_token }}
|
|
# Not sure if the following is correct
|
|
# Checkout: https://github.com/pixelfed/pixelfed/blob/dev/.env.docker
|
|
MAIL_ENCRYPTION={{ 'ssl' if SYSTEM_EMAIL.START_TLS else 'tls' }}
|
|
|
|
## Databases (MySQL)
|
|
DB_CONNECTION=mysql
|
|
DB_DATABASE={{ database_name }}
|
|
DB_HOST={{ database_host }}
|
|
DB_PASSWORD="{{ database_password }}"
|
|
DB_PORT="{{ database_port }}"
|
|
DB_USERNAME={{ database_username }}
|
|
|
|
## Cache (Redis)
|
|
REDIS_CLIENT=phpredis
|
|
REDIS_SCHEME=tcp
|
|
REDIS_HOST=redis
|
|
#REDIS_PASSWORD=
|
|
REDIS_PORT=6379
|
|
REDIS_DATABASE=0
|
|
|
|
HORIZON_PREFIX="horizon-"
|
|
|
|
## EXPERIMENTS
|
|
EXP_LC=false
|
|
EXP_REC=false
|
|
EXP_LOOPS=false
|
|
|
|
## ActivityPub Federation
|
|
ACTIVITY_PUB=true
|
|
AP_REMOTE_FOLLOW=true
|
|
AP_SHAREDINBOX=true
|
|
AP_INBOX=true
|
|
AP_OUTBOX=true
|
|
ATOM_FEEDS=true
|
|
NODEINFO=true
|
|
WEBFINGER=true
|
|
|
|
## S3
|
|
FILESYSTEM_DRIVER=local
|
|
FILESYSTEM_CLOUD=s3
|
|
PF_ENABLE_CLOUD=false
|
|
|
|
## Horizon
|
|
HORIZON_DARKMODE=false
|
|
|
|
## COSTAR - Confirm Object Sentiment Transform and Reduce
|
|
PF_COSTAR_ENABLED=false
|
|
|
|
# Media
|
|
MEDIA_EXIF_DATABASE=false
|
|
|
|
## Logging
|
|
LOG_CHANNEL=stderr
|
|
|
|
## Image
|
|
IMAGE_DRIVER=imagick
|
|
|
|
## Broadcasting
|
|
BROADCAST_DRIVER=log # log driver for local development
|
|
|
|
## Cache
|
|
CACHE_DRIVER=redis
|
|
|
|
## Purify
|
|
RESTRICT_HTML_TYPES=true
|
|
|
|
## Queue
|
|
QUEUE_DRIVER=redis
|
|
|
|
## Session
|
|
SESSION_DRIVER=redis
|
|
|
|
## Trusted Proxy
|
|
TRUST_PROXIES="*"
|
|
|
|
## Passport
|
|
#PASSPORT_PRIVATE_KEY=
|
|
#PASSPORT_PUBLIC_KEY=
|
|
|
|
ENABLE_CONFIG_CACHE=true
|
|
|
|
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
|
|
|
|
###################################
|
|
# OpenID Connect settings
|
|
###################################
|
|
# @see https://github.com/pixelfed/pixelfed/commit/b3c27815788e4b47e7eb3fca727d817512cf26c2#diff-66e408190a301e81b5f1c079463487c54a6452c4944dc5ae80770f50101283ff
|
|
|
|
PF_OIDC_ENABLED={{ applications | get_app_conf(application_id, 'features.oidc', False) | string | lower }}
|
|
PF_OIDC_AUTHORIZE_URL="{{ OIDC.CLIENT.AUTHORIZE_URL }}"
|
|
PF_OIDC_TOKEN_URL="{{ OIDC.CLIENT.TOKEN_URL }}"
|
|
PF_OIDC_PROFILE_URL="{{ OIDC.CLIENT.USER_INFO_URL }}"
|
|
PF_OIDC_LOGOUT_URL="{{OIDC.CLIENT.LOGOUT_URL}}"
|
|
PF_OIDC_USERNAME_FIELD="{{ OIDC.ATTRIBUTES.USERNAME }}"
|
|
PF_OIDC_FIELD_ID="{{ OIDC.ATTRIBUTES.USERNAME }}"
|
|
PF_OIDC_CLIENT_SECRET={{ OIDC.CLIENT.SECRET }}
|
|
PF_OIDC_CLIENT_ID={{ OIDC.CLIENT.ID }}
|
|
PF_OIDC_SCOPES="openid profile email"
|
|
|
|
{% endif %} |