[#1260] Rate-limiting for create authentication and related requests.
[akkoma] / config / config.exs
1 # .i;;;;i.
2 # iYcviii;vXY:
3 # .YXi .i1c.
4 # .YC. . in7.
5 # .vc. ...... ;1c.
6 # i7, .. .;1;
7 # i7, .. ... .Y1i
8 # ,7v .6MMM@; .YX,
9 # .7;. ..IMMMMMM1 :t7.
10 # .;Y. ;$MMMMMM9. :tc.
11 # vY. .. .nMMM@MMU. ;1v.
12 # i7i ... .#MM@M@C. .....:71i
13 # it: .... $MMM@9;.,i;;;i,;tti
14 # :t7. ..... 0MMMWv.,iii:::,,;St.
15 # .nC. ..... IMMMQ..,::::::,.,czX.
16 # .ct: ....... .ZMMMI..,:::::::,,:76Y.
17 # c2: ......,i..Y$M@t..:::::::,,..inZY
18 # vov ......:ii..c$MBc..,,,,,,,,,,..iI9i
19 # i9Y ......iii:..7@MA,..,,,,,,,,,....;AA:
20 # iIS. ......:ii::..;@MI....,............;Ez.
21 # .I9. ......:i::::...8M1..................C0z.
22 # .z9; ......:i::::,.. .i:...................zWX.
23 # vbv ......,i::::,,. ................. :AQY
24 # c6Y. .,...,::::,,..:t0@@QY. ................ :8bi
25 # :6S. ..,,...,:::,,,..EMMMMMMI. ............... .;bZ,
26 # :6o, .,,,,..:::,,,..i#MMMMMM#v................. YW2.
27 # .n8i ..,,,,,,,::,,,,.. tMMMMM@C:.................. .1Wn
28 # 7Uc. .:::,,,,,::,,,,.. i1t;,..................... .UEi
29 # 7C...::::::::::::,,,,.. .................... vSi.
30 # ;1;...,,::::::,......... .................. Yz:
31 # v97,......... .voC.
32 # izAotX7777777777777777777777777777777777777777Y7n92:
33 # .;CoIIIIIUAA666666699999ZZZZZZZZZZZZZZZZZZZZ6ov.
34 #
35 # !!! ATTENTION !!!
36 # DO NOT EDIT THIS FILE! THIS FILE CONTAINS THE DEFAULT VALUES FOR THE CON-
37 # FIGURATION! EDIT YOUR SECRET FILE (either prod.secret.exs, dev.secret.exs).
38 #
39 # This file is responsible for configuring your application
40 # and its dependencies with the aid of the Mix.Config module.
41 #
42 # This configuration file is loaded before any dependency and
43 # is restricted to this project.
44 use Mix.Config
45
46 # General application configuration
47 config :pleroma, ecto_repos: [Pleroma.Repo]
48
49 config :pleroma, Pleroma.Repo,
50 types: Pleroma.PostgresTypes,
51 telemetry_event: [Pleroma.Repo.Instrumenter],
52 migration_lock: nil
53
54 scheduled_jobs =
55 with digest_config <- Application.get_env(:pleroma, :email_notifications)[:digest],
56 true <- digest_config[:active] do
57 [{digest_config[:schedule], {Pleroma.Daemons.DigestEmailDaemon, :perform, []}}]
58 else
59 _ -> []
60 end
61
62 scheduled_jobs =
63 scheduled_jobs ++
64 [{"0 */6 * * * *", {Pleroma.Web.Websub, :refresh_subscriptions, []}}]
65
66 config :pleroma, Pleroma.Scheduler,
67 global: true,
68 overlap: true,
69 timezone: :utc,
70 jobs: scheduled_jobs
71
72 config :pleroma, Pleroma.Captcha,
73 enabled: false,
74 seconds_valid: 60,
75 method: Pleroma.Captcha.Kocaptcha
76
77 config :pleroma, :hackney_pools,
78 federation: [
79 max_connections: 50,
80 timeout: 150_000
81 ],
82 media: [
83 max_connections: 50,
84 timeout: 150_000
85 ],
86 upload: [
87 max_connections: 25,
88 timeout: 300_000
89 ]
90
91 config :pleroma, Pleroma.Captcha.Kocaptcha, endpoint: "https://captcha.kotobank.ch"
92
93 # Upload configuration
94 config :pleroma, Pleroma.Upload,
95 uploader: Pleroma.Uploaders.Local,
96 filters: [Pleroma.Upload.Filter.Dedupe],
97 link_name: true,
98 proxy_remote: false,
99 proxy_opts: [
100 redirect_on_failure: false,
101 max_body_length: 25 * 1_048_576,
102 http: [
103 follow_redirect: true,
104 pool: :upload
105 ]
106 ]
107
108 config :pleroma, Pleroma.Uploaders.Local, uploads: "uploads"
109
110 config :pleroma, Pleroma.Uploaders.S3,
111 bucket: nil,
112 public_endpoint: "https://s3.amazonaws.com"
113
114 config :pleroma, Pleroma.Uploaders.MDII,
115 cgi: "https://mdii.sakura.ne.jp/mdii-post.cgi",
116 files: "https://mdii.sakura.ne.jp"
117
118 config :pleroma, :emoji,
119 shortcode_globs: ["/emoji/custom/**/*.png"],
120 pack_extensions: [".png", ".gif"],
121 groups: [
122 # Put groups that have higher priority than defaults here. Example in `docs/config/custom_emoji.md`
123 Custom: ["/emoji/*.png", "/emoji/**/*.png"]
124 ],
125 default_manifest: "https://git.pleroma.social/pleroma/emoji-index/raw/master/index.json"
126
127 config :pleroma, :uri_schemes,
128 valid_schemes: [
129 "https",
130 "http",
131 "dat",
132 "dweb",
133 "gopher",
134 "ipfs",
135 "ipns",
136 "irc",
137 "ircs",
138 "magnet",
139 "mailto",
140 "mumble",
141 "ssb",
142 "xmpp"
143 ]
144
145 websocket_config = [
146 path: "/websocket",
147 serializer: [
148 {Phoenix.Socket.V1.JSONSerializer, "~> 1.0.0"},
149 {Phoenix.Socket.V2.JSONSerializer, "~> 2.0.0"}
150 ],
151 timeout: 60_000,
152 transport_log: false,
153 compress: false
154 ]
155
156 # Configures the endpoint
157 config :pleroma, Pleroma.Web.Endpoint,
158 instrumenters: [Pleroma.Web.Endpoint.Instrumenter],
159 url: [host: "localhost"],
160 http: [
161 ip: {127, 0, 0, 1},
162 dispatch: [
163 {:_,
164 [
165 {"/api/v1/streaming", Pleroma.Web.MastodonAPI.WebsocketHandler, []},
166 {"/websocket", Phoenix.Endpoint.CowboyWebSocket,
167 {Phoenix.Transports.WebSocket,
168 {Pleroma.Web.Endpoint, Pleroma.Web.UserSocket, websocket_config}}},
169 {:_, Phoenix.Endpoint.Cowboy2Handler, {Pleroma.Web.Endpoint, []}}
170 ]}
171 ]
172 ],
173 protocol: "https",
174 secret_key_base: "aK4Abxf29xU9TTDKre9coZPUgevcVCFQJe/5xP/7Lt4BEif6idBIbjupVbOrbKxl",
175 signing_salt: "CqaoopA2",
176 render_errors: [view: Pleroma.Web.ErrorView, accepts: ~w(json)],
177 pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2],
178 secure_cookie_flag: true,
179 extra_cookie_attrs: [
180 "SameSite=Lax"
181 ]
182
183 # Configures Elixir's Logger
184 config :logger, :console,
185 format: "$time $metadata[$level] $message\n",
186 metadata: [:request_id]
187
188 config :logger, :ex_syslogger,
189 level: :debug,
190 ident: "pleroma",
191 format: "$metadata[$level] $message",
192 metadata: [:request_id]
193
194 config :quack,
195 level: :warn,
196 meta: [:all],
197 webhook_url: "https://hooks.slack.com/services/YOUR-KEY-HERE"
198
199 config :mime, :types, %{
200 "application/xml" => ["xml"],
201 "application/xrd+xml" => ["xrd+xml"],
202 "application/jrd+json" => ["jrd+json"],
203 "application/activity+json" => ["activity+json"],
204 "application/ld+json" => ["activity+json"]
205 }
206
207 config :tesla, adapter: Tesla.Adapter.Hackney
208
209 # Configures http settings, upstream proxy etc.
210 config :pleroma, :http,
211 proxy_url: nil,
212 send_user_agent: true,
213 adapter: [
214 ssl_options: [
215 # Workaround for remote server certificate chain issues
216 partial_chain: &:hackney_connect.partial_chain/1,
217 # We don't support TLS v1.3 yet
218 versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2"]
219 ]
220 ]
221
222 config :pleroma, :instance,
223 name: "Pleroma",
224 email: "example@example.com",
225 notify_email: "noreply@example.com",
226 description: "A Pleroma instance, an alternative fediverse server",
227 limit: 5_000,
228 remote_limit: 100_000,
229 upload_limit: 16_000_000,
230 avatar_upload_limit: 2_000_000,
231 background_upload_limit: 4_000_000,
232 banner_upload_limit: 4_000_000,
233 poll_limits: %{
234 max_options: 20,
235 max_option_chars: 200,
236 min_expiration: 0,
237 max_expiration: 365 * 24 * 60 * 60
238 },
239 registrations_open: true,
240 federating: true,
241 federation_incoming_replies_max_depth: 100,
242 federation_reachability_timeout_days: 7,
243 federation_publisher_modules: [
244 Pleroma.Web.ActivityPub.Publisher,
245 Pleroma.Web.Websub,
246 Pleroma.Web.Salmon
247 ],
248 allow_relay: true,
249 rewrite_policy: Pleroma.Web.ActivityPub.MRF.NoOpPolicy,
250 public: true,
251 quarantined_instances: [],
252 managed_config: true,
253 static_dir: "instance/static/",
254 allowed_post_formats: [
255 "text/plain",
256 "text/html",
257 "text/markdown",
258 "text/bbcode"
259 ],
260 mrf_transparency: true,
261 mrf_transparency_exclusions: [],
262 autofollowed_nicknames: [],
263 max_pinned_statuses: 1,
264 no_attachment_links: false,
265 welcome_user_nickname: nil,
266 welcome_message: nil,
267 max_report_comment_size: 1000,
268 safe_dm_mentions: false,
269 healthcheck: false,
270 remote_post_retention_days: 90,
271 skip_thread_containment: true,
272 limit_to_local_content: :unauthenticated,
273 dynamic_configuration: false,
274 user_bio_length: 5000,
275 user_name_length: 100,
276 max_account_fields: 10,
277 max_remote_account_fields: 20,
278 account_field_name_length: 512,
279 account_field_value_length: 2048,
280 external_user_synchronization: true
281
282 config :pleroma, :markup,
283 # XXX - unfortunately, inline images must be enabled by default right now, because
284 # of custom emoji. Issue #275 discusses defanging that somehow.
285 allow_inline_images: true,
286 allow_headings: false,
287 allow_tables: false,
288 allow_fonts: false,
289 scrub_policy: [
290 Pleroma.HTML.Transform.MediaProxy,
291 Pleroma.HTML.Scrubber.Default
292 ]
293
294 config :pleroma, :frontend_configurations,
295 pleroma_fe: %{
296 theme: "pleroma-dark",
297 logo: "/static/logo.png",
298 background: "/images/city.jpg",
299 redirectRootNoLogin: "/main/all",
300 redirectRootLogin: "/main/friends",
301 showInstanceSpecificPanel: true,
302 scopeOptionsEnabled: false,
303 formattingOptionsEnabled: false,
304 collapseMessageWithSubject: false,
305 hidePostStats: false,
306 hideUserStats: false,
307 scopeCopy: true,
308 subjectLineBehavior: "email",
309 alwaysShowSubjectInput: true
310 },
311 masto_fe: %{
312 showInstanceSpecificPanel: true
313 }
314
315 config :pleroma, :assets,
316 mascots: [
317 pleroma_fox_tan: %{
318 url: "/images/pleroma-fox-tan-smol.png",
319 mime_type: "image/png"
320 },
321 pleroma_fox_tan_shy: %{
322 url: "/images/pleroma-fox-tan-shy.png",
323 mime_type: "image/png"
324 }
325 ],
326 default_mascot: :pleroma_fox_tan
327
328 config :pleroma, :activitypub,
329 unfollow_blocked: true,
330 outgoing_blocks: true,
331 follow_handshake_timeout: 500,
332 sign_object_fetches: true
333
334 config :pleroma, :streamer,
335 workers: 3,
336 overflow_workers: 2
337
338 config :pleroma, :user, deny_follow_blocked: true
339
340 config :pleroma, :mrf_normalize_markup, scrub_policy: Pleroma.HTML.Scrubber.Default
341
342 config :pleroma, :mrf_rejectnonpublic,
343 allow_followersonly: false,
344 allow_direct: false
345
346 config :pleroma, :mrf_hellthread,
347 delist_threshold: 10,
348 reject_threshold: 20
349
350 config :pleroma, :mrf_simple,
351 media_removal: [],
352 media_nsfw: [],
353 federated_timeline_removal: [],
354 report_removal: [],
355 reject: [],
356 accept: [],
357 avatar_removal: [],
358 banner_removal: []
359
360 config :pleroma, :mrf_keyword,
361 reject: [],
362 federated_timeline_removal: [],
363 replace: []
364
365 config :pleroma, :mrf_subchain, match_actor: %{}
366
367 config :pleroma, :mrf_vocabulary,
368 accept: [],
369 reject: []
370
371 config :pleroma, :rich_media,
372 enabled: true,
373 ignore_hosts: [],
374 ignore_tld: ["local", "localdomain", "lan"],
375 parsers: [
376 Pleroma.Web.RichMedia.Parsers.TwitterCard,
377 Pleroma.Web.RichMedia.Parsers.OGP,
378 Pleroma.Web.RichMedia.Parsers.OEmbed
379 ],
380 ttl_setters: [Pleroma.Web.RichMedia.Parser.TTL.AwsSignedUrl]
381
382 config :pleroma, :media_proxy,
383 enabled: false,
384 proxy_opts: [
385 redirect_on_failure: false,
386 max_body_length: 25 * 1_048_576,
387 http: [
388 follow_redirect: true,
389 pool: :media
390 ]
391 ],
392 whitelist: []
393
394 config :pleroma, :chat, enabled: true
395
396 config :phoenix, :format_encoders, json: Jason
397
398 config :phoenix, :json_library, Jason
399
400 config :pleroma, :gopher,
401 enabled: false,
402 ip: {0, 0, 0, 0},
403 port: 9999
404
405 config :pleroma, Pleroma.Web.Metadata,
406 providers: [
407 Pleroma.Web.Metadata.Providers.OpenGraph,
408 Pleroma.Web.Metadata.Providers.TwitterCard,
409 Pleroma.Web.Metadata.Providers.RelMe
410 ],
411 unfurl_nsfw: false
412
413 config :pleroma, :suggestions,
414 enabled: false,
415 third_party_engine:
416 "http://vinayaka.distsn.org/cgi-bin/vinayaka-user-match-suggestions-api.cgi?{{host}}+{{user}}",
417 timeout: 300_000,
418 limit: 40,
419 web: "https://vinayaka.distsn.org"
420
421 config :pleroma, :http_security,
422 enabled: true,
423 sts: false,
424 sts_max_age: 31_536_000,
425 ct_max_age: 2_592_000,
426 referrer_policy: "same-origin"
427
428 config :cors_plug,
429 max_age: 86_400,
430 methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"],
431 expose: [
432 "Link",
433 "X-RateLimit-Reset",
434 "X-RateLimit-Limit",
435 "X-RateLimit-Remaining",
436 "X-Request-Id",
437 "Idempotency-Key"
438 ],
439 credentials: true,
440 headers: ["Authorization", "Content-Type", "Idempotency-Key"]
441
442 config :pleroma, Pleroma.User,
443 restricted_nicknames: [
444 ".well-known",
445 "~",
446 "about",
447 "activities",
448 "api",
449 "auth",
450 "check_password",
451 "dev",
452 "friend-requests",
453 "inbox",
454 "internal",
455 "main",
456 "media",
457 "nodeinfo",
458 "notice",
459 "oauth",
460 "objects",
461 "ostatus_subscribe",
462 "pleroma",
463 "proxy",
464 "push",
465 "registration",
466 "relay",
467 "settings",
468 "status",
469 "tag",
470 "user-search",
471 "user_exists",
472 "users",
473 "web"
474 ]
475
476 config :pleroma, Oban,
477 repo: Pleroma.Repo,
478 verbose: false,
479 prune: {:maxlen, 1500},
480 queues: [
481 activity_expiration: 10,
482 federator_incoming: 50,
483 federator_outgoing: 50,
484 web_push: 50,
485 mailer: 10,
486 transmogrifier: 20,
487 scheduled_activities: 10,
488 background: 5
489 ]
490
491 config :pleroma, :workers,
492 retries: [
493 federator_incoming: 5,
494 federator_outgoing: 5
495 ]
496
497 config :pleroma, :fetch_initial_posts,
498 enabled: false,
499 pages: 5
500
501 config :auto_linker,
502 opts: [
503 scheme: true,
504 extra: true,
505 # TODO: Set to :no_scheme when it works properly
506 validate_tld: true,
507 class: false,
508 strip_prefix: false,
509 new_window: false,
510 rel: false
511 ]
512
513 config :pleroma, :ldap,
514 enabled: System.get_env("LDAP_ENABLED") == "true",
515 host: System.get_env("LDAP_HOST") || "localhost",
516 port: String.to_integer(System.get_env("LDAP_PORT") || "389"),
517 ssl: System.get_env("LDAP_SSL") == "true",
518 sslopts: [],
519 tls: System.get_env("LDAP_TLS") == "true",
520 tlsopts: [],
521 base: System.get_env("LDAP_BASE") || "dc=example,dc=com",
522 uid: System.get_env("LDAP_UID") || "cn"
523
524 config :esshd,
525 enabled: false
526
527 oauth_consumer_strategies =
528 System.get_env("OAUTH_CONSUMER_STRATEGIES")
529 |> to_string()
530 |> String.split()
531 |> Enum.map(&hd(String.split(&1, ":")))
532
533 ueberauth_providers =
534 for strategy <- oauth_consumer_strategies do
535 strategy_module_name = "Elixir.Ueberauth.Strategy.#{String.capitalize(strategy)}"
536 strategy_module = String.to_atom(strategy_module_name)
537 {String.to_atom(strategy), {strategy_module, [callback_params: ["state"]]}}
538 end
539
540 config :ueberauth,
541 Ueberauth,
542 base_path: "/oauth",
543 providers: ueberauth_providers
544
545 config :pleroma, :auth, oauth_consumer_strategies: oauth_consumer_strategies
546
547 config :pleroma, Pleroma.Emails.Mailer, adapter: Swoosh.Adapters.Sendmail, enabled: false
548
549 config :pleroma, Pleroma.Emails.UserEmail,
550 logo: nil,
551 styling: %{
552 link_color: "#d8a070",
553 background_color: "#2C3645",
554 content_background_color: "#1B2635",
555 header_color: "#d8a070",
556 text_color: "#b9b9ba",
557 text_muted_color: "#b9b9ba"
558 }
559
560 config :prometheus, Pleroma.Web.Endpoint.MetricsExporter, path: "/api/pleroma/app_metrics"
561
562 config :pleroma, Pleroma.ScheduledActivity,
563 daily_user_limit: 25,
564 total_user_limit: 300,
565 enabled: true
566
567 config :pleroma, :email_notifications,
568 digest: %{
569 active: false,
570 schedule: "0 0 * * 0",
571 interval: 7,
572 inactivity_threshold: 7
573 }
574
575 config :pleroma, :oauth2,
576 token_expires_in: 600,
577 issue_new_refresh_token: true,
578 clean_expired_tokens: false,
579 clean_expired_tokens_interval: 86_400_000
580
581 config :pleroma, :database, rum_enabled: false
582
583 config :pleroma, :env, Mix.env()
584
585 config :http_signatures,
586 adapter: Pleroma.Signature
587
588 config :pleroma, :rate_limit, authentication: {60_000, 15}
589
590 config :pleroma, Pleroma.ActivityExpiration, enabled: true
591
592 config :pleroma, :web_cache_ttl,
593 activity_pub: nil,
594 activity_pub_question: 30_000
595
596 # Import environment specific config. This must remain at the bottom
597 # of this file so it overrides the configuration defined above.
598 import_config "#{Mix.env()}.exs"