X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=docs%2Fdocs%2Fconfiguration%2Fcheatsheet.md;h=71ebf28dceae6d0e79bc58df29d27f8bb3cc524a;hb=74dbea4cf894ac40119e443f1048ff102125672d;hp=fdbfb1a3ea493967936f0c5f478e341db1f4a425;hpb=d109bbf71c2781bd0684f98e797f75aa951e67c3;p=akkoma diff --git a/docs/docs/configuration/cheatsheet.md b/docs/docs/configuration/cheatsheet.md index fdbfb1a3e..71ebf28dc 100644 --- a/docs/docs/configuration/cheatsheet.md +++ b/docs/docs/configuration/cheatsheet.md @@ -34,7 +34,7 @@ To add configuration to your config file, you can copy it from the base config. * `federation_reachability_timeout_days`: Timeout (in days) of each external federation target being unreachable prior to pausing federating to it. * `allow_relay`: Permits remote instances to subscribe to all public posts of your instance. This may increase the visibility of your instance. * `public`: Makes the client API in authenticated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. Note that there is a dependent setting restricting or allowing unauthenticated access to specific resources, see `restrict_unauthenticated` for more details. -* `quarantined_instances`: ActivityPub instances where private (DMs, followers-only) activities will not be send. +* `quarantined_instances`: *DEPRECATED* ActivityPub instances where activities will not be sent. They can still reach there via other means, we just won't send them. * `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML). * `extended_nickname_format`: Set to `true` to use extended local nicknames format (allows underscores/dashes). This will break federation with older software for theses nicknames. @@ -131,7 +131,7 @@ To add configuration to your config file, you can copy it from the base config. * `media_removal`: List of instances to strip media attachments from and the reason for doing so. * `media_nsfw`: List of instances to tag all media as NSFW (sensitive) from and the reason for doing so. * `federated_timeline_removal`: List of instances to remove from the Federated Timeline (aka The Whole Known Network) and the reason for doing so. -* `reject`: List of instances to reject activities (except deletes) from and the reason for doing so. +* `reject`: List of instances to reject activities (except deletes) from and the reason for doing so. Additionally prevents activities from being sent to that instance. * `accept`: List of instances to only accept activities (except deletes) from and the reason for doing so. * `followers_only`: Force posts from the given instances to be visible by followers only and the reason for doing so. * `report_removal`: List of instances to reject reports from and the reason for doing so. @@ -283,14 +283,19 @@ config :pleroma, :frontends, "name" => "swagger-ui", "ref" => "stable", "enabled" => true - } + }, + mastodon: %{ + "name" => "mastodon-fe", + "ref" => "akkoma" + } ``` * `:primary` - The frontend that will be served at `/` * `:admin` - The frontend that will be served at `/pleroma/admin` * `:swagger` - Config for developers to act as an API reference to be served at `/akkoma/swaggerui/` (trailing slash _needed_). Disabled by default. +* `:mastodon` - The mastodon-fe configuration. This shouldn't need to be changed. This is served at `/web` when installed. -### :static_fe +### :static\_fe Render profiles and posts using server-generated HTML that is viewable without using JavaScript. @@ -891,6 +896,28 @@ Authentication / authorization settings. ### Pleroma.Web.Auth.Authenticator * `Pleroma.Web.Auth.PleromaAuthenticator`: default database authenticator. +* `Pleroma.Web.Auth.LDAPAuthenticator`: LDAP authentication. + +### :ldap + +Use LDAP for user authentication. When a user logs in to the Akkoma +instance, the name and password will be verified by trying to authenticate +(bind) to an LDAP server. If a user exists in the LDAP directory but there +is no account with the same name yet on the Akkoma instance then a new +Akkoma account will be created with the same name as the LDAP user name. + +* `enabled`: enables LDAP authentication +* `host`: LDAP server hostname +* `port`: LDAP port, e.g. 389 or 636 +* `ssl`: true to use SSL, usually implies the port 636 +* `sslopts`: additional SSL options +* `tls`: true to start TLS, usually implies the port 389 +* `tlsopts`: additional TLS options +* `base`: LDAP base, e.g. "dc=example,dc=com" +* `uid`: LDAP attribute name to authenticate the user, e.g. when "cn", the filter will be "cn=username,base" + +Note, if your LDAP server is an Active Directory server the correct value is commonly `uid: "cn"`, but if you use an +OpenLDAP server the value may be `uid: "uid"`. ### :oauth2 (Akkoma as OAuth 2.0 provider settings) @@ -1012,7 +1039,22 @@ config :pleroma, Pleroma.Formatter, ## Custom Runtime Modules (`:modules`) -* `runtime_dir`: A path to custom Elixir modules (such as MRF policies). +* `runtime_dir`: A path to custom Elixir modules, such as MRF policies or + custom authenticators. These modules will be loaded on boot, and can be + contained in subdirectories. It is advised to use version-controlled + subdirectories to make management of them a bit easier. Note that only + files with the extension `.ex` will be loaded. + +```elixir +config :pleroma, :modules, runtime_dir: "instance/modules" +``` + +### Adding a module + +```bash +cd instance/modules/ +git clone +``` ## :configurable_from_database