diff --git a/.env b/.env index 5b0799e..da7c982 100644 --- a/.env +++ b/.env @@ -1,5 +1,5 @@ MISSKEY_NGINX_IMAGE="nginx:latest" -MISSKEY_WEB_IMAGE="misskey/misskey:2024.10.1" +MISSKEY_WEB_IMAGE="misskey/misskey:2024.11.0" MISSKEY_REDIS_IMAGE="redis:7-alpine" MISSKEY_DB_IMAGE="postgres:15-alpine" MISSKEY_MEILISEARCH_IMAGE="getmeili/meilisearch:v1.3" diff --git a/config.sh b/config.sh index d1c2afc..6c7624c 100755 --- a/config.sh +++ b/config.sh @@ -6,6 +6,10 @@ cd `dirname $0` echo "Misskeyを運用するドメインを入力してください。(例: mi.example.com)" read DOMAIN +# セットアップパスワードを聞く +echo "Misskeyの初期セットアップに使うパスワードを入力してください。" +read SETUP_PASSWORD + # Postgresのパスワードを聞く echo "PostgreSQLのパスワードを入力してください。" read POSTGRES_PASSWORD @@ -21,8 +25,7 @@ sudo cp ./nginx/default.conf.example ./nginx/default.conf # 設定ファイルを書き換え sed -i -e "s/POSTGRES_PASSWORD=example_password/POSTGRES_PASSWORD=$POSTGRES_PASSWORD/g" ./env/postgres.env -sed -i -e "s/example.tld/$DOMAIN/g" ./misskey/config/default.yml -sed -i -e "s/pass: example_password/pass: $POSTGRES_PASSWORD/g" ./misskey/config/default.yml +sed -i -e "s/example.tld/$DOMAIN/g; s/# setupPassword: example_password_please_change_this_or_you_will_get_hacked/setupPassword: $SETUP_PASSWORD/g; s/pass: example_password/pass: $POSTGRES_PASSWORD/g" ./misskey/config/default.yml sudo sed -i -e "s/example.tld/$DOMAIN/g" ./nginx/default.conf # Meilisearchの有効化をするか聞く diff --git a/misskey/config/default.yml.example b/misskey/config/default.yml.example index ba3d8ae..c5ab2f4 100644 --- a/misskey/config/default.yml.example +++ b/misskey/config/default.yml.example @@ -2,6 +2,77 @@ # Misskey configuration #━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +# ┌──────────────────────────────┐ +#───┘ a boring but important thing └──────────────────────────── + +# +# First of all, let me tell you a story that may possibly be +# boring to you and possibly important to you. +# +# Misskey is licensed under the AGPLv3 license. This license is +# known to be often misunderstood. Please read the following +# instructions carefully and select the appropriate option so +# that you do not negligently cause a license violation. +# + +# -------- +# Option 1: If you host Misskey AS-IS (without any changes to +# the source code. forks are not included). +# +# Step 1: Congratulations! You don't need to do anything. + +# -------- +# Option 2: If you have made changes to the source code (forks +# are included) and publish a Git repository of source +# code. There should be no access restrictions on +# this repository. Strictly speaking, it doesn't have +# to be a Git repository, but you'll probably use Git! +# +# Step 1: Build and run the Misskey server first. +# Step 2: Open in +# your browser with the administrator account. +# Step 3: Enter the URL of your Git repository in the +# "Repository URL" field. + +# -------- +# Option 3: If neither of the above applies to you. +# (In this case, the source code should be published +# on the Misskey interface. IT IS NOT ENOUGH TO +# DISCLOSE THE SOURCE CODE WHEN A USER REQUESTS IT BY +# E-MAIL OR OTHER MEANS. If you are not satisfied +# with this, it is recommended that you read the +# license again carefully. Anyway, enabling this +# option will automatically generate and publish a +# tarball at build time, protecting you from +# inadvertent license violations. (There is no legal +# guarantee, of course.) The tarball will generated +# from the root directory of your codebase. So it is +# also recommended to check directory +# once after building and before activating the server +# to avoid ACCIDENTAL LEAKING OF SENSITIVE INFORMATION. +# To prevent certain files from being included in the +# tarball, add a glob pattern after line 15 in +# . DO NOT FORGET TO BUILD AFTER +# ENABLING THIS OPTION!) +# +# Step 1: Uncomment the following line. +# +# publishTarballInsteadOfProvideRepositoryUrl: true + +# ┌────────────────────────┐ +#───┘ Initial Setup Password └───────────────────────────────────────────────────── + +# Password to initiate setting up admin account. +# It will not be used after the initial setup is complete. +# +# Be sure to change this when you set up Misskey via the Internet. +# +# The provider of the service who sets up Misskey on behalf of the customer should +# set this value to something unique when generating the Misskey config file, +# and provide it to the customer. +# +# setupPassword: example_password_please_change_this_or_you_will_get_hacked + # ┌─────┐ #───┘ URL └───────────────────────────────────────────────────── @@ -30,6 +101,10 @@ url: https://example.tld/ # The port that your Misskey server should listen on. port: 3000 +# You can also use UNIX domain socket. +# socket: /path/to/misskey.sock +# chmodSocket: '777' + # ┌──────────────────────────┐ #───┘ PostgreSQL configuration └──────────────────────────────── @@ -56,17 +131,17 @@ dbReplications: false # You can configure any number of replicas here #dbSlaves: # - -# host: -# port: -# db: -# user: -# pass: +# host: +# port: +# db: +# user: +# pass: # - -# host: -# port: -# db: -# user: -# pass: +# host: +# port: +# db: +# user: +# pass: # ┌─────────────────────┐ #───┘ Redis configuration └───────────────────────────────────── @@ -78,6 +153,8 @@ redis: #pass: example-pass #prefix: example-prefix #db: 1 + # You can specify more ioredis options... + #username: example-username #redisForPubsub: # host: redis @@ -86,6 +163,8 @@ redis: # #pass: example-pass # #prefix: example-prefix # #db: 1 +# # You can specify more ioredis options... +# #username: example-username #redisForJobQueue: # host: redis @@ -94,16 +173,42 @@ redis: # #pass: example-pass # #prefix: example-prefix # #db: 1 +# # You can specify more ioredis options... +# #username: example-username + +#redisForTimelines: +# host: redis +# port: 6379 +# #family: 0 # 0=Both, 4=IPv4, 6=IPv6 +# #pass: example-pass +# #prefix: example-prefix +# #db: 1 +# # You can specify more ioredis options... +# #username: example-username + +#redisForReactions: +# host: redis +# port: 6379 +# #family: 0 # 0=Both, 4=IPv4, 6=IPv6 +# #pass: example-pass +# #prefix: example-prefix +# #db: 1 +# # You can specify more ioredis options... +# #username: example-username # ┌───────────────────────────┐ #───┘ MeiliSearch configuration └───────────────────────────── +# You can set scope to local (default value) or global +# (include notes from remote). + #meilisearch: # host: meilisearch # port: 7700 # apiKey: 'meilisearch-UUID' # ssl: false # index: 'example-tld' +# scope: local # ┌───────────────┐ #───┘ ID generation └─────────────────────────────────────────── @@ -124,6 +229,21 @@ redis: id: 'aidx' +# ┌────────────────┐ +#───┘ Error tracking └────────────────────────────────────────── + +# Sentry is available for error tracking. +# See the Sentry documentation for more details on options. + +#sentryForBackend: +# enableNodeProfiling: true +# options: +# dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0' + +#sentryForFrontend: +# options: +# dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0' + # ┌─────────────────────┐ #───┘ Other configuration └───────────────────────────────────── @@ -134,16 +254,23 @@ id: 'aidx' #clusterLimit: 1 # Job concurrency per worker -# deliverJobConcurrency: 128 -# inboxJobConcurrency: 16 +#deliverJobConcurrency: 128 +#inboxJobConcurrency: 16 +#relationshipJobConcurrency: 16 +# What's relationshipJob?: +# Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations. # Job rate limiter -# deliverJobPerSec: 128 -# inboxJobPerSec: 16 +#deliverJobPerSec: 128 +#inboxJobPerSec: 32 +#relationshipJobPerSec: 64 # Job attempts -# deliverJobMaxAttempts: 12 -# inboxJobMaxAttempts: 8 +#deliverJobMaxAttempts: 12 +#inboxJobMaxAttempts: 8 + +# Local address used for outgoing requests +#outgoingAddress: 127.0.0.1 # IP address family used for outgoing request (ipv4, ipv6 or dual) #outgoingAddressFamily: ipv4 @@ -164,17 +291,33 @@ proxySmtp: http://warp:1080 # use HTTP/1.1 CONNECT #proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5 # Media Proxy +# Reference Implementation: https://github.com/misskey-dev/media-proxy +# * Deliver a common cache between instances +# * Perform image compression (on a different server resource than the main process) #mediaProxy: https://example.com/proxy # Proxy remote files (default: true) +# Proxy remote files by this instance or mediaProxy to prevent remote files from running in remote domains. proxyRemoteFiles: true +# Movie Thumbnail Generation URL +# There is no reference implementation. +# For example, Misskey will point to the following URL: +# https://example.com/thumbnail.webp?thumbnail=1&url=https%3A%2F%2Fstorage.example.com%2Fpath%2Fto%2Fvideo.mp4 +#videoThumbnailGenerator: https://example.com + # Sign to ActivityPub GET request (default: true) signToActivityPubGet: true +# For security reasons, uploading attachments from the intranet is prohibited, +# but exceptions can be made from the following settings. Default value is "undefined". +# Read changelog to learn more (Improvements of 12.90.0 (2021/09/04)). #allowedPrivateNetworks: [ # '127.0.0.1/32' #] # Upload or download file size limits (bytes) #maxFileSize: 262144000 + +# PID File of master process +#pidFile: /tmp/misskey.pid \ No newline at end of file