tranquil.farm
Our Personal Data Server from scratch!
tranquil.farm
oauth
atproto
pds
rust
postgresql
objectstorage
fun
isabelroses.com
1[server]
2# Public hostname of the PDS (e.g. `pds.example.com`).
3#
4# Can also be specified via environment variable `PDS_HOSTNAME`.
5#
6# Required! This value must be specified.
7#hostname =
8
9# Address to bind the HTTP server to.
10#
11# Can also be specified via environment variable `SERVER_HOST`.
12#
13# Default value: "127.0.0.1"
14#host = "127.0.0.1"
15
16# Port to bind the HTTP server to.
17#
18# Can also be specified via environment variable `SERVER_PORT`.
19#
20# Default value: 3000
21#port = 3000
22
23# List of domains for user handles.
24# Defaults to the PDS hostname when not set.
25#
26# Can also be specified via environment variable `PDS_USER_HANDLE_DOMAINS`.
27#user_handle_domains =
28
29# List of domains available for user registration.
30# Defaults to the PDS hostname when not set.
31#
32# Can also be specified via environment variable `AVAILABLE_USER_DOMAINS`.
33#available_user_domains =
34
35# Enable PDS-hosted did:web identities. Hosting did:web requires a
36# long-term commitment to serve DID documents; opt-in only.
37#
38# Can also be specified via environment variable `ENABLE_PDS_HOSTED_DID_WEB`.
39#
40# Default value: false
41#enable_pds_hosted_did_web = false
42
43# When set to true, skip age-assurance birthday prompt for all accounts.
44#
45# Can also be specified via environment variable `PDS_AGE_ASSURANCE_OVERRIDE`.
46#
47# Default value: false
48#age_assurance_override = false
49
50# Require an invite code for new account registration.
51#
52# Can also be specified via environment variable `INVITE_CODE_REQUIRED`.
53#
54# Default value: true
55#invite_code_required = true
56
57# Allow HTTP (non-TLS) proxy requests. Only useful during development.
58#
59# Can also be specified via environment variable `ALLOW_HTTP_PROXY`.
60#
61# Default value: false
62#allow_http_proxy = false
63
64# Disable all rate limiting. Should only be used in testing.
65#
66# Can also be specified via environment variable `DISABLE_RATE_LIMITING`.
67#
68# Default value: false
69#disable_rate_limiting = false
70
71# List of additional banned words for handle validation.
72#
73# Can also be specified via environment variable `PDS_BANNED_WORDS`.
74#banned_words =
75
76# URL to a privacy policy page.
77#
78# Can also be specified via environment variable `PRIVACY_POLICY_URL`.
79#privacy_policy_url =
80
81# URL to terms of service page.
82#
83# Can also be specified via environment variable `TERMS_OF_SERVICE_URL`.
84#terms_of_service_url =
85
86# Operator contact email address.
87#
88# Can also be specified via environment variable `CONTACT_EMAIL`.
89#contact_email =
90
91# Maximum allowed blob size in bytes (default 10 GiB).
92#
93# Can also be specified via environment variable `MAX_BLOB_SIZE`.
94#
95# Default value: 10737418240
96#max_blob_size = 10737418240
97
98[database]
99# PostgreSQL connection URL.
100#
101# Can also be specified via environment variable `DATABASE_URL`.
102#
103# Required! This value must be specified.
104#url =
105
106# Maximum number of connections in the pool.
107#
108# Can also be specified via environment variable `DATABASE_MAX_CONNECTIONS`.
109#
110# Default value: 100
111#max_connections = 100
112
113# Minimum number of idle connections kept in the pool.
114#
115# Can also be specified via environment variable `DATABASE_MIN_CONNECTIONS`.
116#
117# Default value: 10
118#min_connections = 10
119
120# Timeout in seconds when acquiring a connection from the pool.
121#
122# Can also be specified via environment variable `DATABASE_ACQUIRE_TIMEOUT_SECS`.
123#
124# Default value: 10
125#acquire_timeout_secs = 10
126
127[secrets]
128# Secret used for signing JWTs. Must be at least 32 characters in
129# production.
130#
131# Can also be specified via environment variable `JWT_SECRET`.
132#jwt_secret =
133
134# Secret used for DPoP proof validation. Must be at least 32 characters
135# in production.
136#
137# Can also be specified via environment variable `DPOP_SECRET`.
138#dpop_secret =
139
140# Master key used for key-encryption and HKDF derivation. Must be at
141# least 32 characters in production.
142#
143# Can also be specified via environment variable `MASTER_KEY`.
144#master_key =
145
146# PLC rotation key (DID key). If not set, user-level keys are used.
147#
148# Can also be specified via environment variable `PLC_ROTATION_KEY`.
149#plc_rotation_key =
150
151# Allow insecure/test secrets. NEVER enable in production.
152#
153# Can also be specified via environment variable `TRANQUIL_PDS_ALLOW_INSECURE_SECRETS`.
154#
155# Default value: false
156#allow_insecure = false
157
158[storage]
159# Storage backend: `filesystem` or `s3`.
160#
161# Can also be specified via environment variable `BLOB_STORAGE_BACKEND`.
162#
163# Default value: "filesystem"
164#backend = "filesystem"
165
166# Path on disk for the filesystem blob backend.
167#
168# Can also be specified via environment variable `BLOB_STORAGE_PATH`.
169#
170# Default value: "/var/lib/tranquil-pds/blobs"
171#path = "/var/lib/tranquil-pds/blobs"
172
173# S3 bucket name for blob storage.
174#
175# Can also be specified via environment variable `S3_BUCKET`.
176#s3_bucket =
177
178# Custom S3 endpoint URL (for MinIO, R2, etc.).
179#
180# Can also be specified via environment variable `S3_ENDPOINT`.
181#s3_endpoint =
182
183[backup]
184# Enable automatic backups.
185#
186# Can also be specified via environment variable `BACKUP_ENABLED`.
187#
188# Default value: true
189#enabled = true
190
191# Backup storage backend: `filesystem` or `s3`.
192#
193# Can also be specified via environment variable `BACKUP_STORAGE_BACKEND`.
194#
195# Default value: "filesystem"
196#backend = "filesystem"
197
198# Path on disk for the filesystem backup backend.
199#
200# Can also be specified via environment variable `BACKUP_STORAGE_PATH`.
201#
202# Default value: "/var/lib/tranquil-pds/backups"
203#path = "/var/lib/tranquil-pds/backups"
204
205# S3 bucket name for backups.
206#
207# Can also be specified via environment variable `BACKUP_S3_BUCKET`.
208#s3_bucket =
209
210# Number of backup revisions to keep per account.
211#
212# Can also be specified via environment variable `BACKUP_RETENTION_COUNT`.
213#
214# Default value: 7
215#retention_count = 7
216
217# Seconds between backup runs.
218#
219# Can also be specified via environment variable `BACKUP_INTERVAL_SECS`.
220#
221# Default value: 86400
222#interval_secs = 86400
223
224[cache]
225# Cache backend: `ripple` (default, built-in gossip) or `valkey`.
226#
227# Can also be specified via environment variable `CACHE_BACKEND`.
228#
229# Default value: "ripple"
230#backend = "ripple"
231
232# Valkey / Redis connection URL. Required when `backend = "valkey"`.
233#
234# Can also be specified via environment variable `VALKEY_URL`.
235#valkey_url =
236
237[cache.ripple]
238# Address to bind the Ripple gossip protocol listener.
239#
240# Can also be specified via environment variable `RIPPLE_BIND`.
241#
242# Default value: "0.0.0.0:0"
243#bind_addr = "0.0.0.0:0"
244
245# List of seed peer addresses.
246#
247# Can also be specified via environment variable `RIPPLE_PEERS`.
248#peers =
249
250# Unique machine identifier. Auto-derived from hostname when not set.
251#
252# Can also be specified via environment variable `RIPPLE_MACHINE_ID`.
253#machine_id =
254
255# Gossip protocol interval in milliseconds.
256#
257# Can also be specified via environment variable `RIPPLE_GOSSIP_INTERVAL_MS`.
258#
259# Default value: 200
260#gossip_interval_ms = 200
261
262# Maximum cache size in megabytes.
263#
264# Can also be specified via environment variable `RIPPLE_CACHE_MAX_MB`.
265#
266# Default value: 256
267#cache_max_mb = 256
268
269[plc]
270# Base URL of the PLC directory.
271#
272# Can also be specified via environment variable `PLC_DIRECTORY_URL`.
273#
274# Default value: "https://plc.directory"
275#directory_url = "https://plc.directory"
276
277# HTTP request timeout in seconds.
278#
279# Can also be specified via environment variable `PLC_TIMEOUT_SECS`.
280#
281# Default value: 10
282#timeout_secs = 10
283
284# TCP connect timeout in seconds.
285#
286# Can also be specified via environment variable `PLC_CONNECT_TIMEOUT_SECS`.
287#
288# Default value: 5
289#connect_timeout_secs = 5
290
291# Seconds to cache DID documents in memory.
292#
293# Can also be specified via environment variable `DID_CACHE_TTL_SECS`.
294#
295# Default value: 300
296#did_cache_ttl_secs = 300
297
298[firehose]
299# Size of the in-memory broadcast buffer for firehose events.
300#
301# Can also be specified via environment variable `FIREHOSE_BUFFER_SIZE`.
302#
303# Default value: 10000
304#buffer_size = 10000
305
306# How many hours of historical events to replay for cursor-based
307# firehose connections.
308#
309# Can also be specified via environment variable `FIREHOSE_BACKFILL_HOURS`.
310#
311# Default value: 72
312#backfill_hours = 72
313
314# Maximum number of lagged events before disconnecting a slow consumer.
315#
316# Can also be specified via environment variable `FIREHOSE_MAX_LAG`.
317#
318# Default value: 5000
319#max_lag = 5000
320
321# List of relay / crawler notification URLs.
322#
323# Can also be specified via environment variable `CRAWLERS`.
324#crawlers =
325
326[email]
327# Sender email address. When unset, email sending is disabled.
328#
329# Can also be specified via environment variable `MAIL_FROM_ADDRESS`.
330#from_address =
331
332# Display name used in the `From` header.
333#
334# Can also be specified via environment variable `MAIL_FROM_NAME`.
335#
336# Default value: "Tranquil PDS"
337#from_name = "Tranquil PDS"
338
339# Path to the `sendmail` binary.
340#
341# Can also be specified via environment variable `SENDMAIL_PATH`.
342#
343# Default value: "/usr/sbin/sendmail"
344#sendmail_path = "/usr/sbin/sendmail"
345
346[discord]
347# Discord bot token. When unset, Discord integration is disabled.
348#
349# Can also be specified via environment variable `DISCORD_BOT_TOKEN`.
350#bot_token =
351
352[telegram]
353# Telegram bot token. When unset, Telegram integration is disabled.
354#
355# Can also be specified via environment variable `TELEGRAM_BOT_TOKEN`.
356#bot_token =
357
358# Secret token for incoming webhook verification.
359#
360# Can also be specified via environment variable `TELEGRAM_WEBHOOK_SECRET`.
361#webhook_secret =
362
363[signal]
364# Path to the `signal-cli` binary.
365#
366# Can also be specified via environment variable `SIGNAL_CLI_PATH`.
367#
368# Default value: "/usr/local/bin/signal-cli"
369#cli_path = "/usr/local/bin/signal-cli"
370
371# Sender phone number. When unset, Signal integration is disabled.
372#
373# Can also be specified via environment variable `SIGNAL_SENDER_NUMBER`.
374#sender_number =
375
376[notifications]
377# Polling interval in milliseconds for the comms queue.
378#
379# Can also be specified via environment variable `NOTIFICATION_POLL_INTERVAL_MS`.
380#
381# Default value: 1000
382#poll_interval_ms = 1000
383
384# Number of notifications to process per batch.
385#
386# Can also be specified via environment variable `NOTIFICATION_BATCH_SIZE`.
387#
388# Default value: 100
389#batch_size = 100
390
391[sso]
392[sso.github]
393# Default value: false
394#enabled = false
395
396#client_id =
397
398#client_secret =
399
400#display_name =
401
402[sso.discord]
403# Default value: false
404#enabled = false
405
406#client_id =
407
408#client_secret =
409
410#display_name =
411
412[sso.google]
413# Default value: false
414#enabled = false
415
416#client_id =
417
418#client_secret =
419
420#display_name =
421
422[sso.gitlab]
423# Default value: false
424#enabled = false
425
426#client_id =
427
428#client_secret =
429
430#issuer =
431
432#display_name =
433
434[sso.oidc]
435# Default value: false
436#enabled = false
437
438#client_id =
439
440#client_secret =
441
442#issuer =
443
444#display_name =
445
446[sso.apple]
447# Can also be specified via environment variable `SSO_APPLE_ENABLED`.
448# Default value: false
449#enabled = false
450
451# Can also be specified via environment variable `SSO_APPLE_CLIENT_ID`.
452#client_id =
453
454# Can also be specified via environment variable `SSO_APPLE_TEAM_ID`.
455#team_id =
456
457# Can also be specified via environment variable `SSO_APPLE_KEY_ID`.
458#key_id =
459
460# Can also be specified via environment variable `SSO_APPLE_PRIVATE_KEY`.
461#private_key =
462
463[moderation]
464# External report-handling service URL.
465#
466# Can also be specified via environment variable `REPORT_SERVICE_URL`.
467#report_service_url =
468
469# DID of the external report-handling service.
470#
471# Can also be specified via environment variable `REPORT_SERVICE_DID`.
472#report_service_did =
473
474[import]
475# Whether the PDS accepts repo imports.
476#
477# Can also be specified via environment variable `ACCEPTING_REPO_IMPORTS`.
478#
479# Default value: true
480#accepting = true
481
482# Maximum allowed import archive size in bytes (default 1 GiB).
483#
484# Can also be specified via environment variable `MAX_IMPORT_SIZE`.
485#
486# Default value: 1073741824
487#max_size = 1073741824
488
489# Maximum number of blocks allowed in an import.
490#
491# Can also be specified via environment variable `MAX_IMPORT_BLOCKS`.
492#
493# Default value: 500000
494#max_blocks = 500000
495
496# Skip CAR verification during import. Only for development/debugging.
497#
498# Can also be specified via environment variable `SKIP_IMPORT_VERIFICATION`.
499#
500# Default value: false
501#skip_verification = false
502
503[scheduled]
504# Interval in seconds between scheduled delete checks.
505#
506# Can also be specified via environment variable `SCHEDULED_DELETE_CHECK_INTERVAL_SECS`.
507#
508# Default value: 3600
509#delete_check_interval_secs = 3600