Files
yttrx-welcomebot/.env.example
T

120 lines
5.6 KiB
Bash

# Copy to .env and fill in. Do NOT commit .env.
# HMAC secret shown when you create the webhook in Mastodon
# (Administration -> Webhooks). Used to verify X-Hub-Signature.
WEBHOOK_SECRET=
# Access token for the bot account that sends the welcome DMs.
# Create a bot account on yttrx, then Preferences -> Development ->
# New application with scope: write:statuses (copy "Your access token").
BOT_ACCESS_TOKEN=
# Base URL of the Mastodon instance (no trailing slash).
MASTODON_BASE_URL=https://yttrx.com
# Welcome message template. {acct} is replaced with the new user's handle.
# The bot mentions @{acct} so a "direct" status reaches them.
WELCOME_MESSAGE=👋 Welcome to yttrx, @{acct}! Glad to have you here. If you have any questions, check out https://help.yttrx.com or just reply to this message.
# Only welcome accounts local to this instance (recommended: true).
LOCAL_ONLY=true
# Path to the sqlite dedup store inside the container (matches the volume).
DB_PATH=/data/welcomed.db
# --- Abuse-bot (report.created handling) -----------------------------------
# Access token for a DEDICATED MODERATOR bot account. That account must hold a
# role with the "Manage Users" + "Manage Reports" permissions, and the app
# token must request these scopes:
# admin:write:accounts admin:read:reports read:statuses write:statuses
# Leave blank to disable report handling entirely.
ABUSE_BOT_TOKEN=
# Master switch for report handling (also off if ABUSE_BOT_TOKEN is blank).
ABUSE_ENABLED=true
# Rollout safety: when true, log + DM what WOULD happen but take no action.
# Recommended for the first days in production; flip to false once happy.
ABUSE_DRY_RUN=true
# Moderation action: "silence" (reversible, agreed default) or "suspend".
ABUSE_ACTION=silence
# Only auto-act on accounts local to yttrx.
ABUSE_LOCAL_ONLY=true
# Account tiers (in days):
# young = oldest post newer than ABUSE_YOUNG_MAX_DAYS
# dormant = newest post older than ABUSE_DORMANT_MIN_DAYS
ABUSE_YOUNG_MAX_DAYS=30
ABUSE_DORMANT_MIN_DAYS=30
# Required number of DISTINCT reporter accounts (open reports) to auto-act:
# young / dormant / no-posts -> ABUSE_SOURCES_NEWDORMANT
# normally-active -> ABUSE_SOURCES_ACTIVE
ABUSE_SOURCES_NEWDORMANT=2
ABUSE_SOURCES_ACTIVE=3
# Safety cap on the backward status scan (40 statuses per page).
ABUSE_MAX_STATUS_PAGES=5
# Automatically never auto-act on accounts holding a staff role
# (Admin/Owner/Moderator), read from the report payload. Keep this true.
ABUSE_SKIP_PRIVILEGED=true
# Extra comma-separated handles (acct, no leading @) never to auto-act on —
# a backstop on top of ABUSE_SKIP_PRIVILEGED, and for non-staff special
# accounts. e.g. ABUSE_ALLOWLIST=waffles,tommertron,davis,bot
ABUSE_ALLOWLIST=
# Handle (acct, no @) to DM with a review summary after an auto-action.
# Leave blank to disable the DM. The DM is sent from the moderator bot.
MOD_ALERT_ACCT=
# Help/appeals page the silenced user is pointed to.
ABUSE_HELP_URL=https://welcome.yttrx.com/posts/account-limited/
# DM sent to the silenced user ({acct} + {help_url} substituted; must mention
# @{acct}). Leave blank to disable the user DM.
ABUSE_USER_DM=Hi @{acct} — your yttrx account has been temporarily limited while we review some reports. This is reversible and a moderator will take a look. Here's what happened and how to appeal: {help_url}
# --- IP-based signup scrutiny -----------------------------------------------
# Classifies each new signup's IP (Admin::Account.ip, delivered free on the
# account.created webhook) via RDAP org lookup, and treats non-residential/
# non-mobile ("datacenter"/hosting/VPN) signups with more scrutiny. Master
# switch:
IP_SCRUTINY_ENABLED=true
# Rollout safety: when true, classify + DM a moderator but take NO action
# (no held welcome, no ip_blocks write). Recommended for the first days in
# production; flip to false once you've reviewed the false-positive rate.
IP_SCRUTINY_DRY_RUN=true
# Hold the welcome DM for a flagged signup until account.approved fires
# (a human clears the existing approval-required registration gate), instead
# of welcoming immediately like every other signup.
IP_SCRUTINY_HOLD_WELCOME=true
# Distinct-reporter threshold used instead of the tier's usual
# ABUSE_SOURCES_* threshold (whichever is lower) when the reported account's
# signup IP was flagged as datacenter/hosting.
IP_SCRUTINY_ABUSE_THRESHOLD=1
# Auto-register a flagged IP into Mastodon's native Admin::IpBlock. Requires
# the ABUSE_BOT_TOKEN to carry the admin:write:ip_blocks scope (see
# CLAUDE.md's moderator-token-gotcha section) — without it this 403s and is
# logged as an error, but nothing else in the bot is affected.
IP_SCRUTINY_AUTO_IPBLOCK=true
# Severity applied to auto-registered blocks: sign_up_requires_approval (soft,
# recommended), sign_up_block (hard — no queue, cannot appeal via this bot),
# or no_access (blocks all access, not just signups).
IP_SCRUTINY_IPBLOCK_SEVERITY=sign_up_requires_approval
# Case-insensitive regexes matched against the RDAP org/ASN description.
# Anything matching neither is treated as "residential" (never flagged).
# Only IP_SCRUTINY_HOSTING_RE matches are flagged; IP_SCRUTINY_MOBILE_RE is
# informational only (mobile carriers are never scrutinized).
IP_SCRUTINY_HOSTING_RE=amazon|aws|google|microsoft|azure|digitalocean|ovh|hetzner|linode|vultr|contabo|choopa|m247|scaleway|leaseweb|hostinger|namecheap|godaddy|cloudflare|oracle|alibaba|tencent|akamai|fastly|packet|vpn|proxy|hosting|datacenter|data center|colo(?:cation)?|server
IP_SCRUTINY_MOBILE_RE=mobile|wireless|cellular|verizon|t-mobile|tmobile|at&t|att mobility|vodafone|telstra|sprint|three\b|orange mobile|deutsche telekom|o2\b