# Copy to .env and fill in. Do NOT commit .env. # HMAC secret shown when you create the webhook in Mastodon # (Administration -> Webhooks). Used to verify X-Hub-Signature. WEBHOOK_SECRET= # Access token for the bot account that sends the welcome DMs. # Create a bot account on yttrx, then Preferences -> Development -> # New application with scope: write:statuses (copy "Your access token"). BOT_ACCESS_TOKEN= # Base URL of the Mastodon instance (no trailing slash). MASTODON_BASE_URL=https://yttrx.com # Welcome message template. {acct} is replaced with the new user's handle. # The bot mentions @{acct} so a "direct" status reaches them. WELCOME_MESSAGE=👋 Welcome to yttrx, @{acct}! Glad to have you here. If you have any questions, check out https://help.yttrx.com or just reply to this message. # Only welcome accounts local to this instance (recommended: true). LOCAL_ONLY=true # Path to the sqlite dedup store inside the container (matches the volume). DB_PATH=/data/welcomed.db # --- Abuse-bot (report.created handling) ----------------------------------- # Access token for a DEDICATED MODERATOR bot account. That account must hold a # role with the "Manage Users" + "Manage Reports" permissions, and the app # token must request these scopes: # admin:write:accounts admin:read:reports read:statuses write:statuses # Leave blank to disable report handling entirely. ABUSE_BOT_TOKEN= # Master switch for report handling (also off if ABUSE_BOT_TOKEN is blank). ABUSE_ENABLED=true # Rollout safety: when true, log + DM what WOULD happen but take no action. # Recommended for the first days in production; flip to false once happy. ABUSE_DRY_RUN=true # Moderation action: "silence" (reversible, agreed default) or "suspend". ABUSE_ACTION=silence # Only auto-act on accounts local to yttrx. ABUSE_LOCAL_ONLY=true # Account tiers (in days): # young = oldest post newer than ABUSE_YOUNG_MAX_DAYS # dormant = newest post older than ABUSE_DORMANT_MIN_DAYS ABUSE_YOUNG_MAX_DAYS=30 ABUSE_DORMANT_MIN_DAYS=30 # Required number of DISTINCT reporter accounts (open reports) to auto-act: # young / dormant / no-posts -> ABUSE_SOURCES_NEWDORMANT # normally-active -> ABUSE_SOURCES_ACTIVE ABUSE_SOURCES_NEWDORMANT=2 ABUSE_SOURCES_ACTIVE=3 # Safety cap on the backward status scan (40 statuses per page). ABUSE_MAX_STATUS_PAGES=5 # Automatically never auto-act on accounts holding a staff role # (Admin/Owner/Moderator), read from the report payload. Keep this true. ABUSE_SKIP_PRIVILEGED=true # Extra comma-separated handles (acct, no leading @) never to auto-act on — # a backstop on top of ABUSE_SKIP_PRIVILEGED, and for non-staff special # accounts. e.g. ABUSE_ALLOWLIST=waffles,tommertron,davis,bot ABUSE_ALLOWLIST= # Handle (acct, no @) to DM with a review summary after an auto-action. # Leave blank to disable the DM. The DM is sent from the moderator bot. MOD_ALERT_ACCT= # Help/appeals page the silenced user is pointed to. ABUSE_HELP_URL=https://welcome.yttrx.com/posts/account-limited/ # DM sent to the silenced user ({acct} + {help_url} substituted; must mention # @{acct}). Leave blank to disable the user DM. ABUSE_USER_DM=Hi @{acct} — your yttrx account has been temporarily limited while we review some reports. This is reversible and a moderator will take a look. Here's what happened and how to appeal: {help_url} # --- IP-based signup scrutiny ----------------------------------------------- # Classifies each new signup's IP (Admin::Account.ip, delivered free on the # account.created webhook) via RDAP org lookup, and treats non-residential/ # non-mobile ("datacenter"/hosting/VPN) signups with more scrutiny. Master # switch: IP_SCRUTINY_ENABLED=true # Rollout safety: when true, classify + DM a moderator but take NO action # (no held welcome, no ip_blocks write). Recommended for the first days in # production; flip to false once you've reviewed the false-positive rate. IP_SCRUTINY_DRY_RUN=true # Hold the welcome DM for a flagged signup until account.approved fires # (a human clears the existing approval-required registration gate), instead # of welcoming immediately like every other signup. IP_SCRUTINY_HOLD_WELCOME=true # Distinct-reporter threshold used instead of the tier's usual # ABUSE_SOURCES_* threshold (whichever is lower) when the reported account's # signup IP was flagged as datacenter/hosting. IP_SCRUTINY_ABUSE_THRESHOLD=1 # Auto-register a flagged IP into Mastodon's native Admin::IpBlock. Requires # the ABUSE_BOT_TOKEN to carry the admin:write:ip_blocks scope (see # CLAUDE.md's moderator-token-gotcha section) — without it this 403s and is # logged as an error, but nothing else in the bot is affected. IP_SCRUTINY_AUTO_IPBLOCK=true # Severity applied to auto-registered blocks: sign_up_requires_approval (soft, # recommended), sign_up_block (hard — no queue, cannot appeal via this bot), # or no_access (blocks all access, not just signups). IP_SCRUTINY_IPBLOCK_SEVERITY=sign_up_requires_approval # Case-insensitive regexes matched against the RDAP org/ASN description. # Anything matching neither is treated as "residential" (never flagged). # Only IP_SCRUTINY_HOSTING_RE matches are flagged; IP_SCRUTINY_MOBILE_RE is # informational only (mobile carriers are never scrutinized). IP_SCRUTINY_HOSTING_RE=amazon|aws|google|microsoft|azure|digitalocean|ovh|hetzner|linode|vultr|contabo|choopa|m247|scaleway|leaseweb|hostinger|namecheap|godaddy|cloudflare|oracle|alibaba|tencent|akamai|fastly|packet|vpn|proxy|hosting|datacenter|data center|colo(?:cation)?|server IP_SCRUTINY_MOBILE_RE=mobile|wireless|cellular|verizon|t-mobile|tmobile|at&t|att mobility|vodafone|telstra|sprint|three\b|orange mobile|deutsche telekom|o2\b