| `aws` | `running_from_ec2` | bool | ❌ | Toggle for AWS EC2 as a deployment target. Uses IMDSv2 to sense the region when the `AWS_DEFAULT_REGION` environment variable isn't passed. |
| `aws` | `use_secrets_manager` | bool | ❌ | Enables querying AWS Secrets Manager for confidential configuration items, such as the encryption key. Either this or `encryption.key_path` is required. |
| `aws` | `encryption_key_version` | string | `AWSCURRENT` | Useful for rolling back a key rotation. Valid values are `AWSCURRENT`, `AWSPENDING`, or `AWSPREVIOUS`. |
| `encryption` | `key_path` | string | ❌ | Absolute path to a file containing a 32-byte binary encryption key generated with PyNaCl. Either this or `aws.use_secrets_manager` is required. |
| `encryption` | `key_material` | string | ❌ | Base64 encoded 32-byte binary encryption key generated with PyNaCl. Disabled when running in a production environment. |
| `db` | `password` | string | ❌ | postgres DB bot user password set by env var `DOCKER_BOT_POSTGRES_PWD` |
| `privileged` | `bot_operator` | int | ❌ | Override to specify an operator separate from the bot owner account. Used for highest-privilege command authorization. |
| `privileged` | `create_dev_guild` | bool | ❌ | One-time toggle to make the bot create a guild and invite the operator, or bot owner to it. |
| `privileged` | `dev_guild` | int | ❌ | Guild ID of the aforementioned. Enter after creation via init with `create_dev_guild` enabled. |
| `privileged` | `dev_guild_name` | string | "cables development" | Override the name of the guild created if `privileged.create_dev_guild` is enabled. |
| `privileged` | `bot_admins` | list[string] | `[Bot.owner_id]` | List of user IDs permitted to use commands otherwise reserved for the bot owner. The owner of the bot account is included by default. |
| `privileged` | `mod_channel` | int | Guild system channel | Guild system channel | A private, moderator-only channel on your guild to send post reports of blacklisted content to. |
| `privileged` | `admin_channel` | int | ❌ | A private, admin-only channel on your guild to send relevant messages to. Unused at this time. |
| `privileged` | `staff_role` | int | ❌ | A role that all staff members in the moderator-only channel are assigned. Used for pings. |
| `privileged` | `admin_role` | int | ❌ | A role that only guild administrators are assigned. Used for permission checking. Required even if Administrator role permission is granted. |
| `privileged` | `admin_proxy_role` | int | ❌ | A role that administrators using alt/proxy accounts are assigned. Used for permission checking as an alternative to `privileged.admin_role`. |
### Everything else
Feature toggles and their various settings.
| section | key | type | default | notes |
| ------- | --- | ---- | ------- | ----- |
| `moderation` | `watch_interval` | int | `15` | How frequently to notify staff over a watched user's activity, in minutes w/ a minimum of `5` |
| `moderation` | `watch_channel` | int | Guild system channel | A channel ID for which user activity watch notifications will be delivered |
| `moderation` | `require_sanction_reasons` | bool | ✅ | Requires providing a reason when enacting sanctions against a member |
| `moderation` | `user_ban_notify` | bool | ✅ | Notifies a banned user by DM of the reason and other instructions |
| `moderation.urls` | `policy` | string | ❌ | An optional link to a rules/guidelines policy document |
| `moderation.urls` | `content` | string | ❌ | An optional link to a document describing prohibited content policy |
| `moderation` | `ban_appeals` | bool | ❌ | Allows banned users to appeal the judgement |
| `moderation` | `ban_approval_quorum` | bool | ✅ | Requires administrator quorum to enact a user ban |
| `moderation` | `content_reports.enabled` | bool | ✅ | Reports media posts that may violate the Discord terms of service to `privileged.mod_channel`. Requires `moderation.content_reports.channels` and `hydrus.*` |
| `moderation` | `content_reports.channels` | list[int] | ❌ | A list of channel or category IDs to scan for media violations in |
| `moderation` | `content_reports.mentions` | bool | ❌ | Includes a mention of `privileged.staff_role` when reporting violations |
| `moderation` | `content_reports.automod` | bool | ❌ | Automatically deletes media caught by scanning |
| `preview` | `channels` | list[int] | ❌ | List of channel or category IDs to preview media posts in |
| `defcon` | `purgatory` | bool | ✅ | Suspends administrative functions being used in the event that the owner's account is banned |
| `defcon` | `bot_protection` | bool | ✅ | Disallows administrative actions from being taken on bot accounts |
| `defcon` | `code` | string | ❌ | Reserved for future use |
| `fun` | `game` | string | "in the wired~" | Overrides the 'Now playing' activity message in the bot's profile |
| `fun` | `namesub_role` | string | `namesub` | Name of the role of users who may have their name changed |
| `fun` | `namedom_role` | string | `namedom` | Name of the default role of users who may change namesub's nickname |
| `fun` | `color_positioner` | string | ❌ | When settings a color role, it will be positioned below this named role so long as _it_ has a position set |
| `fun.gets` | `channels` | list[int] | ❌ | List of channel of category IDs to enable GET detection (#243) in |
| `fun.gets` | `dubs` | bool | ❌ | Toggles doubles in GET detection |
| `fun.gets` | `trips` | bool | ❌ | Toggles triples in GET detection |
| `notifications` | `public_announce_channel` | int | ❌ | Channel ID for the space used for general, server-wide announcements |
| `notifications` | `watch_report_mention` | bool | ❌ | Toggle for including a mention of `privileged.staff_role` when reporting watch activity |
| `notifications` | `account_age_threshold` | int | 1 month | Account age cutoff, in weeks, to trigger a staff notification for on member join |
| `notifications` | `guild_joins` | bool | ❌ | Send notifications when members join the server? |
| `notifications` | `guild_parts` | bool | ❌ | Send notifications when members leave the server? |
| `notifications` | `vc_activity` | list[int] | ❌ | Send VC join/parts notifications for the given channels |
| `notifications` | `profile_updates` | bool | ❌ | Send notifications when Nitro members update their server nick and avatar?|
| `notifications` | `tombstone_exemptions` | list[int] | ❌ | A list of Discord objects not to notify on message deletions for |
| `notifications` | `thread_watch_parents` | list[int] | ❌ | A list of Discord channel IDs to watch for thread creation in |
| `invites` | `enabled` | bool | ❌ | Whether or not any member may use the `invite create` command |
| `invites` | `individual_concurrent_limit` | int | 3 | How many concurrently active invites any given member may have |
| `invites` | `join_channel` | int | ❌ | Channel ID where joins from bot-created invites will land. Required if `invites.enabled` is `true` |
| `reddit` | `client_id` | string | ❌ | reddit api client ID from creating a [script app](https://www.reddit.com/prefs/apps/) |
| `reddit` | `client_secret` | string | ❌ | reddit api client secret from creating a [script app](https://www.reddit.com/prefs/apps/) |
| `reddit` | `username` | string | ❌ | reddit account username associated with api application |
| `reddit` | `password` | string | ❌ | reddit account password associated with api application |
| `hydrus` | `enabled` | bool | ❌ | Toggle Hydrus client API integration to supplement R-18 media previews and reporting |
| `hydrus` | `endpoint` | string | <details><summary>Show</summary>`http://127.0.0.1:45869/`</details> | Hydrus client API endpoint URI. Cannot be of HTTPS schema due to technical limitations |
| `hydrus` | `api_key` | string | ❌ | Hydrus client API key; required if `hydrus.enabled` is toggled on |
## Environment
### Common
This table contains environment variables that overlap with both local and containerized execution.
Some configuration keys may be set as an environment variable if prefixed
appropriately by `CABLES_`, and dots (`.`) being replaced by underscores e.g.
the `db.host` key ought to be represented as `CABLES_DB_HOST`.
| var | valid values | default | notes |
|-----|--------------|---------|-------|
| `ENV` | development, production | development | Some code paths are toggled depending on the environment |
| `AWS_DEFAULT_REGION` | [see here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions) | ❌ | Region to contact AWS services in, if they are enabled. Defaults to EC2 instance region, if operating on EC2. |
| `AWS_ACCESS_KEY_ID` | | ❌ | IAM access key ID for boto to authenticate operations with. Not required if operating in EC2 with an instance profile. |
| `AWS_SECRET_ACCESS_KEY` | | ❌ | IAM secret access key for boto to authenticate operations with. Not required if operating in EC2 with an instance profile. |
| `CABLES_APP_PATH` | An absolute path to the repo | `$PWD` | Set appropriately when starting the bot with `./start.sh` |
| `CABLES_CONFIG_PATH` | An absolute path to the `./configs` directory in the repo | `$CABLES_APP_PATH/configs` | Set appropriately when starting the bot with `./start.sh` |
| `CABLES_DB_HOST` | Postgres database server endpoint | 172.18.100.100 | Assigned to the container when ran with Docker |
| `CABLES_DB_USER` | Postgres database user account | cables | Automatically created when the container is initialized through Docker |
| `CABLES_DB_PASSWORD` | Postgres database user password | ❌ | Must be set, even if the DB account doesn't have a password ✨ |
| `CABLES_DB_DATABASE` | Postgres database schema name | cables | Automatically created when the container is initialized through Docker |
| `CABLES_REDDIT_CLIENT_ID` | Reddit API client ID | ❌ | |
| `CABLES_REDDIT_USERNAME` | Reddit account username for API credentials | ❌ | |
| `CABLES_REDDIT_PASSWORD` | Reddit account password for API credentials | ❌ | |
| `CABLES_HYDRUS_ENDPOINT` | URI of the Hydrus network client API endpoint | `http://127.0.0.1:45869/` | HTTPS won't work with the Hydrus API library we use as upstream offers a self-signed certificate |
| `CABLES_HYDRUS_API_KEY` | API key configured at the given Hydrus network client endpoint | ❌ | Must be granted permission to search files |
| `CABLES_DEFCON_CODE` | TBD | ❌ | Reserved for future use |
### Docker
Both `docker run` and `docker-compose` read from `.env`. There variables are
used to contigure the container image build facilitated by `docker-compose`.
They are all optional, _as long_ as you are following our supported
[deployment method](#deployment).
| var | valid values | default | notes |
|-----|--------------|---------|-------|
| `DOCKER_BUILD_ENV` | development, production | development | Determines if `poetry` dev dependencies will be installed or not |
| `DOCKER_BUILD_POETRY_VERSION` | [check PyPI](https://pypi.org/project/poetry/#history) | 1.1.10 | Symantic version of `poetry` to install. Has a default when started w/ `docker-compose` |
