[gentoo-commits] repo/proj/guru:dev commit in: www-apps/gotosocial/files/, www-apps/gotosocial/

["Anna Vyalkova" <cyber+gentoo@sysrq.in>]

commit:     fc64a0cdc37679d8aa7ec3196a235eb4d312d74e
Author:     Anna (cybertailor) Vyalkova <cyber+gentoo <AT> sysrq <DOT> in>
AuthorDate: Wed Nov 16 19:36:03 2022 +0000
Commit:     Anna Vyalkova <cyber+gentoo <AT> sysrq <DOT> in>
CommitDate: Wed Nov 16 19:36:41 2022 +0000
URL:        https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=fc64a0cd

www-apps/gotosocial: new package, add 0.5.2

Signed-off-by: Anna (cybertailor) Vyalkova <cyber+gentoo <AT> sysrq.in>

 www-apps/gotosocial/Manifest                  |   2 +
 www-apps/gotosocial/files/config.yaml         | 553 ++++++++++++++++++++++++++
 www-apps/gotosocial/files/gotosocial.confd    |   2 +
 www-apps/gotosocial/files/gotosocial.initd    |  17 +
 www-apps/gotosocial/files/gotosocial.service  |  45 +++
 www-apps/gotosocial/files/gotosocial.tmpfiles |   1 +
 www-apps/gotosocial/gotosocial-0.5.2.ebuild   |  82 ++++
 www-apps/gotosocial/metadata.xml              |  12 +
 8 files changed, 714 insertions(+)

diff --git a/www-apps/gotosocial/Manifest b/www-apps/gotosocial/Manifest
new file mode 100644
index 000000000..2fc71ad07
--- /dev/null
+++ b/www-apps/gotosocial/Manifest
@@ -0,0 +1,2 @@
+DIST gotosocial-0.5.2-source-code.tar.gz 52861407 BLAKE2B 9e80373fe66a05e57d98b3c241f10d46d66000fab388a2e4622212c0b2d615f0ece877fbc0a9d64164784f4d04e97b422de7a3a7cd3facbd1bf99bef2d6200d5 SHA512 fa6be579f34084708f6101a2ff36f0b009819d5c3955ebe3801a97a159e64776134346e06f9403e188de01b7fd82ea475eecd016692a102146acba6a6a68e660
+DIST gotosocial_0.5.2_web-assets.tar.gz 1603916 BLAKE2B 9fc36982e83100a6566afc0bb7e78cf5bae2a979a7798b898fb5a6ab65ecdfdcde92c73a6f91ca2291a3ea2198f4f0638d6ae8c83b227b4a33f5f9fd5e9df472 SHA512 e7798f2f80968f5007328adce1b00038f2aaae7b6cf1f24c7961065b1c96a2891b867cf69cf0a6c851bcd60cd57c736f0ca60e6707a07f4336b2445f53cf922e

diff --git a/www-apps/gotosocial/files/config.yaml b/www-apps/gotosocial/files/config.yaml
new file mode 100644
index 000000000..863d160b3
--- /dev/null
+++ b/www-apps/gotosocial/files/config.yaml
@@ -0,0 +1,553 @@
+#  GoToSocial
+#  Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU Affero General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Affero General Public License for more details.
+
+#  You should have received a copy of the GNU Affero General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+###########################
+##### GENERAL CONFIG ######
+###########################
+
+# String. Log level to use throughout the application. Must be lower-case.
+# Options: ["trace","debug","info","warn","error","fatal"]
+# Default: "info"
+log-level: "info"
+
+# Bool. Log database queries when log-level is set to debug or trace.
+# This setting produces verbose logs, so it's better to only enable it
+# when you're trying to track an issue down.
+# Options: [true, false]
+# Default: false
+log-db-queries: false
+
+# String. Application name to use internally.
+# Examples: ["My Application","gotosocial"]
+# Default: "gotosocial"
+application-name: "gotosocial"
+
+# String. Hostname that this server will be reachable at. Defaults to localhost for local testing,
+# but you should *definitely* change this when running for real, or your server won't work at all.
+# DO NOT change this after your server has already run once, or you will break things!
+# Examples: ["gts.example.org","some.server.com"]
+# Default: "localhost"
+host: "localhost"
+
+# String. Domain to use when federating profiles. This is useful when you want your server to be at
+# eg., "gts.example.org", but you want the domain on accounts to be "example.org" because it looks better
+# or is just shorter/easier to remember.
+# To make this setting work properly, you need to redirect requests at "example.org/.well-known/webfinger"
+# to "gts.example.org/.well-known/webfinger" so that GtS can handle them properly.
+# You should also redirect requests at "example.org/.well-known/nodeinfo" in the same way.
+# An empty string (ie., not set) means that the same value as 'host' will be used.
+# DO NOT change this after your server has already run once, or you will break things!
+# Examples: ["example.org","server.com"]
+# Default: ""
+account-domain: ""
+
+# String. Protocol to use for the server. Only change to http for local testing!
+# This should be the protocol part of the URI that your server is actually reachable on. So even if you're
+# running GoToSocial behind a reverse proxy that handles SSL certificates for you, instead of using built-in
+# letsencrypt, it should still be https.
+# Options: ["http","https"]
+# Default: "https"
+protocol: "https"
+
+# String. Address to bind the GoToSocial server to.
+# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname.
+# Default value will bind to all interfaces.
+# You probably won't need to change this unless you're setting GoToSocial up in some fancy way or
+# you have specific networking requirements.
+# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"]
+# Default: "0.0.0.0"
+bind-address: "0.0.0.0"
+
+# Int. Listen port for the GoToSocial webserver + API. If you're running behind a reverse proxy and/or in a docker,
+# container, just set this to whatever you like (or leave the default), and make sure it's forwarded properly.
+# If you are running with built-in letsencrypt enabled, and running GoToSocial directly on a host machine, you will
+# probably want to set this to 443 (standard https port), unless you have other services already using that port.
+# This *MUST NOT* be the same as the letsencrypt port specified below, unless letsencrypt is turned off.
+# Examples: [443, 6666, 8080]
+# Default: 8080
+port: 8080
+
+# Array of string. CIDRs or IP addresses of proxies that should be trusted when determining real client IP from behind a reverse proxy.
+# If you're running inside a Docker container behind Traefik or Nginx, for example, add the subnet of your docker network,
+# or the gateway of the docker network, and/or the address of the reverse proxy (if it's not running on the host network).
+# Example: ["127.0.0.1/32", "172.20.0.1"]
+# Default: ["127.0.0.1/32"] (localhost)
+trusted-proxies:
+  - "127.0.0.1/32"
+
+############################
+##### DATABASE CONFIG ######
+############################
+
+# Config pertaining to the Gotosocial database connection
+
+# String. Database type.
+# Options: ["postgres","sqlite"]
+# Default: "postgres"
+db-type: "postgres"
+
+# String. Database address or parameters.
+#
+# For Postgres, this should be the address or socket at which the database can be reached.
+#
+# For Sqlite, this should be the path to your sqlite database file. Eg., /opt/gotosocial/sqlite.db.
+# If the file doesn't exist at the specified path, it will be created.
+# If just a filename is provided (no directory) then the database will be created in the same directory
+# as the GoToSocial binary.
+# If address is set to :memory: then an in-memory database will be used (no file).
+# WARNING: :memory: should NOT BE USED except for testing purposes.
+#
+# Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db"]
+# Default: ""
+db-address: ""
+
+# Int. Port for database connection.
+# Examples: [5432, 1234, 6969]
+# Default: 5432
+db-port: 5432
+
+# String. Username for the database connection.
+# Examples: ["mydbuser","postgres","gotosocial"]
+# Default: ""
+db-user: ""
+
+# String. Password to use for the database connection
+# Examples: ["password123","verysafepassword","postgres"]
+# Default: ""
+db-password: ""
+
+# String. Name of the database to use within the provided database type.
+# Examples: ["mydb","postgres","gotosocial"]
+# Default: "gotosocial"
+db-database: "gotosocial"
+
+# String. Disable, enable, or require SSL/TLS connection to the database.
+# If "disable" then no TLS connection will be attempted.
+# If "enable" then TLS will be tried, but the database certificate won't be checked (for self-signed certs).
+# If "require" then TLS will be required to make a connection, and a valid certificate must be presented.
+# Options: ["disable", "enable", "require"]
+# Default: "disable"
+db-tls-mode: "disable"
+
+# String. Path to a CA certificate on the host machine for db certificate validation.
+# If this is left empty, just the host certificates will be used.
+# If filled in, the certificate will be loaded and added to host certificates.
+# Examples: ["/path/to/some/cert.crt"]
+# Default: ""
+db-tls-ca-cert: ""
+
+######################
+##### WEB CONFIG #####
+######################
+
+# Config pertaining to templating and serving of web pages/email notifications and the like
+
+# String. Directory from which gotosocial will attempt to load html templates (.tmpl files).
+# Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
+# Default: "./web/template/"
+web-template-base-dir: "/usr/share/gotosocial/web/template/"
+
+# String. Directory from which gotosocial will attempt to serve static web assets (images, scripts).
+# Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
+# Default: "./web/assets/"
+web-asset-base-dir: "/usr/share/gotosocial/web/assets/"
+
+###########################
+##### INSTANCE CONFIG #####
+###########################
+
+# Config pertaining to instance federation settings, pages to hide/expose, etc.
+
+# Bool. Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=open in order
+# to see a list of instances that this instance 'peers' with. Even if set to 'false', then authenticated
+# users (members of the instance) will still be able to query the endpoint.
+# Options: [true, false]
+# Default: false
+instance-expose-peers: false
+
+# Bool. Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=suspended in order
+# to see a list of instances that this instance blocks/suspends. This will also allow unauthenticated
+# users to see the list through the web UI. Even if set to 'false', then authenticated users (members
+# of the instance) will still be able to query the endpoint.
+# Options: [true, false]
+# Default: false
+instance-expose-suspended: false
+
+# Bool. This flag tweaks whether GoToSocial will deliver ActivityPub messages
+# to the shared inbox of a recipient, if one is available, instead of delivering
+# each message to each actor who should receive a message individually.
+#
+# Shared inbox delivery can significantly reduce network load when delivering
+# to multiple recipients share an inbox (eg., on large Mastodon instances).
+#
+# See: https://www.w3.org/TR/activitypub/#shared-inbox-delivery
+#
+# Options: [true, false]
+# Default: true
+instance-deliver-to-shared-inboxes: true
+
+###########################
+##### ACCOUNTS CONFIG #####
+###########################
+
+# Config pertaining to creation and maintenance of accounts on the server, as well as defaults for new accounts.
+
+# Bool. Do we want people to be able to just submit sign up requests, or do we want invite only?
+# Options: [true, false]
+# Default: true
+accounts-registration-open: true
+
+# Bool. Do sign up requests require approval from an admin/moderator before an account can sign in/use the server?
+# Options: [true, false]
+# Default: true
+accounts-approval-required: true
+
+# Bool. Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)?
+# Options: [true, false]
+# Default: true
+accounts-reason-required: true
+
+# Bool. Allow accounts on this instance to set custom CSS for their profile pages and statuses.
+# Enabling this setting will allow accounts to upload custom CSS via the /user settings page,
+# which will then be rendered on the web view of the account's profile and statuses.
+#
+# For instances with public sign ups, it is **HIGHLY RECOMMENDED** to leave this setting on 'false',
+# since setting it to true allows malicious accounts to make their profile pages misleading, unusable
+# or even dangerous to visitors. In other words, you should only enable this setting if you trust
+# the users on your instance not to produce harmful CSS.
+#
+# Regardless of what this value is set to, any uploaded CSS will not be federated to other instances,
+# it will only be shown on profiles and statuses on *this* instance.
+#
+# Options: [true, false]
+# Default: false
+accounts-allow-custom-css: false
+
+########################
+##### MEDIA CONFIG #####
+########################
+
+# Config pertaining to media uploads (videos, image, image descriptions, emoji).
+
+# Int. Maximum allowed image upload size in bytes.
+# Examples: [2097152, 10485760]
+# Default: 10485760 -- aka 10MB
+media-image-max-size: 10485760
+
+# Int. Maximum allowed video upload size in bytes.
+# Examples: [2097152, 10485760]
+# Default: 41943040 -- aka 40MB
+media-video-max-size: 41943040
+
+# Int. Minimum amount of characters required as an image or video description.
+# Examples: [500, 1000, 1500]
+# Default: 0 (not required)
+media-description-min-chars: 0
+
+# Int. Maximum amount of characters permitted in an image or video description.
+# Examples: [500, 1000, 1500]
+# Default: 500
+media-description-max-chars: 500
+
+# Int. Number of days to cache media from remote instances before they are removed from the cache.
+# A job will run every day at midnight to clean up any remote media older than the given amount of days.
+#
+# When remote media is removed from the cache, it is deleted from storage but the database entries for the media
+# are kept so that it can be fetched again if requested by a user.
+#
+# If this is set to 0, then media from remote instances will be cached indefinitely.
+# Examples: [30, 60, 7, 0]
+# Default: 30
+media-remote-cache-days: 30
+
+# Int. Max size in bytes of emojis uploaded to this instance via the admin API.
+# The default is the same as the Mastodon size limit for emojis (50kb), which allows
+# for good interoperability. Raising this limit may cause issues with federation
+# of your emojis to other instances, so beware.
+# Examples: [51200, 102400]
+# Default: 51200
+media-emoji-local-max-size: 51200
+
+# Int. Max size in bytes of emojis to download from other instances.
+# By default this is 100kb, or twice the size of the default for media-emoji-local-max-size.
+# This strikes a good balance between decent interoperability with instances that have
+# higher emoji size limits, and not taking up too much space in storage.
+# Examples: [51200, 102400]
+# Default: 51200
+media-emoji-remote-max-size: 102400
+
+##########################
+##### STORAGE CONFIG #####
+##########################
+
+# Config pertaining to storage of user-created uploads (videos, images, etc).
+
+# String. Type of storage backend to use.
+# Examples: ["local", "s3"]
+# Default: "local" (storage on local disk)
+storage-backend: "local"
+
+# String. Directory to use as a base path for storing files.
+# Make sure whatever user/group gotosocial is running as has permission to access
+# this directory, and create new subdirectories and files within it.
+# Only required when running with the local storage backend.
+# Examples: ["/home/gotosocial/storage", "/opt/gotosocial/datastorage"]
+# Default: "/gotosocial/storage"
+storage-local-base-path: "/var/lib/gotosocial/storage"
+
+# String. API endpoint of the S3 compatible service.
+# Only required when running with the s3 storage backend.
+# Examples: ["minio:9000", "s3.nl-ams.scw.cloud", "s3.us-west-002.backblazeb2.com"]
+# Default: ""
+storage-s3-endpoint: ""
+
+# String. Access key part of the S3 credentials.
+# Consider setting this value using environment variables to avoid leaking it via the config file
+# Only required when running with the s3 storage backend.
+# Examples: ["AKIAJSIE27KKMHXI3BJQ","miniouser"]
+# Default: ""
+storage-s3-access-key: ""
+# String. Secret key part of the S3 credentials.
+# Consider setting this value using environment variables to avoid leaking it via the config file
+# Only required when running with the s3 storage backend.
+# Examples: ["5bEYu26084qjSFyclM/f2pz4gviSfoOg+mFwBH39","miniopassword"]
+# Default: ""
+storage-s3-secret-key: ""
+# String. Name of the storage bucket.
+#
+# If you have already encoded your bucket name in the storage-s3-endpoint, this
+# value will be used as a directory containing your data.
+#
+# The bucket must exist prior to starting GoToSocial
+#
+# Only required when running with the s3 storage backend.
+# Examples: ["gts","cool-instance"]
+# Default: ""
+storage-s3-bucket: ""
+
+###########################
+##### STATUSES CONFIG #####
+###########################
+
+# Config pertaining to the creation of statuses/posts, and permitted limits.
+
+# Int. Maximum amount of characters permitted for a new status.
+# Note that going way higher than the default might break federation.
+# Examples: [140, 500, 5000]
+# Default: 5000
+statuses-max-chars: 5000
+
+# Int. Maximum amount of characters allowed in the CW/subject header of a status.
+# Note that going way higher than the default might break federation.
+# Examples: [100, 200]
+# Default: 100
+statuses-cw-max-chars: 100
+
+# Int. Maximum amount of options to permit when creating a new poll.
+# Note that going way higher than the default might break federation.
+# Examples: [4, 6, 10]
+# Default: 6
+statuses-poll-max-options: 6
+
+# Int. Maximum amount of characters to permit per poll option when creating a new poll.
+# Note that going way higher than the default might break federation.
+# Examples: [50, 100, 150]
+# Default: 50
+statuses-poll-option-max-chars: 50
+
+# Int. Maximum amount of media files that can be attached to a new status.
+# Note that going way higher than the default might break federation.
+# Examples: [4, 6, 10]
+# Default: 6
+statuses-media-max-files: 6
+
+##############################
+##### LETSENCRYPT CONFIG #####
+##############################
+
+# Config pertaining to the automatic acquisition and use of LetsEncrypt HTTPS certificates.
+
+# Bool. Whether or not letsencrypt should be enabled for the server.
+# If false, the rest of the settings here will be ignored.
+# If you serve GoToSocial behind a reverse proxy like nginx or traefik, leave this turned off.
+# If you don't, then turn it on so that you can use https.
+# Options: [true, false]
+# Default: false
+letsencrypt-enabled: false
+
+# Int. Port to listen for letsencrypt certificate challenges on.
+# If letsencrypt is enabled, this port must be reachable or you won't be able to obtain certs.
+# If letsencrypt is disabled, this port will not be used.
+# This *must not* be the same as the webserver/API port specified above.
+# Examples: [80, 8000, 1312]
+# Default: 80
+letsencrypt-port: 80
+
+# String. Directory in which to store LetsEncrypt certificates.
+# It is a good move to make this a sub-path within your storage directory, as it makes
+# backup easier, but you might wish to move them elsewhere if they're also accessed by other services.
+# In any case, make sure GoToSocial has permissions to write to / read from this directory.
+# Examples: ["/home/gotosocial/storage/certs", "/acmecerts"]
+# Default: "/gotosocial/storage/certs"
+letsencrypt-cert-dir: "/var/lib/gotosocial/certs"
+
+# String. Email address to use when registering LetsEncrypt certs.
+# Most likely, this will be the email address of the instance administrator.
+# LetsEncrypt will send notifications about expiring certificates etc to this address.
+# Examples: ["admin@example.org"]
+# Default: ""
+letsencrypt-email-address: ""
+
+#######################
+##### OIDC CONFIG #####
+#######################
+
+# Config for authentication with an external OIDC provider (Dex, Google, Auth0, etc).
+
+# Bool. Enable authentication with external OIDC provider. If set to true, then
+# the other OIDC options must be set as well. If this is set to false, then the standard
+# internal oauth flow will be used, where users sign in to GtS with username/password.
+# Options: [true, false]
+# Default: false
+oidc-enabled: false
+
+# String. Name of the oidc idp (identity provider). This will be shown to users when
+# they log in.
+# Examples: ["Google", "Dex", "Auth0"]
+# Default: ""
+oidc-idp-name: ""
+
+# Bool. Skip the normal verification flow of tokens returned from the OIDC provider, ie.,
+# don't check the expiry or signature. This should only be used in debugging or testing,
+# never ever in a production environment as it's extremely unsafe!
+# Options: [true, false]
+# Default: false
+oidc-skip-verification: false
+
+# String. The OIDC issuer URI. This is where GtS will redirect users to for login.
+# Typically this will look like a standard web URL.
+# Examples: ["https://auth.example.org", "https://example.org/auth"]
+# Default: ""
+oidc-issuer: ""
+
+# String. The ID for this client as registered with the OIDC provider.
+# Examples: ["some-client-id", "fda3772a-ad35-41c9-9a59-f1943ad18f54"]
+# Default: ""
+oidc-client-id: ""
+
+# String. The secret for this client as registered with the OIDC provider.
+# Examples: ["super-secret-business", "79379cf5-8057-426d-bb83-af504d98a7b0"]
+# Default: ""
+oidc-client-secret: ""
+
+# Array of string. Scopes to request from the OIDC provider. The returned values will be used to
+# populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required.
+# 'profile' is used to extract a username for the newly created user.
+# 'groups' is optional and can be used to determine if a user is an admin (if they're in the group 'admin' or 'admins').
+# Examples: See eg., https://auth0.com/docs/scopes/openid-connect-scopes
+# Default: ["openid", "email", "profile", "groups"]
+oidc-scopes:
+  - "openid"
+  - "email"
+  - "profile"
+  - "groups"
+
+#######################
+##### SMTP CONFIG #####
+#######################
+
+# Config for sending emails via an smtp server. See https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
+
+# String. The hostname of the smtp server you want to use.
+# If this is not set, smtp will not be used to send emails, and you can ignore the other settings.
+# Examples: ["mail.example.org", "localhost"]
+# Default: ""
+smtp-host: ""
+
+# Int. Port to use to connect to the smtp server.
+# Examples: []
+# Default: 0
+smtp-port: 0
+
+# String. Username to use when authenticating with the smtp server.
+# This should have been provided to you by your smtp host.
+# This is often, but not always, an email address.
+# Examples: ["maillord@example.org"]
+# Default: ""
+smtp-username: ""
+
+# String. Password to use when authenticating with the smtp server.
+# This should have been provided to you by your smtp host.
+# Examples: ["1234", "password"]
+# Default: ""
+smtp-password: ""
+
+# String. 'From' address for sent emails.
+# Examples: ["mail@example.org"]
+# Default: ""
+smtp-from: ""
+
+#########################
+##### SYSLOG CONFIG #####
+#########################
+
+# Config for additional syslog log hooks. See https://en.wikipedia.org/wiki/Syslog,
+# and https://github.com/sirupsen/logrus/tree/master/hooks/syslog.
+#
+# These settings are useful when one wants to daemonize GoToSocial and send logs
+# to a specific place, either a local location or a syslog server. Most users will
+# not need to touch these settings.
+
+# Bool. Enable the syslog logging hook. Logs will be mirrored to the configured destination.
+# Options: [true, false]
+# Default: false
+syslog-enabled: false
+
+# String. Protocol to use when directing logs to syslog. Leave empty to connect to local syslog.
+# Options: ["udp", "tcp", ""]
+# Default: "tcp"
+syslog-protocol: "udp"
+
+# String. Address:port to send syslog logs to. Leave empty to connect to local syslog.
+# Default: "localhost:514"
+syslog-address: "localhost:514"
+
+#############################
+##### ADVANCED SETTINGS #####
+#############################
+
+# Advanced settings pertaining to http timeouts, security, cookies, and more.
+#
+# ONLY ADJUST THESE SETTINGS IF YOU KNOW WHAT YOU ARE DOING!
+#
+# Most users will not need to (and should not) touch these settings, since
+# they are set to sensible defaults, and may break if they are changed.
+#
+# Nevertheless, they are provided for the sake of allowing server admins to
+# tweak their instance for performance or security reasons.
+
+# String. Value of the SameSite attribute of cookies set by GoToSocial.
+# Defaults to 'lax' to ensure that the OIDC flow does not break, which is
+# fine in most cases. If you want to harden your instance against CSRF attacks
+# and don't mind if some login-related things might break, you can set this
+# to 'strict' instead.
+#
+# For an overview of what this does, see:
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
+#
+# Options: ["lax", "strict"]
+# Default: "lax"
+advanced-cookies-samesite: "lax"

diff --git a/www-apps/gotosocial/files/gotosocial.confd b/www-apps/gotosocial/files/gotosocial.confd
new file mode 100644
index 000000000..9ea7d8fdd
--- /dev/null
+++ b/www-apps/gotosocial/files/gotosocial.confd
@@ -0,0 +1,2 @@
+# GoToSocial configuration file
+#GOTOSOCIAL_CONFIG="/etc/gotosocial/config.yaml"

diff --git a/www-apps/gotosocial/files/gotosocial.initd b/www-apps/gotosocial/files/gotosocial.initd
new file mode 100644
index 000000000..66f9efad8
--- /dev/null
+++ b/www-apps/gotosocial/files/gotosocial.initd
@@ -0,0 +1,17 @@
+#!/sbin/openrc-run
+# Copyright 2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${GOTOSOCIAL_CONFIG:=/etc/gotosocial/config.yaml}
+
+description="GoToSocial Server"
+command=/usr/bin/gotosocial
+command_args="--config-path ${GOTOSOCIAL_CONFIG} server start"
+command_user="gotosocial:gotosocial"
+command_background=1
+pidfile="/run/gotosocial.pid"
+
+depend() {
+	need net
+	after postgresql
+}

diff --git a/www-apps/gotosocial/files/gotosocial.service b/www-apps/gotosocial/files/gotosocial.service
new file mode 100644
index 000000000..de29ca6d2
--- /dev/null
+++ b/www-apps/gotosocial/files/gotosocial.service
@@ -0,0 +1,45 @@
+[Unit]
+Description=GoToSocial Server
+
+[Service]
+User=gotosocial
+Group=gotosocial
+
+Type=exec
+Restart=on-failure
+
+ExecStart=/usr/bin/gotosocial --config-path /etc/gotosocial/config.yaml server start
+
+StandardOutput=append:/var/log/gotosocial/gotosocial.log
+StandardError=inherit
+
+# Sandboxing options to harden security
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+# You might need this if you are running as non-root on a privileged port (below 1024)
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=default.target

diff --git a/www-apps/gotosocial/files/gotosocial.tmpfiles b/www-apps/gotosocial/files/gotosocial.tmpfiles
new file mode 100644
index 000000000..c04462839
--- /dev/null
+++ b/www-apps/gotosocial/files/gotosocial.tmpfiles
@@ -0,0 +1 @@
+d /var/lib/gotosocial 0755 gotosocial gotosocial -

diff --git a/www-apps/gotosocial/gotosocial-0.5.2.ebuild b/www-apps/gotosocial/gotosocial-0.5.2.ebuild
new file mode 100644
index 000000000..2f17fbd27
--- /dev/null
+++ b/www-apps/gotosocial/gotosocial-0.5.2.ebuild
@@ -0,0 +1,82 @@
+# Copyright 2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DOCS_BUILDER="mkdocs"
+DOCS_DEPEND="dev-python/mkdocs-render-swagger-plugin"
+PYTHON_COMPAT=( python3_{8..11} )
+inherit python-any-r1 docs go-module systemd tmpfiles
+
+DESCRIPTION="Fast, fun, ActivityPub server, powered by Go"
+HOMEPAGE="
+	https://gotosocial.org/
+	https://github.com/superseriousbusiness/gotosocial
+"
+GH="https://github.com/superseriousbusiness/${PN}"
+SRC_URI="
+	${GH}/releases/download/v${PV}/${P}-source-code.tar.gz
+	${GH}/releases/download/v${PV}/${PN}_${PV}_web-assets.tar.gz
+"
+S="${WORKDIR}"
+
+LICENSE="|| ( WTFPL CC0-1.0 ) AGPL-3 CC0-1.0 MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+
+RDEPEND="acct-user/gotosocial"
+
+DOCS=( archive {CONTRIBUTING,README,ROADMAP}.md )
+
+src_unpack() {
+	# source code
+	unpack ${P}-source-code.tar.gz
+	rm -r web || die
+
+	# prebuilt web assets
+	unpack ${PN}_${PV}_web-assets.tar.gz
+}
+
+src_compile() {
+	local myargs=(
+		-trimpath
+		-ldflags "-X main.Version=${PV}"
+		-tags netgo,osusergo,static_build,kvformat
+	)
+
+	local -x CGO_ENABLED=0
+	ego build "${myargs[@]}" ./cmd/gotosocial
+
+	use doc && docs_compile
+}
+
+src_test() {
+	local -x GTS_DB_TYPE="sqlite"
+	local -x GTS_DB_ADDRESS=":memory:"
+	local -x CGO_ENABLED=0
+
+	local myargs=(
+		-tags netgo,osusergo,static_build,kvformat
+		-count 1
+	)
+	ego test "${myargs[@]}" ./...
+}
+
+src_install() {
+	dobin gotosocial
+
+	newinitd "${FILESDIR}"/gotosocial.initd ${PN}
+	newconfd "${FILESDIR}"/gotosocial.confd ${PN}
+	systemd_dounit "${FILESDIR}"/gotosocial.service
+	newtmpfiles "${FILESDIR}"/gotosocial.tmpfiles ${PN}.conf
+
+	insinto /usr/share/gotosocial
+	doins -r web
+
+	insinto /etc/gotosocial
+	doins "${FILESDIR}"/config.yaml
+}
+
+pkg_postinst() {
+	tmpfiles_process ${PN}.conf
+}

diff --git a/www-apps/gotosocial/metadata.xml b/www-apps/gotosocial/metadata.xml
new file mode 100644
index 000000000..aea02a90b
--- /dev/null
+++ b/www-apps/gotosocial/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>cyber+gentoo@sysrq.in</email>
+		<name>Anna</name>
+	</maintainer>
+	<upstream>
+		<doc>https://docs.gotosocial.org/</doc>
+		<remote-id type="github">superseriousbusiness/gotosocial</remote-id>
+	</upstream>
+</pkgmetadata>