2 files changed, 196 insertions, 12 deletions
diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md
index 6759d5e93..f796330f1 100644
--- a/docs/configuration/cheatsheet.md
+++ b/docs/configuration/cheatsheet.md
@@ -18,6 +18,7 @@ To add configuration to your config file, you can copy it from the base config.
 * `notify_email`: Email used for notifications.
 * `description`: The instance’s description, can be seen in nodeinfo and ``/api/v1/instance``.
 * `limit`: Posts character limit (CW/Subject included in the counter).
+* `discription_limit`: The character limit for image descriptions.
 * `chat_limit`: Character limit of the instance chat messages.
 * `remote_limit`: Hard character limit beyond which remote posts will be dropped.
 * `upload_limit`: File size limit of uploads (except for avatar, background, banner).
@@ -36,7 +37,7 @@ To add configuration to your config file, you can copy it from the base config.
 * `federation_incoming_replies_max_depth`: Max. depth of reply-to activities fetching on incoming federation, to prevent out-of-memory situations while fetching very long threads. If set to `nil`, threads of any depth will be fetched. Lower this value if you experience out-of-memory crashes.
 * `federation_reachability_timeout_days`: Timeout (in days) of each external federation target being unreachable prior to pausing federating to it.
 * `allow_relay`: Enable Pleroma’s Relay, which makes it possible to follow a whole instance.
-* `public`: Makes the client API in authenticated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network.
+* `public`: Makes the client API in authenticated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. See also: `restrict_unauthenticated`.
 * `quarantined_instances`: List of ActivityPub instances where private(DMs, followers-only) activities will not be send.
 * `managed_config`: Whenether the config for pleroma-fe is configured in [:frontend_configurations](#frontend_configurations) or in ``static/config.json``.
 * `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML).
@@ -154,7 +155,7 @@ config :pleroma, :mrf_user_allowlist, %{
   * `:strip_followers` removes followers from the ActivityPub recipient list, ensuring they won't be delivered to home timelines
   * `:reject` rejects the message entirely
 
-#### mrf_steal_emoji
+#### :mrf_steal_emoji
 * `hosts`: List of hosts to steal emojis from
 * `rejected_shortcodes`: Regex-list of shortcodes to reject
 * `size_limit`: File size limit (in bytes), checked before an emoji is saved to the disk
@@ -475,7 +476,6 @@ For each pool, the options are:
 * `:timeout` - timeout while `gun` will wait for response
 * `:max_overflow` - additional workers if pool is under load
 
-
 ## Captcha
 
 ### Pleroma.Captcha
@@ -493,7 +493,7 @@ A built-in captcha provider. Enabled by default.
 #### Pleroma.Captcha.Kocaptcha
 
 Kocaptcha is a very simple captcha service with a single API endpoint,
-the source code is here: https://github.com/koto-bank/kocaptcha. The default endpoint
+the source code is here: [kocaptcha](https://github.com/koto-bank/kocaptcha). The default endpoint
 `https://captcha.kotobank.ch` is hosted by the developer.
 
 * `endpoint`: the Kocaptcha endpoint to use.
@@ -501,6 +501,7 @@ the source code is here: https://github.com/koto-bank/kocaptcha. The default end
 ## Uploads
 
 ### Pleroma.Upload
+
 * `uploader`: Which one of the [uploaders](#uploaders) to use.
 * `filters`: List of [upload filters](#upload-filters) to use.
 * `link_name`: When enabled Pleroma will add a `name` parameter to the url of the upload, for example `https://instance.tld/media/corndog.png?name=corndog.png`. This is needed to provide the correct filename in Content-Disposition headers when using filters like `Pleroma.Upload.Filter.Dedupe`
@@ -513,10 +514,15 @@ the source code is here: https://github.com/koto-bank/kocaptcha. The default end
     `strip_exif` has been replaced by `Pleroma.Upload.Filter.Mogrify`.
 
 ### Uploaders
+
 #### Pleroma.Uploaders.Local
+
 * `uploads`: Which directory to store the user-uploads in, relative to pleroma’s working directory.
 
 #### Pleroma.Uploaders.S3
+
+Don't forget to configure [Ex AWS S3](#ex-aws-s3-settings)
+
 * `bucket`: S3 bucket name.
 * `bucket_namespace`: S3 bucket namespace.
 * `public_endpoint`: S3 endpoint that the user finally accesses(ex. "https://s3.dualstack.ap-northeast-1.amazonaws.com")
@@ -525,16 +531,22 @@ For example, when using CDN to S3 virtual host format, set "".
 At this time, write CNAME to CDN in public_endpoint.
 * `streaming_enabled`: Enable streaming uploads, when enabled the file will be sent to the server in chunks as it's being read. This may be unsupported by some providers, try disabling this if you have upload problems.
 
+#### Ex AWS S3 settings
 
-### Upload filters
-
-#### Pleroma.Upload.Filter.Mogrify
+* `access_key_id`: Access key ID
+* `secret_access_key`: Secret access key
+* `host`: S3 host
 
-* `args`: List of actions for the `mogrify` command like `"strip"` or `["strip", "auto-orient", {"implode", "1"}]`.
+Example:
 
-#### Pleroma.Upload.Filter.Dedupe
+```elixir
+config :ex_aws, :s3,
+  access_key_id: "xxxxxxxxxx",
+  secret_access_key: "yyyyyyyyyy",
+  host: "s3.eu-central-1.amazonaws.com"
+```
 
-No specific configuration.
+### Upload filters
 
 #### Pleroma.Upload.Filter.AnonymizeFilename
 
@@ -543,6 +555,20 @@ This filter replaces the filename (not the path) of an upload. For complete obfu
 
 * `text`: Text to replace filenames in links. If empty, `{random}.extension` will be used. You can get the original filename extension by using `{extension}`, for example `custom-file-name.{extension}`.
 
+#### Pleroma.Upload.Filter.Dedupe
+
+No specific configuration.
+
+#### Pleroma.Upload.Filter.Exiftool
+
+This filter only strips the GPS and location metadata with Exiftool leaving color profiles and attributes intact.
+
+No specific configuration.
+
+#### Pleroma.Upload.Filter.Mogrify
+
+* `args`: List of actions for the `mogrify` command like `"strip"` or `["strip", "auto-orient", {"implode", "1"}]`.
+
 ## Email
 
 ### Pleroma.Emails.Mailer
@@ -970,11 +996,11 @@ config :pleroma, :database_config_whitelist, [
 
 ### :restrict_unauthenticated
 
-Restrict access for unauthenticated users to timelines (public and federate), user profiles and statuses.
+Restrict access for unauthenticated users to timelines (public and federated), user profiles and statuses.
 
 * `timelines`: public and federated timelines
   * `local`: public timeline
-  * `federated`
+  * `federated`: federated timeline (includes public timeline)
 * `profiles`: user profiles
   * `local`
   * `remote`
@@ -982,7 +1008,14 @@ Restrict access for unauthenticated users to timelines (public and federate), us
   * `local`
   * `remote`
 
+Note: setting `restrict_unauthenticated/timelines/local` to `true` has no practical sense if `restrict_unauthenticated/timelines/federated` is set to `false` (since local public activities will still be delivered to unauthenticated users as part of federated timeline).
 
 ## Pleroma.Web.ApiSpec.CastAndValidate
 
 * `:strict` a boolean, enables strict input validation (useful in development, not recommended in production). Defaults to `false`.
+
+## :instances_favicons
+
+Control favicons for instances.
+
+* `enabled`: Allow/disallow displaying and getting instances favicons
diff --git a/docs/configuration/howto_database_config.md b/docs/configuration/howto_database_config.md
new file mode 100644
index 000000000..ded9a2eb3
--- /dev/null
+++ b/docs/configuration/howto_database_config.md
@@ -0,0 +1,151 @@
+# How to activate Pleroma in-database configuration
+## Explanation
+
+The configuration of Pleroma has traditionally been managed with a config file, e.g. `config/prod.secret.exs`. This method requires a restart of the application for any configuration changes to take effect. We have made it possible to control most settings in the AdminFE interface after running a migration script.
+
+## Migration to database config
+
+1. Stop your Pleroma instance and edit your Pleroma config to enable database configuration: 
+
+  ```
+  config :pleroma, configurable_from_database: true
+  ```
+
+2. Run the mix task to migrate to the database. You'll receive some debugging output and a few messages informing you of what happened.
+
+  **Source:**
+  
+  ```
+  $ mix pleroma.config migrate_to_db
+  ```
+  
+  or
+  
+  **OTP:**
+  
+  ```
+  $ ./bin/pleroma_ctl config migrate_to_db
+  ```
+
+  ```  
+  10:04:34.155 [debug] QUERY OK source="config" db=1.6ms decode=2.0ms queue=33.5ms idle=0.0ms
+SELECT c0."id", c0."key", c0."group", c0."value", c0."inserted_at", c0."updated_at" FROM "config" AS c0 []
+Migrating settings from file: /home/pleroma/config/dev.secret.exs
+  
+  10:04:34.240 [debug] QUERY OK db=4.5ms queue=0.3ms idle=92.2ms
+TRUNCATE config; []
+  
+  10:04:34.244 [debug] QUERY OK db=2.8ms queue=0.3ms idle=97.2ms
+ALTER SEQUENCE config_id_seq RESTART; []
+  
+  10:04:34.256 [debug] QUERY OK source="config" db=0.8ms queue=1.4ms idle=109.8ms
+SELECT c0."id", c0."key", c0."group", c0."value", c0."inserted_at", c0."updated_at" FROM "config" AS c0 WHERE ((c0."group" = $1) AND (c0."key" = $2)) [":pleroma", ":instance"]
+  
+  10:04:34.292 [debug] QUERY OK db=2.6ms queue=1.7ms idle=137.7ms
+INSERT INTO "config" ("group","key","value","inserted_at","updated_at") VALUES ($1,$2,$3,$4,$5) RETURNING "id" [":pleroma", ":instance", <<131, 108, 0, 0, 0, 1, 104, 2, 100, 0, 4, 110, 97, 109, 101, 109, 0, 0, 0, 7, 66, 108, 101, 114, 111, 109, 97, 106>>, ~N[2020-07-12 15:04:34], ~N[2020-07-12 15:04:34]]
+  Settings for key instance migrated.
+  Settings for group :pleroma migrated.
+  ```
+  
+3. It is recommended to backup your config file now.
+  ```
+  cp config/dev.secret.exs config/dev.secret.exs.orig
+  ```
+  
+4. Now you can edit your config file and strip it down to the only settings which are not possible to control in the database. e.g., the Postgres and webserver (Endpoint) settings cannot be controlled in the database because the application needs the settings to start up and access the database.
+
+ ⚠️ **THIS IS NOT REQUIRED**
+ 
+ Any settings in the database will override those in the config file, but you may find it less confusing if the setting is only declared in one place.
+
+ A non-exhaustive list of settings that are only possible in the config file include the following:
+
+* config :pleroma, Pleroma.Web.Endpoint
+* config :pleroma, Pleroma.Repo
+* config :pleroma, configurable_from_database
+* config :pleroma, :database, rum_enabled
+* config :pleroma, :connections_pool
+
+Here is an example of a server config stripped down after migration:
+
+```
+use Mix.Config
+
+config :pleroma, Pleroma.Web.Endpoint,
+  url: [host: "cool.pleroma.site", scheme: "https", port: 443]
+
+
+config :pleroma, Pleroma.Repo,
+  adapter: Ecto.Adapters.Postgres,
+  username: "pleroma",
+  password: "MySecretPassword",
+  database: "pleroma_prod",
+  hostname: "localhost"
+
+config :pleroma, configurable_from_database: true
+```
+
+5. Start your instance back up and you can now access the Settings tab in AdminFE.
+
+
+## Reverting back from database config
+
+1. Stop your Pleroma instance.
+
+2. Run the mix task to migrate back from the database. You'll receive some debugging output and a few messages informing you of what happened.
+
+  **Source:**
+  
+  ```
+  $ mix pleroma.config migrate_from_db
+  ```
+  
+  or
+  
+  **OTP:**
+  
+  ```
+  $ ./bin/pleroma_ctl config migrate_from_db
+  ```
+
+  ```
+  10:26:30.593 [debug] QUERY OK source="config" db=9.8ms decode=1.2ms queue=26.0ms idle=0.0ms
+SELECT c0."id", c0."key", c0."group", c0."value", c0."inserted_at", c0."updated_at" FROM "config" AS c0 []
+
+  10:26:30.659 [debug] QUERY OK source="config" db=1.1ms idle=80.7ms
+SELECT c0."id", c0."key", c0."group", c0."value", c0."inserted_at", c0."updated_at" FROM "config" AS c0 []
+Database configuration settings have been saved to config/dev.exported_from_db.secret.exs
+```
+
+3. The in-database configuration still exists, but it will not be used if you remove `config :pleroma, configurable_from_database: true` from your config.
+
+## Debugging
+
+### Clearing database config
+You can clear the database config by truncating the `config` table in the database. e.g.,
+
+```
+psql -d pleroma_dev
+pleroma_dev=# TRUNCATE config;
+TRUNCATE TABLE
+```
+
+Additionally, every time you migrate the configuration to the database the config table is automatically truncated to ensure a clean migration.
+
+### Manually removing a setting
+If you encounter a situation where the server cannot run properly because of an invalid setting in the database and this is preventing you from accessing AdminFE, you can manually remove the offending setting if you know which one it is.
+
+e.g., here is an example showing a minimal configuration in the database. Only the `config :pleroma, :instance` settings are in the table:
+
+```
+psql -d pleroma_dev
+pleroma_dev=# select * from config;
+ id |    key    |                           value                            |     inserted_at     |     updated_at      |  group
+----+-----------+------------------------------------------------------------+---------------------+---------------------+----------
+  1 | :instance | \x836c0000000168026400046e616d656d00000007426c65726f6d616a | 2020-07-12 15:33:29 | 2020-07-12 15:33:29 | :pleroma
+(1 row)
+pleroma_dev=# delete from config where key = ':instance' and group = ':pleroma';
+DELETE 1
+```
+
+Now the `config :pleroma, :instance` settings have been removed from the database.