File config.diff of Package gotosocial-hardened

--- config.yaml~	2025-11-17 18:47:23.986919050 +0100
+++ config.yaml	2025-11-17 18:47:35.756090881 +0100
@@ -58,7 +58,7 @@
 #
 # Examples: ["2006-01-02T15:04:05.000Z07:00", ""]
 # Default: "02/01/2006 15:04:05.000"
-log-timestamp-format: "02/01/2006 15:04:05.000"
+log-timestamp-format: ""
 
 # String. Application name to use internally.
 # Examples: ["My Application","gotosocial"]
@@ -128,7 +128,7 @@
 #
 # Examples: ["0.0.0.0", "172.128.0.16", "localhost", "::1", "2001:db8::fed1"]
 # Default: "0.0.0.0"
-bind-address: "0.0.0.0"
+bind-address: "localhost"
 
 # Int. Listen port for the GoToSocial webserver + API. If you're running behind a reverse proxy and/or in a docker,
 # container, just set this to whatever you like (or leave the default), and make sure it's forwarded properly.
@@ -137,7 +137,7 @@
 # This *MUST NOT* be the same as the letsencrypt port specified below, unless letsencrypt is turned off.
 # Examples: [443, 6666, 8080]
 # Default: 8080
-port: 8080
+port: 3014
 
 # Array of string. CIDRs or IP addresses of proxies that should be trusted when determining real client IP from behind a reverse proxy.
 # If you're running inside a Docker container behind Traefik or Nginx, for example, add the subnet of your docker network,
@@ -172,7 +172,7 @@
 #
 # Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db"]
 # Default: ""
-db-address: "sqlite.db"
+db-address: "/var/lib/gotosocial/sqlite.db"
 
 # Int. Port for postgres database connection; ignored for sqlite.
 # Examples: [5432, 1234, 6969]
@@ -308,12 +308,12 @@
 # String. Directory from which gotosocial will attempt to load html templates (.tmpl files).
 # Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
 # Default: "./web/template/"
-web-template-base-dir: "./web/template/"
+web-template-base-dir: "/etc/gotosocial/template/"
 
 # String. Directory from which gotosocial will attempt to serve static web assets (images, scripts).
 # Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
 # Default: "./web/assets/"
-web-asset-base-dir: "./web/assets/"
+web-asset-base-dir: "/usr/share/gotosocial/"
 
 ###########################
 ##### INSTANCE CONFIG #####
@@ -756,7 +756,7 @@
 # Only required when running with the local storage backend.
 # Examples: ["/home/gotosocial/storage", "/opt/gotosocial/datastorage"]
 # Default: "/gotosocial/storage"
-storage-local-base-path: "/gotosocial/storage"
+storage-local-base-path: "/var/lib/gotosocial/storage"
 
 # String. API endpoint of the S3 compatible service.
 # Only required when running with the s3 storage backend.
@@ -919,7 +919,7 @@
 # In any case, make sure GoToSocial has permissions to write to / read from this directory.
 # Examples: ["/home/gotosocial/storage/certs", "/acmecerts"]
 # Default: "/gotosocial/storage/certs"
-letsencrypt-cert-dir: "/gotosocial/storage/certs"
+letsencrypt-cert-dir: "/var/lib/gotosocial/storage/certs"
 
 # String. Email address to use when registering LetsEncrypt certs.
 # Most likely, this will be the email address of the instance administrator.