New configuration system

* Throw away old system
* Add new system
* Add new example files
* Replace all calls
* add the most important docs
* Add Specs
* rename disable_ssl_requirement to require_ssl
* cloudfiles isn't used/called in our code
* since community_spotlight.list is only used as enable flag replace it with such one and remove all legacy and irelevant codepaths around it
* die if session secret is unset and on heroku
* First basic infrastructure for version information

30 files changed, 533 insertions, 417 deletions

diff --git a/config/application.yml.example b/config/application.yml.example
deleted file mode 100644
index 6c1c8f47b..000000000
--- a/config/application.yml.example
+++ /dev/null
@@ -1,280 +0,0 @@
-#   Copyright (c) 2010-2011, Diaspora Inc.  This file is
-#   licensed under the Affero General Public License version 3 or later.  See
-#   the COPYRIGHT file.
-
-defaults: &defaults
-
-  ######################################################
-  # Environment Configuration
-  ######################################################
-
-  ## Set the hostname of the machine you're running Diaspora on, as seen
-  ## from the internet. This should be the URL you want to use to
-  ## access the pod. So if you plan to  reverse proxy it, it should be
-  ## the URL the proxy listens on.
-  ## DO NOT CHNANGE THIS AFTER INITIAL SETUP
-  ## UNLESS YOU KNOW WHAT YOU'RE DOING!
-  ## However changing http to https is okay and has no consquences.
-  ## If you do change it you have to start over as it's hardcoded into
-  ## the database.
-  pod_url: "http://localhost:3000/"
-
-  ## Setting the bundle of certificate authorities (CA) certificates.
-  ## This is operating system specific.
-  ## Examples, uncomment one or add your own:
-  ca_file: '/etc/pki/tls/certs/ca-bundle.crt'
-
-  ## Redis URL for a remote redis.
-  ## Don't forget to restrict IP access!
-  ## Leave it empty for the default ('redis://localhost:6379/0')
-  ## You can specify a username and password in it, for example
-  ## redis://user:password@remote_host:6379/0
-  ## You can also specify a unix socket URL like unix://tmp/redis.sock
-  redis_url:
-
-  ## Serve static assets via the appserver.
-  ## This is highly not recommended for production use,
-  ## let your reverse proxy/webserver do it by serving the files
-  ## under public/ directly.
-  serve_static_assets: false
-
-  ## Disable SSL requirement
-  #when set, your pod will not force you to use https in production
-  #NOTE: not all features of Diaspora work without SSL, and you may have trouble federating
-  # with other pods
-  circumvent_ssl_requirement: false
-
-  # If set to true Diaspora will work with just the appserver, thin by default,
-  # running, however this makes it quite slow as all the time intensive jobs
-  # must be run inside the request cycle. Also the live updates from the Websocket
-  # will be disabled.
-  single_process_mode: true
-
-  ## Use Amazon S3 instead of your local filesystem
-  ## to handle uploaded pictures.
-  # s3 config - if set, carrierwave will store your photos on s3. Otherwise they're on the filesystem.
-  #s3_key: 'key'
-  #s3_secret: 'secret'
-  #s3_bucket: 'my_photos'
-  s3_region: 'us-east-1'
-
-  ## Related to S3 you can set a url to redirect all requests to uploaded
-  ## images to another host. If you for example set
-  ## https://images.example.org here, all requests made to
-  ## pictures under /uploads/images will be redirected to
-  ## https://images.example.org/uploads/images/...
-  image_redirect_url: ''
-
-  ## Diaspora is only tested against this default pubsub server.
-  ## You probably don't want to change this.
-  pubsub_server: 'https://pubsubhubbub.appspot.com/'
-
-  ## Include jQuery from Google's CDN
-  ## This potentially saves you some traffic and speeds up
-  ## load time since most clients already have this one cached
-  jquery_cdn: false
-
-  ## Provide a key to enable tracking by Google Analytics 
-  google_a_site: false
-
-  ## Piwik Tracking
-  ## Provide a site ID and the host piwik is running on to enable
-  ## tracking through Piwik.
-  # piwik integration - if not set, no javascript included
-  piwik_id:
-  # the site url in raw format (e.g. pikwik.examplehost.com)
-  piwik_url:
-
-  ## Chartbeat tracking
-  chartbeat_uid:
-
-  ## Mixpanel event tracking
-  mixpanel_uid:
-
-
-  ######################################################
-  # General Pod Settings
-  ######################################################
-
-  ## Name of your pod
-  pod_name: "Diaspora*"
-
-  ## Set this to true to prevent people from signing up for your pod
-  ## without an invitation. Note that this needs to be true even for
-  ## the first registration (you).
-  registrations_closed: false
-
-  ## Set this to true if you don't want your users to follow the
-  ## diasporahq@joindiaspora.com account on account creation.
-  ## The diasporahq account helps users start with some activity in
-  ## their stream and get news about Diaspora, but if you want
-  ## your server to contact joindiaspora.com, set this to false:
-  no_follow_diasporahq: false
-
-  ## the 'admin' account for your pod... ie for jd.com, this is diasporahq.
-  ## (This is not about privileges, but e.g. to determine the sender for
-  ## emails sent from the admin panel. If you want to configure an actual
-  ## admin accout, use roles instead. See
-  ## https://github.com/diaspora/diaspora/wiki/FAQ-for-Pod-Maintainers
-  ## "What are roles and how do I use them?")
-  admin_account: ''
-
-  ## Settings about invitations
-
-  # Set this to true if you want users to invite as many people as they want
-  open_invitations: true
-
-  #the default amount of invitiations for an invite link
-  invite_count: 25
-
-  ## Paypal donations
-  ## You can provide the ID of a hosted Paypal button here to kindly ask
-  ## your users for donations to run their pod. If you leave this out
-  ## we kindly ask your users to donate to the Diaspora Foundation :)
-  paypal_hosted_button_id: ""
-
-
-  ## Community Spotlight
-  ## The community spotlight gives new users a starting point on who
-  ## could be interesting Diasporas community.
-  ## --------
-  ## DEPRECATED - use roles instead, see
-  ## https://github.com/diaspora/diaspora/wiki/FAQ-for-Pod-Maintainers
-  ## "What are roles and how do I use them?"
-  ## --------
-  #community_spotlight:
-  #list:
-  #- 'diasporahq@joindiaspora.com'
-  #- 'me@example.org'
-
-  ## E-Mail address users can make suggestions about who should be
-  ## in the spotlight to.
-  spotlight_suggest_email: ''
-
-  ######################################################
-  # Email Configuration
-  ######################################################
-
-  ## First you need to enable it ;)
-  mailer_on: false
-
-  ## Sender address used in mail send by Diaspora
-  #sender_address: 'no-reply@example.org'
-
-  ## This selects which mailer should be used. Take 'smtp' for a smtp
-  ## connection, 'sendmail' to use the sendmail binary or
-  ## 'messagebus' to use the messagebus service.
-  mailer_method: 'smtp'
-
-  # Address/port to smtp server handling outgoing mail.
-  smtp_address: 'smtp.example.com'
-  smtp_port: '587'
-
-  #API key if you are using message bus
-  message_bus_api_key: ''
-
-  # The path to the sendmail binary. Ignored if mailer_method is not set to sendmail
-  sendmail_location: '/usr/sbin/sendmail'
-
-  # Set this to true if you want to use exim and sendmail
-  sendmail_exim_fix: false
-
-  # Authentication required to send mail. Use one of 'plain',
-  # 'login' or 'cram_md5'. Use 'none' if server does not support
-  # authentication
-  smtp_authentication: 'plain'
-
-  # Automatically enable TLS? Ignored if smtp_authentication is set to none
-  smtp_starttls_auto: true
-
-  # OpenSSL verify mode used when connecting to a SMTP server with TLS.
-  # Set this to none if you have a self signed certificate, keep it empty (not '') for the default
-  # Possible values: none, peer, client_once, fail_if_no_peer_cert
-  smtp_openssl_verify_mode:
-
-  # Domain of smtp server.
-  # This should match the common name of the certificate
-  # the SMTP server sends. If he sends one
-  smtp_domain: 'example.com'
-
-  # Credentials to log in to the SMTP server - may be necessary if
-  # smtp_authentication is not 'none'
-  smtp_username: 'smtp_username'
-  smtp_password: 'secret'
-
-  # Sender address in Diaspora's outgoing mail.
-  smtp_sender_address: 'no-reply@joindiaspora.com'
-
-  ######################################################
-  # Social Service Configuration
-  ######################################################
-
-  ## OAuth credentials for Facebook:
-  facebook_app_id:  ''
-  facebook_app_secret: ''
-
-  #this will be the namespace for your object, it should be configured in your FB app
-  open_graph_namespace: ''
-
-
-  ## OAuth credentials for Twitter:
-  twitter_consumer_key: ''
-  twitter_consumer_secret: ''
-
-  ## OAuth credentials for Tumblr
-  tumblr_consumer_key: ''
-  tumblr_consumer_secret: ''
-
-
-  ######################################################
-  # Debugging Service Tool Integration
-  ######################################################
-
-  ## Resque is the background processing sysem used by Diaspora
-  ## Resque web is an admin tool for it. This settings decides wheter
-  ## or not to inline it into Diaspora.
-  mount_resque_web: true
-
-  ## If you use Airbrake provide your API key here:
-  airbrake_api_key: ''
-
-  ## If you use NewRelic provide your credentials here:
-  NEW_RELIC_LICENSE_KEY: ''
-  new_relic_app_name: ''
-
-######################################################
-# Overrides
-######################################################
-
-development:
-  <<: *defaults
-  serve_static_assets: true
-  no_follow_diasporahq: true
-
-production:
-  <<: *defaults
-  jquery_cdn: true 
-
-##################################################
-# FEDERATION LOGGER ##############################
-# Do not touch unless you know what you're doing!#
-##################################################
-
-test:
-  <<: *defaults
-  pod_url: "http://localhost:9887/"
-  socket_port: 8081
-  open_invitations: true
-  no_follow_diasporahq: true
-  serve_static_assets: true
-  mailer_on: true
-
-integration1:
-  <<: *defaults
-  pod_url: "http://localhost:3001/"
-  serve_static_assets: true
-
-integration2:
-  <<: *defaults
-  pod_url: "http://localhost:3002/"
-  serve_static_assets: true
diff --git a/config/defaults.yml b/config/defaults.yml
new file mode 100644
index 000000000..6bdaaf74b
--- /dev/null
+++ b/config/defaults.yml
@@ -0,0 +1,121 @@
+#######################################################################
+############### DO NOT TOUCH ANYTHING BELOW THIS ######################
+#######################################################################
+
+defaults:
+  version:
+    number: "0.0.1.0"
+    release: false # Do not touch unless in a merge conflict on doing a release, master should have a commit setting this to true which is not backported to the develop branch.
+  heroku: false
+  environment:
+    url: "http://localhost:3000/"
+    certificate_authorities:
+    redis:
+    serve_static_assets: false
+    require_ssl: true
+    single_process_mode: false
+    s3:
+      enable: false
+      key:
+      secret:
+      bucket:
+      region:
+    image_redirect_url:
+    pubsub_server: 'https://pubsubhubbub.appspot.com/'
+  privacy:
+    jquery_cdn: true
+    google_analytics_key:
+    piwik:
+      enable: false
+      host:
+      site_id:
+    mixpanel_uid:
+    chartbeat_uid:
+  settings:
+    pod_name: "Diaspora*"
+    enable_registrations: true
+    follow_diasporahq: true
+    invitations:
+      open: true
+      count: 25
+    paypal_hosted_button_id:
+    community_spotlight:
+      enable: false
+      suggest_email:
+  services:
+    facebook:
+      enable: false
+      app_id:
+      secret:
+      open_graph_namespace: 'joindiaspora'
+    twitter:
+      enable: false
+      key:
+      secret:
+    tumblr:
+      enable: false
+      key:
+      secret:
+  mail:
+    enable: false
+    sender_address: 'no-reply@example.org'
+    method: 'smtp'
+    smtp:
+      host: 'localhost'
+      port: 587
+      authentication: 'plain'
+      username:
+      password:
+      starttls_auto: true
+      openssl_verify_mode:
+      domain:
+    sendmail:
+      location: '/usr/sbin/sendmail'
+      exim_fix: false
+    message_bus_api_key:
+  admins:
+    account:
+    inline_resque_web: true
+    monitoring:
+       airbrake_api_key:
+       new_relic:
+        enable: false
+        app_name:
+        license_key:
+
+development:
+  environment:
+    serve_static_assets: true
+    single_process_mode: true
+    require_ssl: false
+  settings:
+    follow_diasporahq: false
+production:
+  i_am_a_dummy: # Remove if you add an actual override
+test:
+  environment:
+    url: "http://localhost:9887/"
+    single_process_mode: true
+    require_ssl: false
+    serve_static_assets: true
+  settings:
+    follow_diasporahq: false
+    invitations:
+      open: true
+  services:
+    facebook:
+      enable: true
+      app_id: 'fake'
+      secret: 'sdoigjosdfijg'
+  mail:
+    enable: true
+integration1:
+  environment:
+    url: "http://localhost:45789/"
+    serve_static_assets: true
+    require_ssl: false
+integration2:
+  environment:
+    url: "http://localhost:34658/"
+    serve_static_assets: true
+    require_ssl: false
diff --git a/config/deploy.rb b/config/deploy.rb
index 85ca3525c..44521a727 100644
--- a/config/deploy.rb
+++ b/config/deploy.rb
@@ -32,8 +32,7 @@ end
 namespace :deploy do
   task :symlink_config_files do
     run "ln -s -f #{shared_path}/config/database.yml #{current_path}/config/database.yml"
-    run "ln -s -f #{shared_path}/config/application.yml #{current_path}/config/application.yml"
-    run "ln -s -f #{shared_path}/config/oauth_keys.yml #{current_path}/config/oauth_keys.yml"
+    run "ln -s -f #{shared_path}/config/diaspora.yml #{current_path}/config/diaspora.yml"
   end
 
   task :symlink_cookie_secret do
diff --git a/config/diaspora.yml.example b/config/diaspora.yml.example
new file mode 100644
index 000000000..83cbf6568
--- /dev/null
+++ b/config/diaspora.yml.example
@@ -0,0 +1,283 @@
+## Some notes about this file:
+## - All comments start with a double #
+## - All settings are by default commented out with a single #
+##   You need to uncomment them in order to work.
+## - Take care to keep proper indentation, that is keeping the indentation
+##   of the original #, with no additional space before the settings
+##   name.
+## - Take care to keep proper quoting. All ' should have a matching ' at
+##   the end of the same line. Same goes for "
+## - Lists need the space after the -
+## - true, false and numbers should have no quoting.
+##   Single words could have none, but doesn't do any harm to them.
+##
+## You can set and/or override all this settings through environment variables
+## with the following conversion rules:
+## - Strip the top level namespace (configuration, production, etc.)
+## - Build the path to the setting, for example environment.s3.enable
+## - Replace the dots with underscores: environment_s3_enable
+## - Upcase everything: ENVIRONMENT_S3_ENABLE
+## - Specify lists/arrays as comma separated values
+
+configuration:
+  
+  ## Settings you need to change or at least review
+  ## in order for your pod to basically work
+  environment:
+    
+    ## Set the hostname of the machine you're running Diaspora on, as seen
+    ## from the internet. This should be the URL you want to use to
+    ## access the pod. So if you plan to  reverse proxy it, it should be
+    ## the URL the proxy listens on.
+    ## DO NOT CHNANGE THIS AFTER INITIAL SETUP
+    ## UNLESS YOU KNOW WHAT YOU'RE DOING!
+    ## However changing http to https is okay and has no consequences.
+    ## If you do change it you have to start over as it's hardcoded into
+    ## the database.
+    #url: "https://example.org/"
+    
+    ## Setting the bundle of certificate authorities (CA) certificates.
+    ## This is operating system specific.
+    ## Examples, uncomment one or add your own:
+    ## Debian, Ubuntu, Archlinux (package ca-certificates)
+    #certificate_authorities: '/etc/ssl/certs/ca-certificates.crt'
+    ## CentOS
+    #certificate_authorities: '/etc/pki/tls/certs/ca-bundle.crt'
+    ## Gentoo
+    #certificate_authorities: '/etc/ssl/certs/ca-certificates.crt'
+    
+    ## URL for a remote redis.
+    ## Don't forget to restrict the IP access!
+    ## Leave it commented out for the default (localhost)
+    #redis: 'redis://exmaple_host'
+    #redis: 'redis://username:password@host:6379/0'
+    #redis: 'unix:///tmp/redis.sock'
+    
+    ## Require SSL, default true.
+    ## When set, your pod will force you to use https in production.
+    ## Since OAuth2 requires SSL Diasporas future API might not work if you're not
+    ## on SSL. Also no gurantee that posting to services is given if SSL
+    ## is disabled.
+    #require_ssl: true
+    
+    ## Single process mode
+    ## If set to true Diaspora will work with just the appserver,
+    ## thin by default, running, however this makes it quite slow as
+    ## all the time intensive jobs must be run inside the request cycle.
+    ## So this is higly unrecommended for production setups.
+    #single_process_mode: true
+    
+    ## Use Amazon S3 instead of your local filesystem
+    ## to handle uploaded pictures.
+    s3:
+      #enable: true
+      #key: 'changeme'
+      #secret: 'changeme'
+      #bucket: 'my_photos'
+      #region: 'us-east-1'
+    
+    ## Related to S3 you can set a url to redirect all requests to uploaded
+    ## images to another host. If you for example set
+    ## https://images.example.org here, all requests made to
+    ## pictures under /uploads/images will be redirected to
+    ## https://images.example.org/uploads/images/...
+    #image_redirect_url: 'https://images.example.org'
+    
+    assets:
+      ## Serve static assets via the appserver.
+      ## This is highly discouraged for production use,
+      ## let your reverse proxy/webserver do it by serving the files
+      ## under public/ directly.
+      #serve: true
+      
+      ## Upload your assets to S3
+      #upload: true
+      
+      ## Specify an asset host. Ensure it does not have a trailing slash (/).
+      #host: http://cdn.example.org/diaspora
+    
+    ## Diaspora is only tested against this default pubsub server.
+    ## You likely don't want to change this.
+    #pubsub_server: 'https://pubsubhubbub.appspot.com/'
+  
+  
+  ## Settings probably affecting the privacy of your users 
+  privacy:
+    
+    ## Include jQuery from Google's CDN
+    ## This potentially saves you some traffic and speeds up
+    ## load time since most clients already have this one cached
+    #jquery_cdn: true
+    
+    ## Provide a key to enable tracking by Google Analytics 
+    #google_analytics_key:
+    
+    ## Piwik Tracking
+    ## Provide a site ID and the host piwik is running on to enable
+    ## tracking through Piwik.
+    piwik:
+      #enable: true
+      #host: 'stats.example.org'
+      #site_id: 1
+    
+    ## Mixpanel event tracking
+    #mixpanel_uid:
+    
+    ## Chartbeat tracking
+    #chartbeat_uid:
+  
+  ## General settings
+  settings:
+  
+    ## The name of your pod displayed in various locations,
+    ## including the header.
+    #pod_name: "Diaspora*"
+    
+    ## Set this to false to prevent people from signing up for your pod
+    ## without an invitation. Note that this needs to be true even for
+    ## the first registration (you).
+    #enable_registrations: true
+    
+    ## Set this to false if you don't want your users to follow the
+    ## diasporahq@joindiaspora.com account on account creation.
+    ## The diasporahq account helps users start with some activity in
+    ## their stream and get news about Diaspora, but if you don't want
+    ## your server to contact joindiaspora.com, set this to false:
+    #follow_diasporahq: false
+    
+    ## Settings about invitations
+    invitiations:
+      
+      ## Set this to true if you want users to invite as many
+      ## people as they want.
+      #open: true
+      
+      ## The default amount of invitiations an invite link has.
+      ## Every user has such a link. Only counts if open is false.
+      #count: 25
+    
+    ## Paypal donations
+    ## You can provide the ID of a hosted Paypal button here to kindly ask
+    ## your users for donations to run their pod. If you leave this out
+    ## we kindly ask your users to donate to the Diaspora Foundation :)
+    #paypal_hosted_button_id: ""
+    
+    ## Community Spotlight
+    ## The community spotlight gives new users a starting point on who
+    ## could be interesting Diasporas community. To add a person
+    ## to the spotlight add the 'spotlight' role to it.
+    community_spotlight:
+      #enable: false
+      ## E-Mail address users can make suggestions about who should be
+      ## in the spotlight to.
+      #suggest_email: 'admin@example.org'
+  
+  ## Setup E-Mail
+  mail:
+  
+    ## First you need to enable it ;)
+    #enable: true
+    
+    ## Sender address used in mail send by Diaspora
+    #sender_address: 'no-reply@example.org'
+    
+    ## This selects which mailer should be used. Take 'smtp' for a smtp
+    ## connection, 'sendmail' to use the sendmail binary or
+    ## 'messagebus' to use the messagebus service.
+    #method: 'smtp'
+    
+    ## Ignore if method isn't 'smtp'
+    smtp:
+      ## Host and port of the smtp server handling outgoing mail.
+      ## This should match the common name of the certificate
+      ## the SMTP server sends. If he sends one.
+      #host: 'smtp.example.org'
+      #port: 587
+      
+      ## Authentication required to send mail. Use one of 'plain',
+      ## 'login' or 'cram_md5'. Use 'none' if server does not support
+      ## authentication
+      #authentication: 'plain'
+      
+      ## Credentials to log in to the SMTP server - may be necessary if
+      ## authentication is not 'none'
+      #username: 'changeme'
+      #password: 'changeme'
+      
+      ## Automatically enable TLS? Ignored if authentication is set to none
+      #starttls_auto: true
+      
+      ## The domain for the HELO command if needed
+      #domain: 'smtp.example.org'
+      
+      ## OpenSSL verify mode used when connecting to a
+      ## SMTP server with TLS. Set this to none if you have
+      ## a self signed certificate. Possible values:
+      ## 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'
+      #openssl_verify_mode: 'none'
+    
+    ## Ignore if method isn't 'sendmail'
+    sendmail:
+      ## The path to the sendmail binary.
+      #location: '/usr/sbin/sendmail'
+      
+      ## Set this to true if you want to use exim and sendmail
+      #exim_fix: true
+    
+    ## Ignore if method isn't 'messagebus'
+    #message_bus_api_key: 'abcdef'
+  
+  ## Settings around Diasporas capabilities to post to services
+  services:
+    ## OAuth credentials for Facebook:
+    facebook:
+      #enable: true
+      #app_id: 'abcdef'
+      #secret: 'changeme'
+      ## this will be the namespace for your object,
+      ## it should be configured in your FB app
+      #open_graph_namespace: 
+    
+    ## OAuth credentials for Twitter:
+    twitter:
+      #enable: true
+      #key: 'abcdef'
+      #secret: 'changeme'
+    
+    ## OAuth credentials for Tumblr
+    tumblr:
+      #enable: true
+      #key: 'abcdef'
+      #secret: 'changeme'
+  
+  ## Settings relevant to administrators
+  admins:
+    
+    ## Set the admin account.
+    ## This doesn't make the user an admin but is used when a generic
+    ## admin contact is neeeded, much like the postmaster role in mail
+    ## systems. Set only the username, NOT the full ID.
+    #account: "podmaster"
+    
+    ## Resque is the background processing system used by Diaspora
+    ## Resque web is an admin tool for it. This settings decides whether
+    ## or not to inline it into Diaspora.
+    #inline_resque_web: true
+  
+    monitoring:
+      ## If you use Airbrake provide your API key here:
+      #airbrake_api_key: 'abcdef'
+      
+      ## If you use NewRelic provide your credentials here:
+      new_relic:
+        #enable: true
+        #app_name: 'foo'
+        #license_key: 'abcdef'
+    
+## Here you can make overides to settings defined above if you need
+## to have them different in different environments.
+production:
+  
+development:
+  environment:
+    #redis_url: 'redis://production.example.org:6379'
diff --git a/config/environment.rb b/config/environment.rb
index c55253105..690a781dc 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -13,7 +13,10 @@ end
 
 # Load the rails application
 require File.expand_path('../application', __FILE__)
-require File.join(Rails.root, "lib", "exceptions")
+require Rails.root.join("lib", "exceptions")
+
+# Load configuration system early 
+require Rails.root.join("config", "load_config")
 
 Haml::Template.options[:format] = :html5
 Haml::Template.options[:escape_html] = true
diff --git a/config/heroku.yml.example b/config/heroku.yml.example
index f069a6668..ba76bc21c 100644
--- a/config/heroku.yml.example
+++ b/config/heroku.yml.example
@@ -1,6 +1,6 @@
 defaults: &defaults
   HEROKU: true
-  application_yml: <%= '../' + '../' +'config/' + 'application.yml.example' %>
+  application_yml: <%= '../' + '../' +'config/' + 'diaspora.yml.example' %>
 production: 
   app: production
   stack: cedar
diff --git a/config/initializers/1_intialize_app_config.rb b/config/initializers/1_intialize_app_config.rb
deleted file mode 100644
index ccda76cc9..000000000
--- a/config/initializers/1_intialize_app_config.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-# Copyright (c) 2010-2011, Diaspora Inc.  This file is
-# licensed under the Affero General Public License version 3 or later.  See
-# the COPYRIGHT file.
-
-require Rails.root.join('app', 'models', 'app_config')
\ No newline at end of file
diff --git a/config/initializers/2_before_load_services.rb b/config/initializers/2_before_load_services.rb
deleted file mode 100644
index 48f2a23f3..000000000
--- a/config/initializers/2_before_load_services.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-#   Copyright (c) 2010-2011, Diaspora Inc.  This file is
-#   licensed under the Affero General Public License version 3 or later.  See
-#   the COPYRIGHT file.
-
-def load_config_yaml filename
-  YAML.load(ERB.new(File.read(filename)).result)
-end
-
-oauth_keys_file = Rails.root.join('config', 'oauth_keys.yml').to_s
-
-
-SERVICES = load_config_yaml("#{oauth_keys_file}.example")
-
-#this is to be backwards compatible with current production setups
-if File.exist? oauth_keys_file
-  ActiveSupport::Deprecation.warn("01/05/2012 keys in oauth_keys.yml should be moved into application.yml. SEE application.yml.example for updated key names")
-  SERVICES.deep_merge!(load_config_yaml(oauth_keys_file))
-end
diff --git a/config/initializers/3_setup_app_config.rb b/config/initializers/3_setup_app_config.rb
deleted file mode 100644
index 7125cb588..000000000
--- a/config/initializers/3_setup_app_config.rb
+++ /dev/null
@@ -1 +0,0 @@
-AppConfig.setup!
diff --git a/config/initializers/airbrake.rb b/config/initializers/airbrake.rb
index 5d7a680f8..1f5d46c05 100644
--- a/config/initializers/airbrake.rb
+++ b/config/initializers/airbrake.rb
@@ -3,8 +3,8 @@
 # the COPYRIGHT file.
 
 Airbrake.configure do |config|
-  if AppConfig[:airbrake_api_key].present?
-    config.api_key = AppConfig[:airbrake_api_key] 
+  if AppConfig.admins.monitoring.airbrake_api_key.present?
+    config.api_key = AppConfig.admins.monitoring.airbrake_api_key
   else
     # creative way to disable Airbrake, should be replaced once the gem provides a proper way
     config.development_environments << Rails.env
diff --git a/config/initializers/carrierwave.rb b/config/initializers/carrierwave.rb
index 148e3aab5..9782335ef 100644
--- a/config/initializers/carrierwave.rb
+++ b/config/initializers/carrierwave.rb
@@ -3,18 +3,18 @@
 #   the COPYRIGHT file.
 
 #Excon needs to see the CA Cert Bundle file
-ENV["SSL_CERT_FILE"] = AppConfig[:ca_file]
+ENV['SSL_CERT_FILE'] = AppConfig.environment.certificate_authorities.get
 CarrierWave.configure do |config|
-  if !Rails.env.test? && AppConfig[:s3_key] && AppConfig[:s3_secret] && AppConfig[:s3_bucket] && AppConfig[:s3_region]
+  if !Rails.env.test? && AppConfig.environment.s3.enable?
     config.storage = :fog
     config.cache_dir = Rails.root.join('tmp', 'uploads').to_s
     config.fog_credentials = {
-        :provider               => 'AWS',       
-        :aws_access_key_id      => AppConfig[:s3_key],       
-        :aws_secret_access_key  => AppConfig[:s3_secret],
-        :region                 => AppConfig[:s3_region]
+        :provider               => 'AWS',
+        :aws_access_key_id      => AppConfig.environment.s3.key.get,
+        :aws_secret_access_key  => AppConfig.environment.s3.secret.get,
+        :region                 => AppConfig.environment.s3.region.get
     }
-    config.fog_directory = AppConfig[:s3_bucket]
+    config.fog_directory = AppConfig.environment.s3.bucket.get
   else
     config.storage = :file
   end
diff --git a/config/initializers/check_session_secret.rb b/config/initializers/check_session_secret.rb
index 87e385c7e..563143dcf 100644
--- a/config/initializers/check_session_secret.rb
+++ b/config/initializers/check_session_secret.rb
@@ -1 +1,6 @@
-EnvironmentConfiguration.ensure_secret_token!
\ No newline at end of file
+if AppConfig.heroku?
+  Rails.application.config.secret_token = AppConfig.secret_token
+elsif !File.exists?( Rails.root.join('config', 'initializers', 'secret_token.rb'))
+  `bundle exec rake generate:secret_token`
+  require  Rails.root.join('config', 'initializers', 'secret_token.rb')
+end 
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 5e5ec0313..8f6c83204 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -21,9 +21,9 @@ Devise.setup do |config|
   require 'devise/orm/active_record'
 
   #mail setup
-  if AppConfig[:smtp_sender_address]
-    config.mailer_sender = AppConfig[:smtp_sender_address]
-  else
+  if AppConfig.mail.sender_address.present?
+    config.mailer_sender = AppConfig.mail.sender_address
+  elsif AppcConfig.mail.enable?
     unless Rails.env == 'test'
       Rails.logger.warn("No smtp sender address set, mail may fail.")
       puts "WARNING: No smtp sender address set, mail may fail."
diff --git a/config/initializers/enforce_ssl.rb b/config/initializers/enforce_ssl.rb
index 80f2bc97d..65a9951c1 100644
--- a/config/initializers/enforce_ssl.rb
+++ b/config/initializers/enforce_ssl.rb
@@ -2,7 +2,7 @@
 # licensed under the Affero General Public License version 3 or later.  See
 # the COPYRIGHT file.
 
-if EnvironmentConfiguration.enforce_ssl?
+if AppConfig.environment.require_ssl?
   Rails.application.config.middleware.insert_before 0, Rack::SSL
   puts "Rack::SSL is enabled"
 end
diff --git a/config/initializers/faraday.rb b/config/initializers/faraday.rb
index cd96e1c28..30b827fcb 100644
--- a/config/initializers/faraday.rb
+++ b/config/initializers/faraday.rb
@@ -3,7 +3,7 @@
 #   the COPYRIGHT file.
 options = {:timeout => 25}
 
-options[:ssl] = {:ca_file => EnvironmentConfiguration.ca_cert_file_location}
+options[:ssl] = {:ca_file => AppConfig.environment.certificate_authorities}
 Faraday.default_connection = Faraday::Connection.new(options) do |b|
   b.use FaradayMiddleware::FollowRedirects
   b.adapter Faraday.default_adapter
diff --git a/config/initializers/fetch_featured_users.rb b/config/initializers/fetch_featured_users.rb
deleted file mode 100644
index b09c0b1d0..000000000
--- a/config/initializers/fetch_featured_users.rb
+++ /dev/null
@@ -1,15 +0,0 @@
-#this breaks seed scripts
-
-if AppConfig[:featured_users].present? && AppConfig[:community_spotlight].blank?
-  AppConfig[:community_spotlight] = AppConfig[:featured_users]
-  puts "DEPRICATION WARNING (10/21/11): Please change `featured_users` in your application.yml to `community_spotlight`.  Thanks!"
-end
-
-unless EnvironmentConfiguration.prevent_fetching_community_spotlight?
-  print "Fetching community spotlight users from remote servers"
-  AppConfig[:community_spotlight].each do |x|
-    Webfinger.new(x).fetch
-    print "."
-  end
-  puts " done!"
-end
diff --git a/config/initializers/ignore_ssl_in_development.rb b/config/initializers/ignore_ssl_in_development.rb
index bf962fcb2..9ec8a2d9c 100644
--- a/config/initializers/ignore_ssl_in_development.rb
+++ b/config/initializers/ignore_ssl_in_development.rb
@@ -2,7 +2,7 @@
 # licensed under the Affero General Public License version 3 or later.  See
 # the COPYRIGHT file.
 
-if AppConfig[:ca_file].blank? && (Rails.env == "development")
+if AppConfig.environment.certificate_authorities.blank? && (Rails.env == "development")
   module OpenSSL
     module SSL
       remove_const :VERIFY_PEER
diff --git a/config/initializers/load_analyitics.rb b/config/initializers/load_analyitics.rb
index 338cd3c73..f8731f9d3 100644
--- a/config/initializers/load_analyitics.rb
+++ b/config/initializers/load_analyitics.rb
@@ -5,15 +5,16 @@
 
 if Rails.env == 'production'
   Diaspora::Application.configure do
-    if AppConfig[:google_a_site].present?
+    if AppConfig.privacy.google_analytics_key.present?
       config.gem 'rack-google-analytics', :lib => 'rack/google-analytics'
-      config.middleware.use Rack::GoogleAnalytics, :tracker => AppConfig[:google_a_site]
+      config.middleware.use Rack::GoogleAnalytics, :tracker => AppConfig.privacy.google_analytics_key.get
     end
 
-    if AppConfig[:piwik_url].present?
+    if AppConfig.privacy.piwik.enable?
       require 'rack/piwik'
       config.gem 'rack-piwik', :lib => 'rack/piwik'
-      config.middleware.use Rack::Piwik, :piwik_url => AppConfig[:piwik_url], :piwik_id => AppConfig[:piwik_id]
+      config.middleware.use Rack::Piwik, :piwik_url => AppConfig.privacy.piwik.host.get, 
+                                         :piwik_id => AppConfig.privacy.piwik.site_id.get
     end
   end
 end
diff --git a/config/initializers/mailer_config.rb b/config/initializers/mailer_config.rb
index b8b818c5d..6cd89dd87 100644
--- a/config/initializers/mailer_config.rb
+++ b/config/initializers/mailer_config.rb
@@ -4,51 +4,49 @@
 require Rails.root.join('lib', 'messagebus', 'mailer')
 
 Diaspora::Application.configure do
-  config.action_mailer.default_url_options = {:protocol => AppConfig[:pod_uri].scheme,
-                                              :host => AppConfig[:pod_uri].authority }
-  config.action_mailer.asset_host = AppConfig[:pod_uri].to_s
-  config.action_mailer.perform_deliveries = AppConfig[:mailer_on]
+  config.action_mailer.default_url_options = {:protocol => AppConfig.pod_uri.scheme,
+                                              :host => AppConfig.pod_uri.authority }
+  config.action_mailer.asset_host = AppConfig.pod_uri.to_s
+  config.action_mailer.perform_deliveries = AppConfig.mail.enable?
 
-  unless Rails.env == 'test' || AppConfig[:mailer_on] != true
-    if AppConfig[:mailer_method] == 'messagebus'
+  unless Rails.env == 'test' || !AppConfig.mail.enable?
+    if AppConfig.mail.method == 'messagebus'
 
-      if AppConfig[:message_bus_api_key].present?
-
-        config.action_mailer.delivery_method = Messagebus::Mailer.new(AppConfig[:message_bus_api_key])
+      if AppConfig.mail.message_bus_api_key.present?
+        config.action_mailer.delivery_method = Messagebus::Mailer.new(AppConfig.mail.message_bus_api_key.get)
         config.action_mailer.raise_delivery_errors = true
       else
         puts "You need to set your messagebus api key if you are going to use the message bus service. no mailer is now configured"
       end
-    elsif AppConfig[:mailer_method] == "sendmail"
+    elsif AppConfig.mail.method == "sendmail"
       config.action_mailer.delivery_method = :sendmail
       sendmail_settings = {
-        :location => AppConfig[:sendmail_location]
+        :location => AppConfig.mail.sendmail.location.get
       }
-      sendmail_settings[:arguments] = "-i" if AppConfig[:sendmail_exim_fix]
+      sendmail_settings[:arguments] = "-i" if AppConfig.mail.sendmail.exim_fix?
       config.action_mailer.sendmail_settings = sendmail_settings
-    else
+    elsif AppConfig.mail.method == "smtp"
       config.action_mailer.delivery_method = :smtp
-      if AppConfig[:smtp_authentication] == "none"
-        config.action_mailer.smtp_settings = {
-          :address => AppConfig[:smtp_address],
-          :port => AppConfig[:smtp_port],
-          :domain => AppConfig[:smtp_domain],
-          :enable_starttls_auto => false,
-          :openssl_verify_mode => AppConfig[:smtp_openssl_verify_mode]
-        }
-      else
-        config.action_mailer.smtp_settings = {
-          :address => AppConfig[:smtp_address],
-          :port => AppConfig[:smtp_port],
-          :domain => AppConfig[:smtp_domain],
-          :authentication => AppConfig[:smtp_authentication].gsub('-', '_').to_sym,
-          :user_name => AppConfig[:smtp_username],
-          :password => AppConfig[:smtp_password],
-          :enable_starttls_auto => AppConfig[:smtp_starttls_auto],
-          :openssl_verify_mode => AppConfig[:smtp_openssl_verify_mode]
-        }
+      smtp_settings = {
+        :address => AppConfig.mail.smtp.host.get,
+        :port => AppConfig.mail.smtp.port.to_i,
+        :domain => AppConfig.mail.smtp.domain.get,
+        :enable_starttls_auto => false,
+        :openssl_verify_mode => AppConfig.mail.smtp.openssl_verify_mode.get
+      }
+      
+      if AppConfig.mail.smtp.authentication != "none"
+        smtp_settings.merge!({
+          :authentication => AppConfig.mail.smtp.authentication.gsub('-', '_').to_sym,
+          :user_name => AppConfig.mail.smtp.username.get,
+          :password => AppConfig.mail.smtp.password.get,
+          :enable_starttls_auto => AppConfig.mail.smtp.starttls_auto?
+        })
       end
+      
+      config.action_mailer.smtp_settings = smtp_settings
+    else
+      $stderr.puts "WARNING: Mailer turned on with unknown method #{AppConfig.mail.method}. Mail won't work."
     end
   end
-
 end
diff --git a/config/initializers/newrelic.rb b/config/initializers/newrelic.rb
index 5a7d107e8..b4e3a0979 100644
--- a/config/initializers/newrelic.rb
+++ b/config/initializers/newrelic.rb
@@ -2,6 +2,6 @@
 # licensed under the Affero General Public License version 3 or later.  See
 # the COPYRIGHT file.
 
-if EnvironmentConfiguration.using_new_relic?
+if AppConfig.admins.monitoring.new_relic.enable?
   require 'newrelic_rpm'
 end
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index 6049dee4d..32e390b5b 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -3,14 +3,15 @@
 #   the COPYRIGHT file.
 
 Rails.application.config.middleware.use OmniAuth::Builder do
-  if SERVICES['twitter'] && SERVICES['twitter']['consumer_key'] && SERVICES['twitter']['consumer_secret']
-    provider :twitter, SERVICES['twitter']['consumer_key'], SERVICES['twitter']['consumer_secret']
+  if AppConfig.services.twitter.enable?
+    provider :twitter, AppConfig.services.twitter.key, AppConfig.services.twitter.secret
   end
-  if SERVICES['tumblr'] && SERVICES['tumblr']['consumer_key'] && SERVICES['tumblr']['consumer_secret']
-    provider :tumblr, SERVICES['tumblr']['consumer_key'], SERVICES['tumblr']['consumer_secret']
+  if AppConfig.services.tumblr.enable?
+    provider :tumblr, AppConfig.services.tumblr.key, AppConfig.services.tumblr.secret
   end
-  if SERVICES['facebook'] && SERVICES['facebook']['app_id'] && SERVICES['facebook']['app_secret']
-    provider :facebook, SERVICES['facebook']['app_id'], SERVICES['facebook']['app_secret'],  { :display => "popup", :scope => "publish_actions,publish_stream,offline_access",
-                                                                                               :client_options => {:ssl => {:ca_file => EnvironmentConfiguration.ca_cert_file_location}}}  
+  if AppConfig.services.facebook.enable?
+    provider :facebook, AppConfig.services.facebook.app_id, AppConfig.services.facebook.secret,
+             { :display => "popup", :scope => "publish_actions,publish_stream,offline_access",
+               :client_options => {:ssl => {:ca_file => AppConfig.environment.certificate_authorities }}}  
   end
 end
diff --git a/config/initializers/resque.rb b/config/initializers/resque.rb
index c89f86723..1ed9eaf0f 100644
--- a/config/initializers/resque.rb
+++ b/config/initializers/resque.rb
@@ -2,26 +2,26 @@ require 'resque'
 
 Resque::Plugins::Timeout.timeout = 300
 
-if !AppConfig.single_process_mode?
+if !AppConfig.environment.single_process_mode?
   Resque.redis = AppConfig.get_redis_instance
 end
 
 # Single process-mode hooks using Resque.inline
-if AppConfig.single_process_mode?
+if AppConfig.environment.single_process_mode?
   if Rails.env == 'production'
     puts "WARNING: You are running Diaspora in production without Resque"
     puts "  workers turned on.  Please set single_process_mode to false in"
-    puts "  config/application.yml."
+    puts "  config/diaspora.yml."
   end
   Resque.inline = true
 end
 
-if AppConfig[:airbrake_api_key].present?
+if AppConfig.admins.monitoring.airbrake_api_key.present?
   require 'resque/failure/multiple'
   require 'resque/failure/airbrake'
   require 'resque/failure/redis'
   Resque::Failure::Airbrake.configure do |config|
-    config.api_key = AppConfig[:airbrake_api_key]
+    config.api_key = AppConfig.admins.monitoring.airbrake_api_key
     config.secure = true
   end
   Resque::Failure::Multiple.classes = [Resque::Failure::Redis, Resque::Failure::Airbrake]
@@ -29,7 +29,7 @@ if AppConfig[:airbrake_api_key].present?
 end
 
 
-if AppConfig[:mount_resque_web]
+if AppConfig.admins.inline_resque_web?
   require 'resque/server'
   require Rails.root.join('lib', 'admin_rack')
   Resque::Server.use AdminRack
diff --git a/config/initializers/set_up_image_redirects.rb b/config/initializers/set_up_image_redirects.rb
index 94d4d90d9..64126a620 100644
--- a/config/initializers/set_up_image_redirects.rb
+++ b/config/initializers/set_up_image_redirects.rb
@@ -1,8 +1,8 @@
-if AppConfig[:image_redirect_url].present?
+if AppConfig.environment.image_redirect_url.present?
   require 'rack-rewrite'
 
   Rails.application.config.middleware.insert(0, Rack::Rewrite) do
-    r301 %r{/uploads/images/(.*)}, "#{AppConfig[:image_redirect_url]}/uploads/images/$1"
-    r301 %r{/landing/(.*)}, "#{AppConfig[:image_redirect_url]}/landing/$1"
+    r301 %r{/uploads/images/(.*)}, "#{AppConfig.environment.image_redirect_url}/uploads/images/$1"
+    r301 %r{/landing/(.*)}, "#{AppConfig.environment.image_redirect_url}/landing/$1"
   end
-end
\ No newline at end of file
+end
diff --git a/config/initializers/static_assets.rb b/config/initializers/static_assets.rb
index 4284e185d..d645ec958 100644
--- a/config/initializers/static_assets.rb
+++ b/config/initializers/static_assets.rb
@@ -3,6 +3,6 @@
 #   the COPYRIGHT file.
 
 Diaspora::Application.configure do
-  config.serve_static_assets = AppConfig[:serve_static_assets] unless AppConfig[:serve_static_assets].nil?
+  config.serve_static_assets = AppConfig.environment.serve_static_assets?
   # config.static_cache_control = "public, max-age=3600" if AppConfig[:serve_static_assets].to_s == 'true'
 end
diff --git a/config/initializers/version_header.rb b/config/initializers/version_header.rb
index d9215a556..9d3eaf294 100644
--- a/config/initializers/version_header.rb
+++ b/config/initializers/version_header.rb
@@ -2,12 +2,4 @@
 #   licensed under the Affero General Public License version 3 or later.  See
 #   the COPYRIGHT file.
 
-
-if EnvironmentConfiguration.cache_git_version?
-	git_cmd = `git log -1 --pretty="format:%H %ci"`
-	if git_cmd =~ /^([\d\w]+?)\s(.+)$/
-	  AppConfig[:git_revision] = $1
-	  AppConfig[:git_update] = $2.strip
-	  ENV["RAILS_ASSET_ID"] = AppConfig[:git_revision][0..8] if Rails.env.production?
-	end
-end
\ No newline at end of file
+ENV["RAILS_ASSET_ID"] = AppConfig.rails_asset_id if Rails.env.production? && ! AppConfig.heroku?
diff --git a/config/load_config.rb b/config/load_config.rb
new file mode 100644
index 000000000..1e7cfd5ba
--- /dev/null
+++ b/config/load_config.rb
@@ -0,0 +1,41 @@
+require Rails.root.join('lib', 'configuration')
+require Rails.root.join('lib', 'configuration', 'methods')
+
+config_dir = Rails.root.join("config")
+
+if File.exists?(config_dir.join("application.yml"))
+  $stderr.puts "ATTENTION: There's a new configuration system, please remove your"
+  $stderr.puts "           application.yml and migrate your settings."
+end
+
+
+AppConfig ||= Configuration::Settings.create do
+  add_provider Configuration::Provider::Dynamic
+  add_provider Configuration::Provider::Env
+  
+  unless heroku? || Rails.env == "test" || File.exists?(config_dir.join("diaspora.yml"))
+    $stderr.puts "FATAL: Configuration not found. Copy over diaspora.yml.example"
+    $stderr.puts "       to diaspora.yml and edit it to your needs."
+    Process.exit(1)
+  end
+  
+  add_provider Configuration::Provider::YAML,
+               config_dir.join("diaspora.yml"),
+               namespace: Rails.env, required: false
+  add_provider Configuration::Provider::YAML,
+               config_dir.join("diaspora.yml"),
+               namespace: "configuration", required: false
+  add_provider Configuration::Provider::YAML,
+               config_dir.join("defaults.yml"),
+               namespace: Rails.env
+  add_provider Configuration::Provider::YAML,
+               config_dir.join("defaults.yml"),
+               namespace: "defaults"
+  
+  extend Configuration::Methods
+  
+  if Rails.env == "production"  && (environment.certificate_authorities.blank? || !File.exists?(environment.certificate_authorities.get))
+    $stderr.puts "FATAL: Diaspora doesn't know where your certificate authorities are. Please ensure they are set to a valid path in diaspora.yml"
+    Process.exit(1)
+  end
+end
diff --git a/config/newrelic.yml b/config/newrelic.yml
index a254b0457..ecc8e491c 100644
--- a/config/newrelic.yml
+++ b/config/newrelic.yml
@@ -14,7 +14,7 @@ common: &default_settings
   # You must specify the license key associated with your New Relic
   # account.  This key binds your Agent's data to your account in the
   # New Relic service.
-  license_key: <%= AppConfig['NEW_RELIC_LICENSE_KEY'] %>
+  license_key: <%= AppConfig.admins.monitoring.new_relic.license_key %>
   
   # Agent Enabled (Ruby/Rails Only)
   # Use this setting to force the agent to run or not run.
@@ -33,7 +33,7 @@ common: &default_settings
   # "All UI" then specify a semicolon-separated list of up to three
   # distinct names.  If you comment this out, it defaults to the 
   # capitalized RAILS_ENV (i.e., Production, Staging, etc)
-  app_name: <%= AppConfig.new_relic_app_name %>
+  app_name: <%= AppConfig.admins.monitoring.new_relic.app_name %>
 
   # When "true", the agent collects performance data about your 
   # application and reports this data to the New Relic service at
diff --git a/config/oauth_keys.yml.example b/config/oauth_keys.yml.example
deleted file mode 100644
index 4bbeb2d14..000000000
--- a/config/oauth_keys.yml.example
+++ /dev/null
@@ -1,9 +0,0 @@
-twitter:
-  consumer_key: <%= AppConfig['twitter_consumer_key'] %>
-  consumer_secret: <%= AppConfig['twitter_consumer_secret'] %>
-facebook:
-  app_id: <%=AppConfig['facebook_app_id'] %>
-  app_secret: <%= AppConfig['facebook_app_secret'] %>
-tumblr:
-  consumer_key: <%= AppConfig['tumblr_consumer_key'] %>
-  consumer_secret: <%= AppConfig['tumblr_consumer_secret'] %>
diff --git a/config/routes.rb b/config/routes.rb
index 45e81aaf9..6ae77aca4 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -213,7 +213,7 @@ Diaspora::Application.routes.draw do
   get 'protocol' => redirect("https://github.com/diaspora/diaspora/wiki/Diaspora%27s-federation-protocol")
 
   # Resque web
-  if AppConfig[:mount_resque_web]
+  if AppConfig.admins.inline_resque_web?
     mount Resque::Server.new, :at => '/resque-jobs', :as => "resque_web"
   end
 
diff --git a/config/unicorn.rb b/config/unicorn.rb
index 7c6810b7e..97a8d3889 100644
--- a/config/unicorn.rb
+++ b/config/unicorn.rb
@@ -46,7 +46,7 @@ after_fork do |server, worker|
   ActiveRecord::Base.establish_connection
 
   # copy pasta from resque.rb because i'm a bad person
-  if !AppConfig.single_process_mode?
+  if !AppConfig.environment.single_process_mode?
     Resque.redis = AppConfig.get_redis_instance
   end