502 lines
17 KiB
Plaintext
502 lines
17 KiB
Plaintext
{
|
|
/*
|
|
./\/\.' ENiGMA½ System Configuration -/--/-------- - -- -
|
|
|
|
_____________________ _____ ____________________ __________\_ /
|
|
\__ ____/\_ ____ \ /____/ / _____ __ \ / ______/ // /___jp!
|
|
// __|___// | \// |// | \// | | \// \ /___ /_____
|
|
/____ _____| __________ ___|__| ____| \ / _____ \
|
|
---- \______\ -- |______\ ------ /______/ ---- |______\ - |______\ /__/ // ___/
|
|
/__ _\
|
|
<*> ENiGMA½ // HTTPS://GITHUB.COM/NUSKOOLER/ENIGMA-BBS <*> /__/
|
|
|
|
*-----------------------------------------------------------------------------*
|
|
Generated by ENiGMA½ v%ENIG_VERSION% / hjson v%HJSON_VERSION%
|
|
*-----------------------------------------------------------------------------*
|
|
|
|
|
|
------------------------------- -- - -
|
|
General Information
|
|
------------------------------- - -
|
|
This configuration is in HJSON (http://hjson.org/) format. Strict to-spec
|
|
JSON is also perfectly valid. Use 'hjson' from npm to convert to/from JSON.
|
|
|
|
See http://hjson.org/ for more information and syntax.
|
|
|
|
Various editors and IDEs such as Sublime Text 3, Visual Studio Code, and so
|
|
on have syntax highlighting for the HJSON format which are highly recommended.
|
|
|
|
|
|
------------------------------- -- - -
|
|
Configuration
|
|
------------------------------- - -
|
|
ENiGMA½ is *highly* configurable, and thus can be overwhelming at first!
|
|
|
|
By default, this file contains common configuration elements, examples, etc.
|
|
To see a more complete view of settings available to the system, don't be
|
|
afraid to open up core/config.js and look around. Do not make changes there
|
|
however! All system configuration can be extended and defaults overridden
|
|
via this file!
|
|
|
|
Please see RTFM ...er, uh... see the documentation for more information, and
|
|
don't be shy to ask for help:
|
|
|
|
BBS : Xibalba @ xibalba.l33t.codes
|
|
FTN : BBS Discussion on fsxNet
|
|
IRC : #enigma-bbs / FreeNode
|
|
Email : bryan@l33t.codes
|
|
*/
|
|
|
|
general: {
|
|
// Your BBS Name!
|
|
boardName: XXXXX
|
|
|
|
// Your BBS name, with pipe codes for styling
|
|
prettyBoardName : '|08XXXXX'
|
|
|
|
// Telnet hostname and port for your board
|
|
telnetHostname : 'xibalba.l33t.codes:44510'
|
|
|
|
// SSH hostname and port for your board
|
|
sshHostname : 'xibalba.l33t.codes:44511'
|
|
|
|
// Your board's website
|
|
website : 'https://enigma-bbs.github.io'
|
|
|
|
// Short board description
|
|
description : 'Yet another awesome ENiGMA½ BBS'
|
|
}
|
|
|
|
paths: {
|
|
//
|
|
// Other paths can also be configured as well,
|
|
// but generally unnecessary
|
|
//
|
|
logs: XXXXX
|
|
}
|
|
|
|
logging: {
|
|
//
|
|
// Each block here represents a Bunyan style config.
|
|
// See https://github.com/trentm/node-bunyan#streams
|
|
//
|
|
// Remember you can pipe logs through Bunyan to pretty-print:
|
|
// Linux : tail -F ./logs/enigma-bbs.log | bunyan
|
|
// PowerShell : Get-Content .\enigma-bbs.log -Tail 15 | bunyan.cmd
|
|
//
|
|
// (npm install -g bunyan to get the binary)
|
|
//
|
|
// We default to a rotating-file stream:
|
|
// https://github.com/trentm/node-bunyan#stream-type-rotating-file
|
|
//
|
|
rotatingFile: {
|
|
// If you're having trouble, try setting this to "trace"
|
|
level: XXXXX
|
|
}
|
|
}
|
|
|
|
theme: {
|
|
// Default theme applied to new users. "*" indicates random.
|
|
default: XXXXX
|
|
// Theme applied before a user has logged in. "*" indicates random.
|
|
preLogin: XXXXX
|
|
|
|
//
|
|
// dateFormat, timeFormat, and dateTimeFormat blocks configure
|
|
// moment.js (https://momentjs.com/docs/#/displaying/) style formats
|
|
// for dates and times. Short and long versions are available.
|
|
// Note that themes may override these settings.
|
|
//
|
|
}
|
|
|
|
//
|
|
// Login servers represent available servers (or protocols) in which
|
|
// users are permitted to access your system.
|
|
//
|
|
loginServers: {
|
|
// Remember kids, Telnet is insecure!
|
|
telnet: {
|
|
// It's best to use non-privileged ports and NAT/foward to them
|
|
port: XXXXX
|
|
}
|
|
|
|
// ...but SSH *is* secure!
|
|
ssh: {
|
|
port: XXXXX
|
|
|
|
//
|
|
// To enable SSH, perform the following steps:
|
|
//
|
|
// 1 - Generate a Private Key (PK):
|
|
// Currently ENiGMA 1/2 requires a PKCS#1 PEM formatted PK.
|
|
// To generate a secure PK, issue the following command:
|
|
//
|
|
// > openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 \
|
|
// -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa \
|
|
// -out ./config/ssh_private_key.pem -aes128
|
|
//
|
|
// (The above is a more modern equivelant of the following):
|
|
// > openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048
|
|
//
|
|
// 2 - Set 'privateKeyPass' to the password you used in step #1
|
|
//
|
|
// 3 - Finally, set 'enabled' to 'true'
|
|
//
|
|
// Additional reading:
|
|
// - https://blog.sleeplessbeastie.eu/2017/12/28/how-to-generate-private-key/
|
|
// - https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b
|
|
//
|
|
enabled: XXXXX
|
|
|
|
// set this to your PK's password, generated in step #1 above
|
|
privateKeyPass: SuperSecretPasswordChangeMe!
|
|
|
|
//
|
|
// It's possible to lock down various algorithms available to
|
|
// SSH, but be aware this may limit the clients that can connect!
|
|
//
|
|
algorithms: {}
|
|
}
|
|
|
|
webSocket: {
|
|
//
|
|
// Setting "proxied" to true allows non-secure (ws://) WebSockets
|
|
// to be considered secure when the X-Fowarded-Proto HTTP header
|
|
// is set to "https". This is helpful when ENiGMA is running behind
|
|
// another web server doing SSL/TLS termination.
|
|
//
|
|
proxied: false
|
|
|
|
// Non-secure WebSockets, or ws://
|
|
ws: {
|
|
port: XXXXX
|
|
}
|
|
|
|
// Secure WebSockets, or wss://
|
|
wss: {
|
|
port: XXXXX
|
|
enabled: XXXXX
|
|
|
|
//
|
|
// Certificate and Key in PEM format.
|
|
// Note that web browsers will not trust self-signed certs. Look
|
|
// into Let's Encrypt and perhaps running ENiGMA behind another
|
|
// web server such as Caddy.
|
|
//
|
|
certPem: XXXXX
|
|
keyPem: XXXXX
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Content Servers expose content from the system
|
|
//
|
|
contentServers: {
|
|
//
|
|
// The Web Content Server can expose content over HTTP (http://) and
|
|
// HTTPS (https://) for (but not limited to) the following purposes:
|
|
// * Static content
|
|
// * Web downloads from the file base
|
|
// * Password reset forms (sent to users in PW reset emails; see
|
|
// "email" block below)
|
|
//
|
|
web: {
|
|
// Set to your public FQDN
|
|
domain: another-fine-enigma-bbs.org
|
|
|
|
// Standard issue "www" folder. Place static content here
|
|
staticRoot: XXXXX
|
|
|
|
//
|
|
// This block configures password reset emails. Template files
|
|
// support the following variables:
|
|
// * %BOARDNAME% : Name of BBS
|
|
// * %USERNAME% : Username of whom to reset password
|
|
// * %TOKEN% : Reset token
|
|
// * %RESET_URL% : In case of email, the link to follow
|
|
// for reset. In case of landing page, URL to POST submit reset form.
|
|
//
|
|
resetPassword: {
|
|
|
|
}
|
|
|
|
http: {
|
|
port: XXXXX
|
|
}
|
|
|
|
https: {
|
|
port: XXXXX
|
|
enabled: XXXXX
|
|
|
|
//
|
|
// Note that web browsers will not trust self-signed certs. Look
|
|
// into Let's Encrypt and perhaps running ENiGMA behind another
|
|
// web server such as Caddy.
|
|
//
|
|
}
|
|
}
|
|
|
|
// Ladies and gentlemen, a Gopher server!
|
|
gopher: {
|
|
port: XXXXX
|
|
enabled: false
|
|
|
|
// bannerFile path in misc/ by default. Full paths allowed.
|
|
bannerFile: XXXXX
|
|
|
|
//
|
|
// The Gopher Content Server can export message base
|
|
// conferences and areas via the "messageConferences" key.
|
|
//
|
|
// Example:
|
|
// messageConferences: {
|
|
// some_conf: [ "area_tag1", "area_tag2" ]
|
|
// }
|
|
//
|
|
}
|
|
|
|
// You may also wish to enable NNTP services
|
|
nntp: {
|
|
//
|
|
// Set publicMessageConferences{} to configure
|
|
// publicly exposed conferences & areas.
|
|
//
|
|
// Example:
|
|
// publicMessageConferences: {
|
|
// some_conf: [ "area_tag1", "area_tag2" ]
|
|
// }
|
|
//
|
|
publicMessageConferences: {}
|
|
|
|
// non-secure
|
|
nntp: {
|
|
enabled: false
|
|
port: XXXXX
|
|
}
|
|
|
|
// secure (TLS)
|
|
nntps: {
|
|
enabled: false
|
|
port: XXXXX
|
|
|
|
//
|
|
// You will need a SSL/TLS certificate and key
|
|
//
|
|
certPem: XXXXX
|
|
keyPem: XXXXX
|
|
}
|
|
}
|
|
}
|
|
|
|
chatServers: {
|
|
// multi relay chat settings. No need to sign up, just enable it.
|
|
// More info: https://bbswiki.bottomlessabyss.net/index.php?title=MRC_Chat_platform
|
|
mrc: {
|
|
enabled : false
|
|
serverHostname : 'mrc.bottomlessabyss.net'
|
|
serverPort : 5000
|
|
}
|
|
}
|
|
|
|
//
|
|
// Currently, ENiGMA½ can use external email to mail
|
|
// users for password resets. Additional functionality will
|
|
// be added in the future.
|
|
//
|
|
email: {
|
|
//
|
|
// Set the following keys to configure:
|
|
// * "defaultFrom" to the reply address
|
|
// * "transport" to a configuration block that meets the
|
|
// requirements of Nodemailer (https://nodemailer.com/)
|
|
//
|
|
// Example:
|
|
// transport: {
|
|
// service: Zoho
|
|
// auth: {
|
|
// user: myuser@myhost.com
|
|
// pass: supersecretpassword
|
|
// }
|
|
// }
|
|
//
|
|
}
|
|
|
|
// Message conferences and areas are within this block
|
|
messageConferences: {
|
|
// An entry here prepresents a conference taka aka confTag
|
|
another_sample_conf: {
|
|
name: "Another Sample Conference"
|
|
desc: "Another conf sample. Change me!"
|
|
areas: {
|
|
// Similar to confTags, this is a areaTag
|
|
another_sample_area: {
|
|
name: "Another Sample Area"
|
|
desc: "Another area example. Change me!"
|
|
// The 'sort' key can override natural sort order and can live at the conference and area levels
|
|
sort: 2
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Configuration block for scanner/tosser modules
|
|
scannerTossers: {
|
|
// The most popular being FTN/BSO style networks
|
|
ftn_bso: {
|
|
//
|
|
// When you're ready to hook up to FTN networks, please
|
|
// see the documentation on message networks.
|
|
//
|
|
}
|
|
}
|
|
|
|
//
|
|
// ENiGMA½ comes with a very powerful File Base, but may be a bit strange
|
|
// until you get used to it. Please see the documentation!
|
|
//
|
|
fileBase: {
|
|
//
|
|
// Storage tags with relative paths (that is, paths that do not start
|
|
// with a "/") are relative to the following path:
|
|
//
|
|
areaStoragePrefix: XXXXX
|
|
|
|
//
|
|
// Storage tags create a tag -> directory (relative or full path)
|
|
// that can be used in areas.
|
|
//
|
|
storageTags: {
|
|
//
|
|
// Example storage tag: "super_l33t_warez":
|
|
// super_l33t_warez: "/path/to/super/l33t/warez"
|
|
//
|
|
}
|
|
|
|
areas: {
|
|
//
|
|
// Example area with the areaTag of "an_example_area":
|
|
// an_example_area: {
|
|
// name: "Example File Area"
|
|
// desc: "It's just an example, yo!"
|
|
// storageTags: [
|
|
// "super_l33t_warez"
|
|
// ]
|
|
// }
|
|
//
|
|
// File Base Areas are read-only (ie: download only) by default.
|
|
// To make a uploadable area, set ACS as you like. For example,
|
|
// to allow all users to upload to an area:
|
|
//
|
|
// an_example_area: {
|
|
// // ...
|
|
// acs: {
|
|
// write: GM[users]
|
|
// }
|
|
// }
|
|
}
|
|
}
|
|
|
|
// General user configuration
|
|
users: {
|
|
//
|
|
// ENiGMA½ utilizes user groups similar to Windows and *nix. Built in groups
|
|
// include "users" (for regular users) and "sysops" for +ops. You can add other
|
|
// groups to the system as well by adding a 'groups' key in this section:
|
|
// groups: [
|
|
// "leet", "lamerz"
|
|
// ]
|
|
//
|
|
//
|
|
// Set default group(s) new users should automatically be assigned to:
|
|
// defaultGroups : [
|
|
// "lamerz"
|
|
// ]
|
|
//
|
|
|
|
// Should new users require +op activation?
|
|
requireActivation: false,
|
|
|
|
// How long pre-authenticated users (have not logged in) can idle
|
|
preAuthIdleLogoutSeconds: XXXXX
|
|
|
|
// How long authenticated users (logged in) can idle
|
|
idleLogoutSeconds: XXXXX
|
|
|
|
// Usernames reserved for applying to your system
|
|
newUserNames: []
|
|
|
|
// Handling of failed logins
|
|
failedLogin : {
|
|
// disconnect after N failed attempts. 0=disabled.
|
|
disconnect : XXXXX
|
|
|
|
// Lock the user out after N failed attempts. 0=disabled.
|
|
lockAccount : XXXXX
|
|
|
|
//
|
|
// If locked out, how long until the user can login again?
|
|
// Set to 0 to disable auto-unlock
|
|
//
|
|
autoUnlockMinutes : XXXXX
|
|
},
|
|
|
|
// Allow email driven password resets to unlock accounts?
|
|
unlockAtEmailPwReset : XXXXX
|
|
}
|
|
|
|
// Archive files and related
|
|
archives: {
|
|
archivers: {
|
|
//
|
|
// Each key in the "archivers" configuration block represents a specific
|
|
// external archive utility. ENiGMA½ has sane configuration by default
|
|
// for many archivers, but the tools themselves are likely not yet installed
|
|
// on your system!
|
|
//
|
|
// You'll want to have archivers configured for the many old-school archive
|
|
// formats that a BBS may encounter! Please consult the documentation on
|
|
// information as to where to find and install these utilities!
|
|
//
|
|
}
|
|
}
|
|
|
|
fileTransferProtocols: {
|
|
//
|
|
// Each key in the "fileTransferProtocols" configuration block defines
|
|
// an external file transfer utility for legacy protocols such as
|
|
// X, Y, and Z-Modem.
|
|
//
|
|
// You will want to ensure your system has these external utilities
|
|
// installed and/or define new or additional protocols. Please
|
|
// see the documentation for more information!
|
|
//
|
|
}
|
|
|
|
//
|
|
// Use the Event Scheduler to set up arbitrary scheduled events
|
|
// using Later style syntax and/or @watch files.
|
|
// See docs/event-scheduler.md for more information.
|
|
//
|
|
eventScheduler: {
|
|
events: {
|
|
// Example:
|
|
//
|
|
// sampleEvent: {
|
|
// schedule: every 2 hours
|
|
// action: @execute:/path/to/some/script.sh
|
|
// args: [
|
|
// "--foo", "--bar"
|
|
// ]
|
|
// }
|
|
}
|
|
}
|
|
|
|
statLog: {
|
|
systemEvents: {
|
|
// Max login history event records kept. -1 = unlimited
|
|
loginHistoryMax: -1
|
|
}
|
|
}
|
|
}
|