diff options
| author | pennae <github@quasiparticle.net> | 2022-07-26 13:54:56 +0200 |
|---|---|---|
| committer | pennae <github@quasiparticle.net> | 2022-07-26 13:54:56 +0200 |
| commit | db843891f27f5560421095f48aefbb9756643ff8 (patch) | |
| tree | 458b9ff3df94d9a5a4fcf725194e2921d3d0c394 | |
| parent | 199874e56c62563fc28fbb69eb31d606a396b969 (diff) | |
| download | minor-skulk-db843891f27f5560421095f48aefbb9756643ff8.tar.gz minor-skulk-db843891f27f5560421095f48aefbb9756643ff8.tar.xz minor-skulk-db843891f27f5560421095f48aefbb9756643ff8.zip | |
add some extra warning to readme
| -rw-r--r-- | README.md | 18 |
1 files changed, 13 insertions, 5 deletions
@@ -17,6 +17,9 @@ to): - support tools - and others. +**WARNING**: no security audit of this project has been done. it may or may not +eat or expose your data. use at your own risk. + # requirements - postgresql 14 or newer @@ -29,22 +32,27 @@ to): minor skulk is built using cargo. rust version 1.61 and newer should work, older versions have not been tested. - * compile minor-skulk with `cargo build`. - * edit `Rocket.toml`, settings values for all the mandatory parameters - * for test deployments it's sufficient to use the http server provided by - minor-skulk. live deployments **must** use a reverse proxy to add TLS! + * compile with `cargo build` + * edit `Rocket.toml`, setting values for all the mandatory parameters + * for test deployments it's sufficient to use the built-in http server. live + deployments **must** use a reverse proxy to add TLS! * install [syncstorage-rs](https://github.com/mozilla-services/syncstorage-rs) * configure syncstorage-rs for a single-node setup as exemplified in [this nixos module](https://github.com/NixOS/nixpkgs/pull/176835). you will also have to set `tokenserver.fxa_oauth_server_url` as noted in `Rocket.toml`, otherwise actual sync will not work. +minor skulk should be run under a dedicated user account that is *not* shared +with syncstorage-rs. it should definitely *not* be run as root. as previously +mentioned, deploying this on the internet **must** be done through a TLS proxy +since minor skulk itself does not handle TLS in any way. + # configuring firefox desktop go to `about:config` and set `identity.fxaccounts.autoconfig.uri` to the address of your server, e.g. `http://localhost:8000` if you're just starting minor-skulk locally for testing. if you are not using https you -must also create a `identity.fxaccounts.allowHttp` settings with value `true`, +must also create a `identity.fxaccounts.allowHttp` setting with value `true`, otherwise firefox will not accept the config. restart firefox for the changes to take effect, then create an account or log in as usual. |