1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
[default]
# identifier used in http response headers
ident = "minor skulk"
# limit to request parameter size. must be at least 32KiB.
limits.string = "32 KiB"
# limit to binary data size. avatars are sent as binary data,
# so this setting also limits the maximum permissible avatar
# size.
limits.bytes = "128 KiB"
# connection string for the database (mandatory)
#
# current only postgresql is supported, with libpq connection strings.
#
#database_url = "postgresql:///minorskulk"
# base location of the server (mandatory)
#
# this is the base url of the server, e.g. `https://my.domain` if you are running
# at the root of a domain or `https://my.domain/minorskulk` if you are running
# behind a reverse proxy that changes the root path.
# NOTE: if this is set incorrectly, *nothing will work*. the url is used as part
# of a request signing scheme, so setting this incorrectly will break all requests
# that use this signing scheme (which includes the login process).
#
#location = "https://my.domain"
# base location of the synstorage token server (mandatory)
#
# this is the base url of your syncstorage token server, i.e. a syncstorage-rs
# instance. the token server must also be configured to use this instance to
# verify client tokens by setting `tokenserver.fxa_email_domain` to some local
# value and `tokenserver.fxa_oauth_server_url` to `<location>/oauth/v1`.
#
# this url will only be rendered into the client autoconfig descriptor. setting
# an incorrect url here will not impact the function of minor skulk, but it will
# require setting not just the account server url in firefox but the token server
# url as well.
#
#token_server_location = "https://synstorage.my.domain"
# vapid key for push notifications (mandatory)
#
# this must be set to the path to a valid EC key, generated for example with
#
# openssl ecparam -genkey -name prime256v1 -out private_key.pem
#
# not setting this key will cause all push notifications to fail, including tab
# sending between devices on one account.
#
#vapid_key = "/etc/secrets/minor-skulk-push-key.pem"
# vapid subject identifier (mandatory)
#
# must be set to a mailto: address or a web url. mozilla ostensibly uses this
# information to contact you if weird things happen, and will reject pushes
# from server that do not provide this datum.
#vapid_subject = "mailto:minorskulk@my.domain"
# default push notification TTL (optional)
#
# default lifetime of push notifications sent through the mozilla webpush service.
# notifications that cannot be delivered within this time frame will be dropped.
#
#default_push_ttl = "2 days"
# expired token prune interval (optional)
#
# pruning interval for:
# - expired key fetch token
# - expired oauth tokens
# - expired oauth authorization code
# - expired device commands
# - expired invite codes
#
#prune_expired_interval = "5 minutes"
# mail-from address (mandatory)
#
# all emails sent by minor skulk will be sent from this address.
#
#mail_from = "minor skulk <noreply@my.domain>"
# mail host (optional)
#
# mail host to use when sending emails.
#
#mail_host = "localhost"
# mail port (optional)
#
# port to use when connecting to `mail_host`.
#
#mail_port = 25
# mail user (optional)
#
# user name to use in smtp auth with `mail_host`. no authentication
# will be attempted if unset.
#
#mail_user = user
# mail password (optional)
#
# password to use in smtp auth with `mail_host`. no authentication
# will be attempted if unset.
#
#mail_password = verysecretpassword
# mail starttls support (optional)
#
# whether or not to use starttls for mail connections.
#
#mail_starttls = false
# invite only mode (optional)
#
# if set this instance will run in invite-only mode, disabling public
# registrations and requiring a single-use invite link to create a new
# account instead. invite links can be generated by the invite admin
# using the special (hidden) `#/generate-invite` fragment identifier
# on their account settings page.
#
#invite_only = false
# invite admin (optional)
#
# email address of the user capable of creating invite links. if no user
# is registered with the configured email address during startup a new
# invite code will be generated (valid for one hour) and written to the
# log. this check is done on every startup, so not setting this value will
# produce a new invite code every time minor skulk starts.
#
#invite_admin_address = "admin@my.domain"
|
