config file refactor

1 files changed, 105 insertions, 0 deletions

diff --git a/example.conf b/example.conf
new file mode 100644
index 0000000..6181fcf
--- /dev/null
+++ b/example.conf
@@ -0,0 +1,105 @@
+# "auth" is a global directive that defines a named authentication strategy.
+# The "auth" keyword is followed by a name, and then the strategy.
+# "clienttlsfile" is a strategy which takes a path to a file which contains line-delimited SHA256 fingerprints of client certificates.
+# Tildes (~) are allowed in the file path, in which case the strategy is only usable in a ~user-scoped directive.
+auth private_gemini clienttlsfile ~/.private_gemini
+
+# The "clienttls" strategy takes comma-separated SHA256 fingerprints of client certificates.
+auth is_tony clienttls 0284bcb38d7c98548df4a67587163276373ea8f9a8cc931a89f475557bd9f3a3
+
+# The "hasclienttls" strategy requires only that the request be made with a client certificate.
+auth is_named hasclienttls
+
+# "systemuser" is a global directive which controls privilege dropping.
+# After performing some root-only actions (binding to gopher and finger ports, reading server key and certificate files),
+#   sr-71 will attempt to change its effective user to the named user (which may be a numeric user id).
+# Alternatively, sr-71 can work when started as a non-root user but the "systemuser" directive shouldn't be used, and it won't be able to serve any protocol on privileged ports.
+systemuser nobody
+
+# "loglevel" defines the minimum log level that will be sent to stdout.
+# Allowed values are "debug", "info", "warn", "error".
+# Omitting the "loglevel" directive allows all logs through, equivalent to "loglevel debug".
+loglevel debug
+
+# define a gopher server
+# This IP/port is the default, both components are optional.
+# To specify a port without changing the IP default, write it like ":70".
+gopher 0.0.0.0:70 {
+	# A gopher server MUST include a single "host" directive with a single hostname.
+	# It will be used for internal links, such as in directory listings.
+	host tjp.lol
+
+	# A gopher server may include a single "servertls" directive like gemini (example below).
+	# In that case the gopher server will host encrypted gopher with TLS.
+
+	# The "static" directive exposes a filesystem directory at a given path prefix.
+	# It will only serve files which are world-readable.
+	# "with" introduces comma-separated modifiers to a directive.
+	#   - "exec" causes world-executable files to be executed as if they were in a cgi directory.
+	#   - "extendedgophermap" allows the sliderule extended form for gophermap files.
+	#   - "dirdefault <name>" uses a given filename for requests made for the directory.
+	#   - "dirlist" builds listings of requested directories, at a lower priority than "dirdefault".
+	static /var/gopher/docs at / with dirdefault gophermap, dirlist, exec, extendedgophermap
+
+	# The "cgi" directive exposes a filesystem directory at a path prefix as well but executes requested files.
+	# It will only execute world-executable files.
+	# It supports only the "extendedgophermap" modifier.
+	# Executed files are assumed to produce gophermap, although the "extendedgophermap" modifier can make this more friendly.
+	cgi /var/gopher/cgi at /cgi-bin with extendedgophermap
+
+	# Directives which result in exposing a filesystem directory may include tilde (~) characters.
+	# It must be present in both the path prefix and the filesystem path, or neither (not one without the other).
+	# In the path prefix it will match a "~username" path segment and the user name will be captured.
+	# If the filesystem path begins with "~/", it represents the user's home directory.
+	# Otherwise, the tilde will be replaced by the user's name.
+	# So on a system where users' home directories are at /home, "/home/~" and "~" are the same (though the latter is more general).
+	static ~/public_gopher at /~ with dirdefault gophermap, dirlist, exec, extendedgophermap
+	cgi ~/public_gopher/cgi-bin at /~/cgi-bin
+
+	# The "git" directive exposes git repos under a filesystem directory.
+	# Only git repositories in the given filesystem directory (not its children) are exposed.
+	git ~/code at /~/code
+}
+
+# define a finger server
+# This is the default host and port, and both or either may be omitted.
+# Only a single "static" or "cgi" directive is allowed in a finger server.
+# In either case a ~ must be present in the path, and there is no "at <prefix>" clause.
+# "static ... with exec" differs from "cgi" in that if the file is not executable, "static" will serve the file's contents instead.
+# There is no support for /W extended form, user listings, or serving as a jump host.
+finger 0.0.0.0:79 {
+	static ~/.finger with exec
+}
+
+# define a gemini server
+# This is the default host and port, and both or either may be omitted.
+gemini 0.0.0.0:1965 {
+	# "host" directives are allowed in gemini servers.
+	# "host" is followed by one or more comma-separated hostnames that will be used to match this server.
+	# Multiple gemini servers may be defined on the same IP/port, in which case the hosts will delineate
+	#   which server's behavior is triggered by a given request.
+	host tjp.lol
+
+	# A gemini server MUST have a single "servertls" directive with "key <keyfile>" and "cert <certfile>" clauses.
+	servertls key /var/gemini/tls/server.key cert /var/gemini/tls/server.crt
+
+	# "static" and "cgi" directives work much like in gopher servers.
+	# There is no "extendedgophermap" modifier in gemini, however.
+	static /var/gemini/docs at / with dirdefault index.gmi, dirlist, exec
+	cgi /var/gemini/cgi at /cgi-bin
+
+	# The "autoatom" modifier is allowed on directives in a gemini server.
+	# It causes any text/gemini responses to be available as atom at <path>.atom.
+	# It uses the "Subscribing to Gemini pages" spec (gemini://geminiprotocol.net/docs/companion/subscription.gmi)
+	#   to convert the text/gemini to Atom.
+	# The "titan" modifier allows uploads to world-writable directories.
+	# It can only be used on "static" directives in gemini servers.
+	# It takes a required auth name which will guard just titan requests.
+	static ~/public_gemini at /~ with dirdefault index.gmi, dirlist, exec, autoatom, titan private_gemini
+	cgi ~/public_gemini/cgi-bin at /~/cgi-bin
+
+	# "static", "cgi", and "git" directives support an "auth <name>" clause which requires that an authentication to pass.
+	cgi ~/public_gemini/cgi-bin/private at /~/cgi-bin/private auth private_gemini
+
+	git ~/code at /~/code
+}