✨: add config

template/config.ini.template

@@ -217,7 +217,7 @@ stripe-secret-key=
 [paste.sr.ht]
 #
 # URL paste.sr.ht is being served at (protocol://domain)
-origin=http://paste.sr.ht.local
+origin={{pastesrht_domain}}
 #
 # Address and port to bind the debug server to
 debug-host=0.0.0.0
@@ -238,3 +238,224 @@ oauth-client-secret=
 # Only needed if not run behind a reverse proxy, e.g. for local development.
 # By default, the API port is 100 more than the web port
 #api-origin=http://localhost:5111
+
+[lists.sr.ht]
+#
+# URL lists.sr.ht is being served at (protocol://domain)
+origin={{listsrht_domain}}
+#
+# Address and port to bind the debug server to
+debug-host=0.0.0.0
+debug-port=5006
+#
+# Configures the SQLAlchemy connection string for the database.
+connection-string=postgresql://postgres@localhost/lists.sr.ht
+#
+# Set to "yes" to automatically run migrations on package upgrade.
+migrate-on-upgrade=yes
+#
+# The redis connection used for the webhooks worker
+webhooks=redis://localhost:6379/1
+#
+# The redis connection used for the Celery worker (configure this on both the
+# master and workers)
+redis=redis://localhost:6379/0
+#
+# The domain that incoming email should be sent to. Forward mail sent here to
+# the LTMP socket.
+posting-domain={{listsrht_domain}}
+#
+# lists.sr.ht's OAuth client ID and secret for meta.sr.ht
+# Register your client at meta.example.org/oauth
+oauth-client-id=
+oauth-client-secret=
+#
+# Trusted upstream SMTP server generating Authentication-Results header fields
+msgauth-server=mail.sr.ht.local
+#
+# If "no", prevents non-admins from creating new lists
+allow-new-lists=yes
+#
+# Origin URL for the API
+# Only needed if not run behind a reverse proxy, e.g. for local development.
+# By default, the API port is 100 more than the web port
+#api-origin=http://localhost:5106
+
+[lists.sr.ht::worker]
+# Protocol used by the daemon. Either lmtp or smtp. By default ltmp if using
+# unix socket and smtp if using tcp socket.
+protocol=lmtp
+#
+# Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
+# Alternatively, specify IP:PORT will run the server using tcp.
+sock=/tmp/lists.sr.ht-lmtp.sock
+#
+# The lmtp daemon will make the unix socket group-read/write for users in this
+# group.
+sock-group=postfix
+#
+# Comma-delimited list of Content-Types to reject. Messages with Content-Types
+# included in this list are rejected. Multipart messages are always supported,
+# and each part is checked against this list.
+#
+# Uses fnmatch for wildcard expansion.
+reject-mimetypes=text/html
+#
+# Link to include in the rejection message where senders can get help
+# correcting their email.
+reject-url=https://man.sr.ht/lists.sr.ht/etiquette.md
+
+[lists.sr.ht::api]
+#
+# Maximum complexity of GraphQL queries. The higher this number, the more work
+# that API clients can burden the API backend with. Complexity is equal to the
+# number of discrete fields which would be returned to the user. 200 is a good
+# default.
+max-complexity=200
+
+#
+# The maximum time the API backend will spend processing a single API request.
+#
+# See https://golang.org/pkg/time/#ParseDuration
+max-duration=90s
+
+#
+# Set of IP subnets which are permitted to utilize internal API
+# authentication. This should be limited to the subnets from which your
+# *.sr.ht services are running.
+#
+# Comma-separated, CIDR notation.
+internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
+
+[lists.sr.ht::redirects]
+#
+# Redirects for migrating old mailing lists to new ones. This just sets up the
+# redirect for incoming emails.
+#
+# old-address=~example/new-name
+
+[todo.sr.ht]
+#
+# URL todo.sr.ht is being served at (protocol://domain)
+origin={{todosrht_domain}}
+#
+# Address and port to bind the debug server to
+debug-host=0.0.0.0
+debug-port=5003
+#
+# Configures the SQLAlchemy connection string for the database.
+connection-string=postgresql://postgres@localhost/todo.sr.ht
+#
+# Set to "yes" to automatically run migrations on package upgrade.
+migrate-on-upgrade=yes
+#
+# todo.sr.ht's OAuth client ID and secret for meta.sr.ht
+# Register your client at meta.example.org/oauth
+oauth-client-id=CHANGEME
+oauth-client-secret=CHANGEME
+#
+# Outgoing email for notifications generated by users
+notify-from=CHANGEME@example.org
+#
+# The redis connection used for the webhooks worker
+webhooks=redis://localhost:6379/1
+#
+# Origin URL for the API
+# Only needed if not run behind a reverse proxy, e.g. for local development.
+# By default, the API port is 100 more than the web port
+#api-origin=http://localhost:5103
+
+[todo.sr.ht::mail]
+#
+# Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
+# Alternatively, specify IP:PORT and an SMTP server will be run instead.
+sock=/tmp/todo.sr.ht-lmtp.sock
+#
+# The lmtp daemon will make the unix socket group-read/write for users in this
+# group.
+sock-group=postfix
+#
+# Fill this in with the name of the domain to which emails should be sent.
+# Leave blank to disable email submission.
+posting-domain=
+
+[builds.sr.ht]
+#
+# URL builds.sr.ht is being served at (protocol://domain)
+origin={{buildsrht_domain}}
+#
+# Address and port to bind the debug server to
+debug-host=0.0.0.0
+debug-port=5002
+#
+# Configures the SQLAlchemy connection string for the database.
+connection-string=postgresql://postgres@localhost/builds.sr.ht
+#
+# Set to "yes" to automatically run migrations on package upgrade.
+migrate-on-upgrade=yes
+#
+# The redis connection used for the Celery worker (configure this on both the
+# master and workers)
+redis=redis://localhost:6379/0
+#
+# builds.sr.ht's OAuth client ID and secret for meta.sr.ht
+# Register your client at meta.example.org/oauth
+oauth-client-id=
+oauth-client-secret=
+#
+# Script used to launch on ssh connnection. /usr/bin/master-shell on master,
+# /usr/bin/runner-shell for workers.
+# If master and worker are on the same system set to /usr/bin/runner-shell
+shell=/usr/bin/master-shell
+#
+# Set to "yes" to allow nonpaying users to submit builds
+allow-free=yes
+#
+# Origin URL for the API
+# Only needed if not run behind a reverse proxy, e.g. for local development.
+# By default, the API port is 100 more than the web port
+#api-origin=http://localhost:5102
+
+#
+# These config options are only necessary for systems running a build runner
+[builds.sr.ht::worker]
+#
+# Name of this build runner (with HTTP port if not 80)
+name=runner.sr.ht.local
+#
+# Path to write build logs
+buildlogs=./logs
+#
+# Path to the build images
+images=./images
+#
+# In production you should NOT put the build user in the docker group. Instead,
+# make a scratch user who is and write a sudoers or doas.conf file that allows
+# them to execute just the control command, then update this config option. For
+# example:
+#
+#   doas -u docker /var/lib/images/control
+#
+# Assuming doas.conf looks something like this:
+#
+#   permit nopass builds as docker cmd /var/lib/images/control
+#
+# For more information about the security model of builds.sr.ht, visit the wiki:
+#
+#   https://man.sr.ht/builds.sr.ht/installation.md
+controlcmd=./images/control
+#
+# Max build duration. See https://golang.org/pkg/time/#ParseDuration
+timeout=45m
+#
+# Http bind address for serving local build information/monitoring
+bind-address=0.0.0.0:8080
+#
+# Build trigger email
+trigger-from=
+#
+# Configure the S3 bucket and prefix for object storage. Leave empty to disable
+# object storage. Bucket is required to enable object storage; prefix is
+# optional.
+s3-bucket=
+s3-prefix=