4.4 KiB
feeds.ini
Peering
In order to actually be distributed, you need another person to sync posts with, otherwise what's the point right?
Peering over the regular internet with TLS
Requirements:
- Each Side's server must have a domain name
- Each Side must have each other's certificates (.crt files) in the
certsfolder - Each Side's
srnd.inicrypto section must have entrytls-hostname = domain.tldwhere domain.tld is the domain name of the server it is on - Each Side's
srnd.ininntp section must have entryrequire_tls = 1
If Alice owns nntp.alice.net and Bob owns nntp.bob.com and are both using port 1199 the configs for each side are as follows:
# alice's srnd.ini crypto section
...
[crypto]
tls-hostname = nntp.alice.net
tls-trust-dir = certs
tls-keyname = overchan-alice
# alice's feeds.ini
[feed-bob]
host = nntp.bob.com
port = 1199
[bob]
overchan.* = 1
ctl = 1
# bob's srnd.ini crypto section
...
[crypto]
tls-hostname = nntp.bob.com
tls-trust-dir = certs
tls-keyname = overchan-bob
# bob's feeds.ini
[feed-alice]
host = nntp.alice.net
port = 1199
[alice]
overchan.* = 1
ctl = 1
Each side's certs directory contains 2 files:
- overchan-alice-nntp.alice.net.crt (alice's certificate)
- overchan-bob-nntp.bob.com.crt (bob's certificate)
Alice keeps overchan-alice-nntp.alice.net.key secret and never shares it
Bob keeps overchan-bob-nntp.bob.com.key secret and never shares it
Peering Authentication with passwords
adding / removing credentials via the command line:
# add an nntp login via command line
srndv2 tool nntp add-login user-name-here pass-word-here
# remove an nntp login via command line
srndv2 tool nntp del-login user-name-here
Example feeds.ini:
# section pair in feeds.ini
# connects to nntp.something.tld:1199 and authenticates with a username and password
# sync = 1 makes you download all applicable posts from the remote server on startup
[feed-authenticated]
host = nntp.something.tld
port = 1199
username = user-user-here
password = pass-word-here
sync = 1
[authenticated]
overchan.* = 1
ctl = 1
Peering over Tor
Install Tor
apt-get install tor
Make a tor hidden service point from outside port 119 to port 1199 Add to /etc/tor/torrc:
HiddenServiceDir /var/lib/tor/nntp_feed
HiddenServicePort 119 127.0.0.1:1199
restart/reload tor then
cat /var/lib/tor/nntp_feed/hostname
This is your in feed address
If you use an onion with tls, srnd.ini crypto section should have the entry tls-hostname = youroniongoeshere.onion. If you don't use tls NEVER disclose the onion address to anyone not trusted.
Then to peer with someone over tor add this to you feeds.ini
[feed-ourpeer.onion]
host=PeersOnionAddress.onion
port=119
proxy-type=socks4a
proxy-host=127.0.0.1
proxy-port=9050
[ourpeer.onion]
overchan=1
ctl=1
Options
####You need one connection and one settings block for each connection
Here is an example entry in feeds.ini
[feed-them.onion]
host=aabbccddeeff2233.onion
port=119
proxy-type=socks4a
proxy-host=127.0.0.1
proxy-port=9050
username=somerandomusername
password=somerandompassword
[them.onion]
overchan=1
ano.paste=0
ctl=1
But what does it mean?
[feed-them.onion]
Connection settings for a peer
host=aabbccddeeff2233.onion
port=119
proxy-type=socks4a
proxy-host=127.0.0.1
proxy-port=9050
Proxy settings, straight forward. Supported proxy types are socks4a and none
[them.onion]
NNTP synchronization settings
overchan=1
Sync all boards, use
overchan.bad=0
to prevent certain boards from syncing with certain peers. It can be used to keep bad boards out or keep exclusive boards in
ano.paste=0
This WILL be the nntpchan pastebin, but it's not implemented yet
ctl=1
Allows you to recieve moderation notifications from other boards, it's also used for decentralized moderation
Alternative config location
If you would like to have your feeds.ini somewhere other than in the working directory, you can set the SRND_FEEDS_INI_PATH environment variable. For example, if you would like to use /etc/nntpchan/meems.ini, edit ~/.profile and add export SRND_FEEDS_INI_PATH=/etc/nntpchan/meems.ini.