4.1 KiB
feeds.ini
##Peering
In order to actually be distributed, you need another person to sync posts with, otherwise what's the point right?
###Peering over the regular internet with TLS
Requirements:
- Each Side's server must have a domain name
- Each Side must have each other's certificates (.crt files) in the
certs
folder - Each Side's
srnd.ini
crypto section must have entrytls-hostname = domain.tld
where domain.tld is the domain name of the server it is on - Each Side's
srnd.ini
nntp section must have entryrequire_tls = 1
If Alice owns nntp.alice.net
and Bob owns nntp.bob.com
and are both using port 1199
the configs for each side are as follows:
# alice's srnd.ini crypto section
...
[crypto]
tls-hostname = nntp.alice.net
tls-trust-dir = certs
tls-keyname = overchan-alice
# alice's feeds.ini
[feed-bob]
host = nntp.bob.com
port = 1199
[bob]
overchan.* = 1
ctl = 1
# bob's srnd.ini crypto section
...
[crypto]
tls-hostname = nntp.bob.com
tls-trust-dir = certs
tls-keyname = overchan-bob
# bob's feeds.ini
[feed-alice]
host = nntp.alice.net
port = 1199
[alice]
overchan.* = 1
ctl = 1
Each side's certs
directory contains 2 files:
- overchan-alice-nntp.alice.net.crt (alice's certificate)
- overchan-bob-nntp.bob.com.crt (bob's certificate)
Alice keeps overchan-alice-nntp.alice.net.key
secret and never shares it
Bob keeps overchan-bob-nntp.bob.com.key
secret and never shares it
###Peering Authentication with passwords
adding / removing credentials via the command line:
# add an nntp login via command line
srndv2 tool nntp add-login user-name-here pass-word-here
# remove an nntp login via command line
srndv2 tool nntp del-login user-name-here
Example feeds.ini
:
# section pair in feeds.ini
# connects to nntp.something.tld:1199 and authenticates with a username and password
# sync = 1 makes you download all applicable posts from the remote server on startup
[feed-authenticated]
host = nntp.something.tld
port = 1199
username = user-user-here
password = pass-word-here
sync = 1
[authenticated]
overchan.* = 1
ctl = 1
###Peering over Tor
Install Tor
apt-get install tor
Make a tor hidden service point from outside port 119 to port 1199 Add to /etc/tor/torrc:
HiddenServiceDir /var/lib/tor/nntp_feed
HiddenServicePort 119 127.0.0.1:1199
restart/reload tor then
cat /var/lib/tor/nntp_feed/hostname
This is your in feed address
If you use an onion with tls, srnd.ini
crypto section should have the entry tls-hostname = youroniongoeshere.onion
. If you don't use tls NEVER disclose the onion address to anyone not trusted.
Then to peer with someone over tor add this to you feeds.ini
[feed-ourpeer.onion]
host=PeersOnionAddress.onion
port=119
proxy-type=socks4a
proxy-host=127.0.0.1
proxy-port=9050
[ourpeer.onion]
overchan=1
ctl=1
##Options
####You need one connection and one settings block for each connection
Here is an example entry in feeds.ini
[feed-them.onion]
host=aabbccddeeff2233.onion
port=119
proxy-type=socks4a
proxy-host=127.0.0.1
proxy-port=9050
username=somerandomusername
password=somerandompassword
[them.onion]
overchan=1
ano.paste=0
ctl=1
But what does it mean?
[feed-them.onion]
Connection settings for a peer
host=aabbccddeeff2233.onion
port=119
proxy-type=socks4a
proxy-host=127.0.0.1
proxy-port=9050
Proxy settings, straight forward. Supported proxy types are socks4a
and none
[them.onion]
NNTP synchronization settings
overchan=1
Sync all boards, use
overchan.bad=0
to prevent certain boards from syncing with certain peers. It can be used to keep bad boards out or keep exclusive boards in
ano.paste=0
This WILL be the nntpchan pastebin, but it's not implemented yet
ctl=1
Allows you to recieve moderation notifications from other boards, it's also used for decentralized moderation