commit b4de18716aee4057814e677a8cb6932d7beabecb
parent 95cb2ce961b75ffa402087020aadd36a13b0d176
Author: none <none>
Date: Sun, 21 Jun 2020 11:35:36 +0000
create a modular "general settings" server setup
the sensible.cfg will contains sensible informations and thus should not
be updated by a repo.
IP addresses are considered private data, the files:
* ban.cfg
* limit.cfg
* mute.cfg
* allow.cfg
should not be updated either, depending on your country's laws.
All those files were thus added to .gitignore.
Diffstat:
8 files changed, 296 insertions(+), 0 deletions(-)
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,5 @@
+sensible.cfg
+ban.cfg
+limit.cfg
+mute.cfg
+allow.cfg
diff --git a/allow.cfg b/allow.cfg
@@ -0,0 +1,2 @@
+/// adds to the allow list
+// addallow ip.address
diff --git a/ban.cfg b/ban.cfg
@@ -0,0 +1,2 @@
+/// adds to the ban list
+// addban ip.address
diff --git a/limit.cfg b/limit.cfg
@@ -0,0 +1,2 @@
+/// adds to the limited list (can't change teams, etc)
+// addlimit ip.address
diff --git a/localop.cfg b/localop.cfg
@@ -0,0 +1,11 @@
+/// this file lists a number of players authentified by master server and gives
+/// them some privileges or recognition.
+///
+/// Syntax: addlocalop USER ACCESS_LEVEL
+/// ACCESS_LEVEL can then be one of:
+/// (a)dministrator: can change security settings and anything else
+/// (o)perator: can change game variables
+/// (m)oderator: can kick and ban
+/// (s)upporter: no special privileges, but gets a special icon to
+/// identify them as friends, teammates, etc.
+// addlocalop USER ACCESS_LEVEL
diff --git a/mute.cfg b/mute.cfg
@@ -0,0 +1,2 @@
+/// adds to the chat mute list
+// adds to the chat mute list
diff --git a/privileges.cfg b/privileges.cfg
@@ -0,0 +1,249 @@
+/// This file aims at making it easier to setup a server without gameplay
+/// changes.
+/// It tries describes the network and authentification sides of server setup,
+/// but intentionnally avoids embedding informations that one should not share.
+/// Instead, those are defined in the file "sensible.cfg", which is executed
+/// (aka included) here 1st.
+/// To further help avoiding leaks, here is a list of the dangerous (to share)
+/// variables:
+/// serverpass
+/// adminpass
+/// serveraccountpass
+/// serverauthkey
+/// ircpass
+/// Hopefully this should help one to automate safety checks.
+
+exec sensible.cfg
+
+////////////////////////////////////////////////////////////////////////////////
+/// general settings
+/// Those are the traditional IP/port, number of clients allowed, network
+/// traffic, informations publication settings, etc.
+////////////////////////////////////////////////////////////////////////////////
+/// this server can bind to a specific IP and needs 2 consecutive ports.
+/// Only 1st lower port can be set, the 2nd upper port is determined by lower+1
+// serverip "127.0.0.1" // cmdline: -siN
+// serverport 28801
+/// type of server:
+/// 1 = private (does not register with masterserver)
+/// 2 = public
+/// 3 = dedicated
+// servertype 3
+/// server description, appears on serverbrowser and scoreboard
+// sv_serverdesc "My server"
+/// server message of the day, will be printed on client's HUD when they connect
+// sv_servermotd "Welcome to my server!"
+/// maximum number of allowed clients
+// sv_serverclients 16
+/// maximum upload speed (cmdline: -suN). Upload of what, I don't know, though.
+// serveruprate 0
+
+
+////////////////////////////////////////////////////////////////////////////////
+/// public/dedicated (what's the difference?) server settings
+/// for public servers, a connection to a master can be used. The master will
+/// publish the server's settings to clients, and handle global players
+/// authentifications.
+/// It is apparently possible to have the "local" server authentied to the
+/// master server, but the benefits of doing so are unknown of me at the time of
+/// this writing.
+////////////////////////////////////////////////////////////////////////////////
+/// host server tries to use as master by default; cmdline: -smS
+// servermaster "play.redeclipse.net"
+/// master server port which server *connects* to; cmdline: -saN
+// servermasterport 28800
+/// Server Auth Handling
+///determines if the server should attempt to auth
+// serverauthconnect 1
+///server's auth handle
+// serveraccountname handle
+
+
+////////////////////////////////////////////////////////////////////////////////
+/// User management.
+/// allows to register IP to various lists, to give rights to some (or all)
+/// users, etc.
+/// There are two ways of setting local privileged access:
+/// [1] set a server password, access granted with in game command "/setmaster"
+/// [2] specific players identified by master and give them some local rights.
+///////////////////////////////////////////////////////////////////////////////
+/// includes (exec) a file that defines a list of users authentified by master
+/// and gives them some roles.
+/// Multiple lists can of course be provided, for example if you host servers
+/// several groups of people.
+exec localop.cfg
+/// those files include lists of IPs that are automatically added to some lists
+/// by the server.
+/// Read them for more informations.
+/// As for localop.cfg, they can be split.
+/// There were no real example usage in original servinit.cfg, and I have no
+/// idea if other than single IPv4 list are supported (ranges, IPv6...)
+exec ban.cfg
+exec allow.cfg
+exec mute.cfg
+exec limit.cfg
+
+/// determines server openness for public use
+/// This allows players to acquire new privileges on server
+/// 0 = allow "setpriv 1" and locked/private
+/// 1 = allow "setpriv 1" but no privileged mode, no locked/private
+/// 2 = allow "setpriv 1" but disallows private privileged mode
+/// (for public coop-editing),
+/// 3 = privilege only by moderator or above
+// sv_serveropen 3
+
+/// determines if authorities claim status by default
+// sv_autoadmin 0
+
+/// determines privileges (who may...)
+/// Value description:
+/// 0 = off (everyone?)
+/// 1 = player
+/// 2 = supporter
+/// 3 = moderator
+/// 4 = operator
+/// 5 = administrator
+/// 6 = developer
+/// 7 = founder
+/// 8 = nobody
+///
+/// list of privileges:
+/// sv_demolock allows demo recording
+/// sv_editlock allows spawn+edit when editing if mastermode = 2 (lock)
+/// sv_spawneditlock allows spawn when editing if mastermode = 2 (lock)
+/// sv_speclock allows force spectate other players
+/// sv_kicklock allows kicking other players
+/// sv_allowlock allows allowing other players
+/// sv_banlock allows banning other players
+/// sv_mutelock allows muting other players
+/// sv_limitlock allows limiting other players
+/// sv_vetolock allows forcing votes
+/// sv_floodlock allows flooding
+/// sv_crclock allows to join despite incorrect CRC integrity check
+/// sv_modelock allows to bypass locked modes (modelocktype)
+/// sv_mapslock allows to bypass locked maps (mapslocktype)
+/// sv_varslock allows to change variables
+/// sv_votelock allows to vote? (votelocktype)
+/// sv_gamespeedlock allows to change game speed (also limited by varslock)
+// sv_demolock 4
+// sv_editlock 4
+// sv_spawneditlock 3
+// sv_speclock 3
+// sv_kicklock 3
+// sv_allowlock 4
+// sv_banlock 4
+// sv_mutelock 3
+// sv_limitlock 3
+// sv_vetolock 4
+// sv_floodlock 4
+// sv_crclock 8
+// sv_modelock 4
+// sv_mapslock 4
+// sv_varslock 4
+// sv_votelock 4
+// sv_gamespeedlock 5
+
+////////////////////////////////////////////////////////////////////////////////
+/// misc
+////////////////////////////////////////////////////////////////////////////////
+/// 0 pauses the game, 1 unpauses it. Server automatically unpauses the game at
+/// start, they say, and I have no idea who can set this variable.
+/// Keeping it here allows to remember/learn about it though.
+// sv_gamepaused 0
+
+/// when should some lists or other things be reset:
+/// 0 = off,
+/// 1 = just when empty,
+/// 2 = when matches end
+/// sv_resetmmonend: privilege mode changes
+/// sv_resetallowsonend: allow list
+/// sv_resetbansonend: ban list
+/// sv_resetmutesonend: mute list
+/// sv_resetlimitsonend: limite list
+/// sv_resetvarsonend: game variables
+// sv_resetmmonend 2
+// sv_resetallowsonend 1
+// sv_resetbansonend 1
+// sv_resetmutesonend 1
+// sv_resetlimitsonend 1
+// sv_resetvarsonend 1
+
+
+////////////////////////////////////////////////////////////////////////////////
+/// auto-mute settings
+////////////////////////////////////////////////////////////////////////////////
+/// maximum warning before mute
+// sv_floodmute 3
+/// time span to check for floody messages
+// sv_floodtime 10000
+/// number of lines in floodtime span before too many
+// sv_floodlines 5
+
+
+////////////////////////////////////////////////////////////////////////////////
+/// vote settings
+/// Actually, game threshold is 50%, I have no clue if it can be changed.
+/// The vote system implemented is the traditional "this or nothing" one. Pretty
+/// inefficient for a game with that much mutators/modes, but condorcet would
+/// probably confuse people anyway, and hard to implement.
+////////////////////////////////////////////////////////////////////////////////
+/// time in milliseconds before a player may cast another vote (to avoid flooding)
+// sv_votewait 2500
+/// how to decide if players agree on suggestions:
+/// 0 = votes don't pass mid-match or need to wait entire time in inter-match
+/// 1 = passes if votethreshold is met
+/// 2 = passes if unanimous
+// sv_votestyle 2
+// sv_voteinterm 2
+
+
+////////////////////////////////////////////////////////////////////////////////
+/// demo recording
+/// games can be recorded for further examination. They can be kept in memory
+/// or saved on disk, manually or automatically.
+/// The server implements a rotation system, but I think one should better rely
+/// on dedicated tools instead (e.g. logrotate) on real servers.
+////////////////////////////////////////////////////////////////////////////////
+/// demo recording politics (should record, should save, max size, etc)
+/// should demos be automatically recorded each match? 0 is no, 1 is yes.
+// sv_demoautorec 1
+/// determines if the server automatically saves demos to disk
+// sv_demoautoserversave 0
+/// maximum size of individual demo files
+// sv_demomaxsize 16
+
+/// rotation of on-disk demos settings. Allows to delete demos that are too old
+/// (demoserverkeeptime) and/or when there are too many of those (democount).
+/// and/or when there are too many of those.
+/// maximum number of demo files
+// sv_democount 5
+/// if greater than 0, remove auto-recorded demos older than this many seconds
+// sv_demoserverkeeptime 86400
+
+
+////////////////////////////////////////////////////////////////////////////////
+/// IRC settings (optional)
+////////////////////////////////////////////////////////////////////////////////
+/// defines the way the colour-to-irc filter works
+/// 0 = off
+/// 1 = convert
+/// 2 = strip
+// ircfilter 1
+
+/// server connection and authentification
+// ircaddrelay name server.irc.net 6667 nickname
+/// set the ident field, defaults to $systemuser
+// ircident name ident
+/// use this only if you need to bind to a specific address, eg. multihomed
+/// machines (I guess it's when you host multiple servers).
+// ircbind name 127.0.0.1
+
+/// channels and relay settings (blocks? can be specified multiple times)
+// ircaddchan name "#channel"
+/// should relay? -1 => no, 3 => yes?
+// ircrelaychan name "#channel" -1
+/// set a friendly name for the relay on this channel
+// ircfriendlychan name "#channel" CHAN
+
+/// and tell it to connect!
+// ircconnect name
diff --git a/sensible.cfg b/sensible.cfg
@@ -0,0 +1,23 @@
+/// This files contains and describes sensible informations that can allows
+/// people to take control over your instance or impersonate you or your
+/// server if they are shared.
+/// So, avoid sharing those, which includes version control systems like git,
+/// cvs, mercurial, etc.
+
+/// needed for players to join when servertype = 3
+// serverpass "p4ssw0rd"
+
+/// allows one to become local administrator with the command setmaster
+// adminpass "p4ssw0rd"
+
+/// server's auth settings, probably one of those needed.
+/// server's private key
+// serveraccountpass privkey
+///combines accountname and accountpass
+// serverauthkey handle privkey
+
+/// embedded IRC auth system. Depends on the network you connect to.
+/// some networks can use the PASS field to identify to nickserv
+// ircpass name password
+/// other networks can use a custom command
+// ircauthcommand name "VHOST username password"
