ryo
/
chikahiroba-OpenBSD
1
0
フォーク 0
コード イシュー プルリクエスト パッケージ プロジェクト リリース Wiki アクティビティ

Initial commit.

このコミットが含まれているのは:
2022-12-25 14:20:34 +09:00
コミット 84d47a1c67
24個のファイルの変更1572行の追加0行の削除
統計情報を表示 Patchファイルをダウンロード Diffファイルをダウンロード すべてのファイルを展開 すべてのファイルを折り畳む

90
README.md ノーマルファイル
ファイルの表示

@ -0,0 +1,90 @@
# Notes
This is the config of my OpenBSD server for 地下広場.\
I only added files that got changed or added, but will remove real passwords for security reason in the ircd.yaml file and some others too, and add the comment "#FUCKINGADD" so you know what you'll need to supply by yourself.
# Installation
## General packages
```
pkg_add zsh wget tmux cmake make gmake mariadb-server mariadb-client boost gcc g++ portslist
```
## Ports
Copypasta from the OpenBSD site, except we're going to delete their i2pd package.
### Terminal
```
cd /tmp
ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig ports.tar.gz
```
### Edit the "/etc/mk.conf" file
```
WRKOBJDIR=/usr/obj/ports
DISTDIR=/usr/distfiles
PACKAGE_REPOSITORY=/usr/packages
```
### Back to terminal
```
cd /usr/ports
pkg_add portslist
rm -rf net/i2pd
```
## i2pd
Credit to [Koishi](http://komeiji.i2p/) for this part.\
Re-add the i2pd ports folder from this repository.
```
cd /usr/ports/net/i2pd
make
make install
```
## ergo
```
useradd -m -s /usr/local/bin/zsh ergo
su ergo
mkdir server
wget "https://github.com/ergochat/ergo/releases/download/v2.10.0/ergo-2.10.0-openbsd-x86_64.tar.gz"
tar zxfv ergo-2.10.0-ergo-x86_64.tar.gz
mv ergo-2.10.0-ergo-x86_64/* server/
rm -rf ergo-2.10.0-ergo-x86_64*
cd server
./ergo mkcerts
./ergo genpasswd
```
You'll need the output of genpasswd for one of the 2 "FUCKINGADD"'s in ircd.yaml.
## misc
```
rcctl enable i2pd
rcctl start i2pd
su ergo
cd ~/server
tmux
./ergo run
```
CTRL+B, and then D to disconnect from tmux and have it running in the background.
All what's left to do is to replace the server name, the B32 address, and all that for whatever you have.\
Your I2P addresses can be found in:
```
lynx http://127.0.0.1:7070/\?page\=i2p_tunnels
```

12
etc/httpd.conf ノーマルファイル
ファイルの表示

@ -0,0 +1,12 @@
# $OpenBSD: httpd.conf,v 1.22 2020/11/04 10:34:18 denis Exp $
server "xk2gwcpm4sig5xhyue7znus2jcgbyjzu4j6neqgzo6namwkxrxgq.b32.i2p" {
listen on * port 8080
root "/htdocs/chikahiroba.i2p"
directory index "index.html"
}
types {
include "/usr/share/misc/mime.types"
}

35
etc/i2pd/tunnels.conf ノーマルファイル
ファイルの表示

@ -0,0 +1,35 @@
[IRC-CHIKAHIROBA]
type = client
address = 127.0.0.1
port = 6670
destination = hvmpwwdqm5fpu5y4b6yuzqzb75kkhvnsnbxenbwpru7cjwl4qxla.b32.i2p
destinationport = 5555
keys = irc-keys.dat
[IRC-INTR]
type = client
address = 127.0.0.1
port = 6671
destination = irc.intr.i2p
destinationport = 6697
keys = irc-keys.dat
[IRC2]
type = client
address = 127.0.0.1
port = 6669
destination = irc.ilita.i2p
destinationport = 6667
#keys = irc-keys.dat
[chikahiroba]
type = http
host = 127.0.0.1
port = 8080
keys = chika.dat
[chikairc]
type = irc
host = 127.0.0.1
port = 5555
keys = irc.dat

15
home/ergo/server/ircd.motd ノーマルファイル
ファイルの表示

@ -0,0 +1,15 @@
Welcome to the Underground Square!
地下広場へようこそ!
I created this I2P-only IRC server because I'm just done with
soycial media.
I, 寮 (ryo), am the owner of this space, but feel free to
create your own channels on this server.
Server software is Ergo, so IP addresses are hidden by
default.
Let's return to the glory of web 1.0!
By the way, in case you wonder, "chikahiroba" means
"Undeground (Town's) Square" in Japanese.
Because this place is underground, and there's no specific
theme.

992
home/ergo/server/ircd.yaml ノーマルファイル
ファイルの表示

@ -0,0 +1,992 @@
# This is the default config file for Ergo.
# It contains recommended defaults for all settings, including some behaviors
# that differ from conventional ircd+services setups. See traditional.yaml
# for a config with more "mainstream" behavior.
#
# If you are setting up a new Ergo server, you should copy this file
# to a new one named 'ircd.yaml', then look through the file to see which
# settings you want to customize. If you don't understand a setting, or
# aren't sure what behavior you want, most of the defaults are fine
# to start with (you can change them later, even on a running server).
# However, there are a few that you should probably change up front:
# 1. network.name (a human-readable name that identifies your network,
# no spaces or special characters) and server.name (consider using the
# domain name of your server)
# 2. if you have valid TLS certificates (for example, from letsencrypt.org),
# you should enable them in server.listeners in place of the default
# self-signed certificates
# 3. the operator password in the 'opers' section
# 4. by default, message history is enabled, using in-memory history storage
# and with messages expiring after 7 days. depending on your needs, you may
# want to disable history entirely, remove the expiration time, switch to
# persistent history stored in MySQL, or do something else entirely. See
# the 'history' section of the config.
# network configuration
network:
# name of the network
name: "chikahiroba"
# server configuration
server:
# server name
name: "chikahiroba.i2p"
# addresses to listen on
listeners:
# The standard plaintext port for IRC is 6667. Allowing plaintext over the
# public Internet poses serious security and privacy issues. Accordingly,
# we recommend using plaintext only on local (loopback) interfaces:
"127.0.0.1:5555": # (loopback ipv4, localhost-only)
"[::1]:5555": # (loopback ipv6, localhost-only)
# If you need to serve plaintext on public interfaces, comment out the above
# two lines and uncomment the line below (which listens on all interfaces):
# ":6667":
# Alternately, if you have a TLS certificate issued by a recognized CA,
# you can configure port 6667 as an STS-only listener that only serves
# "redirects" to the TLS port, but doesn't allow chat. See the manual
# for details.
# The standard SSL/TLS port for IRC is 6697. This will listen on all interfaces:
":6697":
# this is a standard TLS configuration with a single certificate;
# see the manual for instructions on how to configure SNI
tls:
cert: fullchain.pem
key: privkey.pem
# 'proxy' should typically be false. It's for cloud load balancers that
# always send a PROXY protocol header ahead of the connection. See the
# manual ("Reverse proxies") for more details.
proxy: false
# set the minimum TLS version:
min-tls-version: 1.2
# Example of a Unix domain socket for proxying:
# "/tmp/ergo_sock":
# Example of a Tor listener: any connection that comes in on this listener will
# be considered a Tor connection. It is strongly recommended that this listener
# *not* be on a public interface --- it should be on 127.0.0.0/8 or unix domain:
# "/hidden_service_sockets/ergo_tor_sock":
# tor: true
# Example of a WebSocket listener:
# ":8097":
# websocket: true
# tls:
# cert: fullchain.pem
# key: privkey.pem
# sets the permissions for Unix listen sockets. on a typical Linux system,
# the default is 0775 or 0755, which prevents other users/groups from connecting
# to the socket. With 0777, it behaves like a normal TCP socket
# where anyone can connect.
unix-bind-mode: 0777
# configure the behavior of Tor listeners (ignored if you didn't enable any):
tor-listeners:
# if this is true, connections from Tor must authenticate with SASL
require-sasl: false
# what hostname should be displayed for Tor connections?
vhost: "tor-network.onion"
# allow at most this many connections at once (0 for no limit):
max-connections: 64
# connection throttling (limit how many connection attempts are allowed at once):
throttle-duration: 10m
# set to 0 to disable throttling:
max-connections-per-duration: 64
# strict transport security, to get clients to automagically use TLS
sts:
# whether to advertise STS
#
# to stop advertising STS, leave this enabled and set 'duration' below to "0". this will
# advertise to connecting users that the STS policy they have saved is no longer valid
enabled: false
# how long clients should be forced to use TLS for.
# setting this to a too-long time will mean bad things if you later remove your TLS.
# the default duration below is 1 month, 2 days and 5 minutes.
duration: 1mo2d5m
# tls port - you should be listening on this port above
port: 6697
# should clients include this STS policy when they ship their inbuilt preload lists?
preload: false
websockets:
# Restrict the origin of WebSocket connections by matching the "Origin" HTTP
# header. This setting causes ergo to reject websocket connections unless
# they originate from a page on one of the whitelisted websites in this list.
# This prevents malicious websites from making their visitors connect to your
# ergo instance without their knowledge. An empty list means there are no
# restrictions.
allowed-origins:
# - "https://ergo.chat"
# - "https://*.ergo.chat"
# casemapping controls what kinds of strings are permitted as identifiers (nicknames,
# channel names, account names, etc.), and how they are normalized for case.
# with the recommended default of 'precis', UTF8 identifiers that are "sane"
# (according to RFC 8265) are allowed, and the server additionally tries to protect
# against confusable characters ("homoglyph attacks").
# the other options are 'ascii' (traditional ASCII-only identifiers), and 'permissive',
# which allows identifiers to contain unusual characters like emoji, but makes users
# vulnerable to homoglyph attacks. unless you're really confident in your decision,
# we recommend leaving this value at its default (changing it once the network is
# already up and running is problematic).
casemapping: "precis"
# enforce-utf8 controls whether the server will preemptively discard non-UTF8
# messages (since they cannot be relayed to websocket clients), or will allow
# them and relay them to non-websocket clients (as in traditional IRC).
enforce-utf8: true
# whether to look up user hostnames with reverse DNS. there are 3 possibilities:
# 1. lookup-hostnames enabled, IP cloaking disabled; users will see each other's hostnames
# 2. lookup-hostnames disabled, IP cloaking disabled; users will see each other's numeric IPs
# 3. [the default] IP cloaking enabled; users will see cloaked hostnames
lookup-hostnames: false
# whether to confirm hostname lookups using "forward-confirmed reverse DNS", i.e., for
# any hostname returned from reverse DNS, resolve it back to an IP address and reject it
# unless it matches the connecting IP
forward-confirm-hostnames: true
# use ident protocol to get usernames
check-ident: false
# ignore the supplied user/ident string from the USER command, always setting user/ident
# to the following literal value; this can potentially reduce confusion and simplify bans.
# the value must begin with a '~' character. comment out / omit to disable:
coerce-ident: '~u'
# password to login to the server, generated using `ergo genpasswd`:
#password: "$2a$04$0123456789abcdef0123456789abcdef0123456789abcdef01234"
# motd filename
# if you change the motd, you should move it to ircd.motd
motd: ircd.motd
# motd formatting codes
# if this is true, the motd is escaped using formatting codes like $c, $b, and $i
motd-formatting: true
# relaying using the RELAYMSG command
relaymsg:
# is relaymsg enabled at all?
enabled: true
# which character(s) are reserved for relayed nicks?
separators: "/"
# can channel operators use RELAYMSG in their channels?
# our implementation of RELAYMSG makes it safe for chanops to use without the
# possibility of real users being silently spoofed
available-to-chanops: true
# IPs/CIDRs the PROXY command can be used from
# This should be restricted to localhost (127.0.0.1/8, ::1/128, and unix sockets).
# Unless you have a good reason. you should also add these addresses to the
# connection limits and throttling exemption lists.
proxy-allowed-from:
- localhost
# - "192.168.1.1"
# - "192.168.10.1/24"
# controls the use of the WEBIRC command (by IRC<->web interfaces, bouncers and similar)
webirc:
# one webirc block -- should correspond to one set of gateways
-
# SHA-256 fingerprint of the TLS certificate the gateway must use to connect
# (comment this out to use passwords only)
certfp: "abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"
# password the gateway uses to connect, made with `ergo genpasswd`
password: "$2a$04$abcdef0123456789abcdef0123456789abcdef0123456789abcde"
# IPs/CIDRs that can use this webirc command
# you should also add these addresses to the connection limits and throttling exemption lists
hosts:
- localhost
# - "192.168.1.1"
# - "192.168.10.1/24"
# maximum length of clients' sendQ in bytes
# this should be big enough to hold bursts of channel/direct messages
max-sendq: 96k
# compatibility with legacy clients
compatibility:
# many clients require that the final parameter of certain messages be an
# RFC1459 trailing parameter, i.e., prefixed with :, whether or not this is
# actually required. this forces Ergo to send those parameters
# as trailings. this is recommended unless you're testing clients for conformance;
# defaults to true when unset for that reason.
force-trailing: true
# some clients (ZNC 1.6.x and lower, Pidgin 2.12 and lower) do not
# respond correctly to SASL messages with the server name as a prefix:
# https://github.com/znc/znc/issues/1212
# this works around that bug, allowing them to use SASL.
send-unprefixed-sasl: true
# traditionally, IRC servers will truncate and send messages that are
# too long to be relayed intact. this behavior can be disabled by setting
# allow-truncation to false, in which case Ergo will reject the message
# and return an error to the client. (note that this option defaults to true
# when unset.)
allow-truncation: false
# IP-based DoS protection
ip-limits:
# whether to limit the total number of concurrent connections per IP/CIDR
count: false
# maximum concurrent connections per IP/CIDR
max-concurrent-connections: 16
# whether to restrict the rate of new connections per IP/CIDR
throttle: true
# how long to keep track of connections for
window: 10m
# maximum number of new connections per IP/CIDR within the given duration
max-connections-per-window: 32
# how wide the CIDR should be for IPv4 (a /32 is a fully specified IPv4 address)
cidr-len-ipv4: 32
# how wide the CIDR should be for IPv6 (a /64 is the typical prefix assigned
# by an ISP to an individual customer for their LAN)
cidr-len-ipv6: 64
# IPs/networks which are exempted from connection limits
exempted:
- "localhost"
# - "192.168.1.1"
# - "2001:0db8::/32"
# custom connection limits for certain IPs/networks.
custom-limits:
#"irccloud":
# nets:
# - "192.184.9.108" # highgate.irccloud.com
# - "192.184.9.110" # ealing.irccloud.com
# - "192.184.9.112" # charlton.irccloud.com
# - "192.184.10.118" # brockwell.irccloud.com
# - "192.184.10.9" # tooting.irccloud.com
# - "192.184.8.73" # hathersage.irccloud.com
# - "192.184.8.103" # stonehaven.irccloud.com
# - "5.254.36.57" # tinside.irccloud.com
# - "5.254.36.56/29" # additional ipv4 net
# - "2001:67c:2f08::/48"
# - "2a03:5180:f::/64"
# max-concurrent-connections: 2048
# max-connections-per-window: 2048
# pluggable IP ban mechanism, via subprocess invocation
# this can be used to check new connections against a DNSBL, for example
# see the manual for details on how to write an IP ban checking script
ip-check-script:
enabled: false
command: "/usr/local/bin/check-ip-ban"
# constant list of args to pass to the command; the actual query
# and result are transmitted over stdin/stdout:
args: []
# timeout for process execution, after which we send a SIGTERM:
timeout: 9s
# how long after the SIGTERM before we follow up with a SIGKILL:
kill-timeout: 1s
# how many scripts are allowed to run at once? 0 for no limit:
max-concurrency: 64
# if true, only check anonymous connections (not logged into an account)
# at the very end of the handshake:
exempt-sasl: false
# IP cloaking hides users' IP addresses from other users and from channel admins
# (but not from server admins), while still allowing channel admins to ban
# offending IP addresses or networks. In place of hostnames derived from reverse
# DNS, users see fake domain names like pwbs2ui4377257x8.irc. These names are
# generated deterministically from the underlying IP address, but if the underlying
# IP is not already known, it is infeasible to recover it from the cloaked name.
# If you disable this, you should probably enable lookup-hostnames in its place.
ip-cloaking:
# whether to enable IP cloaking
enabled: true
# whether to use these cloak settings (specifically, `netname` and `num-bits`)
# to produce unique hostnames for always-on clients. you can enable this even if
# you disabled IP cloaking for normal clients above. if this is disabled,
# always-on clients will all have an identical hostname (the server name).
enabled-for-always-on: true
# fake TLD at the end of the hostname, e.g., pwbs2ui4377257x8.irc
# you may want to use your network name here
netname: "nig"
# the cloaked hostname is derived only from the CIDR (most significant bits
# of the IP address), up to a configurable number of bits. this is the
# granularity at which bans will take effect for IPv4. Note that changing
# this value will invalidate any stored bans.
cidr-len-ipv4: 32
# analogous granularity for IPv6
cidr-len-ipv6: 64
# number of bits of hash output to include in the cloaked hostname.
# more bits means less likelihood of distinct IPs colliding,
# at the cost of a longer cloaked hostname. if this value is set to 0,
# all users will receive simply `netname` as their cloaked hostname.
num-bits: 64
# secure-nets identifies IPs and CIDRs which are secure at layer 3,
# for example, because they are on a trusted internal LAN or a VPN.
# plaintext connections from these IPs and CIDRs will be considered
# secure (clients will receive the +Z mode and be allowed to resume
# or reattach to secure connections). note that loopback IPs are always
# considered secure:
secure-nets:
# - "10.0.0.0/8"
# Ergo will write files to disk under certain circumstances, e.g.,
# CPU profiling or data export. by default, these files will be written
# to the working directory. set this to customize:
#output-path: "/home/ergo/out"
# the hostname used by "services", e.g., NickServ, defaults to "localhost",
# e.g., `NickServ!NickServ@localhost`. uncomment this to override:
#override-services-hostname: "example.network"
# in a "closed-loop" system where you control the server and all the clients,
# you may want to increase the maximum (non-tag) length of an IRC line from
# the default value of 512. DO NOT change this on a public server:
# max-line-len: 512
# send all 0's as the LUSERS (user counts) output to non-operators; potentially useful
# if you don't want to publicize how popular the server is
suppress-lusers: false
# account options
accounts:
# is account authentication enabled, i.e., can users log into existing accounts?
authentication-enabled: true
# account registration
registration:
# can users register new accounts for themselves? if this is false, operators with
# the `accreg` capability can still create accounts with `/NICKSERV SAREGISTER`
enabled: true
# can users use the REGISTER command to register before fully connecting?
allow-before-connect: true
# global throttle on new account creation
throttling:
enabled: true
# window
duration: 10m
# number of attempts allowed within the window
max-attempts: 30
# this is the bcrypt cost we'll use for account passwords
# (note that 4 is the lowest value allowed by the bcrypt library)
bcrypt-cost: 4
# length of time a user has to verify their account before it can be re-registered
verify-timeout: "32h"
# options for email verification of account registrations
email-verification:
enabled: false
sender: "admin@my.network"
require-tls: true
helo-domain: "my.network" # defaults to server name if unset
# options to enable DKIM signing of outgoing emails (recommended, but
# requires creating a DNS entry for the public key):
# dkim:
# domain: "my.network"
# selector: "20200229"
# key-file: "dkim.pem"
# to use an MTA/smarthost instead of sending email directly:
# mta:
# server: localhost
# port: 25
# username: "admin"
# password: "hunter2"
blacklist-regexes:
# - ".*@mailinator.com"
timeout: 60s
# email-based password reset:
password-reset:
enabled: false
# time before we allow resending the email
cooldown: 1h
# time for which a password reset code is valid
timeout: 1d
# throttle account login attempts (to prevent either password guessing, or DoS
# attacks on the server aimed at forcing repeated expensive bcrypt computations)
login-throttling:
enabled: true
# window
duration: 1m
# number of attempts allowed within the window
max-attempts: 3
# some clients (notably Pidgin and Hexchat) offer only a single password field,
# which makes it impossible to specify a separate server password (for the PASS
# command) and SASL password. if this option is set to true, a client that
# successfully authenticates with SASL will not be required to send
# PASS as well, so it can be configured to authenticate with SASL only.
skip-server-password: true
# enable login to accounts via the PASS command, e.g., PASS account:password
# this is useful for compatibility with old clients that don't support SASL
login-via-pass-command: true
# require-sasl controls whether clients are required to have accounts
# (and sign into them using SASL) to connect to the server
require-sasl:
# if this is enabled, all clients must authenticate with SASL while connecting.
# WARNING: for a private server, you MUST set accounts.registration.enabled
# to false as well, in order to prevent non-administrators from registering
# accounts.
enabled: false
# IPs/CIDRs which are exempted from the account requirement
exempted:
- "localhost"
# - '10.10.0.0/16'
# nick-reservation controls how, and whether, nicknames are linked to accounts
nick-reservation:
# is there any enforcement of reserved nicknames?
enabled: true
# how many nicknames, in addition to the account name, can be reserved?
# (note that additional nicks are unusable under force-nick-equals-account
# or if the client is always-on)
additional-nick-limit: 0
# method describes how nickname reservation is handled
# strict: users must already be logged in to their account (via
# SASL, PASS account:password, or /NickServ IDENTIFY)
# in order to use their reserved nickname(s)
# optional: no enforcement by default, but allow users to opt in to
# the enforcement level of their choice
method: strict
# allow users to set their own nickname enforcement status, e.g.,
# to opt out of strict enforcement
allow-custom-enforcement: false
# format for guest nicknames:
# 1. these nicknames cannot be registered or reserved
# 2. if a client is automatically renamed by the server,
# this is the template that will be used (e.g., Guest-nccj6rgmt97cg)
# 3. if enforce-guest-format (see below) is enabled, clients without
# a registered account will have this template applied to their
# nicknames (e.g., 'katie' will become 'Guest-katie')
guest-nickname-format: "Guest-*"
# when enabled, forces users not logged into an account to use
# a nickname matching the guest template. a caveat: this may prevent
# users from choosing nicknames in scripts different from the guest
# nickname format.
force-guest-format: false
# when enabled, forces users logged into an account to use the
# account name as their nickname. when combined with strict nickname
# enforcement, this lets users treat nicknames and account names
# as equivalent for the purpose of ban/invite/exception lists.
force-nick-equals-account: true
# parallel setting to force-nick-equals-account: if true, this forbids
# anonymous users (i.e., users not logged into an account) to change their
# nickname after the initial connection is complete
forbid-anonymous-nick-changes: false
# multiclient controls whether Ergo allows multiple connections to
# attach to the same client/nickname identity; this is part of the
# functionality traditionally provided by a bouncer like ZNC
multiclient:
# when disabled, each connection must use a separate nickname (as is the
# typical behavior of IRC servers). when enabled, a new connection that
# has authenticated with SASL can associate itself with an existing
# client
enabled: true
# if this is disabled, clients have to opt in to bouncer functionality
# using nickserv or the cap system. if it's enabled, they can opt out
# via nickserv
allowed-by-default: true
# whether to allow clients that remain on the server even
# when they have no active connections. The possible values are:
# "disabled", "opt-in", "opt-out", or "mandatory".
always-on: "opt-out"
# whether to mark always-on clients away when they have no active connections:
auto-away: "opt-out"
# QUIT always-on clients from the server if they go this long without connecting
# (use 0 or omit for no expiration):
#always-on-expiration: 90d
# vhosts controls the assignment of vhosts (strings displayed in place of the user's
# hostname/IP) by the HostServ service
vhosts:
# are vhosts enabled at all?
enabled: true
# maximum length of a vhost
max-length: 64
# regexp for testing the validity of a vhost
# (make sure any changes you make here are RFC-compliant)
valid-regexp: '^[0-9A-Za-z.\-_/]+$'
# modes that are set by default when a user connects
# if unset, no user modes will be set by default
# +i is invisible (a user's channels are hidden from whois replies)
# see /QUOTE HELP umodes for more user modes
default-user-modes: +i
# pluggable authentication mechanism, via subprocess invocation
# see the manual for details on how to write an authentication plugin script
auth-script:
enabled: false
command: "/usr/local/bin/authenticate-irc-user"
# constant list of args to pass to the command; the actual authentication
# data is transmitted over stdin/stdout:
args: []
# should we automatically create users if the plugin returns success?
autocreate: true
# timeout for process execution, after which we send a SIGTERM:
timeout: 9s
# how long after the SIGTERM before we follow up with a SIGKILL:
kill-timeout: 1s
# how many scripts are allowed to run at once? 0 for no limit:
max-concurrency: 64
# channel options
channels:
# modes that are set when new channels are created
# +n is no-external-messages, +t is op-only-topic,
# +C is no CTCPs (besides ACTION)
# see /QUOTE HELP cmodes for more channel modes
default-modes: +nt
# how many channels can a client be in at once?
max-channels-per-client: 100
# if this is true, new channels can only be created by operators with the
# `chanreg` operator capability
operator-only-creation: false
# channel registration - requires an account
registration:
# can users register new channels?
enabled: true
# restrict new channel registrations to operators only?
# (operators can then transfer channels to regular users using /CS TRANSFER)
operator-only: false
# how many channels can each account register?
max-channels-per-account: 15
# as a crude countermeasure against spambots, anonymous connections younger
# than this value will get an empty response to /LIST (a time period of 0 disables)
list-delay: 0s
# INVITE to an invite-only channel expires after this amount of time
# (0 or omit for no expiration):
invite-expiration: 24h
# operator classes:
# an operator has a single "class" (defining a privilege level), which can include
# multiple "capabilities" (defining privileged actions they can take). all
# currently available operator capabilities are associated with either the
# 'chat-moderator' class (less privileged) or the 'server-admin' class (full
# privileges) below: you can mix and match to create new classes.
oper-classes:
# chat moderator: can ban/unban users from the server, join channels,
# fix mode issues and sort out vhosts.
"chat-moderator":
# title shown in WHOIS
title: Chat Moderator
# capability names
capabilities:
- "kill" # disconnect user sessions
- "ban" # ban IPs, CIDRs, NUH masks, and suspend accounts (UBAN / DLINE / KLINE)
- "nofakelag" # exempted from "fakelag" restrictions on rate of message sending
- "relaymsg" # use RELAYMSG in any channel (see the `relaymsg` config block)
- "vhosts" # add and remove vhosts from users
- "sajoin" # join arbitrary channels, including private channels
- "samode" # modify arbitrary channel and user modes
- "snomasks" # subscribe to arbitrary server notice masks
- "roleplay" # use the (deprecated) roleplay commands in any channel
# server admin: has full control of the ircd, including nickname and
# channel registrations
"server-admin":
# title shown in WHOIS
title: Server Admin
# oper class this extends from
extends: "chat-moderator"
# capability names
capabilities:
- "rehash" # rehash the server, i.e. reload the config at runtime
- "accreg" # modify arbitrary account registrations
- "chanreg" # modify arbitrary channel registrations
- "history" # modify or delete history messages
- "defcon" # use the DEFCON command (restrict server capabilities)
- "massmessage" # message all users on the server
# ircd operators
opers:
# default operator named 'admin'; log in with /OPER admin <password>
admin:
# which capabilities this oper has access to
class: "server-admin"
# traditionally, operator status is visible to unprivileged users in
# WHO and WHOIS responses. this can be disabled with 'hidden'.
hidden: false
# custom whois line (if `hidden` is enabled, visible only to other operators)
whois-line: is the server administrator
# custom hostname (ignored if `hidden` is enabled)
vhost: "cunnychad"
# modes are modes to auto-set upon opering-up. uncomment this to automatically
# enable snomasks ("server notification masks" that alert you to server events;
# see `/quote help snomasks` while opered-up for more information):
#modes: +is acdjknoqtuxv
# operators can be authenticated either by password (with the /OPER command),
# or by certificate fingerprint, or both. if a password hash is set, then a
# password is required to oper up (e.g., /OPER dan mypassword). to generate
# the hash, use `ergo genpasswd`.
password: "" #FUCKINGADD
# if a SHA-256 certificate fingerprint is configured here, then it will be
# required to /OPER. if you comment out the password hash above, then you can
# /OPER without a password.
#certfp: "abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"
# if 'auto' is set (and no password hash is set), operator permissions will be
# granted automatically as soon as you connect with the right fingerprint.
#auto: true
# example of a moderator named 'alice'
# (log in with /OPER alice <password>):
#alice:
# class: "chat-moderator"
# whois-line: "can help with moderation issues!"
# password: "$2a$04$0123456789abcdef0123456789abcdef0123456789abcdef01234"
# logging, takes inspiration from Insp
logging:
-
# how to log these messages
#
# file log to a file
# stdout log to stdout
# stderr log to stderr
# (you can specify multiple methods, e.g., to log to both stderr and a file)
method: stderr
# filename to log to, if file method is selected
# filename: ircd.log
# type(s) of logs to keep here. you can use - to exclude those types
#
# exclusions take precedent over inclusions, so if you exclude a type it will NEVER
# be logged, even if you explicitly include it
#
# useful types include:
# * everything (usually used with exclusing some types below)
# server server startup, rehash, and shutdown events
# accounts account registration and authentication
# channels channel creation and operations
# opers oper actions, authentication, etc
# services actions related to NickServ, ChanServ, etc.
# internal unexpected runtime behavior, including potential bugs
# userinput raw lines sent by users
# useroutput raw lines sent to users
type: "* -userinput -useroutput"
# one of: debug info warn error
level: info
#-
# # example of a file log that avoids logging IP addresses
# method: file
# filename: ircd.log
# type: "* -userinput -useroutput -connect-ip"
# level: debug
# debug options
debug:
# when enabled, Ergo will attempt to recover from certain kinds of
# client-triggered runtime errors that would normally crash the server.
# this makes the server more resilient to DoS, but could result in incorrect
# behavior. deployments that would prefer to "start from scratch", e.g., by
# letting the process crash and auto-restarting it with systemd, can set
# this to false.
recover-from-errors: true
# optionally expose a pprof http endpoint: https://golang.org/pkg/net/http/pprof/
# it is strongly recommended that you don't expose this on a public interface;
# if you need to access it remotely, you can use an SSH tunnel.
# set to `null`, "", leave blank, or omit to disable
# pprof-listener: "localhost:6060"
# lock file preventing multiple instances of Ergo from accidentally being
# started at once. comment out or set to the empty string ("") to disable.
# this path is relative to the working directory; if your datastore.path
# is absolute, you should use an absolute path here as well.
lock-file: "ircd.lock"
# datastore configuration
datastore:
# path to the datastore
path: ircd.db
# if the database schema requires an upgrade, `autoupgrade` will attempt to
# perform it automatically on startup. the database will be backed
# up, and if the upgrade fails, the original database will be restored.
autoupgrade: true
# connection information for MySQL (currently only used for persistent history):
mysql:
enabled: true
host: "localhost"
port: 3306
# if socket-path is set, it will be used instead of host:port
#socket-path: "/var/run/mysqld/mysqld.sock"
user: "ergo"
password: "" #FUCKINGADD
history-database: "ergo_history"
timeout: 3s
max-conns: 4
# this may be necessary to prevent middleware from closing your connections:
#conn-max-lifetime: 180s
# languages config
languages:
# whether to load languages
enabled: true
# default language to use for new clients
# 'en' is the default English language in the code
default: en
# which directory contains our language files
path: languages
# limits - these need to be the same across the network
limits:
# nicklen is the max nick length allowed
nicklen: 32
# identlen is the max ident length allowed
identlen: 20
# channellen is the max channel length allowed
channellen: 64
# awaylen is the maximum length of an away message
awaylen: 390
# kicklen is the maximum length of a kick message
kicklen: 390
# topiclen is the maximum length of a channel topic
topiclen: 390
# maximum number of monitor entries a client can have
monitor-entries: 100
# whowas entries to store
whowas-entries: 100
# maximum length of channel lists (beI modes)
chan-list-modes: 60
# maximum number of messages to accept during registration (prevents
# DoS / resource exhaustion attacks):
registration-messages: 1024
# message length limits for the new multiline cap
multiline:
max-bytes: 4096 # 0 means disabled
max-lines: 100 # 0 means no limit
# fakelag: prevents clients from spamming commands too rapidly
fakelag:
# whether to enforce fakelag
enabled: true
# time unit for counting command rates
window: 1s
# clients can send this many commands without fakelag being imposed
burst-limit: 5
# once clients have exceeded their burst allowance, they can send only
# this many commands per `window`:
messages-per-window: 2
# client status resets to the default state if they go this long without
# sending any commands:
cooldown: 2s
# the roleplay commands are semi-standardized extensions to IRC that allow
# sending and receiving messages from pseudo-nicknames. this can be used either
# for actual roleplaying, or for bridging IRC with other protocols.
roleplay:
# are roleplay commands enabled at all? (channels and clients still have to
# opt in individually with the +E mode)
enabled: false
# require the "roleplay" oper capability to send roleplay messages?
require-oper: false
# require channel operator permissions to send roleplay messages?
require-chanops: false
# add the real nickname, in parentheses, to the end of every roleplay message?
add-suffix: true
# external services can integrate with the ircd using JSON Web Tokens (https://jwt.io).
# in effect, the server can sign a token attesting that the client is present on
# the server, is a member of a particular channel, etc.
extjwt:
# # default service config (for `EXTJWT #channel`).
# # expiration time for the token:
# expiration: 45s
# # you can configure tokens to be signed either with HMAC and a symmetric secret:
# secret: "65PHvk0K1_sM-raTsCEhatVkER_QD8a0zVV8gG2EWcI"
# # or with an RSA private key:
# #rsa-private-key-file: "extjwt.pem"
# # named services (for `EXTJWT #channel service_name`):
# services:
# "jitsi":
# expiration: 30s
# secret: "qmamLKDuOzIzlO8XqsGGewei_At11lewh6jtKfSTbkg"
# history message storage: this is used by CHATHISTORY, HISTORY, znc.in/playback,
# various autoreplay features, and the resume extension
history:
# should we store messages for later playback?
# by default, messages are stored in RAM only; they do not persist
# across server restarts. however, you may want to understand how message
# history interacts with the GDPR and/or any data privacy laws that apply
# in your country and the countries of your users.
enabled: true
# how many channel-specific events (messages, joins, parts) should be tracked per channel?
channel-length: 2048
# how many direct messages and notices should be tracked per user?
client-length: 256
# how long should we try to preserve messages?
# if `autoresize-window` is 0, the in-memory message buffers are preallocated to
# their maximum length. if it is nonzero, the buffers are initially small and
# are dynamically expanded up to the maximum length. if the buffer is full
# and the oldest message is older than `autoresize-window`, then it will overwrite
# the oldest message rather than resize; otherwise, it will expand if possible.
autoresize-window: 3d
# number of messages to automatically play back on channel join (0 to disable):
autoreplay-on-join: 250
# maximum number of CHATHISTORY messages that can be
# requested at once (0 disables support for CHATHISTORY)
chathistory-maxmessages: 1000
# maximum number of messages that can be replayed at once during znc emulation
# (znc.in/playback, or automatic replay on initial reattach to a persistent client):
znc-maxmessages: 2048
# options to delete old messages, or prevent them from being retrieved
restrictions:
# if this is set, messages older than this cannot be retrieved by anyone
# (and will eventually be deleted from persistent storage, if that's enabled)
expire-time: 1w
# this restricts access to channel history (it can be overridden by channel
# owners). options are: 'none' (no restrictions), 'registration-time'
# (logged-in users cannot retrieve messages older than their account
# registration date, and anonymous users cannot retrieve messages older than
# their sign-on time, modulo the grace-period described below), and
# 'join-time' (users cannot retrieve messages older than the time they
# joined the channel, so only always-on clients can view history).
query-cutoff: 'none'
# if query-cutoff is set to 'registration-time', this allows retrieval
# of messages that are up to 'grace-period' older than the above cutoff.
# if you use 'registration-time', this is recommended to allow logged-out
# users to query history after disconnections.
grace-period: 1h
# options to store history messages in a persistent database (currently only MySQL).
# in order to enable any of this functionality, you must configure a MySQL server
# in the `datastore.mysql` section.
persistent:
enabled: true
# store unregistered channel messages in the persistent database?
unregistered-channels: true
# for a registered channel, the channel owner can potentially customize
# the history storage setting. as the server operator, your options are
# 'disabled' (no persistent storage, regardless of per-channel setting),
# 'opt-in', 'opt-out', and 'mandatory' (force persistent storage, ignoring
# per-channel setting):
registered-channels: "opt-out"
# direct messages are only stored in the database for logged-in clients;
# you can control how they are stored here (same options as above).
# if you enable this, strict nickname reservation is strongly recommended
# as well.
direct-messages: "opt-out"
# options to control how messages are stored and deleted:
retention:
# allow users to delete their own messages from history?
allow-individual-delete: true
# if persistent history is enabled, create additional index tables,
# allowing deletion of JSON export of an account's messages. this
# may be needed for compliance with data privacy regulations.
enable-account-indexing: true
# options to control storage of TAGMSG
tagmsg-storage:
# by default, should TAGMSG be stored?
default: false
# if `default` is false, store TAGMSG containing any of these tags:
whitelist:
- "+draft/react"
- "+react"
# if `default` is true, don't store TAGMSG containing any of these tags:
#blacklist:
# - "+draft/typing"
# - "typing"
# whether to allow customization of the config at runtime using environment variables,
# e.g., ERGO__SERVER__MAX_SENDQ=128k. see the manual for more details.
allow-environment-overrides: true

4
usr/ports/net/i2pd/CVS/Entries ノーマルファイル
ファイルの表示

@ -0,0 +1,4 @@
/Makefile/1.10/Fri Mar 11 19:46:04 2022//
/distinfo/1.7/Mon Feb 28 10:49:54 2022//
D/patches////
D/pkg////

1
usr/ports/net/i2pd/CVS/Repository ノーマルファイル
ファイルの表示

@ -0,0 +1 @@
ports/net/i2pd

1
usr/ports/net/i2pd/CVS/Root ノーマルファイル
ファイルの表示

@ -0,0 +1 @@
/cvs

46
usr/ports/net/i2pd/Makefile ノーマルファイル
ファイルの表示

@ -0,0 +1,46 @@
COMMENT = client for the I2P anonymous network
GH_ACCOUNT = PurpleI2P
GH_PROJECT = i2pd
GH_TAGNAME = 2.44.0
CATEGORIES = net
HOMEPAGE = https://i2pd.website
MAINTAINER = Dimitri Karamazov <deserter666@danwin1210.me>
# BSD
PERMIT_PACKAGE = Yes
WANTLIB += ${COMPILER_LIBCXX} boost_date_time-mt boost_filesystem-mt
WANTLIB += boost_program_options-mt boost_system-mt c crypto m
WANTLIB += ssl z
COMPILER = base-clang ports-gcc
MODULES = devel/cmake
LIB_DEPENDS = devel/boost
# for tests
USE_GMAKE = Yes
WRKSRC = ${WRKDIST}/build
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/include/i2pd
${INSTALL_DATA} ${WRKDIST}/libi2pd{,_client}/*.h \
${PREFIX}/include/i2pd
.for dir in family reseed
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/i2pd/certificates/${dir}
${INSTALL_DATA} ${WRKDIST}/contrib/certificates/${dir}/* \
${PREFIX}/share/examples/i2pd/certificates/${dir}
.endfor
${INSTALL_DATA} ${WRKDIST}/contrib/i2pd.conf \
${PREFIX}/share/examples/i2pd/i2pd.conf
${INSTALL_DATA} ${WRKDIST}/contrib/tunnels.conf \
${PREFIX}/share/examples/i2pd/tunnels.conf
do-test:
cd ${WRKDIST}/tests && ${MAKE_PROGRAM} CXX="${CXX}" \
INCFLAGS="-L${LOCALBASE}/lib -I${LOCALBASE}/include ${CFLAGS}"
.include <bsd.port.mk>

2
usr/ports/net/i2pd/distinfo ノーマルファイル
ファイルの表示

@ -0,0 +1,2 @@
SHA256 (i2pd-2.44.0.tar.gz) = tlPIRax6Fv76sqznjjrklsErBTBLtm5B53YHFjXU4HA=
SIZE (i2pd-2.44.0.tar.gz) = 648523

3
usr/ports/net/i2pd/patches/CVS/Entries ノーマルファイル
ファイルの表示

@ -0,0 +1,3 @@
/patch-libi2pd_Crypto_h/1.2/Fri Mar 11 19:46:04 2022//
/patch-tests_Makefile/1.6/Fri Mar 11 19:46:04 2022//
D

1
usr/ports/net/i2pd/patches/CVS/Repository ノーマルファイル
ファイルの表示

@ -0,0 +1 @@
ports/net/i2pd/patches

1
usr/ports/net/i2pd/patches/CVS/Root ノーマルファイル
ファイルの表示

@ -0,0 +1 @@
/cvs

39
usr/ports/net/i2pd/patches/patch-tests_Makefile ノーマルファイル
ファイルの表示

@ -0,0 +1,39 @@
Index: tests/Makefile
--- tests/Makefile.orig
+++ tests/Makefile
@@ -1,5 +1,5 @@
CXXFLAGS += -Wall -Wno-unused-parameter -Wextra -pedantic -O0 -g -std=c++11 -D_GLIBCXX_USE_NANOSLEEP=1 -pthread -Wl,--unresolved-symbols=ignore-in-object-files
-INCFLAGS += -I../libi2pd
+CXXFLAGS += -Wall -Wextra -pedantic -g -std=c++11 -D_GLIBCXX_USE_NANOSLEEP=1 -I../libi2pd/ -pthread -Wl,--unresolved-symbols=ignore-in-object-files
TESTS = test-gost test-gost-sig test-base-64 test-x25519 test-aeadchacha20poly1305 test-blinding test-elligator
@@ -14,8 +14,8 @@ test-base-%: ../libi2pd/Base.cpp test-base-%.cpp
test-gost: ../libi2pd/Gost.cpp ../libi2pd/I2PEndian.cpp test-gost.cpp
$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto
-test-gost-sig: ../libi2pd/Gost.cpp ../libi2pd/I2PEndian.cpp ../libi2pd/Crypto.cpp ../libi2pd/Log.cpp test-gost-sig.cpp
- $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system
+test-gost-sig: ../libi2pd/Gost.cpp ../libi2pd/Config.cpp ../libi2pd/I2PEndian.cpp ../libi2pd/Crypto.cpp ../libi2pd/Log.cpp test-gost-sig.cpp
+ $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system -lboost_program_options-mt
test-x25519: ../libi2pd/Ed25519.cpp ../libi2pd/I2PEndian.cpp ../libi2pd/Log.cpp ../libi2pd/Crypto.cpp test-x25519.cpp
$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system
@@ -23,14 +23,14 @@ test-x25519: ../libi2pd/Ed25519.cpp ../libi2pd/I2PEndi
test-aeadchacha20poly1305: ../libi2pd/Crypto.cpp ../libi2pd/ChaCha20.cpp ../libi2pd/Poly1305.cpp test-aeadchacha20poly1305.cpp
$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system
-test-blinding: ../libi2pd/Crypto.cpp ../libi2pd/Blinding.cpp ../libi2pd/Ed25519.cpp ../libi2pd/I2PEndian.cpp ../libi2pd/Log.cpp ../libi2pd/util.cpp ../libi2pd/Identity.cpp ../libi2pd/Signature.cpp ../libi2pd/Timestamp.cpp test-blinding.cpp
- $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system
+test-blinding: ../libi2pd/Crypto.cpp ../libi2pd/Config.cpp ../libi2pd/Blinding.cpp ../libi2pd/Ed25519.cpp ../libi2pd/I2PEndian.cpp ../libi2pd/Log.cpp ../libi2pd/util.cpp ../libi2pd/Identity.cpp ../libi2pd/Signature.cpp ../libi2pd/Timestamp.cpp test-blinding.cpp
+ $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system -lboost_program_options-mt
test-elligator: ../libi2pd/Elligator.cpp ../libi2pd/Crypto.cpp test-elligator.cpp
$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system
run: $(TESTS)
- @for TEST in $(TESTS); do ./$$TEST ; done
+ @for TEST in $(TESTS); do echo -n "$$TEST: "; ./$$TEST && echo OK; done
clean:
rm -f $(TESTS)

5
usr/ports/net/i2pd/pkg/CVS/Entries ノーマルファイル
ファイルの表示

@ -0,0 +1,5 @@
/DESCR/1.1.1.1/Sun Jun 16 22:13:55 2019//
/PLIST/1.6/Fri Mar 11 19:46:04 2022//
/README/1.2/Fri Mar 11 19:46:04 2022//
/i2pd.rc/1.4/Fri Mar 11 19:46:04 2022//
D

1
usr/ports/net/i2pd/pkg/CVS/Repository ノーマルファイル
ファイルの表示

@ -0,0 +1 @@
ports/net/i2pd/pkg

1
usr/ports/net/i2pd/pkg/CVS/Root ノーマルファイル
ファイルの表示

@ -0,0 +1 @@
/cvs

7
usr/ports/net/i2pd/pkg/DESCR ノーマルファイル
ファイルの表示

@ -0,0 +1,7 @@
i2pd is a full featured client for the I2P network written in C++.
I2P (Invisible Internet Project) is a universal anonymous network layer.
All communications over I2P are anonymous and end-to-end encrypted.
Participants don't reveal their real IP address to each other. Peer to
peer (cryptocorruencies, file sharing) and client-to-server applications
(websites, instant messengers, chat servers) are supported.

204
usr/ports/net/i2pd/pkg/PLIST ノーマルファイル
ファイルの表示

@ -0,0 +1,204 @@
@newgroup _i2pd:838
@newuser _i2pd:838:838:daemon:i2pd account:${LOCALSTATEDIR}/lib/i2pd:/sbin/nologin
@rcscript ${RCDIR}/i2pd
@bin bin/i2pd
include/i2pd/
include/i2pd/AddressBook.h
include/i2pd/BOB.h
include/i2pd/Base.h
include/i2pd/Blinding.h
include/i2pd/BloomFilter.h
include/i2pd/CPU.h
include/i2pd/ChaCha20.h
include/i2pd/ClientContext.h
include/i2pd/Config.h
include/i2pd/Crypto.h
include/i2pd/CryptoKey.h
include/i2pd/Datagram.h
include/i2pd/Destination.h
include/i2pd/ECIESX25519AEADRatchetSession.h
include/i2pd/Ed25519.h
include/i2pd/Elligator.h
include/i2pd/FS.h
include/i2pd/Family.h
include/i2pd/Garlic.h
include/i2pd/Gost.h
include/i2pd/Gzip.h
include/i2pd/HTTP.h
include/i2pd/HTTPProxy.h
include/i2pd/I2CP.h
include/i2pd/I2NPProtocol.h
include/i2pd/I2PEndian.h
include/i2pd/I2PService.h
include/i2pd/I2PTunnel.h
include/i2pd/Identity.h
include/i2pd/LeaseSet.h
include/i2pd/LittleBigEndian.h
include/i2pd/Log.h
include/i2pd/MatchedDestination.h
include/i2pd/NTCP2.h
include/i2pd/NetDbRequests.h
include/i2pd/Poly1305.h
include/i2pd/Profiling.h
include/i2pd/Queue.h
include/i2pd/Reseed.h
include/i2pd/RouterContext.h
include/i2pd/RouterInfo.h
include/i2pd/SAM.h
include/i2pd/SOCKS.h
include/i2pd/SSU.h
include/i2pd/SSU2.h
include/i2pd/SSUData.h
include/i2pd/SSUSession.h
include/i2pd/Signature.h
include/i2pd/Siphash.h
include/i2pd/Streaming.h
include/i2pd/Tag.h
include/i2pd/Timestamp.h
include/i2pd/TransitTunnel.h
include/i2pd/TransportSession.h
include/i2pd/Transports.h
include/i2pd/Tunnel.h
include/i2pd/TunnelBase.h
include/i2pd/TunnelConfig.h
include/i2pd/TunnelEndpoint.h
include/i2pd/TunnelGateway.h
include/i2pd/TunnelPool.h
include/i2pd/api.h
include/i2pd/util.h
include/i2pd/version.h
@static-lib lib/libi2pd.a
@static-lib lib/libi2pdclient.a
@owner _i2pd
@group _i2pd
@sample ${SYSCONFDIR}/i2pd/
@sample ${LOCALSTATEDIR}/lib/i2pd/
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/router/
@owner
@group
@static-lib lib/libi2pdlang.a
share/doc/pkg-readmes/${PKGSTEM}
share/examples/i2pd/
share/examples/i2pd/certificates/
share/examples/i2pd/certificates/family/
share/examples/i2pd/certificates/family/gostcoin.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/gostcoin.crt
@owner
@group
share/examples/i2pd/certificates/family/i2p-dev.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/i2p-dev.crt
@owner
@group
share/examples/i2pd/certificates/family/i2pd-dev.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/i2pd-dev.crt
@owner
@group
share/examples/i2pd/certificates/family/mca2-i2p.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/mca2-i2p.crt
@owner
@group
share/examples/i2pd/certificates/family/volatile.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/volatile.crt
@owner
@group
share/examples/i2pd/certificates/reseed/
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/
@owner
@group
share/examples/i2pd/certificates/reseed/acetone_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/acetone_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt
@owner
@group
share/examples/i2pd/certificates/reseed/hiduser0_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/hiduser0_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/hottuna_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/hottuna_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/igor_at_novg.net.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/igor_at_novg.net.crt
@owner
@group
share/examples/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/orignal_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/orignal_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/rambler_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/rambler_at_mail.i2p.crt
@owner
@group
share/examples/i2pd/certificates/reseed/reseed_at_diva.exchange.crt
@owner _i2pd
@group _i2pd
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/reseed_at_diva.exchange.crt
@owner
@group
share/examples/i2pd/i2pd.conf
@owner _i2pd
@group _i2pd
@sample ${SYSCONFDIR}/i2pd/i2pd.conf
@owner
@group
share/examples/i2pd/tunnels.conf
@owner _i2pd
@group _i2pd
@sample ${SYSCONFDIR}/i2pd/tunnels.conf

24
usr/ports/net/i2pd/pkg/README ノーマルファイル
ファイルの表示

@ -0,0 +1,24 @@
+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------
Resource Limits: File Descriptors
=================================
By default, the _i2pd user, and so the i2pd process runs in the login(1)
class of "daemon". The default limits on file descriptors are
insufficient to run i2pd; instead you should put the _i2pd user and
process in their own login(1) class with tuned resources. You should
also raise the system-wide maxfiles limit.
1. Configure i2pd login class in the login.conf(5) file:
i2pd:\
:openfiles-cur=8192:\
:openfiles-max=8192:\
:tc=daemon:
2. Adjust kern.maxfiles, if needed:
# sysctl kern.maxfiles=16000
# echo "kern.maxfiles=16000" >> /etc/sysctl.conf

9
usr/ports/net/i2pd/pkg/i2pd.rc ノーマルファイル
ファイルの表示

@ -0,0 +1,9 @@
#!/bin/ksh
daemon="${TRUEPREFIX}/bin/i2pd --daemon"
daemon_user="_i2pd"
daemon_flags="--service --datadir=${LOCALSTATEDIR}/lib/i2pd --conf=${SYSCONFDIR}/i2pd/i2pd.conf --tunconf=${SYSCONFDIR}/i2pd/tunnels.conf --tunnelsdir=${SYSCONFDIR}/i2pd/tunnels.d"
. /etc/rc.d/rc.subr
rc_cmd $1

1
var/lib/i2pd/.FUCKINGADD ノーマルファイル
ファイルの表示

@ -0,0 +1 @@
#FUCKINGADD

62
var/www/htdocs/chikahiroba.i2p/index.html ノーマルファイル
ファイルの表示

@ -0,0 +1,62 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja">
<head>
<meta content="text/html; charset=utf-8" http-equiv="content-type" />
<title>地下広場</title>
<link rel="stylesheet" type="text/css" href="/style.css" />
</head>
<body>
<h1>
Welcome to the Underground Square!<br />
地下広場へようこそ!
</h1>
<p>
I created this I2P-only IRC server because I'm just done with soycial media.<br />
I, 寮 (ryo), am the owner of this space, but feel free to create your own channels on this server.<br />
Server software is Ergo, so IP addresses are hidden by default.<br />
Let's return to the glory of web 1.0!
</p>
<p>
By the way, in case you wonder, "chikahiroba" means "Undeground (Town's) Square" in Japanese.<br />
Because this place is underground, and there's no specific theme.
</p>
<h2>Server details</h2>
<p>
Network name: chikahiroba<br />
Server: hvmpwwdqm5fpu5y4b6yuzqzb75kkhvnsnbxenbwpru7cjwl4qxla.b32.i2p<br />
Port: 5555<br />
Main channel: #izakaya
</p>
<h2>Configuring I2P tunnel</h2>
<p>
Edit the tunnels.conf file (in Linux and OpenBSD it's /etc/i2pd/tunnels.conf, in FreeBSD it's /usr/local/etc/i2pd/tunnels.conf).
<code>
<pre>
[IRC-CHIKAHIROBA]
type = client
address = 127.0.0.1
port = 6670
destination = hvmpwwdqm5fpu5y4b6yuzqzb75kkhvnsnbxenbwpru7cjwl4qxla.b32.i2p
destinationport = 5555
keys = irc-keys.dat
</pre>
</code>
Then do:<br />
/server add chika 127.0.0.1/6670<br />
/connect chika<br />
/join #izakaya
</p>
<p>
To create your own channel, simply use the "/join" command, start with a fashtag, and any name you want.
</p>
<p>My blog: <a href="http://ryocafe.i2p">寮居酒屋</a></p>
</body>
</html>

16
var/www/htdocs/chikahiroba.i2p/style.css ノーマルファイル
ファイルの表示

@ -0,0 +1,16 @@
body {
background: #000;
color: #aea7a7;
}
h1, h2 {
color: #a44;
}
h1 {
text-align: center;
}
a {
color: #bf49ea;
}