config.example.toml

[http]
host = "0.0.0.0"
port = 6004
# Whether the server is behind a reverse proxy, like NGINX
proxying = false
# IPs allowed to access the server in proxy mode.
# 99% of the time this will only be 127.0.0.1
proxyAllowedIps = ["127.0.0.1"]
# Whether the Origin header check is enabled.
origin = false
# Origins to accept connections from.
originAllowedDomains = ["computernewb.com"]

[geoip]
# Enables support for showing country flags next to usernames.
enabled = false
# Directory to store and load GeoIP databases from.
directory = "geoip/"
# MaxMind license key and account ID (https://www.maxmind.com/en/accounts/current/license-key)
accountID = ""
licenseKey = ""

[tcp]
# Enabled the raw TCP socket server
# You usually want to leave this disabled
enabled = false
host = "0.0.0.0"
port = 6014

[auth]
# Enables the CollabVM account authentication system
# Requires an authentication server (https://git.computernewb.com/collabvm/CollabVMAuthServer)
enabled = false
apiEndpoint = ""
secretKey = "hunter2"

# When account authentication is enabled, this section defines what guests can and can't do
# Has no effect if auth is disabled
[auth.guestPermissions]
chat = true
turn = false
callForReset = false
vote = true

[vm]
# Configures the type of VM this server will use
# Supported values:
#    "qemu" - Runs a QEMU VM
#    "vncvm" - Connects to an existing VNC server
type = "qemu"

# QEMU options
# Only used if vm.type is set to "qemu"
[qemu]
qemuArgs = "qemu-system-x86_64"
# VNC port to be used for this VM. Must be unique among all VMs. Only used on Windows, as unix sockets are used on Linux.
vncPort = 5900
snapshots = true

# Resource limits. Only works on Linux, with `Delegate=yes` set in your .service file.
#
# cpuUsageMax specifies CPU usage limits in the common top notation, so 200% means 2 CPUs, so on so forth.
# runOnCpus specifies what CPUs the VM is allowed to run on.
# limitProcess is optional (default false) and determines if only qemu vCPU threads are put into the cgroup,
# or the entire QEMU process (incl. all its threads). This is rarely what you want, so the example does not
# provide it.
#
# Either can be omitted or specified; however, if you want to disable it entirely,
# it's a better idea to just comment this inline table out, 
# since the inline table existing is used to enable cgroup support.
resourceLimits = { cpuUsageMax = 100, runOnCpus = [ 2, 4 ] }


# VNC options
# Only used if vm.type is set to "vncvm"
[vncvm]
vncHost = "127.0.0.1"
vncPort = 5900
# startCmd = ""
# stopCmd = ""
# rebootCmd = ""
# restoreCmd = ""

[mysql]
# Configures the MySQL database. This is ONLY required if you use the internal cvmban banning system (configured below)
enabled = false
host = "127.0.0.1"
username = "root"
password = "hunter2"
database = "cvmts"

# This section configures banning users. Note that if you leave this default, banning will NOT function and will be as effective as a kick.
[bans]
# If defined, a command that is run to ban a user from the VM.
# Use $IP to specify an ip and (optionally) use $NAME to specify a username
# bancmd = ""
# If true, enables the internal banning of users using the above MySQL database
cvmban = false

[collabvm]
# Node ID for this server
# Make sure this is unique among all the other nodes in a webapp
node = "acoolvm"
# HTML display name shown on the VM list
displayname = "A <b>Really</b> Cool CollabVM Instance"
# HTML message shown in the chat when a user joins
motd = "welcome!"
# Maximum amount of active connections allowed from the same IP.
maxConnections = 3
# Moderator rank enabled (permissions are defined below)
moderatorEnabled = true
# List of disallowed usernames
usernameblacklist = []
# Maximum length of a chat message
maxChatLength = 100
# Maximum messages in the chat history buffer before old messages are overwritten
maxChatHistoryLength = 10
# Limit the amount of users allowed in the turn queue at the same time from the same IP
turnlimit = { enabled = true, maximum = 1 }
# Temporarily mute a user if they send more than x messages in n seconds
automute = { enabled = true, seconds = 5, messages = 5 }
# How long a temporary mute lasts, in seconds
tempMuteTime = 30
# How long a turn lasts, in seconds
turnTime = 20
# How long a reset vote lasts, in seconds
voteTime = 100
# How long until another vote can be started, in seconds
voteCooldown = 180
# SHA256 sum of the admin and mod passwords. This can be generated with the following command:
# printf "<password>" | sha256sum -
# Example hash is hunter2 and hunter3
adminpass = "f52fbd32b2b3b86ff88ef6c490628285f482af15ddcb29541f94bcf526a3f6c7"
modpass = "fb8c2e2b85ca81eb4350199faddd983cb26af3064614e737ea9f479621cfa57a"
# Whether a password is required to take a turn
turnwhitelist = false
# SHA256 sum for the password to take a turn. Only takes effect if turnwhitelist == true. If set to an empty string or not provided, only admins and mods can take turns
turnpass = ""

# What a moderator can and can't do
[collabvm.moderatorPermissions]
restore = true
reboot = true
ban = true
forcevote = true
mute = true
kick = true
bypassturn = true
rename = true
grabip = true
xss = true
everything 2023-01-31 22:00:30 -05:00			`[http]`
Disable proxying by default (example config should work out of the box) 2023-02-13 18:52:42 -05:00			`host = "0.0.0.0"`
everything 2023-01-31 22:00:30 -05:00			`port = 6004`
			`# Whether the server is behind a reverse proxy, like NGINX`
Disable proxying by default (example config should work out of the box) 2023-02-13 18:52:42 -05:00			`proxying = false`
everything 2023-01-31 22:00:30 -05:00			`# IPs allowed to access the server in proxy mode.`
			`# 99% of the time this will only be 127.0.0.1`
			`proxyAllowedIps = ["127.0.0.1"]`
Add (optional) Origin header check 2023-05-25 15:59:16 +02:00			`# Whether the Origin header check is enabled.`
			`origin = false`
			`# Origins to accept connections from.`
			`originAllowedDomains = ["computernewb.com"]`
everything 2023-01-31 22:00:30 -05:00
add geoip country flag support 2024-06-23 02:23:59 -04:00			`[geoip]`
			`# Enables support for showing country flags next to usernames.`
			`enabled = false`
			`# Directory to store and load GeoIP databases from.`
			`directory = "geoip/"`
			`# MaxMind license key and account ID (https://www.maxmind.com/en/accounts/current/license-key)`
			`accountID = ""`
			`licenseKey = ""`

add VNCVM 2024-06-11 13:46:24 -04:00			`[tcp]`
chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00			`# Enabled the raw TCP socket server`
			`# You usually want to leave this disabled`
add VNCVM 2024-06-11 13:46:24 -04:00			`enabled = false`
			`host = "0.0.0.0"`
			`port = 6014`

Implement account authentication (server) 2024-04-05 09:10:47 -04:00			`[auth]`
chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00			`# Enables the CollabVM account authentication system`
			`# Requires an authentication server (https://git.computernewb.com/collabvm/CollabVMAuthServer)`
Implement account authentication (server) 2024-04-05 09:10:47 -04:00			`enabled = false`
			`apiEndpoint = ""`
			`secretKey = "hunter2"`

chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00			`# When account authentication is enabled, this section defines what guests can and can't do`
			`# Has no effect if auth is disabled`
Implement account authentication (server) 2024-04-05 09:10:47 -04:00			`[auth.guestPermissions]`
			`chat = true`
			`turn = false`
hastily hand merge yellowcode vote patch thing Co-Authored-By: yellows111 <ice_ice@email.com> 2024-05-01 08:08:43 -04:00			`callForReset = false`
			`vote = true`

everything 2023-01-31 22:00:30 -05:00			`[vm]`
chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00			`# Configures the type of VM this server will use`
			`# Supported values:`
			`# "qemu" - Runs a QEMU VM`
			`# "vncvm" - Connects to an existing VNC server`
add VNCVM 2024-06-11 13:46:24 -04:00			`type = "qemu"`

chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00			`# QEMU options`
			`# Only used if vm.type is set to "qemu"`
add VNCVM 2024-06-11 13:46:24 -04:00			`[qemu]`
everything 2023-01-31 22:00:30 -05:00			`qemuArgs = "qemu-system-x86_64"`
fix vnc on windows 2024-08-04 18:28:33 -04:00			`# VNC port to be used for this VM. Must be unique among all VMs. Only used on Windows, as unix sockets are used on Linux.`
everything 2023-01-31 22:00:30 -05:00			`vncPort = 5900`
			`snapshots = true`

cvmts: Add support for cgroup process resource limits on Linux Using systemd's `Delegate=` option, it is possible to get it to let you manage your own cgroup subtree, therefore allowing you to set options and other fun stuff. This commit adds support for doing so and configuring the resource limits in config.toml. For later: The cgroup created has to be a threaded one. Iin theory, we can actually wait for the QEMU process to handshake qmp, grab the vCPU threads, and only limit those. For now, just limiting the entire QEMU process works, though and is the least complicated. NOTE: Windows support should still work, even if you have resource limits configured. If you do, it should only warn and complain, but still function. 2024-11-02 06:08:26 -04:00			# Resource limits. Only works on Linux, with `Delegate=yes` set in your .service file.
			`#`
			`# cpuUsageMax specifies CPU usage limits in the common top notation, so 200% means 2 CPUs, so on so forth.`
			`# runOnCpus specifies what CPUs the VM is allowed to run on.`
cvmts: Only target QEMU vCPU threads by default Previous behaviour was to limit the whole QEMU process; this only limits the vCPU threads. A bit (very) hacky how I did this but it does work. 2024-11-02 07:46:59 -04:00			`# limitProcess is optional (default false) and determines if only qemu vCPU threads are put into the cgroup,`
			`# or the entire QEMU process (incl. all its threads). This is rarely what you want, so the example does not`
			`# provide it.`
cvmts: Add support for cgroup process resource limits on Linux Using systemd's `Delegate=` option, it is possible to get it to let you manage your own cgroup subtree, therefore allowing you to set options and other fun stuff. This commit adds support for doing so and configuring the resource limits in config.toml. For later: The cgroup created has to be a threaded one. Iin theory, we can actually wait for the QEMU process to handshake qmp, grab the vCPU threads, and only limit those. For now, just limiting the entire QEMU process works, though and is the least complicated. NOTE: Windows support should still work, even if you have resource limits configured. If you do, it should only warn and complain, but still function. 2024-11-02 06:08:26 -04:00			`#`
			`# Either can be omitted or specified; however, if you want to disable it entirely,`
			`# it's a better idea to just comment this inline table out,`
			`# since the inline table existing is used to enable cgroup support.`
			`resourceLimits = { cpuUsageMax = 100, runOnCpus = [ 2, 4 ] }`


chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00			`# VNC options`
			`# Only used if vm.type is set to "vncvm"`
add VNCVM 2024-06-11 13:46:24 -04:00			`[vncvm]`
			`vncHost = "127.0.0.1"`
			`vncPort = 5900`
			`# startCmd = ""`
			`# stopCmd = ""`
			`# rebootCmd = ""`
			`# restoreCmd = ""`

Add internal banning (cvmban) using MySQL 2024-07-31 16:34:42 -04:00			`[mysql]`
			`# Configures the MySQL database. This is ONLY required if you use the internal cvmban banning system (configured below)`
			`enabled = false`
			`host = "127.0.0.1"`
			`username = "root"`
			`password = "hunter2"`
			`database = "cvmts"`

			`# This section configures banning users. Note that if you leave this default, banning will NOT function and will be as effective as a kick.`
			`[bans]`
			`# If defined, a command that is run to ban a user from the VM.`
			`# Use $IP to specify an ip and (optionally) use $NAME to specify a username`
			`# bancmd = ""`
			`# If true, enables the internal banning of users using the above MySQL database`
			`cvmban = false`

everything 2023-01-31 22:00:30 -05:00			`[collabvm]`
chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00			`# Node ID for this server`
			`# Make sure this is unique among all the other nodes in a webapp`
everything 2023-01-31 22:00:30 -05:00			`node = "acoolvm"`
chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00			`# HTML display name shown on the VM list`
everything 2023-01-31 22:00:30 -05:00			`displayname = "A <b>Really</b> Cool CollabVM Instance"`
chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00			`# HTML message shown in the chat when a user joins`
everything 2023-01-31 22:00:30 -05:00			`motd = "welcome!"`
implement TCP server, reimplement maxConnections except it now kicks the oldest connection 2024-05-27 00:06:05 -04:00			`# Maximum amount of active connections allowed from the same IP.`
			`maxConnections = 3`
chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00			`# Moderator rank enabled (permissions are defined below)`
everything 2023-01-31 22:00:30 -05:00			`moderatorEnabled = true`
Add internal banning (cvmban) using MySQL 2024-07-31 16:34:42 -04:00			`# List of disallowed usernames`
whoops 2023-02-09 16:03:52 -05:00			`usernameblacklist = []`
Add internal banning (cvmban) using MySQL 2024-07-31 16:34:42 -04:00			`# Maximum length of a chat message`
everything 2023-01-31 22:00:30 -05:00			`maxChatLength = 100`
Add internal banning (cvmban) using MySQL 2024-07-31 16:34:42 -04:00			`# Maximum messages in the chat history buffer before old messages are overwritten`
Configurable chat history length The previous default of 5 messages is utterly lame and didn't provide enough context to anything, and was also a downgrade from the old server as that had 10 messages by default (of which we're now going back to with this change). 2023-05-01 15:03:14 +01:00			`maxChatHistoryLength = 10`
Various bug fixes and small additions IMPORTANT: This commit contains new config options. Make sure your local config file is up to date with config.example.toml to avoid issues. CHANGELOG: - Fix crash exploit caused by abnormally long WebSocket messages - Added config option for limiting the maximum amount of active connections from the same IP - Made per-IP turn limiter configurable - Fixed an issue where vote updates were not sent to clients in some cases - Added warning about using qmpSockDir on Windows hosts - Updated dependencies - Removed unused code/imports 2023-09-12 00:25:57 +02:00			`# Limit the amount of users allowed in the turn queue at the same time from the same IP`
chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00			`turnlimit = { enabled = true, maximum = 1 }`
everything 2023-01-31 22:00:30 -05:00			`# Temporarily mute a user if they send more than x messages in n seconds`
chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00			`automute = { enabled = true, seconds = 5, messages = 5 }`
everything 2023-01-31 22:00:30 -05:00			`# How long a temporary mute lasts, in seconds`
			`tempMuteTime = 30`
			`# How long a turn lasts, in seconds`
			`turnTime = 20`
add all the staff actions and resets and uhh i forgot to commit but everything works now 2023-02-07 12:29:33 -05:00			`# How long a reset vote lasts, in seconds`
			`voteTime = 100`
Add IPData, Windows support, bugfixes (#2) * Add IPData, Windows support, bugfixes Changes: - Added IPData: mutes and votes are now tracked per-IP instead of per-user. - Windows support: QMP over TCP can now be enabled in the config. - Vote cooldown can now be specified in the config. - Fixed bugs: "Username is already taken" message appearing when it shouldn't * Remove vote from closed connections --------- Co-authored-by: Elijah R <62162399+elijahr2411@users.noreply.github.com> 2023-02-11 15:58:20 +01:00			`# How long until another vote can be started, in seconds`
			`voteCooldown = 180`
everything 2023-01-31 22:00:30 -05:00			`# SHA256 sum of the admin and mod passwords. This can be generated with the following command:`
			`# printf "<password>" \| sha256sum -`
			`# Example hash is hunter2 and hunter3`
			`adminpass = "f52fbd32b2b3b86ff88ef6c490628285f482af15ddcb29541f94bcf526a3f6c7"`
			`modpass = "fb8c2e2b85ca81eb4350199faddd983cb26af3064614e737ea9f479621cfa57a"`
add turn whitelist and password support 2023-06-05 21:59:37 -04:00			`# Whether a password is required to take a turn`
			`turnwhitelist = false`
			`# SHA256 sum for the password to take a turn. Only takes effect if turnwhitelist == true. If set to an empty string or not provided, only admins and mods can take turns`
			`turnpass = ""`
chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00
everything 2023-01-31 22:00:30 -05:00			`# What a moderator can and can't do`
chore: comment config.example.toml and format code with prettier/cargo 2024-08-04 15:50:00 -04:00			`[collabvm.moderatorPermissions]`
everything 2023-01-31 22:00:30 -05:00			`restore = true`
			`reboot = true`
			`ban = true`
			`forcevote = true`
			`mute = true`
			`kick = true`
			`bypassturn = true`
			`rename = true`
			`grabip = true`
whoops 2023-02-09 16:03:52 -05:00			`xss = true`