cthrace/collabvm-1.2.ts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e780ecabf04d7e6053267ba1821cf83debbec548
collabvm-1.2.ts/config.example.toml
modeco80 e780ecabf0 cvmts: Add support for cgroup process resource limits on Linux 
Using systemd's `Delegate=` option, it is possible to get it to let you manage your own cgroup subtree, therefore allowing you to set options and other fun stuff.

This commit adds support for doing so and configuring the resource limits in config.toml.

For later: The cgroup created has to be a threaded one. Iin theory, we can actually wait for the QEMU process to handshake qmp, grab the vCPU threads, and only limit those. For now, just limiting the entire QEMU process works, though and is the least complicated.

NOTE: Windows support should still work, even if you have resource limits configured. If you do, it should only warn and complain, but still function.
2024-11-02 06:08:26 -04:00

149 lines
4.8 KiB
TOML
Raw Blame History

[http]
host = "0.0.0.0"
port = 6004
# Whether the server is behind a reverse proxy, like NGINX
proxying = false
# IPs allowed to access the server in proxy mode.
# 99% of the time this will only be 127.0.0.1
proxyAllowedIps = ["127.0.0.1"]
# Whether the Origin header check is enabled.
origin = false
# Origins to accept connections from.
originAllowedDomains = ["computernewb.com"]
[geoip]
# Enables support for showing country flags next to usernames.
enabled = false
# Directory to store and load GeoIP databases from.
directory = "geoip/"
# MaxMind license key and account ID (https://www.maxmind.com/en/accounts/current/license-key)
accountID = ""
licenseKey = ""
[tcp]
# Enabled the raw TCP socket server
# You usually want to leave this disabled
enabled = false
host = "0.0.0.0"
port = 6014
[auth]
# Enables the CollabVM account authentication system
# Requires an authentication server (https://git.computernewb.com/collabvm/CollabVMAuthServer)
enabled = false
apiEndpoint = ""
secretKey = "hunter2"
# When account authentication is enabled, this section defines what guests can and can't do
# Has no effect if auth is disabled
[auth.guestPermissions]
chat = true
turn = false
callForReset = false
vote = true
[vm]
# Configures the type of VM this server will use
# Supported values:
# "qemu" - Runs a QEMU VM
# "vncvm" - Connects to an existing VNC server
type = "qemu"
# QEMU options
# Only used if vm.type is set to "qemu"
[qemu]
qemuArgs = "qemu-system-x86_64"
# VNC port to be used for this VM. Must be unique among all VMs. Only used on Windows, as unix sockets are used on Linux.
vncPort = 5900
snapshots = true
# Resource limits. Only works on Linux, with `Delegate=yes` set in your .service file.
#
# cpuUsageMax specifies CPU usage limits in the common top notation, so 200% means 2 CPUs, so on so forth.
# runOnCpus specifies what CPUs the VM is allowed to run on.
#
# Either can be omitted or specified; however, if you want to disable it entirely,
# it's a better idea to just comment this inline table out,
# since the inline table existing is used to enable cgroup support.
resourceLimits = { cpuUsageMax = 100, runOnCpus = [ 2, 4 ] }
# VNC options
# Only used if vm.type is set to "vncvm"
[vncvm]
vncHost = "127.0.0.1"
vncPort = 5900
# startCmd = ""
# stopCmd = ""
# rebootCmd = ""
# restoreCmd = ""
[mysql]
# Configures the MySQL database. This is ONLY required if you use the internal cvmban banning system (configured below)
enabled = false
host = "127.0.0.1"
username = "root"
password = "hunter2"
database = "cvmts"
# This section configures banning users. Note that if you leave this default, banning will NOT function and will be as effective as a kick.
[bans]
# If defined, a command that is run to ban a user from the VM.
# Use $IP to specify an ip and (optionally) use $NAME to specify a username
# bancmd = ""
# If true, enables the internal banning of users using the above MySQL database
cvmban = false
[collabvm]
# Node ID for this server
# Make sure this is unique among all the other nodes in a webapp
node = "acoolvm"
# HTML display name shown on the VM list
displayname = "A <b>Really</b> Cool CollabVM Instance"
# HTML message shown in the chat when a user joins
motd = "welcome!"
# Maximum amount of active connections allowed from the same IP.
maxConnections = 3
# Moderator rank enabled (permissions are defined below)
moderatorEnabled = true
# List of disallowed usernames
usernameblacklist = []
# Maximum length of a chat message
maxChatLength = 100
# Maximum messages in the chat history buffer before old messages are overwritten
maxChatHistoryLength = 10
# Limit the amount of users allowed in the turn queue at the same time from the same IP
turnlimit = { enabled = true, maximum = 1 }
# Temporarily mute a user if they send more than x messages in n seconds
automute = { enabled = true, seconds = 5, messages = 5 }
# How long a temporary mute lasts, in seconds
tempMuteTime = 30
# How long a turn lasts, in seconds
turnTime = 20
# How long a reset vote lasts, in seconds
voteTime = 100
# How long until another vote can be started, in seconds
voteCooldown = 180
# SHA256 sum of the admin and mod passwords. This can be generated with the following command:
# printf "<password>" | sha256sum -
# Example hash is hunter2 and hunter3
adminpass = "f52fbd32b2b3b86ff88ef6c490628285f482af15ddcb29541f94bcf526a3f6c7"
modpass = "fb8c2e2b85ca81eb4350199faddd983cb26af3064614e737ea9f479621cfa57a"
# Whether a password is required to take a turn
turnwhitelist = false
# SHA256 sum for the password to take a turn. Only takes effect if turnwhitelist == true. If set to an empty string or not provided, only admins and mods can take turns
turnpass = ""
# What a moderator can and can't do
[collabvm.moderatorPermissions]
restore = true
reboot = true
ban = true
forcevote = true
mute = true
kick = true
bypassturn = true
rename = true
grabip = true
xss = true
Reference in New Issue View Git Blame Copy Permalink