[default]
# Can be more than one bind, however beware:
# '::' and/or '0.0.0.0' is a 'bind' to all ('::' seems to work for IPv4 as well) - vhost with their own bind and the same ports will result in an error.
# 'Address already in use' or something similar.
# To bind to more than one address, make the value an array ie: ['192.168.0.24', '10.0.1.1']
# bind can also be set to 'no' which means if vhosts are to be accessed via internet, the vhost will need their own bind option.
bind = '::'
# To bind to more than one port, make the value an array ie: [1965, 1966, 1967]
ports = 1965
# Can specify one or both of these.
tls = ['v1.2', 'v1.3']
# UNIX socket, will make all vhost accessible via this socket unless they have their own 'unix' parameter.
# Ports parameter will not matter in regards to unix socket.
# unix can be set to 'no' where it will not make an unix socket, although vhost can have their own unix parameter.
# The path of the unix socket needs to be readable/writable.
# If the socket file exists when attempting to use it then this program will delete that file and make a new one.
# By default, if unix does not exist, there will be no unix socket.
unix = 'no'

## The following options are specific to default and will not work with vhost 
# Working dir is used as a relative location if a 'pathy' option (like log_file) is not absolute.
# If working_dir does not have a path, then the *current working directory* is the used.
working_dir = "/etc/jakes-gemini-server" # avoid putting final '/'
# Unless path is absolute, it is relative to working_dir
log_file = "jakes-gemini-server.log"
# if log_to_stdout is true then log_file is ignored and the 'log' is printed (almost unbuffered) to stdout.
log_to_stdout = true
# Unless path is absolute, it is relative to working_dir.
# If this is not specified then it will place it in certs dir (and create the directory if needed, maybe not with the best permissions)
cert_key_dir = "certs" # avoid putting final '/'
# If the cert_key_dir directory is not writable, then a warning will emit 
# because generating cert/key pairs will fail and cause the program to die. 
# Setting the following to 'false' will not emit an error.
cert_key_dir_write_warning = true
# For each accepted connection a fork() is called. This toggles if that should happen or not.
# For debugging or memory reasons, it may help to set this to false, though it may result in clients timing out
# Will cause 'timed-out' and 'sysread failed' to appear at the same time in log files.
fork = true
# When the server accept()s the client needs to send, per the Gemini spec: '<URL><CR><LF>'
# This timeout option determines how long the server will wait before timing them out. 
# 0 is equivalent to 'do not timeout'.  Naughty bots/people sit there doing nothing but clogging the ports.
timeout = 5

## These are not specific to default and can be used with vhost
## Vhost options will override default options
# Default document root, when a vhost has none of its own.
root = "default_root"
# append 'index.gmi' when the path ends with '/' or is nothing
assume_index = true 
# list the contents of a directory if no index.gmi is found and request is a directory
dir_listing = false 
# otherwise the fallback is 'application/octet-stream' (gemini is primary text based so 'octet-stream' probably not wanted)
default_mime = 'text/plain' 
# redirection allows this program to check for vhost redirect values.
# 'no' meaning, no redirection.
# 'simple', which is simply "if 'x' key exist, return the value for it"
# 'regex' which is a bit more complex and uses Perl's built in regualar expression. See the vhost for an example of one.
redirection = 'simple'
# gone, a default context dones't really do anything besides let all vhost check for a .gone file if the original path doesn't exist.
# vhost setting for this is somewhat more involved
gone = true

### Not implimented yet
# similar to .htaccess, .gmiaccess
#gmi_access = true 
# automatically reject access to .gmiaccess
#gmi_access_request_reject = true 
# No need for a single config file
#include_configs = ["./sites_enabled"]

# A Vhost is *required* since it both serves as vhost and server name identification (sni)
# Vhost example - probably you want to see that it actually works right away
# `$ ncat --ssl localhost 1965'. Quick! You have 5 seconds! type: 'gemini://localhost ' (don't forget the whitespace)
# (ncat (probably) packaged with nmap)
['localhost']
# Generate certificate and key automatically? Uses cert_key_dir
auto_cert = true
# Overrides default setting
assume_index = true

# A more realistic example
#['example.com']
# Listen to more than just 'example.com' with server_alias.  No need two vhost configurations.
# server_alias can just be a single string, e.g. "server_alias='www.example.com'". An array allows
# for more than one alias.  If auto_cert is true, then *ON CREATION OF THE CERT* the server_alias's will be added to it.
#server_alias=['www.example.com', 'example.org']
# bind can be set to a string or a list or 'no' which will not be accessible via IP address.
#bind = ['172.16.0.53', '10.43.14.32']
#ports = [10000,10001,10002]
# example.com can only be accesed through this socket, other vhost can use it too.
# unix can be set to some path or to 'no' which will not include it in default's unix path if it is set.
#unix = '/some/other/path/to/unix.sock'
#auto_cert = false
# Location to the cert/key pair is relative to cert_key_dir unless the path is absolute
# The existance of cert and key option will cause auto_cert to be ignored.
#cert = "cert.pem" # a file
#key  = "key.pem" # a file
#
# this Vhost's document root
#root = "/srv/gemini/example.com" 
#
# Overrides default setting
#assume_index = true
#dir_listing = true
#default_mime = 'text/plain'
#
## Regex settings:
##   they are checked in the following order:
##   certificate, redirection, gone
#
#redirection = 'regex'
#redirect = {
#    # note the beginning '/'. 
#    # The regex is complied like so: qr{^...$} (^ = beginning of line, $ = end of line)
#    # In other words, the entire key value MUST match.
#    # this one would be a simple redirection
#    '/redirect' = 'gemini://my-other-example.com',
#
#    # these are Perl's regular expression.
#    '/share/some_(.*)' = "/share/",
#    #               $1
#    '/blog/2022/dec/(.+)' = '/blog/2022/jul/$1',
#    #      $1     $2   $3 
#    '/blog/(20..)/(.+)/(.+)' = '/newsgroup/$1-$2/$3',
#}
#
#cert_req = {
#  # will accept ANY certificate
#  '/cert_required(.*) = 'any',
#  # Same as above but you can set the text that will accopany the header.
#  '/blog/secret(.*) = [
#      'any', 'This is my secret place.'
#  ],
#  # Lock an area off with specific fingerprints (sha256)!
#  '/payment_club(.*)' = [
#      'pubkey, 'Accepted members only',
#       # fingerprints (sha256) can have colons and be upper or lower case: program will normalize them.
#       '0b435dd2efc7c7569d97559c22d4a35abbd19cfd6d15d23989773a69df5556c2',
#       '...',
#  ],
#  # Suppose you have a LOT of pubkeys? This example will solve it.
#  '/secret_blog(.*)' = [
#      # file option allows you to specify files that should have a listing of accepted pubkeys
#      # the second option '0' just tells the server to serve default meta text
#      'file', 0,
#      '../pubkeys1.txt',
#      '../pubkeys2.txt',
#   ],
#}
# if you dont want a vhost to be able to set gone, leave this hash empty or delete it entirely.
#gone = {
#   # this checks if a path location doesn't exist, but does if '.gone' is appended, which will return a gone gemini status
#   append = true,
#   path = [
#       # regex matching
#       '/some/path/that/is/percise/text.gmi',
#       # This will match pretty a lot of things
#       '/blog/2021*',
#        # like '/blog/20215/april/' or even '/blog/2021-converense/'
#        # in other words: be careful and be as specific as you can be!
#  ]
#}