{ util, container, ... }: { text = util.trimTabs '' ;project page." ; (optional) notice to display ; notice = "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service." ; by default PrivateBin will guess the visitors language based on the browsers ; settings. Optionally you can enable the language selection menu, which uses ; a session cookie to store the choice until the browser is closed. languageselection = false ; set the language your installs defaults to, defaults to English ; if this is set and language selection is disabled, this will be the only language ; languagedefault = "en" ; (optional) URL shortener address to offer after a new paste is created. ; It is suggested to only use this with self-hosted shorteners as this will leak ; the pastes encryption key. ; urlshortener = "https://shortener.example.com/api?link=" ; (optional) Let users create a QR code for sharing the paste URL with one click. ; It works both when a new paste is created and when you view a paste. ; qrcode = true ; (optional) Let users send an email sharing the paste URL with one click. ; It works both when a new paste is created and when you view a paste. ; email = true ; (optional) IP based icons are a weak mechanism to detect if a comment was from ; a different user when the same username was used in a comment. It might get ; used to get the IP of a comment poster if the server salt is leaked and a ; SHA512 HMAC rainbow table is generated for all (relevant) IPs. ; Can be set to one these values: ; "none" / "identicon" (default) / "jdenticon" / "vizhash". ; icon = "none" ; Content Security Policy headers allow a website to restrict what sources are ; allowed to be accessed in its context. You need to change this if you added ; custom scripts from third-party domains to your templates, e.g. tracking ; scripts or run your site behind certain DDoS-protection services. ; Check the documentation at https://content-security-policy.com/ ; Notes: ; - If you use any bootstrap theme, you can remove the allow-popups from the ; sandbox restrictions. ; - If you use the bootstrap5 theme, you must change default-src to 'self' to ; enable display of the svg icons ; - By default this disallows to load images from third-party servers, e.g. when ; they are embedded in pastes. If you wish to allow that, you can adjust the ; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images ; for details. ; - The 'unsafe-eval' is used in two cases; to check if the browser supports ; async functions and display an error if not and for Chrome to enable ; webassembly support (used for zlib compression). You can remove it if Chrome ; doesn't need to be supported and old browsers don't need to be warned. ; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads" ; stay compatible with PrivateBin Alpha 0.19, less secure ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of ; sha256 in HMAC for the deletion token ; zerobincompatibility = false ; Enable or disable the warning message when the site is served over an insecure ; connection (insecure HTTP instead of HTTPS), defaults to true. ; Secure transport methods like Tor and I2P domains are automatically whitelisted. ; It is **strongly discouraged** to disable this. ; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information. ; httpwarning = true ; Pick compression algorithm or disable it. Only applies to pastes/comments ; created after changing the setting. ; Can be set to one these values: "none" / "zlib" (default). ; compression = "zlib" [expire] ; expire value that is selected per default ; make sure the value exists in [expire_options] default = "1week" [expire_options] ; Set each one of these to the number of seconds in the expiration period, ; or 0 if it should never expire 5min = 300 10min = 600 1hour = 3600 1day = 86400 1week = 604800 ; Well this is not *exactly* one month, it's 30 days: 1month = 2592000 1year = 31536000 never = 0 [formatter_options] ; Set available formatters, their order and their labels plaintext = "Plain Text" syntaxhighlighting = "Source Code" markdown = "Markdown" [traffic] ; time limit between calls from the same IP address in seconds ; Set this to 0 to disable rate limiting. limit = 10 ; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted ; from the rate-limit. Invalid IPs will be ignored. If multiple values are to ; be exempted, the list needs to be comma separated. Leave unset to disable ; exemptions. ; exempted = "1.2.3.4,10.10.10/24" ; (optional) If you want only some source IP addresses (v4 or v6) or subnets ; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be ; ignored. If multiple values are to be exempted, the list needs to be comma ; separated. Leave unset to allow anyone to create pastes. ; creators = "1.2.3.4,10.10.10/24" ; (optional) if your website runs behind a reverse proxy or load balancer, ; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR ; header = "X_FORWARDED_FOR" [purge] ; minimum time limit between two purgings of expired pastes, it is only ; triggered when pastes are created ; Set this to 0 to run a purge every time a paste is created. limit = 300 ; maximum amount of expired pastes to delete in one purge ; Set this to 0 to disable purging. Set it higher, if you are running a large ; site batchsize = 10 ;[model] ; name of data model class to load and directory for storage ; the default model "Filesystem" stores everything in the filesystem ;class = Filesystem ;[model_options] ;dir = PATH "data" ;[model] ; example of a Google Cloud Storage configuration ;class = GoogleCloudStorage ;[model_options] ;bucket = "my-private-bin" ;prefix = "pastes" ;uniformacl = false ;[model] ; example of DB configuration for MySQL ;class = Database ;[model_options] ;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8" ;tbl = "privatebin_" ; table prefix ;usr = "privatebin" ;pwd = "Z3r0P4ss" ;opt[12] = true ; PDO::ATTR_PERSISTENT ;[model] ; example of DB configuration for SQLite ;class = Database ;[model_options] ;dsn = "sqlite:" PATH "data/db.sq3" ;usr = null ;pwd = null ;opt[12] = true ; PDO::ATTR_PERSISTENT [model] ; example of DB configuration for PostgreSQL class = Database [model_options] dsn = "pgsql:host=${container.config.postgres.address};dbname=privatebin" tbl = "privatebin_" ; table prefix usr = "privatebin" pwd = "privatebin" opt[12] = true ; PDO::ATTR_PERSISTENT ;[model] ; example of S3 configuration for Rados gateway / CEPH ;class = S3Storage ;[model_options] ;region = "" ;version = "2006-03-01" ;endpoint = "https://s3.my-ceph.invalid" ;use_path_style_endpoint = true ;bucket = "my-bucket" ;accesskey = "my-rados-user" ;secretkey = "my-rados-pass" ;[model] ; example of S3 configuration for AWS ;class = S3Storage ;[model_options] ;region = "eu-central-1" ;version = "latest" ;bucket = "my-bucket" ;accesskey = "access key id" ;secretkey = "secret access key" ;[model] ; example of S3 configuration for AWS using its SDK default credential provider chain ; if relying on environment variables, the AWS SDK will look for the following: ; - AWS_ACCESS_KEY_ID ; - AWS_SECRET_ACCESS_KEY ; - AWS_SESSION_TOKEN (if needed) ; for more details, see https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain ;class = S3Storage ;[model_options] ;region = "eu-central-1" ;version = "latest" ;bucket = "my-bucket" [yourls] ; When using YOURLS as a "urlshortener" config item: ; - By default, "urlshortener" will point to the YOURLS API URL, with or without ; credentials, and will be visible in public on the PrivateBin web page. ; Only use this if you allow short URL creation without credentials. ; - Alternatively, using the parameters in this section ("signature" and ; "apiurl"), "urlshortener" needs to point to the base URL of your PrivateBin ; instance with "?shortenviayourls&link=" appended. For example: ; urlshortener = "''${basepath}?shortenviayourls&link=" ; This URL will in turn call YOURLS on the server side, using the URL from ; "apiurl" and the "access signature" from the "signature" parameters below. ; (optional) the "signature" (access key) issued by YOURLS for the using account ; signature = "" ; (optional) the URL of the YOURLS API, called to shorten a PrivateBin URL ; apiurl = "https://yourls.example.com/yourls-api.php" ''; }