doc: Updating documentation

tkuester · Jan 21, 2023 · 73116b8 · 73116b8
1 parent 067cb4c
commit 73116b8
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 6 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -4,7 +4,30 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [0.8.4]
+## [0.9] - 2023/01/21
+
+### Added
+ - Kickban command allows admins to ban clients
+ - DPS endpoints that don't require client certificates
+ - Monitor clients receive persist data, can inject packets
+ - Monitor clients receive all routed packets, not just broadcast
+ - Relative path support for config
+
+### Changed
+ - Migrated from Python OpenSSL to Cryptography
+ - Pinned Flask dependency to ~2.0
+ - Improved "correctness" of cenerated certificates
+
+### Fixed
+ - SSL certs being generated in a way that Android rejects
+ - Packets with empty <marti/> tags get routed now
+
+### Contributors
+ - @fieldmapper, @sgofferj, @skadakar, and @FarrantAlex for their help wrangling
+   GitHub issues
+ - All the patient users in `#taky` who gave helpful feedback for this release
+
+## [0.8.4] - 2022-09-08
 
 ### Added
  - Management socket + status command

diff --git a/doc/README_FEATURE_COMPARISON.md b/doc/README_FEATURE_COMPARISON.md
@@ -9,12 +9,12 @@ me know!
 
 ## Programming Language
 
-| Servers           | taky (0.8.4)        | Free TAK Server (1.9.9)      |
+| Servers           | taky (0.9)          | Free TAK Server (1.9.9)      |
 | ---               | ---                 | ---                          |
 | Application       | Light Weight        | Feature Full                 |
 | Language          | Python 3.6+         | Python 3.6+                  |
-| SLOC              | ~2600               | ~11200                       |
-| Unit Testing      | Yes (~37%, passing) | Yes (~38%, failing)          |
+| SLOC              | ~3000               | ~11200                       |
+| Unit Testing      | Yes (~35%, passing) | Yes (~38%, failing)          |
 | Pylint            | 9.3/10              | 2.2/10                       |
 | Development Model | GitHub              | Private (mirrored to GitHub) |
 | First Commit      | 2021/01/18          | 2020/02/05                   |
@@ -58,8 +58,9 @@ with a performance cost, requiring more memory.
 
 taky was originally developed with a security focus. As such, SSL was expected
 to work out of the box, doing away with a need for TCP. However, many users
-have expressed a desire for a TCP monitoring port -- and one will be added in
-the future.
+also use some homebrew scripts for integration -- and setting up client
+certificates is burdensome. taky allows for a TCP monitoring port to be opened
+that receives all routed packets.
 
 As an added bonus though, taky's Data Package Server has several security
 benefits not yet found in FTS. First, taky's DPS enforces client certificates.

diff --git a/taky.conf b/taky.conf
@@ -0,0 +1,50 @@
+[taky]
+# System hostname
+#hostname=taky.local
+# The TAK Server nodeId
+#node_id=TAKY
+# The IP to bind to. Defaults to 0.0.0.0. To use IPv6, set to "::"
+#bind_ip=
+# The server's public IP address
+#public_ip=
+
+[cot_server]
+# If left blank, taky will listen on 8087 without SSL, or 8089 with SSL
+#port=
+# Where to store a log of .cot messages from the client for debug purposes
+#log_cot=
+# The monitor IP address. Recommend 127.0.0.1
+#mon_ip=127.0.0.1
+# Pick any port to enable the monitor server (ssl must be enabled)
+#mon_port=12345
+
+[dp_server]
+# Where user datapackage uploads are stored.
+# For quick testing, set to /tmp/taky
+#upload_path=/var/taky/dp-user
+
+[ssl]
+# SSL is disabled by default. Set enabled to "true" to enable
+#enabled=false
+
+# Should taky require clients to have a certificate?
+#client_cert_required=false
+
+# The server certificate or certificate+keyfile
+#cert=/etc/taky/ssl/server.crt
+
+# Specify the SSL key path
+#key=/etc/taky/ssl/server.key
+
+# Specify the SSL key password (if required)
+#key_pw=
+
+# Specify an explicit CA certificate
+# If left blank, will use system CA certificates
+#ca=/etc/taky/ssl/ca.crt
+
+# If you want to use takyctl's build_client, you'll need to specify the
+# following items. (`takyctl setup` will build these for you!)
+#ca_key=/etc/taky/ssl/ca.key
+#server_p12=/etc/taky/ssl/server.p12
+#server_p12_key=atakatak