diff --git a/config.example.ini b/config.example.ini
new file mode 100644
index 0000000..db8b2e0
--- /dev/null
+++ b/config.example.ini
@@ -0,0 +1,98 @@
+[sr.ht]
+#
+# The name of your network of sr.ht-based sites
+site-name=sourcehut
+#
+# The top-level info page for your site
+site-info=https://sourcehut.org
+#
+# {{ site-name }}, {{ site-blurb }}
+site-blurb=the hacker's forge
+#
+# If this != production, we add a banner to each page
+environment=development
+#
+# Contact information for the site owners
+owner-name=Drew DeVault
+owner-email=sir@cmpwn.com
+#
+# The source code for your fork of sr.ht
+source-url=https://git.sr.ht/~sircmpwn/srht
+#
+# Link to your instance's privacy policy. Uses the sr.ht privacy policy as the
+# default, which describes the information collected by the upstream SourceHut
+# code.
+privacy-policy=
+#
+# A key used for encrypting session cookies. Use `srht-keygen service` to
+# generate the service key. This must be shared between each node of the same
+# service (e.g. git1.sr.ht and git2.sr.ht), but different services may use
+# different keys. If you configure all of your services with the same
+# config.ini, you may use the same service-key for all of them.
+service-key=
+#
+# A secret key to encrypt internal messages with. Use `srht-keygen network` to
+# generate this key. It must be consistent between all services and nodes.
+network-key=
+#
+# The redis host URL. This is used for caching and temporary storage, and must
+# be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be
+# shared between services. It may be shared between services, however, with no
+# ill effect, if this better suits your infrastructure.
+redis-host=
+
+[mail]
+#
+# Outgoing SMTP settings
+smtp-host=
+smtp-port=
+smtp-user=
+smtp-password=
+smtp-from=
+#
+# Application exceptions are emailed to this address
+error-to=
+error-from=
+#
+# You should generate a PGP key to allow users to authenticate emails received
+# from your services. Use `gpg --edit-key [key id]` to remove the password from
+# your private key, then export it to a file and set pgp-privkey to the path to
+# that file. pgp-pubkey should be set to the path to your public key, and
+# pgp-key-id should be set to the key ID string. Outgoing emails are signed with
+# this PGP key.
+pgp-privkey=
+pgp-pubkey=
+pgp-key-id=
+
+[webhooks]
+#
+# base64-encoded Ed25519 key for signing webhook payloads. This should be
+# consistent between all services.
+#
+# Use the `srht-keygen webhook` command to generate this key. Put the private
+# key here and distribute the public key to anyone who would want to verify
+# webhook payloads from your service.
+private-key=
+
+[hub.sr.ht]
+# 
+# URL hub.sr.ht is being served at (protocol://domain)
+origin=http://hub.sr.ht.local
+#
+# Address and port to bind the debug server to
+debug-host=0.0.0.0
+debug-port=5014
+#
+# Configures the SQLAlchemy connection string for the database.
+connection-string=postgresql://postgres@localhost/hub.sr.ht
+#
+# Set to "yes" to automatically run migrations on package upgrade.
+migrate-on-upgrade=yes
+#
+# hub.sr.ht's OAuth client ID and secret for meta.sr.ht
+# Register your client at meta.example.org/oauth
+oauth-client-id=
+oauth-client-secret=
+
+[meta.sr.ht]
+origin=http://meta.sr.ht.local