2022-10-22 18:30:43 +00:00
|
|
|
|
<h1 id="introduction">Introduction</h1>
|
|
|
|
|
<p><em>The fediverse</em> is a set of federated servers, typically using
|
|
|
|
|
a communication protocol called <a
|
|
|
|
|
href="https://www.w3.org/TR/activitypub">ActivityPub</a> which was
|
|
|
|
|
devised by the <a href="https://www.w3.org/wiki/Socialwg">social working
|
|
|
|
|
group</a> within the World Wide Web Consortium (W3C). At present it is
|
|
|
|
|
mostly used for <a
|
|
|
|
|
href="https://en.wikipedia.org/wiki/Microblogging">microblogging</a>,
|
|
|
|
|
although ActivityPub is sufficiently general that it can also be used
|
|
|
|
|
for a variety of other purposes.</p>
|
|
|
|
|
<p>The word <em>fediverse</em> (federated universe) appears to have
|
|
|
|
|
originated around 2012 as the first <a
|
|
|
|
|
href="https://en.wikipedia.org/wiki/Identi.ca">identi.ca</a> website was
|
|
|
|
|
ending and the <a
|
|
|
|
|
href="https://en.wikipedia.org/wiki/Pump.io">pump.io</a> project was
|
|
|
|
|
beginning. The ActivityPub protocol was initially called
|
|
|
|
|
<em>ActivityPump</em>, due to the influence which pump.io had upon its
|
|
|
|
|
creation. Fediverse servers are typically referred to as
|
|
|
|
|
“instances”.</p>
|
|
|
|
|
<p>Servers such as <a
|
|
|
|
|
href="https://github.com/mastodon/mastodon">Mastodon</a> are well known,
|
|
|
|
|
but these are aimed at large scale deployments on powerful hardware
|
|
|
|
|
running within data centers, making use of content distribution networks
|
|
|
|
|
(CDN) and due to their large number of dependencies requiring someone
|
|
|
|
|
with a high level of systems administration skill to maintain. Epicyon
|
|
|
|
|
is designed for the opposite situation where it is only intended to have
|
|
|
|
|
a single user or a small number of users (less than ten) running from
|
|
|
|
|
your home location or on a modest VPS and where maintenance is extremely
|
|
|
|
|
trivial such that it’s possible to keep an instance running for long
|
|
|
|
|
durations with minimal intervention.</p>
|
|
|
|
|
<p>Epicyon is part of the “small web” category of internet software, in
|
|
|
|
|
that it is intended to scale via federation rather than to scale
|
|
|
|
|
vertically via resource intensive and expensive hardware. Think many
|
|
|
|
|
small communicating nodes rather than a small number of large servers.
|
|
|
|
|
Also, in spite of the prevailing great obsession with scale, not
|
|
|
|
|
everything needs to. You can federate with a small number of servers for
|
|
|
|
|
a particular purpose - such as running a club or hackspace - and that’s
|
|
|
|
|
ok.</p>
|
|
|
|
|
<p>It is hardly possible to visit many sites on the web without your
|
|
|
|
|
browser loading and running a large amount of javascript. Epicyon takes
|
|
|
|
|
a minimalist approach where its web interface only uses HTML and CSS.
|
|
|
|
|
You can disable javascript, or use a browser which doesn’t have
|
|
|
|
|
javascript capability, and the user experience is unchanged. Lack of
|
|
|
|
|
javascript also rules out a large area of potential attack surface.</p>
|
|
|
|
|
<p>Another common concern is being able to keep instances running.
|
|
|
|
|
Instance abandonment creates a lot of disruption, and it’s often related
|
|
|
|
|
to the amount of effort that it takes to keep things going. To avoid the
|
|
|
|
|
maintenance burden becoming prohibitive, Epicyon is implemented in a
|
|
|
|
|
simple manner with very few dependencies and no database. All data is
|
|
|
|
|
just files in a directory, and upgrades are also straightforward. This
|
|
|
|
|
degree of simplicity runs counter to the current trend within the
|
|
|
|
|
software industry towards complex frameworks and large scale databases
|
|
|
|
|
with elaborate and rapidly evolving dependencies.</p>
|
|
|
|
|
<p>Epicyon also includes some lightweight organizing features, such as
|
|
|
|
|
calendar, events and sharing economy features.</p>
|
|
|
|
|
<h1 id="installation">Installation</h1>
|
|
|
|
|
<h2 id="prerequisites">Prerequisites</h2>
|
|
|
|
|
<p>You will need python version 3.7 or later.</p>
|
|
|
|
|
<p>On a Debian based system:</p>
|
|
|
|
|
<div class="sourceCode" id="cb1"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sudo</span> apt install <span class="at">-y</span> tor python3-socks imagemagick python3-setuptools python3-cryptography python3-dateutil python3-idna python3-requests python3-flake8 python3-django-timezone-field python3-pyqrcode python3-png python3-bandit libimage-exiftool-perl certbot nginx wget</span></code></pre></div>
|
|
|
|
|
<h2 id="source-code">Source code</h2>
|
|
|
|
|
<p>The following instructions install Epicyon to the
|
|
|
|
|
<strong>/opt</strong> directory. It’s not essential that it be installed
|
|
|
|
|
there, and it could be in any other preferred directory.</p>
|
|
|
|
|
<p>Clone the repo, or if you downloaded the tarball then extract it into
|
|
|
|
|
the <strong>/opt</strong> directory.</p>
|
|
|
|
|
<div class="sourceCode" id="cb2"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a><span class="bu">cd</span> /opt</span>
|
|
|
|
|
<span id="cb2-2"><a href="#cb2-2" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> clone https://gitlab.com/bashrc2/epicyon</span></code></pre></div>
|
|
|
|
|
<h2 id="set-permissions">Set permissions</h2>
|
|
|
|
|
<p>Create a user for the server to run as:</p>
|
|
|
|
|
<div class="sourceCode" id="cb3"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sudo</span> su</span>
|
|
|
|
|
<span id="cb3-2"><a href="#cb3-2" aria-hidden="true" tabindex="-1"></a><span class="ex">adduser</span> <span class="at">--system</span> <span class="at">--home</span><span class="op">=</span>/opt/epicyon <span class="at">--group</span> epicyon</span>
|
|
|
|
|
<span id="cb3-3"><a href="#cb3-3" aria-hidden="true" tabindex="-1"></a><span class="fu">chown</span> <span class="at">-R</span> epicyon:epicyon /opt/epicyon</span></code></pre></div>
|
|
|
|
|
<h2 id="news-mirrors">News mirrors</h2>
|
|
|
|
|
<p>The content for RSS feed links can be downloaded and mirrored, so
|
|
|
|
|
that even if the original sources go offline the content remains
|
|
|
|
|
readable. Link the RSS/newswire mirrors with.</p>
|
|
|
|
|
<div class="sourceCode" id="cb4"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb4-1"><a href="#cb4-1" aria-hidden="true" tabindex="-1"></a><span class="fu">mkdir</span> /var/www/YOUR_DOMAIN</span>
|
|
|
|
|
<span id="cb4-2"><a href="#cb4-2" aria-hidden="true" tabindex="-1"></a><span class="fu">mkdir</span> <span class="at">-p</span> /opt/epicyon/accounts/newsmirror</span>
|
|
|
|
|
<span id="cb4-3"><a href="#cb4-3" aria-hidden="true" tabindex="-1"></a><span class="fu">ln</span> <span class="at">-s</span> /opt/epicyon/accounts/newsmirror /var/www/YOUR_DOMAIN/newsmirror</span></code></pre></div>
|
|
|
|
|
<h2 id="create-daemon">Create daemon</h2>
|
|
|
|
|
<p>Typically the server will run from a <em>systemd</em> daemon. It can
|
|
|
|
|
be set up as follows:</p>
|
|
|
|
|
<div class="sourceCode" id="cb5"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb5-1"><a href="#cb5-1" aria-hidden="true" tabindex="-1"></a><span class="fu">nano</span> /etc/systemd/system/epicyon.service</span></code></pre></div>
|
|
|
|
|
<p>Paste the following:</p>
|
|
|
|
|
<div class="sourceCode" id="cb6"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb6-1"><a href="#cb6-1" aria-hidden="true" tabindex="-1"></a><span class="ex">[Unit]</span></span>
|
|
|
|
|
<span id="cb6-2"><a href="#cb6-2" aria-hidden="true" tabindex="-1"></a><span class="va">Description</span><span class="op">=</span>epicyon</span>
|
|
|
|
|
<span id="cb6-3"><a href="#cb6-3" aria-hidden="true" tabindex="-1"></a><span class="va">After</span><span class="op">=</span>syslog.target</span>
|
|
|
|
|
<span id="cb6-4"><a href="#cb6-4" aria-hidden="true" tabindex="-1"></a><span class="va">After</span><span class="op">=</span>network.target</span>
|
|
|
|
|
<span id="cb6-5"><a href="#cb6-5" aria-hidden="true" tabindex="-1"></a></span>
|
|
|
|
|
<span id="cb6-6"><a href="#cb6-6" aria-hidden="true" tabindex="-1"></a><span class="ex">[Service]</span></span>
|
|
|
|
|
<span id="cb6-7"><a href="#cb6-7" aria-hidden="true" tabindex="-1"></a><span class="va">Type</span><span class="op">=</span>simple</span>
|
|
|
|
|
<span id="cb6-8"><a href="#cb6-8" aria-hidden="true" tabindex="-1"></a><span class="va">User</span><span class="op">=</span>epicyon</span>
|
|
|
|
|
<span id="cb6-9"><a href="#cb6-9" aria-hidden="true" tabindex="-1"></a><span class="va">Group</span><span class="op">=</span>epicyon</span>
|
|
|
|
|
<span id="cb6-10"><a href="#cb6-10" aria-hidden="true" tabindex="-1"></a><span class="va">WorkingDirectory</span><span class="op">=</span>/opt/epicyon</span>
|
|
|
|
|
<span id="cb6-11"><a href="#cb6-11" aria-hidden="true" tabindex="-1"></a><span class="va">ExecStart</span><span class="op">=</span>/usr/bin/python3 <span class="ex">/opt/epicyon/epicyon.py</span> <span class="at">--port</span> 443 <span class="at">--proxy</span> 7156 <span class="at">--domain</span> YOUR_DOMAIN <span class="at">--registration</span> open <span class="at">--debug</span> <span class="at">--log_login_failures</span></span>
|
|
|
|
|
<span id="cb6-12"><a href="#cb6-12" aria-hidden="true" tabindex="-1"></a><span class="va">Environment</span><span class="op">=</span>USER=epicyon</span>
|
|
|
|
|
<span id="cb6-13"><a href="#cb6-13" aria-hidden="true" tabindex="-1"></a><span class="va">Environment</span><span class="op">=</span>PYTHONUNBUFFERED=true</span>
|
|
|
|
|
<span id="cb6-14"><a href="#cb6-14" aria-hidden="true" tabindex="-1"></a><span class="va">Restart</span><span class="op">=</span>always</span>
|
|
|
|
|
<span id="cb6-15"><a href="#cb6-15" aria-hidden="true" tabindex="-1"></a><span class="va">StandardError</span><span class="op">=</span>syslog</span>
|
|
|
|
|
<span id="cb6-16"><a href="#cb6-16" aria-hidden="true" tabindex="-1"></a><span class="va">CPUQuota</span><span class="op">=</span>80%</span>
|
|
|
|
|
<span id="cb6-17"><a href="#cb6-17" aria-hidden="true" tabindex="-1"></a><span class="va">ProtectHome</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-18"><a href="#cb6-18" aria-hidden="true" tabindex="-1"></a><span class="va">ProtectKernelTunables</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-19"><a href="#cb6-19" aria-hidden="true" tabindex="-1"></a><span class="va">ProtectKernelModules</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-20"><a href="#cb6-20" aria-hidden="true" tabindex="-1"></a><span class="va">ProtectControlGroups</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-21"><a href="#cb6-21" aria-hidden="true" tabindex="-1"></a><span class="va">ProtectKernelLogs</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-22"><a href="#cb6-22" aria-hidden="true" tabindex="-1"></a><span class="va">ProtectHostname</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-23"><a href="#cb6-23" aria-hidden="true" tabindex="-1"></a><span class="va">ProtectClock</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-24"><a href="#cb6-24" aria-hidden="true" tabindex="-1"></a><span class="va">ProtectProc</span><span class="op">=</span>invisible</span>
|
|
|
|
|
<span id="cb6-25"><a href="#cb6-25" aria-hidden="true" tabindex="-1"></a><span class="va">ProcSubset</span><span class="op">=</span>pid</span>
|
|
|
|
|
<span id="cb6-26"><a href="#cb6-26" aria-hidden="true" tabindex="-1"></a><span class="va">PrivateTmp</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-27"><a href="#cb6-27" aria-hidden="true" tabindex="-1"></a><span class="va">PrivateUsers</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-28"><a href="#cb6-28" aria-hidden="true" tabindex="-1"></a><span class="va">PrivateDevices</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-29"><a href="#cb6-29" aria-hidden="true" tabindex="-1"></a><span class="va">PrivateIPC</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-30"><a href="#cb6-30" aria-hidden="true" tabindex="-1"></a><span class="va">MemoryDenyWriteExecute</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-31"><a href="#cb6-31" aria-hidden="true" tabindex="-1"></a><span class="va">NoNewPrivileges</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-32"><a href="#cb6-32" aria-hidden="true" tabindex="-1"></a><span class="va">LockPersonality</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-33"><a href="#cb6-33" aria-hidden="true" tabindex="-1"></a><span class="va">RestrictRealtime</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-34"><a href="#cb6-34" aria-hidden="true" tabindex="-1"></a><span class="va">RestrictSUIDSGID</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-35"><a href="#cb6-35" aria-hidden="true" tabindex="-1"></a><span class="va">RestrictNamespaces</span><span class="op">=</span>true</span>
|
|
|
|
|
<span id="cb6-36"><a href="#cb6-36" aria-hidden="true" tabindex="-1"></a><span class="va">SystemCallArchitectures</span><span class="op">=</span>native</span>
|
|
|
|
|
<span id="cb6-37"><a href="#cb6-37" aria-hidden="true" tabindex="-1"></a></span>
|
|
|
|
|
<span id="cb6-38"><a href="#cb6-38" aria-hidden="true" tabindex="-1"></a><span class="ex">[Install]</span></span>
|
|
|
|
|
<span id="cb6-39"><a href="#cb6-39" aria-hidden="true" tabindex="-1"></a><span class="va">WantedBy</span><span class="op">=</span>multi-user.target</span></code></pre></div>
|
|
|
|
|
<p>Activate the daemon:</p>
|
|
|
|
|
<div class="sourceCode" id="cb7"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb7-1"><a href="#cb7-1" aria-hidden="true" tabindex="-1"></a><span class="ex">systemctl</span> enable epicyon</span>
|
|
|
|
|
<span id="cb7-2"><a href="#cb7-2" aria-hidden="true" tabindex="-1"></a><span class="ex">systemctl</span> start epicyon</span></code></pre></div>
|
|
|
|
|
<h2 id="web-server-setup">Web server setup</h2>
|
|
|
|
|
<p>Create a web server configuration.</p>
|
|
|
|
|
<div class="sourceCode" id="cb8"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb8-1"><a href="#cb8-1" aria-hidden="true" tabindex="-1"></a><span class="fu">nano</span> /etc/nginx/sites-available/YOUR_DOMAIN</span></code></pre></div>
|
|
|
|
|
<p>And paste the following:</p>
|
|
|
|
|
<pre class="nginx"><code>server {
|
|
|
|
|
listen 80;
|
|
|
|
|
listen [::]:80;
|
|
|
|
|
server_name YOUR_DOMAIN;
|
|
|
|
|
access_log /dev/null;
|
|
|
|
|
error_log /dev/null;
|
|
|
|
|
client_max_body_size 31m;
|
|
|
|
|
client_body_buffer_size 128k;
|
|
|
|
|
|
|
|
|
|
limit_conn conn_limit_per_ip 10;
|
|
|
|
|
limit_req zone=req_limit_per_ip burst=10 nodelay;
|
|
|
|
|
|
|
|
|
|
index index.html;
|
|
|
|
|
rewrite ^ https://$server_name$request_uri? permanent;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
server {
|
|
|
|
|
listen 443 ssl;
|
|
|
|
|
server_name YOUR_DOMAIN;
|
|
|
|
|
|
|
|
|
|
gzip on;
|
|
|
|
|
gzip_disable "msie6";
|
|
|
|
|
gzip_vary on;
|
|
|
|
|
gzip_proxied any;
|
|
|
|
|
gzip_min_length 1024;
|
|
|
|
|
gzip_comp_level 6;
|
|
|
|
|
gzip_buffers 16 8k;
|
|
|
|
|
gzip_http_version 1.1;
|
|
|
|
|
gzip_types text/plain text/css text/vcard text/vcard+xml application/json application/ld+json application/javascript text/xml application/xml application/rdf+xml application/xml+rss text/javascript;
|
|
|
|
|
|
|
|
|
|
ssl_stapling off;
|
|
|
|
|
ssl_stapling_verify off;
|
|
|
|
|
ssl on;
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;
|
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;
|
|
|
|
|
#ssl_dhparam /etc/ssl/certs/YOUR_DOMAIN.dhparam;
|
|
|
|
|
|
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
|
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
|
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
|
ssl_session_cache shared:SSL:10m;
|
|
|
|
|
ssl_session_tickets off;
|
|
|
|
|
|
|
|
|
|
add_header Content-Security-Policy "default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'";
|
|
|
|
|
add_header X-Frame-Options DENY;
|
|
|
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
|
add_header X-Download-Options noopen;
|
|
|
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
|
|
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
|
|
|
|
|
|
|
|
|
|
access_log /dev/null;
|
|
|
|
|
error_log /dev/null;
|
|
|
|
|
|
|
|
|
|
index index.html;
|
|
|
|
|
|
|
|
|
|
location /newsmirror {
|
|
|
|
|
root /var/www/YOUR_DOMAIN;
|
|
|
|
|
try_files $uri =404;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
keepalive_timeout 70;
|
|
|
|
|
sendfile on;
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
|
client_max_body_size 31M;
|
|
|
|
|
proxy_set_header Host $http_host;
|
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
|
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
|
|
|
|
|
proxy_set_header X-Forward-Proto http;
|
|
|
|
|
proxy_set_header X-Nginx-Proxy true;
|
|
|
|
|
proxy_temp_file_write_size 64k;
|
|
|
|
|
proxy_connect_timeout 10080s;
|
|
|
|
|
proxy_send_timeout 10080;
|
|
|
|
|
proxy_read_timeout 10080;
|
|
|
|
|
proxy_buffer_size 64k;
|
|
|
|
|
proxy_buffers 16 32k;
|
|
|
|
|
proxy_busy_buffers_size 64k;
|
|
|
|
|
proxy_redirect off;
|
|
|
|
|
proxy_request_buffering off;
|
|
|
|
|
proxy_buffering off;
|
|
|
|
|
proxy_pass http://localhost:7156;
|
|
|
|
|
tcp_nodelay on;
|
|
|
|
|
}
|
|
|
|
|
}</code></pre>
|
|
|
|
|
<p>Enable the site:</p>
|
|
|
|
|
<div class="sourceCode" id="cb10"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb10-1"><a href="#cb10-1" aria-hidden="true" tabindex="-1"></a><span class="fu">ln</span> <span class="at">-s</span> /etc/nginx/sites-available/YOUR_DOMAIN /etc/nginx/sites-enabled/</span></code></pre></div>
|
|
|
|
|
<h2 id="on-your-internet-router">On your internet router</h2>
|
|
|
|
|
<p>Forward port 443 from your internet router to your server. If you
|
|
|
|
|
have dynamic DNS make sure its configured.</p>
|
|
|
|
|
<h2 id="obtain-a-tls-certificate">Obtain a TLS certificate</h2>
|
|
|
|
|
<div class="sourceCode" id="cb11"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb11-1"><a href="#cb11-1" aria-hidden="true" tabindex="-1"></a><span class="ex">systemctl</span> stop nginx</span>
|
|
|
|
|
<span id="cb11-2"><a href="#cb11-2" aria-hidden="true" tabindex="-1"></a><span class="ex">certbot</span> certonly <span class="at">-n</span> <span class="at">--server</span> https://acme-v02.api.letsencrypt.org/directory <span class="at">--standalone</span> <span class="at">-d</span> YOUR_DOMAIN <span class="at">--renew-by-default</span> <span class="at">--agree-tos</span> <span class="at">--email</span> YOUR_EMAIL</span>
|
|
|
|
|
<span id="cb11-3"><a href="#cb11-3" aria-hidden="true" tabindex="-1"></a><span class="ex">systemctl</span> start nginx</span></code></pre></div>
|
|
|
|
|
<h2 id="restart-the-web-server">Restart the web server</h2>
|
|
|
|
|
<div class="sourceCode" id="cb12"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb12-1"><a href="#cb12-1" aria-hidden="true" tabindex="-1"></a><span class="ex">systemctl</span> restart nginx</span></code></pre></div>
|
|
|
|
|
<p>If you need to use <a href="https://www.fail2ban.org">fail2ban</a>
|
|
|
|
|
then failed login attempts can be found in
|
|
|
|
|
<strong>accounts/loginfailures.log</strong>.</p>
|
|
|
|
|
<p>If you are using the <a href="https://caddyserver.com">Caddy web
|
|
|
|
|
server</a> then see <a
|
|
|
|
|
href="https://code.libreserver.org/bashrc/epicyon/raw/main/caddy.example.conf">caddy.example.conf</a>.</p>
|
|
|
|
|
<p>Now you can navigate to your domain and register an account. The
|
|
|
|
|
first account becomes the administrator.</p>
|
|
|
|
|
<h2 id="installing-on-onion-or-i2p-domains">Installing on Onion or i2p
|
|
|
|
|
domains</h2>
|
|
|
|
|
<p>If you don’t have access to the clearnet, or prefer to avoid it, then
|
|
|
|
|
it’s possible to run an Epicyon instance easily from your laptop. There
|
|
|
|
|
are scripts within the <em>deploy</em> directory which can be used to
|
|
|
|
|
install an instance on a Debian or Arch/Parabola operating system. With
|
|
|
|
|
some modification of package names they could be also used with other
|
|
|
|
|
distros.</p>
|
|
|
|
|
<p>Please be aware that such installations will not federate with
|
|
|
|
|
ordinary fediverse instances on the clearnet, unless those instances
|
|
|
|
|
have been specially modified to do so. But onion instances will federate
|
|
|
|
|
with other onion instances and i2p instances with other i2p
|
|
|
|
|
instances.</p>
|
|
|
|
|
<h1 id="upgrading">Upgrading</h1>
|
|
|
|
|
<p>Unlike some other instance types, Epicyon is really easy to upgrade.
|
|
|
|
|
It only requires a git pull to obtain the changes from the upstream
|
|
|
|
|
repo, then set permissions and restart the daemon.</p>
|
|
|
|
|
<div class="sourceCode" id="cb13"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb13-1"><a href="#cb13-1" aria-hidden="true" tabindex="-1"></a><span class="bu">cd</span> /opt/epicyon</span>
|
|
|
|
|
<span id="cb13-2"><a href="#cb13-2" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> pull</span>
|
|
|
|
|
<span id="cb13-3"><a href="#cb13-3" aria-hidden="true" tabindex="-1"></a><span class="fu">chown</span> <span class="at">-R</span> epicyon:epicyon <span class="pp">*</span></span>
|
|
|
|
|
<span id="cb13-4"><a href="#cb13-4" aria-hidden="true" tabindex="-1"></a><span class="ex">systemctl</span> restart epicyon</span></code></pre></div>
|
|
|
|
|
<h1 id="housekeeping">Housekeeping</h1>
|
|
|
|
|
<p>To avoid running out of disk space you will want to clear down old
|
|
|
|
|
inbox posts. Posts from your instance outboxes will be unaffected.</p>
|
|
|
|
|
<p>Create an archive script
|
|
|
|
|
<strong>/usr/bin/epicyon-archive</strong>:</p>
|
|
|
|
|
<div class="sourceCode" id="cb14"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb14-1"><a href="#cb14-1" aria-hidden="true" tabindex="-1"></a><span class="co">#!/bin/bash</span></span>
|
|
|
|
|
<span id="cb14-2"><a href="#cb14-2" aria-hidden="true" tabindex="-1"></a><span class="bu">cd</span> /opt/epicyon <span class="kw">||</span> <span class="bu">exit</span> 0</span>
|
|
|
|
|
<span id="cb14-3"><a href="#cb14-3" aria-hidden="true" tabindex="-1"></a><span class="ex">/usr/bin/python3</span> epicyon.py <span class="at">--archive</span> none <span class="at">--archiveweeks</span> 4 <span class="at">--maxposts</span> 32000</span></code></pre></div>
|
|
|
|
|
<p>You can adjust the maximum number of weeks and the maximum number of
|
|
|
|
|
inbox posts as needed. Then add it as a cron entry.</p>
|
|
|
|
|
<div class="sourceCode" id="cb15"><pre
|
|
|
|
|
class="sourceCode bash"><code class="sourceCode bash"><span id="cb15-1"><a href="#cb15-1" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"*/60 * * * * root /usr/bin/epicyon-archive"</span> <span class="op">>></span> /etc/crontab</span></code></pre></div>
|
|
|
|
|
<h1 id="registering-accounts">Registering accounts</h1>
|
|
|
|
|
<p>You will notice that within the systemd daemon the
|
|
|
|
|
<em>registration</em> option is set to <em>open</em>. In a browser if
|
|
|
|
|
you navigate to the URL of your instance then you should see a
|
|
|
|
|
<em>Register</em> button. The first account to register becomes the
|
|
|
|
|
administrator.</p>
|
|
|
|
|
<p>To avoid spam signups, or overloading the system, there is a maximum
|
|
|
|
|
number of accounts for the instance which by default is set to 10.</p>
|
|
|
|
|
<h1 id="the-importance-of-good-defaults">The importance of good
|
|
|
|
|
defaults</h1>
|
|
|
|
|
<p>Many social network systems have bad defaults, and that is for the
|
|
|
|
|
purpose of maximizing the number of users and their level of engagement.
|
|
|
|
|
Bad defaults usually create a combination of <em>addiction patterns</em>
|
|
|
|
|
and <em>involuntary oversharing</em> and hence a viral network effect of
|
|
|
|
|
escalating outrage and dependency. On small fediverse servers we can
|
|
|
|
|
avoid having bad defaults, because there is no profit motive or drive
|
|
|
|
|
for massive notoriety.</p>
|
|
|
|
|
<p>Good defaults tend to be a little more private and avoid the
|
|
|
|
|
addiction to making numbers go up or achieving <em>notoriety at any
|
|
|
|
|
social cost</em>. This puts fediverse instances like Epicyon at a slight
|
|
|
|
|
disadvantage compared to ruthlessly commercial systems, but it’s an
|
|
|
|
|
explicit trade-off in order to minimize the harms which can arise within
|
|
|
|
|
social networks. So you won’t find any high scores tables or trending
|
|
|
|
|
items.</p>
|
|
|
|
|
<h1 id="logging-in">Logging in</h1>
|
|
|
|
|
<p>In a browser if you navigate to the URL of your instance and enter
|
|
|
|
|
the username and password that you previously registered. The first time
|
|
|
|
|
that you log in it will show a series of introduction screens which
|
|
|
|
|
prompt you to add a profile picture, name and bio description.</p>
|
|
|
|
|
<h1 id="account-profiles">Account Profiles</h1>
|
|
|
|
|
<h2 id="initial-setup">Initial setup</h2>
|
|
|
|
|
<p>When you first register an account on the instance the first thing
|
|
|
|
|
that you may want to do is to add more profile details and change your
|
|
|
|
|
preferences. From the main timeline screen select the top banner to move
|
|
|
|
|
to your profile and then select the edit button, which usually looks
|
|
|
|
|
like a pen and is adjacent to the logout icon.</p>
|
|
|
|
|
<figure>
|
2022-10-22 19:31:10 +00:00
|
|
|
|
<img src="manual-profile.jpg" alt="Profile screen" />
|
2022-10-22 18:30:43 +00:00
|
|
|
|
<figcaption aria-hidden="true">Profile screen</figcaption>
|
|
|
|
|
</figure>
|
|
|
|
|
<h2 id="basic-details">Basic details</h2>
|
|
|
|
|
<h3 id="describe-yourself">Describe yourself</h3>
|
|
|
|
|
<p>Add an appropriate description of youself, which doesn’t resemble the
|
|
|
|
|
type of thing which would appear on a spam account. When other fediverse
|
|
|
|
|
users are judging a follow request from you they will want to know that
|
|
|
|
|
you are a real person and not a spammer or troll.</p>
|
|
|
|
|
<h3 id="other-fediverse-accounts">Other fediverse accounts</h3>
|
|
|
|
|
<p>If you have any other fediverse accounts on different instances then
|
|
|
|
|
you might want to add URLs for those. You can set the languages which
|
|
|
|
|
you can read, as <a href="https://en.wikipedia.org/wiki/ISO_639-1">two
|
|
|
|
|
letter abbreviations</a>. This helps to avoid having posts from other
|
|
|
|
|
people within your timeline which you can’t read.</p>
|
|
|
|
|
<h3 id="expiring-posts">Expiring posts</h3>
|
|
|
|
|
<p>You can set your posts to expire after a number of days. If this
|
|
|
|
|
value is zero then the instance will keep your posts indefinitely.</p>
|
|
|
|
|
<h3 id="quitting-twitter">Quitting Twitter</h3>
|
|
|
|
|
<p>If you are coming to the fediverse as an exile from Twitter then you
|
|
|
|
|
may want to select the option to remove any Twitter posts from your
|
|
|
|
|
timeline. Sometimes people want to make a clean break from Twitter and
|
|
|
|
|
have no further involvement with it.</p>
|
|
|
|
|
<h3 id="alternative-contact-details">Alternative contact details</h3>
|
|
|
|
|
<p>You can set additional contact details, such as email, XMPP and
|
|
|
|
|
Matrix addresses. So if people want to contact you for private <a
|
|
|
|
|
href="https://en.wikipedia.org/wiki/End-to-end_encryption">end-to-end
|
|
|
|
|
secure</a> chat then they can do so. The fediverse was never designed
|
|
|
|
|
for end-to-end security - it is primarily for public communications -
|
|
|
|
|
and so it’s better to leave secure private chat to the apps which are
|
|
|
|
|
specialized for that purpose.</p>
|
|
|
|
|
<h3 id="filtering-and-blocking">Filtering and blocking</h3>
|
|
|
|
|
<p>If you want to block particular fediverse accounts or instances then
|
|
|
|
|
you can enter those in the <em>blocked account</em> section. There
|
|
|
|
|
should be one account per line.</p>
|
|
|
|
|
<h3 id="geolocation-spoofing">Geolocation spoofing</h3>
|
|
|
|
|
<p>Within the <em>filtering and blocking</em> section you can also set a
|
|
|
|
|
city which will be used for geolocation spoofing. When you post a photo,
|
|
|
|
|
instead of removing all metadata spoofed metadata will be added in order
|
|
|
|
|
to consistently fool the machine learning systems behind web crawlers or
|
|
|
|
|
scrapers, and create a <a
|
|
|
|
|
href="https://en.wikipedia.org/wiki/Confirmation_bias">confirmation
|
|
|
|
|
bias</a> effect where the surveillance systems become increasingly
|
|
|
|
|
confident in an erroneous conclusion. Setting a city somewhere near to
|
|
|
|
|
your <a href="https://en.wikipedia.org/wiki/Time_zone">time zone</a> is
|
|
|
|
|
preferable, so that it matches your typical pattern of daily posting
|
|
|
|
|
activity without giving away your real location.</p>
|
|
|
|
|
<h2 id="roles">Roles</h2>
|
|
|
|
|
<p>If you are the administrator then within your profile settings you
|
|
|
|
|
can also specify roles for other accounts on the instance. A small
|
|
|
|
|
instance is like a ship with the roles being crew positions, and all
|
|
|
|
|
members of the crew need to work together to keep the ship afloat. The
|
|
|
|
|
current roles are:</p>
|
|
|
|
|
<h3 id="moderator">Moderator</h3>
|
|
|
|
|
<p>Is allowed to remove posts and deal with moderation reports.</p>
|
|
|
|
|
<h3 id="editor">Editor</h3>
|
|
|
|
|
<p>Editors can change the links in the left column and the RSS feeds
|
|
|
|
|
within the right newswire column.</p>
|
|
|
|
|
<h3 id="artist">Artist</h3>
|
|
|
|
|
<p>Artists can change the colors and style of the web interface, using
|
|
|
|
|
the <em>theme designer</em>.</p>
|
|
|
|
|
<h3 id="counselor">Counselor</h3>
|
|
|
|
|
<p>A <em>counselor</em> is someone tasked with resolving disputes
|
|
|
|
|
between users of the instance. They are permitted to send DMs to any
|
|
|
|
|
user account on the instance. Obviously, this type of power can be
|
|
|
|
|
abused and so the administrator should choose counselors with care.</p>
|
|
|
|
|
<h3 id="devop">Devop</h3>
|
|
|
|
|
<p>Devops are permitted to perform some routine administration
|
|
|
|
|
functions, such as monitoring instance performance graphs.</p>
|
|
|
|
|
<h1 id="following">Following</h1>
|
|
|
|
|
<p>On the main timeline screen at the top right of the centre column
|
|
|
|
|
there is a search icon which looks like a magnifying glass. By
|
|
|
|
|
convention within the fediverse the search function is also the way to
|
|
|
|
|
look up and follow other people. Enter the handle (<span
|
|
|
|
|
class="citation" data-cites="name">@name</span><span class="citation"
|
|
|
|
|
data-cites="domain">@domain</span>) or URL of the profile page for the
|
|
|
|
|
person that you want to follow and select <em>search</em>. If the
|
|
|
|
|
account is found then its details will appear and you can choose to
|
|
|
|
|
follow or not.</p>
|
|
|
|
|
<p>Once you are following someone then selecting their profile picture
|
|
|
|
|
and then the <em>unfollow</em> button will remove the follow.</p>
|
|
|
|
|
<h1 id="creating-posts">Creating posts</h1>
|
|
|
|
|
<p>To make a new post from the main timeline screen select the <em>new
|
|
|
|
|
post</em> icon at the top right of the centre column.</p>
|
|
|
|
|
<figure>
|
|
|
|
|
<img src="manual-new-post.png" alt="New post screen" />
|
|
|
|
|
<figcaption aria-hidden="true">New post screen</figcaption>
|
|
|
|
|
</figure>
|
|
|
|
|
<h2 id="post-scopes">Post scopes</h2>
|
|
|
|
|
<p>Posts can have different scopes which provide some amount of privacy,
|
|
|
|
|
or particular functions. To change the scope select the current one and
|
|
|
|
|
a dropdown list will appear.</p>
|
|
|
|
|
<h3 id="public">Public</h3>
|
|
|
|
|
<p>Is visible to anyone in the fediverse. May also be visible outside of
|
|
|
|
|
the fediverse to anyone with an appropriate link.</p>
|
|
|
|
|
<h3 id="blog">Blog</h3>
|
|
|
|
|
<p>Used to create a blog post. Blog posts are typically longer than
|
|
|
|
|
other types of post, and are also publicly visible to anyone on the
|
|
|
|
|
web.</p>
|
|
|
|
|
<h3 id="unlisted">Unlisted</h3>
|
|
|
|
|
<p>Similar to a public post, but will not appear as a recent post within
|
|
|
|
|
your profile. Unlisted posts can add a little more privacy to a
|
|
|
|
|
conversation in that it will not be immediately obvious to casual
|
|
|
|
|
observers. Often in practice this is all that’s needed to avoid trolls
|
|
|
|
|
or unwanted attention.</p>
|
|
|
|
|
<h3 id="followers">Followers</h3>
|
|
|
|
|
<p>A <em>followers only</em> post will only be visible to people who are
|
|
|
|
|
following you. They will not be visible to people who are not your
|
|
|
|
|
followers, or to other observers on the web.</p>
|
|
|
|
|
<p>A subtlety of this type of post is that people have different
|
|
|
|
|
followers, so if you send to your followers and they send a reply to
|
|
|
|
|
their followers then your post or references to it may end up with
|
|
|
|
|
people who are not your followers.</p>
|
|
|
|
|
<h3 id="dm">DM</h3>
|
|
|
|
|
<p>Direct messages are only send to specific people, designated by their
|
|
|
|
|
fediverse handles (<span class="citation"
|
|
|
|
|
data-cites="name">@name</span><span class="citation"
|
|
|
|
|
data-cites="domain">@domain</span>).</p>
|
|
|
|
|
<h3 id="reminder">Reminder</h3>
|
|
|
|
|
<p>A reminder is a direct message to yourself at some time in the
|
|
|
|
|
future. It will appear on your calendar.</p>
|
|
|
|
|
<h3 id="report">Report</h3>
|
|
|
|
|
<p>A report is a type of post which is sent to moderators on your
|
|
|
|
|
instance, to alert them about some problem. It is not sent to any other
|
|
|
|
|
instance.</p>
|
|
|
|
|
<h3 id="shares">Shares</h3>
|
|
|
|
|
<p>A <em>shared item</em> post describes a physical object or service
|
|
|
|
|
which may be shared by people on your instance. Shared items may also be
|
|
|
|
|
visible to people on specific named instances if that has been set up by
|
|
|
|
|
the administrator.</p>
|
|
|
|
|
<h3 id="wanted">Wanted</h3>
|
|
|
|
|
<p>A <em>wanted item</em> is a physical object or service which you
|
|
|
|
|
want. These posts will be visible to other people on your instance and
|
|
|
|
|
also to people on specific named instances if that has been set up by
|
|
|
|
|
the administrator.</p>
|
|
|
|
|
<h2 id="attachments">Attachments</h2>
|
|
|
|
|
<p>Attachments can use a variety of formats.</p>
|
|
|
|
|
<ul>
|
|
|
|
|
<li>Images: <em>jpg, jpeg, gif, webp, avif, svg, ico, jxl, png</em></li>
|
|
|
|
|
<li>Audio: <em>mp3, ogg, flac, opus, speex</em></li>
|
|
|
|
|
<li>Video: <em>mp4, webm, ogv</em></li>
|
|
|
|
|
</ul>
|
|
|
|
|
<figure>
|
|
|
|
|
<img src="manual-attachments.png" alt="New post attachments" />
|
|
|
|
|
<figcaption aria-hidden="true">New post attachments</figcaption>
|
|
|
|
|
</figure>
|
|
|
|
|
<p>Attachments should be as small as possible in terms of file size.
|
|
|
|
|
Videos should be no more than 20 seconds in length. Epicyon is not
|
|
|
|
|
suitable for hosting lengthy or high resolution videos, although
|
|
|
|
|
podcasts might be feasible.</p>
|
|
|
|
|
<h2 id="events">Events</h2>
|
|
|
|
|
<p>You can specify a date, time and location for the post. If a date is
|
|
|
|
|
set then the post will appear as an event on the calendar of recipients.
|
|
|
|
|
This makes it easy for people to organize events without needing to
|
|
|
|
|
explicitly manage calendars. <img src="manual-date-time.png"
|
|
|
|
|
alt="New post event" /></p>
|
|
|
|
|
<h2 id="maps">Maps</h2>
|
|
|
|
|
<p>The location field on a post can be a description, but it can also be
|
|
|
|
|
a map geolocation. To add a geolocation go to <a
|
|
|
|
|
href="https://www.openstreetmap.org">openstreetmap.org</a>, find your
|
|
|
|
|
location and copy and paste the URL into the location field of your new
|
|
|
|
|
post.</p>
|
|
|
|
|
<p>Selecting the <em>location</em> header will open the last known
|
|
|
|
|
geolocation, so if your current location is near this makes it quicker
|
|
|
|
|
to find.</p>
|
|
|
|
|
<h1 id="the-timeline">The Timeline</h1>
|
|
|
|
|
<h2 id="layout">Layout</h2>
|
|
|
|
|
<figure>
|
|
|
|
|
<img src="manual-layout.png" alt="Layout" />
|
|
|
|
|
<figcaption aria-hidden="true">Layout</figcaption>
|
|
|
|
|
</figure>
|
|
|
|
|
<p>On a desktop system the main timeline screen has a multi-column
|
|
|
|
|
layout. The main content containing posts is in the centre. To the left
|
|
|
|
|
is a column containing useful web links. To the right is the newswire
|
|
|
|
|
containing links from RSS feeds.</p>
|
|
|
|
|
<p>At the top right of the centre column there are a few icons, for
|
|
|
|
|
show/hide, calendar, search and creating a new post.</p>
|
|
|
|
|
<p>Different timelines are listed at the top - inbox, DM, replies,
|
|
|
|
|
outbox, etc - and more can be shown by selecting the <em>show/hide</em>
|
|
|
|
|
icon.</p>
|
|
|
|
|
<h2 id="navigation">Navigation</h2>
|
|
|
|
|
<p>As a general principle of navigation selecting the top banner always
|
|
|
|
|
takes you back to the previous screen, or if you are on the main
|
|
|
|
|
timeline screen then it will alternate with your profile.</p>
|
|
|
|
|
<p>At the bottom of the timeline there will usually be an arrow icon to
|
|
|
|
|
go to the next page, and a list of page numbers. You can also move
|
|
|
|
|
between pages using key shortcuts <strong>ALT+SHIFT+></strong> and
|
|
|
|
|
<strong>ALT+SHIFT+<</strong>. Key shortcuts exist for most navigation
|
|
|
|
|
events, and you can customise them by selecting the <em>key
|
|
|
|
|
shortcuts</em> link at the bottom of the left column.</p>
|
|
|
|
|
<h1 id="calendar">Calendar</h1>
|
|
|
|
|
<p>The calendar is not yet a standardized feature of the fediverse as a
|
|
|
|
|
whole, but has existed in Friendica and Zot instances for a long time.
|
|
|
|
|
Being able to attach a date and time to a post and then have it appear
|
|
|
|
|
on your calendar and perhaps also the calendars of your followers is
|
|
|
|
|
quite useful for organizing things with minimum effort. Until such time
|
|
|
|
|
as federated calendar functionality becomes more standardized this may
|
|
|
|
|
only work between Epicyon instances.</p>
|
|
|
|
|
<p>Calendar events are really just ordinary posts with a date, time and
|
|
|
|
|
perhaps also a location attached to them. Posts with <em>Public</em>
|
|
|
|
|
scope which have a date and time will appear on the calendars of your
|
|
|
|
|
followers, unless they have opted out of receiving calendar events from
|
|
|
|
|
you.</p>
|
|
|
|
|
<figure>
|
|
|
|
|
<img src="manual-calendar.png" alt="Calendar screen" />
|
|
|
|
|
<figcaption aria-hidden="true">Calendar screen</figcaption>
|
|
|
|
|
</figure>
|
|
|
|
|
<p><em>Reminder</em> is a special type of calendar post, which is really
|
|
|
|
|
just a direct message to yourself in the future.</p>
|
|
|
|
|
<p>To create a calendar post from the main timeline, select the
|
|
|
|
|
<strong>New post</strong> icon, then use the dropdown menu to select the
|
|
|
|
|
scope of your post. Give your event a description and add a date and
|
|
|
|
|
time. If you add a location this can either be a description or a
|
|
|
|
|
geolocation link, such as a link to <a
|
|
|
|
|
href="https://openstreetmap.org">openstreetmap</a>.</p>
|
|
|
|
|
<p>Selecting the calendar icon from the main timeline will display your
|
|
|
|
|
calendar events. It is possible to export them using the
|
|
|
|
|
<strong>iCalendar</strong> icon at the bottom right to the screen.
|
|
|
|
|
Calendar events are also available via <a
|
|
|
|
|
href="https://en.wikipedia.org/wiki/CalDAV">CalDav</a> using the URL
|
|
|
|
|
https://yourdomain/calendars/yournickname</p>
|
|
|
|
|
<h1 id="side-columns">Side columns</h1>
|
|
|
|
|
<p>The links within the side columns are global to the instance, and
|
|
|
|
|
only users having the <em>editor</em> role can change them. Since the
|
|
|
|
|
number of accounts on the instance is expected to be small these links
|
|
|
|
|
provide a common point of reference.</p>
|
|
|
|
|
<h2 id="links">Links</h2>
|
|
|
|
|
<p>Web links within the left column are intended to be generally useful
|
|
|
|
|
or of interest to the users of the instance. They are similar to a
|
|
|
|
|
blogroll. If you have the <em>editor</em> role there is an edit button
|
|
|
|
|
at the top of the left column which can be used to add or remove links.
|
|
|
|
|
Headers can also be added to group links into logical sections. For
|
|
|
|
|
example:</p>
|
|
|
|
|
<pre class="text"><code>* Search
|
|
|
|
|
|
|
|
|
|
Code search https://beta.sayhello.so
|
|
|
|
|
Wiby https://wiby.me/
|
|
|
|
|
|
|
|
|
|
* Links
|
|
|
|
|
|
|
|
|
|
16colors https://16colo.rs
|
|
|
|
|
Dotshareit http://dotshare.it</code></pre>
|
|
|
|
|
<h2 id="newswire">Newswire</h2>
|
|
|
|
|
<p>The right column is the newswire column. It contains a list of links
|
|
|
|
|
generated from RSS/Atom feeds.</p>
|
|
|
|
|
<p>If you have the <em>editor</em> role then an edit icon will appear at
|
|
|
|
|
the top of the right column, and the edit screen then allows you to add
|
|
|
|
|
or remove feeds.</p>
|
|
|
|
|
<h3 id="moderated-feeds">Moderated feeds</h3>
|
|
|
|
|
<p>Feeds can be either <em>moderated</em> or not. Moderated feed items
|
|
|
|
|
must be approved by a moderator before then can appear in the newswire
|
|
|
|
|
column and be visible to other users on the instance. To indicate that a
|
|
|
|
|
feed should be moderated prefix its URL with a star character.</p>
|
|
|
|
|
<h3 id="mirrored-feeds">Mirrored feeds</h3>
|
|
|
|
|
<p>Newswire items can also be mirrored. This means that instead of
|
|
|
|
|
newswire items being links back to the original source article a copy
|
|
|
|
|
will be made of the article locally on your server. Mirroring can be
|
|
|
|
|
useful if the site of the RSS/Atom feed is unreliable or likely to go
|
|
|
|
|
offline (such as solar powered systems only online during daylight
|
|
|
|
|
hours). When deciding whether to mirror a feed you will also want to
|
|
|
|
|
consider the copyright status of the content being mirrored, and whether
|
|
|
|
|
legal problems could arise. To indicate that a feed should be mirrored
|
|
|
|
|
prefix its URL with an exclamation mark ! character.</p>
|
|
|
|
|
<h3 id="filters-and-warnings">Filters and warnings</h3>
|
|
|
|
|
<p>On this screen you can also set filtered words and dogwhistle content
|
|
|
|
|
warnings for the instance. Filtered words should be on separate lines,
|
|
|
|
|
and dogwhistle words can be added in the format:</p>
|
|
|
|
|
<pre class="text"><code>dogwhistleword -> content warning to be added
|
|
|
|
|
dogwhistle phrase -> content warning to be added
|
|
|
|
|
DogwhistleWordPrefix* -> content warning to be added
|
|
|
|
|
*DogwhistleWordEnding -> content warning to be added</code></pre>
|
|
|
|
|
<h3 id="newswire-tagging-rules">Newswire tagging rules</h3>
|
|
|
|
|
<p>As news arrives via RSS or Atom feeds it can be processed to add or
|
|
|
|
|
remove hashtags, in accordance to some rules which you can define.</p>
|
|
|
|
|
<p>On the newswire edit screen, available to accounts having the
|
|
|
|
|
<em>moderator</em> role, you can define the news processing rules. There
|
|
|
|
|
is one rule per line.</p>
|
|
|
|
|
<p><strong>Syntax:</strong> <em>if [conditions] then [action]</em></p>
|
|
|
|
|
<p><strong>Logical Operators:</strong> <em>not, and, or, xor, from,
|
|
|
|
|
contains</em></p>
|
|
|
|
|
<p>A simple example is:</p>
|
|
|
|
|
<pre class="test"><code>if moderated and not #oxfordimc then block</code></pre>
|
|
|
|
|
<p>For moderated feeds this will only allow items through if they have
|
|
|
|
|
the <strong>#oxfordimc</strong> hashtag.</p>
|
|
|
|
|
<p>If you want to add hashtags an example is:</p>
|
|
|
|
|
<pre class="test"><code>if contains "garden" or contains "lawn" then add #gardening</code></pre>
|
|
|
|
|
<p>So if incoming news contains the word “garden” either in its title or
|
|
|
|
|
description then it will automatically be assigned the hashtag
|
|
|
|
|
<strong>#gardening</strong>. You can also add hashtags based upon other
|
|
|
|
|
hashtags.</p>
|
|
|
|
|
<pre class="test"><code>if #garden or #lawn then add #gardening</code></pre>
|
|
|
|
|
<p>You can also remove hashtags.</p>
|
|
|
|
|
<pre class="test"><code>if #garden or #lawn then remove #gardening</code></pre>
|
|
|
|
|
<p>Which will remove <strong>#gardening</strong> if it exists as a
|
|
|
|
|
hashtag within the news post.</p>
|
|
|
|
|
<p>You can add tags based upon the RSS link, such as:</p>
|
|
|
|
|
<pre class="test"><code>if from "mycatsite.com" then add #cats</code></pre>
|
|
|
|
|
<h1 id="moderation">Moderation</h1>
|
|
|
|
|
<p>The importance of moderation within social networks can’t be
|
|
|
|
|
over-stated. In the early history of the web in which communities tended
|
|
|
|
|
to be organized around forum software and mailing lists the typical
|
|
|
|
|
pattern went as follows:</p>
|
|
|
|
|
<ul>
|
|
|
|
|
<li>Founders initiate the forum</li>
|
|
|
|
|
<li>The forum gains popularity and a community grows around it</li>
|
|
|
|
|
<li>Trolls show up</li>
|
|
|
|
|
<li>The administrator is too nice, believes that all opinions are
|
|
|
|
|
equally valid, and refuses to remove trolls or promptly redact their
|
|
|
|
|
content</li>
|
|
|
|
|
<li>Within somewhere between a couple of days and a few weeks, trolls
|
|
|
|
|
set longstanding forum members against each other</li>
|
|
|
|
|
<li>Community fails and the forum closes abruptly, leaving only a
|
|
|
|
|
404</li>
|
|
|
|
|
</ul>
|
|
|
|
|
<p>The pattern has been repeated many times. Online communities can take
|
|
|
|
|
years to carefully build up and days to destroy. Having good moderation
|
|
|
|
|
in place, with clear terms of service and enforced boundaries, can help
|
|
|
|
|
to avoid failures or burnout. Being “nice” and accepting all content
|
|
|
|
|
tends not to work out well. Such an arrangement is easily hijacked by
|
|
|
|
|
people with bad intent.</p>
|
|
|
|
|
<h2 id="moderator-screen">Moderator screen</h2>
|
|
|
|
|
<p>If you have the <em>moderator</em> role then selecting the
|
|
|
|
|
<em>show/hide</em> icon from the main timeline will reveal an extra
|
|
|
|
|
timeline usually called <strong>Mod</strong>. Selecting this timeline
|
|
|
|
|
will take you to the instance moderator screen, which contains any
|
|
|
|
|
moderation reports.</p>
|
|
|
|
|
<h3 id="filtering">Filtering</h3>
|
|
|
|
|
<p>You can filter out posts containing particular words or phrases by
|
|
|
|
|
entering the offending text and then selecting the
|
|
|
|
|
<strong>Filter</strong> button. You can use the
|
|
|
|
|
<strong>Unfilter</strong> button to reverse the decision.</p>
|
|
|
|
|
<h3 id="removing-an-offending-post">Removing an offending post</h3>
|
|
|
|
|
<p>If a post made on your instance has been reported as violating the
|
|
|
|
|
terms of service you can remove it by entering its URL and then
|
|
|
|
|
selecting the <strong>Remove</strong> button.</p>
|
|
|
|
|
<h3 id="suspending-an-account">Suspending an account</h3>
|
|
|
|
|
<p>You can suspend an account on the instance by entering the nickname
|
|
|
|
|
and then selecting the <strong>Suspend</strong> button. Accounts are
|
|
|
|
|
usually suspended pending investigation into some terms of service
|
|
|
|
|
violation. You can use the <strong>Unsuspend</strong> button to
|
|
|
|
|
re-enable an account.</p>
|
|
|
|
|
<h3 id="instance-level-blocking">Instance level blocking</h3>
|
|
|
|
|
<p>To block a fediverse handle (nickname@domain), hashtag or domain
|
|
|
|
|
enter the thing that you wish to block and then select the
|
|
|
|
|
<strong>Block</strong> button. You can do the same with the
|
|
|
|
|
<strong>Unblock</strong> button to reverse your decision.</p>
|
|
|
|
|
<p>If you want to see what is being blocked at the instance level then
|
|
|
|
|
select the <strong>Info</strong> button.</p>
|
|
|
|
|
<h3 id="web-crawlers-and-search-bots">Web crawlers and search bots</h3>
|
|
|
|
|
<p>Most fediverse posts have <em>Public</em> scope, and various web
|
|
|
|
|
crawlers routinely try to index them. These are mostly the usual
|
|
|
|
|
suspects, such as BigTech companies, but also include lesser known
|
|
|
|
|
crawlers such as the British Library. By default all web search bots are
|
|
|
|
|
blocked, but the administrator account can enable particular ones.</p>
|
|
|
|
|
<p>If you are the administrator of the instance then to see the
|
|
|
|
|
currently active web search crawlers edit your profile and select
|
|
|
|
|
<strong>Filtering and blocking</strong>, then <strong>Known Web Search
|
|
|
|
|
Bots</strong>. The most common ones will appear at the top. To enable
|
|
|
|
|
particular ones add their name to <strong>Web Search Bots
|
|
|
|
|
Allowed</strong> (one per line).</p>
|
|
|
|
|
<h2 id="account-level-moderation">Account level moderation</h2>
|
|
|
|
|
<h3 id="filtering-1">Filtering</h3>
|
|
|
|
|
<p>From the main timeline select the top banner to go to your profile,
|
|
|
|
|
then select the <strong>edit</strong> icon. Open the <strong>Filtering
|
|
|
|
|
and blocking</strong> section and then you can specify filtered words or
|
|
|
|
|
phrases. Be sure to select <strong>Publish</strong> to finalize your
|
|
|
|
|
settings.</p>
|
|
|
|
|
<p>You can also filter words within the bio of users making follow
|
|
|
|
|
requests. This allows unwanted followers to be automatically rejected if
|
|
|
|
|
their bio contains particular words.</p>
|
|
|
|
|
<h3 id="blocking-accounts-or-domains">Blocking accounts or domains</h3>
|
|
|
|
|
<p>From the main timeline select the top banner to go to your profile,
|
|
|
|
|
then select the <strong>edit</strong> icon. Open the <strong>Filtering
|
|
|
|
|
and blocking</strong> section and then you can specify blocked accounts
|
|
|
|
|
or domains (one per line). Be sure to select <strong>Publish</strong> to
|
|
|
|
|
finalize your settings.</p>
|
|
|
|
|
<h3 id="replacing-words">Replacing words</h3>
|
|
|
|
|
<p>Sometimes you may want to replace words within received posts. This
|
|
|
|
|
can be for added clarity, to dissipate annoyance or just for fun.</p>
|
|
|
|
|
<p>From the main timeline select the top banner to go to your profile,
|
|
|
|
|
then select the <strong>edit</strong> icon. Open the <strong>Filtering
|
|
|
|
|
and blocking</strong> section and then you can specify replacements as
|
|
|
|
|
follows:</p>
|
|
|
|
|
<pre class="text"><code>OldWord -> NewWord
|
|
|
|
|
original phrase -> new phrase</code></pre>
|
|
|
|
|
<p>These replacements are subjective, such that if you
|
|
|
|
|
boost/repeat/announce a post then the original wording will be retained
|
|
|
|
|
for recipients.</p>
|
|
|
|
|
<h3 id="content-warning-lists">Content warning lists</h3>
|
|
|
|
|
<p>Content warning lists are lists of domains and/or keywords which can
|
|
|
|
|
be used to append a warning if they appear in the content of an incoming
|
|
|
|
|
post. For example, you can have a content warning added if a post
|
|
|
|
|
contains links to satire sites, so that you don’t confuse them with real
|
|
|
|
|
news and you don’t need to be familiar with every possible satire site.
|
|
|
|
|
These types of warnings are opt-in, so if they don’t apply to you then
|
|
|
|
|
you don’t have to have any.</p>
|
|
|
|
|
<p>From the main timeline select the top banner to go to your profile,
|
|
|
|
|
then select the <strong>edit</strong> icon. Open the <strong>Filtering
|
|
|
|
|
and blocking</strong> section and look for <strong>“Add content warnings
|
|
|
|
|
for the following sites”</strong>. You can then select the types of
|
|
|
|
|
warnings to be added to your timeline.</p>
|
|
|
|
|
<h2 id="emergencies">Emergencies</h2>
|
|
|
|
|
<p>The fediverse is typically calmer than the centralized social
|
|
|
|
|
networks, but there can be times when disputes break out and tempers
|
|
|
|
|
become heated. In the worst cases this can lead to administrator burnout
|
|
|
|
|
and instances shutting down.</p>
|
|
|
|
|
<p>If you are the administrator and you are in a situation where you or
|
|
|
|
|
the users on your instance are getting a lot of targeted harassement
|
|
|
|
|
then you can put the instance into <em>broch mode</em>, which is a type
|
|
|
|
|
of temporary allowlist which lasts for between one and two weeks. This
|
|
|
|
|
prevents previously unknown instances from sending posts to your
|
|
|
|
|
timelines, so adversaries can’t create a lot of temporary instances for
|
|
|
|
|
the purpose of attacking yours.</p>
|
|
|
|
|
<p>A general observation is that it is difficult to maintain collective
|
|
|
|
|
outrage at a high level for more than a week, so trolling campaigns tend
|
|
|
|
|
to not last much longer than that. Broch mode allows you to ride out the
|
|
|
|
|
storm, while retaining normal communications with friendly
|
|
|
|
|
instances.</p>
|
|
|
|
|
<p>To enable broch mode the administrator should edit their profile, go
|
|
|
|
|
to the instance settings and select the option. Once enabled it will
|
|
|
|
|
turn itself off automatically after 7-14 days. The somewhat uncertain
|
|
|
|
|
deactivation time prevents an adversary from knowing when to begin a new
|
|
|
|
|
flooding attempt, and after a couple of weeks they will be losing the
|
|
|
|
|
motivation to continue.</p>
|
|
|
|
|
<h1 id="themes">Themes</h1>
|
|
|
|
|
<p>Generic-looking user interfaces have become expected for many types
|
|
|
|
|
of software, because they are designed to scale up to very large numbers
|
|
|
|
|
of users and hence need to be as bland and inoffensive as possible. But
|
|
|
|
|
small web systems don’t need appeal to a bland, corporate, imagined
|
|
|
|
|
average user. If you are spending significant time using a social
|
|
|
|
|
network then being able to customise it and really make it your online
|
|
|
|
|
home improves usability.</p>
|
|
|
|
|
<h2 id="standard-themes">Standard themes</h2>
|
|
|
|
|
<p>Epicyon has multiple standard themes and if you are the administrator
|
|
|
|
|
then if you edit your profile and open the <em>Graphic design</em>
|
|
|
|
|
section then you can change the current theme for the instance. Users
|
|
|
|
|
may need to reload the web page with <em>CTRL+F5</em> in order to see
|
|
|
|
|
the changes.</p>
|
|
|
|
|
<h2 id="theme-customization">Theme customization</h2>
|
|
|
|
|
<p>If you have the <em>artist</em> role then from the top of the left
|
|
|
|
|
column of the main timeline you can select the <em>Theme Designer</em>
|
|
|
|
|
icon, which usually resembles a paint roller or paint brush. This allows
|
|
|
|
|
you to change colors and values for user interface components.</p>
|
|
|
|
|
<h1 id="sharing-economy">Sharing economy</h1>
|
|
|
|
|
<p>This is intended to add <a
|
|
|
|
|
href="https://en.wikipedia.org/wiki/The_Freecycle_Network">Freecycle</a>
|
|
|
|
|
type functionality within a social network context, leveraging your
|
|
|
|
|
social connections on the instance, or between participating instances,
|
|
|
|
|
to facilitate sharing and reduce wasteful consumerism.</p>
|
|
|
|
|
<h2 id="adding-a-shared-item">Adding a shared item</h2>
|
|
|
|
|
<p>When creating a new post one of the scope options is called
|
|
|
|
|
<em>shares</em>. You can describe an item or service that you are
|
|
|
|
|
willing to share.</p>
|
|
|
|
|
<p>Sharing is primarily intended to not require any monetary
|
|
|
|
|
transactions, although prices can optionally be added. There are no
|
|
|
|
|
payment mechanisms implemented and if that is required then it is
|
|
|
|
|
recommended to include details of payment method within the
|
|
|
|
|
description.</p>
|
|
|
|
|
<h2 id="adding-a-wanted-item">Adding a wanted item</h2>
|
|
|
|
|
<p>This is the opposite to adding a share in that you are making a post
|
|
|
|
|
which indicates that you are wanting some particular thing or
|
|
|
|
|
service.</p>
|
|
|
|
|
<h2 id="new-shares">New shares</h2>
|
|
|
|
|
<p>When new shared items are added then in the left column of the main
|
|
|
|
|
timeline screen there will be a section showing recent shares.</p>
|
|
|
|
|
<h2 id="shared-and-wanted-items-timelines">Shared and wanted items
|
|
|
|
|
timelines</h2>
|
|
|
|
|
<p>Any items shared or wanted will appear within timelines, which can be
|
|
|
|
|
viewed by selecting the <em>show/hide</em> icon.</p>
|
|
|
|
|
<h2 id="federated-shares">Federated shares</h2>
|
|
|
|
|
<p>If you are the administrator of the instance then you can specify
|
|
|
|
|
other instances with which your local shared items may be federated.
|
|
|
|
|
Edit your profile and select the <em>Shares</em> section, then add the
|
|
|
|
|
domain names of the instances to share with (one per line). If other
|
|
|
|
|
instance administrators also configure their system to share with yours
|
|
|
|
|
then this is the ideal mutualistic situation, increasing the set of
|
|
|
|
|
things being shared.</p>
|
|
|
|
|
<p>The technical implementation of federated shared items currently does
|
|
|
|
|
not use ActivityPub, but instead a pull-based system more comparable to
|
|
|
|
|
RSS/Atom. This is so that the people doing the sharing always remain in
|
|
|
|
|
control of what they are sharing, and can withdraw a share at any time.
|
|
|
|
|
A pull-based implementation also makes things considerably harder for
|
|
|
|
|
spammers.</p>
|
|
|
|
|
<h1 id="search">Search</h1>
|
|
|
|
|
<p>To search, select the magnifying glass icon from the top right of the
|
|
|
|
|
centre column of the main timeline. This will take you to a separate
|
|
|
|
|
screen where you can enter your search query.</p>
|
|
|
|
|
<figure>
|
2022-10-22 19:31:10 +00:00
|
|
|
|
<img src="manual-search.jpg" alt="Search screen" />
|
2022-10-22 18:30:43 +00:00
|
|
|
|
<figcaption aria-hidden="true">Search screen</figcaption>
|
|
|
|
|
</figure>
|
|
|
|
|
<h2 id="searching-for-a-fediverse-handle-or-profile-url">Searching for a
|
|
|
|
|
fediverse handle or profile URL</h2>
|
|
|
|
|
<p>If you enter a fediverse handle or a URL corresponding to a profile
|
|
|
|
|
then the system will try to find it. If successful then a summary of the
|
|
|
|
|
found profile will be shown, and you will have the option to
|
|
|
|
|
follow/unfollow or view the original upstream profile page. If you are
|
|
|
|
|
already following then a different screen will be shown with more
|
|
|
|
|
options available.</p>
|
|
|
|
|
<h2 id="searching-your-posts">Searching your posts</h2>
|
|
|
|
|
<p>To search your own posts prefix the search text with a single quote
|
|
|
|
|
character.</p>
|
|
|
|
|
<h2 id="searching-hashtags">Searching hashtags</h2>
|
|
|
|
|
<p>To search for a hashtag just enter it, complete with the hash
|
|
|
|
|
prefix.</p>
|
|
|
|
|
<h2 id="searching-shared-items">Searching shared items</h2>
|
|
|
|
|
<p>To search for any shared items just enter the text that you want to
|
|
|
|
|
search for.</p>
|
|
|
|
|
<h2 id="searching-wanted-items">Searching wanted items</h2>
|
|
|
|
|
<p>To search for a wanted item then enter the text that you want to
|
|
|
|
|
search for prefixed by a full stop (period) character.</p>
|
|
|
|
|
<h2 id="searching-for-skills">Searching for skills</h2>
|
|
|
|
|
<p>To search for accounts having a particular skill, prefix your search
|
|
|
|
|
text with a star character.</p>
|
|
|
|
|
<h2 id="searching-for-emojis">Searching for emojis</h2>
|
|
|
|
|
<p>To search for an emoji use its name prefixed by a colon
|
|
|
|
|
character.</p>
|
|
|
|
|
<h1 id="building-fediverse-communities">Building fediverse
|
|
|
|
|
communities</h1>
|
|
|
|
|
<p>The great thing about running a small instance is that you can do
|
|
|
|
|
things in whatever manner you prefer. What follows is a few guidelines
|
|
|
|
|
which may help.</p>
|
2022-10-22 19:26:37 +00:00
|
|
|
|
<figure>
|
|
|
|
|
<img src="manual-fediverse.png" alt="Fediverse logo" />
|
|
|
|
|
<figcaption aria-hidden="true">Fediverse logo</figcaption>
|
|
|
|
|
</figure>
|
2022-10-22 18:30:43 +00:00
|
|
|
|
<h2 id="have-a-working-backup-system">Have a working backup system</h2>
|
|
|
|
|
<p>Keeping backups is very important, and fortunately with Epicyon this
|
|
|
|
|
is a simple process. The Epicyon installation consists only of files in
|
|
|
|
|
a directory. There is no database. So just backing up the directory
|
|
|
|
|
where it resides - typically <em>/opt/epicyon</em> - is all that you
|
|
|
|
|
need to do. Once you have a backup system in place, test that it
|
|
|
|
|
works.</p>
|
|
|
|
|
<h2 id="the-fediverse-is-not-an-open-source-twitter">The fediverse is
|
|
|
|
|
not an open source Twitter</h2>
|
|
|
|
|
<p>This sounds like a trite comment, but if you have members on your
|
|
|
|
|
instance coming from Twitter and expecting it to be the same sort of
|
|
|
|
|
thing then they will be disappointed. A major difference is that the
|
|
|
|
|
fediverse is more about conversation rather than one-way broadcast.
|
|
|
|
|
Sites like Twitter encourage you to become an “influencer” and adopt a
|
|
|
|
|
style of communication where you are shouting to a large audience
|
|
|
|
|
without much expectation of dialogue.</p>
|
|
|
|
|
<p>On Twitter there is an algorithm which will make follow suggestions
|
|
|
|
|
and dump all manner of aggravating trash into your timeline. On the
|
|
|
|
|
fediverse if you want to connect with people then you will need to be
|
|
|
|
|
more proactive in going out to <em>find the others</em>. There is no
|
|
|
|
|
algorithm trying to guess what you want without your participation.</p>
|
|
|
|
|
<h2 id="robustly-remove-bad-actors">Robustly remove bad actors</h2>
|
|
|
|
|
<p>If people are creating a problem or bringing trouble and are not
|
|
|
|
|
amenable to changing their ways, whether they are members of your
|
|
|
|
|
instance or not, then be prepared to block or suspend their accounts.
|
|
|
|
|
Remember that <em>trolls will destroy your community if you let
|
|
|
|
|
them</em>. Define your <em>terms of service</em> and apply it
|
|
|
|
|
consistently to anyone interacting with your instance.</p>
|
|
|
|
|
<h2 id="curate-your-experience">Curate your experience</h2>
|
|
|
|
|
<p>Add links to the left column and blog or podcast feeds to the right.
|
|
|
|
|
Choose links which are relevant to your community so that useful
|
|
|
|
|
information is one click away. If you have multiple people on your
|
|
|
|
|
instance then assign roles to them so that they have a stake in
|
|
|
|
|
maintaining a good experience.</p>
|