Merge branch 'main' of gitlab.com:bashrc2/epicyon

merge-requests/30/head
Bob Mottram 2022-11-09 18:18:52 +00:00
commit 11ff873705
6 changed files with 67 additions and 13 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 57 KiB

Binary file not shown.

View File

@ -417,6 +417,23 @@ confident in an erroneous conclusion. Setting a city somewhere near to
your <a href="https://en.wikipedia.org/wiki/Time_zone">time zone</a> is
preferable, so that it matches your typical pattern of daily posting
activity without giving away your real location.</p>
<h3 id="verifying-your-website-or-blog">Verifying your website or
blog</h3>
<p>It is possible to indicate that a website of blog belongs to you by
linking it to your profile screen. Within the <em>head</em> html section
of your website or blog index page include a line similar to:</p>
<div class="sourceCode" id="cb18"><pre
class="sourceCode html"><code class="sourceCode html"><span id="cb18-1"><a href="#cb18-1" aria-hidden="true" tabindex="-1"></a><span class="kw">&lt;link</span> <span class="er">rel</span><span class="ot">=</span><span class="st">&quot;me&quot;</span> <span class="er">href</span><span class="ot">=</span><span class="st">&quot;https://YourEpicyonDomain/@YourNickname&quot;</span> <span class="kw">/&gt;</span></span></code></pre></div>
<p>If you edit and then publish your profile, with the <em>website</em>
and/or <em>blog</em> fields completed then if the above link is found
your sites will be indicated to be verified on your profile screen. When
verified they will appear in green with a tick.</p>
<figure>
<img src="manual-verified-website.jpg"
alt="Profile screen showing verified website" />
<figcaption aria-hidden="true">Profile screen showing verified
website</figcaption>
</figure>
<h2 id="roles">Roles</h2>
<p>If you are the administrator then within your profile settings you
can also specify roles for other accounts on the instance. A small

View File

@ -51,32 +51,32 @@ sudo apt install -y tor python3-socks imagemagick python3-setuptools python3-cry
The following instructions install Epicyon to the **/opt** directory. It's not essential that it be installed there, and it could be in any other preferred directory.
Clone the repo, or if you downloaded the tarball then extract it into the **/opt** directory.
```bash
``` bash
cd /opt
git clone https://gitlab.com/bashrc2/epicyon
```
## Set permissions
Create a user for the server to run as:
```bash
``` bash
sudo su
adduser --system --home=/opt/epicyon --group epicyon
chown -R epicyon:epicyon /opt/epicyon
```
## News mirrors
The content for RSS feed links can be downloaded and mirrored, so that even if the original sources go offline the content remains readable. Link the RSS/newswire mirrors with.
```bash
``` bash
mkdir /var/www/YOUR_DOMAIN
mkdir -p /opt/epicyon/accounts/newsmirror
ln -s /opt/epicyon/accounts/newsmirror /var/www/YOUR_DOMAIN/newsmirror
```
## Create daemon
Typically the server will run from a *systemd* daemon. It can be set up as follows:
```bash
``` bash
nano /etc/systemd/system/epicyon.service
```
Paste the following:
```bash
``` bash
[Unit]
Description=epicyon
After=syslog.target
@ -119,13 +119,13 @@ WantedBy=multi-user.target
```
Activate the daemon:
```bash
``` bash
systemctl enable epicyon
systemctl start epicyon
```
## Web server setup
Create a web server configuration.
```bash
``` bash
nano /etc/nginx/sites-available/YOUR_DOMAIN
```
@ -220,7 +220,7 @@ server {
```
Enable the site:
```bash
``` bash
ln -s /etc/nginx/sites-available/YOUR_DOMAIN /etc/nginx/sites-enabled/
```
@ -228,14 +228,14 @@ ln -s /etc/nginx/sites-available/YOUR_DOMAIN /etc/nginx/sites-enabled/
Forward port 443 from your internet router to your server. If you have dynamic DNS make sure its configured.
## Obtain a TLS certificate
```bash
``` bash
systemctl stop nginx
certbot certonly -n --server https://acme-v02.api.letsencrypt.org/directory --standalone -d YOUR_DOMAIN --renew-by-default --agree-tos --email YOUR_EMAIL
systemctl start nginx
```
## Restart the web server
```bash
``` bash
systemctl restart nginx
```
@ -270,7 +270,7 @@ Please be aware that such installations will not federate with ordinary fedivers
# Upgrading
Unlike some other instance types, Epicyon is really easy to upgrade. It only requires a git pull to obtain the changes from the upstream repo, then set permissions and restart the daemon.
```bash
``` bash
cd /opt/epicyon
git pull
chown -R epicyon:epicyon *
@ -281,14 +281,14 @@ systemctl restart epicyon
To avoid running out of disk space you will want to clear down old inbox posts. Posts from your instance outboxes will be unaffected.
Create an archive script **/usr/bin/epicyon-archive**:
```bash
``` bash
#!/bin/bash
cd /opt/epicyon || exit 0
/usr/bin/python3 epicyon.py --archive none --archiveweeks 4 --maxposts 32000
```
You can adjust the maximum number of weeks and the maximum number of inbox posts as needed. Then add it as a cron entry.
```bash
``` bash
echo "*/60 * * * * root /usr/bin/epicyon-archive" >> /etc/crontab
```
@ -338,6 +338,15 @@ If you want to block particular fediverse accounts or instances then you can ent
### Geolocation spoofing
Within the *filtering and blocking* section you can also set a city which will be used for geolocation spoofing. When you post a photo, instead of removing all metadata spoofed metadata will be added in order to consistently fool the machine learning systems behind web crawlers or scrapers, and create a [confirmation bias](https://en.wikipedia.org/wiki/Confirmation_bias) effect where the surveillance systems become increasingly confident in an erroneous conclusion. Setting a city somewhere near to your [time zone](https://en.wikipedia.org/wiki/Time_zone) is preferable, so that it matches your typical pattern of daily posting activity without giving away your real location.
### Verifying your website or blog
It is possible to indicate that a website of blog belongs to you by linking it to your profile screen. Within the *head* html section of your website or blog index page include a line similar to:
``` html
<link rel="me" href="https://YourEpicyonDomain/@YourNickname" />
```
If you edit and then publish your profile, with the *website* and/or *blog* fields completed then if the above link is found your sites will be indicated to be verified on your profile screen. When verified they will appear in green with a tick.
![Profile screen showing verified website](manual-verified-website.jpg)
## Roles
If you are the administrator then within your profile settings you can also specify roles for other accounts on the instance. A small instance is like a ship with the roles being crew positions, and all members of the crew need to work together to keep the ship afloat. The current roles are:

View File

@ -275,6 +275,14 @@ def _markdown_replace_code(markdown: str) -> str:
line_ctr = 0
changed = False
section_active = False
urlencode = False
html_escape_table = {
"&": "&amp;",
'"': "&quot;",
"'": "&apos;",
">": "&gt;",
"<": "&lt;"
}
for line in lines:
if not line.strip():
# skip blank lines
@ -282,13 +290,23 @@ def _markdown_replace_code(markdown: str) -> str:
continue
if line.startswith('```'):
if not section_active:
if 'html' in line or 'xml' in line or 'rdf' in line:
urlencode = True
start_line = line_ctr
section_active = True
else:
lines[start_line] = '<code>'
lines[line_ctr] = '</code>'
if urlencode:
lines[start_line] = '<pre>\n<code>'
lines[line_ctr] = '</code>\n</pre>'
for line_num in range(start_line + 1, line_ctr):
lines[line_num] = \
"".join(html_escape_table.get(char, char)
for char in lines[line_num])
section_active = False
changed = True
urlencode = False
line_ctr += 1
if not changed:

View File

@ -405,12 +405,22 @@ def verify_html(session, url: str, debug: bool,
actor = 'http://' + actor
else:
actor = http_prefix + '://' + actor
# double quotes
link_str = ' rel="me" href="' + actor + '"'
if link_str in verification_site_html:
return True
link_str = ' href="' + actor + '" rel="me"'
if link_str in verification_site_html:
return True
# single quotes
link_str = " rel=\"me\" href='" + actor + "'"
if link_str in verification_site_html:
return True
link_str = " href='" + actor + "' rel=\"me\""
if link_str in verification_site_html:
return True
return False