Merge branch 'main' of gitlab.com:bashrc2/epicyon

merge-requests/30/head
Bob Mottram 2022-11-09 18:18:52 +00:00
commit 11ff873705
6 changed files with 67 additions and 13 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 57 KiB

Binary file not shown.

View File

@ -417,6 +417,23 @@ confident in an erroneous conclusion. Setting a city somewhere near to
your <a href="https://en.wikipedia.org/wiki/Time_zone">time zone</a> is your <a href="https://en.wikipedia.org/wiki/Time_zone">time zone</a> is
preferable, so that it matches your typical pattern of daily posting preferable, so that it matches your typical pattern of daily posting
activity without giving away your real location.</p> activity without giving away your real location.</p>
<h3 id="verifying-your-website-or-blog">Verifying your website or
blog</h3>
<p>It is possible to indicate that a website of blog belongs to you by
linking it to your profile screen. Within the <em>head</em> html section
of your website or blog index page include a line similar to:</p>
<div class="sourceCode" id="cb18"><pre
class="sourceCode html"><code class="sourceCode html"><span id="cb18-1"><a href="#cb18-1" aria-hidden="true" tabindex="-1"></a><span class="kw">&lt;link</span> <span class="er">rel</span><span class="ot">=</span><span class="st">&quot;me&quot;</span> <span class="er">href</span><span class="ot">=</span><span class="st">&quot;https://YourEpicyonDomain/@YourNickname&quot;</span> <span class="kw">/&gt;</span></span></code></pre></div>
<p>If you edit and then publish your profile, with the <em>website</em>
and/or <em>blog</em> fields completed then if the above link is found
your sites will be indicated to be verified on your profile screen. When
verified they will appear in green with a tick.</p>
<figure>
<img src="manual-verified-website.jpg"
alt="Profile screen showing verified website" />
<figcaption aria-hidden="true">Profile screen showing verified
website</figcaption>
</figure>
<h2 id="roles">Roles</h2> <h2 id="roles">Roles</h2>
<p>If you are the administrator then within your profile settings you <p>If you are the administrator then within your profile settings you
can also specify roles for other accounts on the instance. A small can also specify roles for other accounts on the instance. A small

View File

@ -51,32 +51,32 @@ sudo apt install -y tor python3-socks imagemagick python3-setuptools python3-cry
The following instructions install Epicyon to the **/opt** directory. It's not essential that it be installed there, and it could be in any other preferred directory. The following instructions install Epicyon to the **/opt** directory. It's not essential that it be installed there, and it could be in any other preferred directory.
Clone the repo, or if you downloaded the tarball then extract it into the **/opt** directory. Clone the repo, or if you downloaded the tarball then extract it into the **/opt** directory.
```bash ``` bash
cd /opt cd /opt
git clone https://gitlab.com/bashrc2/epicyon git clone https://gitlab.com/bashrc2/epicyon
``` ```
## Set permissions ## Set permissions
Create a user for the server to run as: Create a user for the server to run as:
```bash ``` bash
sudo su sudo su
adduser --system --home=/opt/epicyon --group epicyon adduser --system --home=/opt/epicyon --group epicyon
chown -R epicyon:epicyon /opt/epicyon chown -R epicyon:epicyon /opt/epicyon
``` ```
## News mirrors ## News mirrors
The content for RSS feed links can be downloaded and mirrored, so that even if the original sources go offline the content remains readable. Link the RSS/newswire mirrors with. The content for RSS feed links can be downloaded and mirrored, so that even if the original sources go offline the content remains readable. Link the RSS/newswire mirrors with.
```bash ``` bash
mkdir /var/www/YOUR_DOMAIN mkdir /var/www/YOUR_DOMAIN
mkdir -p /opt/epicyon/accounts/newsmirror mkdir -p /opt/epicyon/accounts/newsmirror
ln -s /opt/epicyon/accounts/newsmirror /var/www/YOUR_DOMAIN/newsmirror ln -s /opt/epicyon/accounts/newsmirror /var/www/YOUR_DOMAIN/newsmirror
``` ```
## Create daemon ## Create daemon
Typically the server will run from a *systemd* daemon. It can be set up as follows: Typically the server will run from a *systemd* daemon. It can be set up as follows:
```bash ``` bash
nano /etc/systemd/system/epicyon.service nano /etc/systemd/system/epicyon.service
``` ```
Paste the following: Paste the following:
```bash ``` bash
[Unit] [Unit]
Description=epicyon Description=epicyon
After=syslog.target After=syslog.target
@ -119,13 +119,13 @@ WantedBy=multi-user.target
``` ```
Activate the daemon: Activate the daemon:
```bash ``` bash
systemctl enable epicyon systemctl enable epicyon
systemctl start epicyon systemctl start epicyon
``` ```
## Web server setup ## Web server setup
Create a web server configuration. Create a web server configuration.
```bash ``` bash
nano /etc/nginx/sites-available/YOUR_DOMAIN nano /etc/nginx/sites-available/YOUR_DOMAIN
``` ```
@ -220,7 +220,7 @@ server {
``` ```
Enable the site: Enable the site:
```bash ``` bash
ln -s /etc/nginx/sites-available/YOUR_DOMAIN /etc/nginx/sites-enabled/ ln -s /etc/nginx/sites-available/YOUR_DOMAIN /etc/nginx/sites-enabled/
``` ```
@ -228,14 +228,14 @@ ln -s /etc/nginx/sites-available/YOUR_DOMAIN /etc/nginx/sites-enabled/
Forward port 443 from your internet router to your server. If you have dynamic DNS make sure its configured. Forward port 443 from your internet router to your server. If you have dynamic DNS make sure its configured.
## Obtain a TLS certificate ## Obtain a TLS certificate
```bash ``` bash
systemctl stop nginx systemctl stop nginx
certbot certonly -n --server https://acme-v02.api.letsencrypt.org/directory --standalone -d YOUR_DOMAIN --renew-by-default --agree-tos --email YOUR_EMAIL certbot certonly -n --server https://acme-v02.api.letsencrypt.org/directory --standalone -d YOUR_DOMAIN --renew-by-default --agree-tos --email YOUR_EMAIL
systemctl start nginx systemctl start nginx
``` ```
## Restart the web server ## Restart the web server
```bash ``` bash
systemctl restart nginx systemctl restart nginx
``` ```
@ -270,7 +270,7 @@ Please be aware that such installations will not federate with ordinary fedivers
# Upgrading # Upgrading
Unlike some other instance types, Epicyon is really easy to upgrade. It only requires a git pull to obtain the changes from the upstream repo, then set permissions and restart the daemon. Unlike some other instance types, Epicyon is really easy to upgrade. It only requires a git pull to obtain the changes from the upstream repo, then set permissions and restart the daemon.
```bash ``` bash
cd /opt/epicyon cd /opt/epicyon
git pull git pull
chown -R epicyon:epicyon * chown -R epicyon:epicyon *
@ -281,14 +281,14 @@ systemctl restart epicyon
To avoid running out of disk space you will want to clear down old inbox posts. Posts from your instance outboxes will be unaffected. To avoid running out of disk space you will want to clear down old inbox posts. Posts from your instance outboxes will be unaffected.
Create an archive script **/usr/bin/epicyon-archive**: Create an archive script **/usr/bin/epicyon-archive**:
```bash ``` bash
#!/bin/bash #!/bin/bash
cd /opt/epicyon || exit 0 cd /opt/epicyon || exit 0
/usr/bin/python3 epicyon.py --archive none --archiveweeks 4 --maxposts 32000 /usr/bin/python3 epicyon.py --archive none --archiveweeks 4 --maxposts 32000
``` ```
You can adjust the maximum number of weeks and the maximum number of inbox posts as needed. Then add it as a cron entry. You can adjust the maximum number of weeks and the maximum number of inbox posts as needed. Then add it as a cron entry.
```bash ``` bash
echo "*/60 * * * * root /usr/bin/epicyon-archive" >> /etc/crontab echo "*/60 * * * * root /usr/bin/epicyon-archive" >> /etc/crontab
``` ```
@ -338,6 +338,15 @@ If you want to block particular fediverse accounts or instances then you can ent
### Geolocation spoofing ### Geolocation spoofing
Within the *filtering and blocking* section you can also set a city which will be used for geolocation spoofing. When you post a photo, instead of removing all metadata spoofed metadata will be added in order to consistently fool the machine learning systems behind web crawlers or scrapers, and create a [confirmation bias](https://en.wikipedia.org/wiki/Confirmation_bias) effect where the surveillance systems become increasingly confident in an erroneous conclusion. Setting a city somewhere near to your [time zone](https://en.wikipedia.org/wiki/Time_zone) is preferable, so that it matches your typical pattern of daily posting activity without giving away your real location. Within the *filtering and blocking* section you can also set a city which will be used for geolocation spoofing. When you post a photo, instead of removing all metadata spoofed metadata will be added in order to consistently fool the machine learning systems behind web crawlers or scrapers, and create a [confirmation bias](https://en.wikipedia.org/wiki/Confirmation_bias) effect where the surveillance systems become increasingly confident in an erroneous conclusion. Setting a city somewhere near to your [time zone](https://en.wikipedia.org/wiki/Time_zone) is preferable, so that it matches your typical pattern of daily posting activity without giving away your real location.
### Verifying your website or blog
It is possible to indicate that a website of blog belongs to you by linking it to your profile screen. Within the *head* html section of your website or blog index page include a line similar to:
``` html
<link rel="me" href="https://YourEpicyonDomain/@YourNickname" />
```
If you edit and then publish your profile, with the *website* and/or *blog* fields completed then if the above link is found your sites will be indicated to be verified on your profile screen. When verified they will appear in green with a tick.
![Profile screen showing verified website](manual-verified-website.jpg)
## Roles ## Roles
If you are the administrator then within your profile settings you can also specify roles for other accounts on the instance. A small instance is like a ship with the roles being crew positions, and all members of the crew need to work together to keep the ship afloat. The current roles are: If you are the administrator then within your profile settings you can also specify roles for other accounts on the instance. A small instance is like a ship with the roles being crew positions, and all members of the crew need to work together to keep the ship afloat. The current roles are:

View File

@ -275,6 +275,14 @@ def _markdown_replace_code(markdown: str) -> str:
line_ctr = 0 line_ctr = 0
changed = False changed = False
section_active = False section_active = False
urlencode = False
html_escape_table = {
"&": "&amp;",
'"': "&quot;",
"'": "&apos;",
">": "&gt;",
"<": "&lt;"
}
for line in lines: for line in lines:
if not line.strip(): if not line.strip():
# skip blank lines # skip blank lines
@ -282,13 +290,23 @@ def _markdown_replace_code(markdown: str) -> str:
continue continue
if line.startswith('```'): if line.startswith('```'):
if not section_active: if not section_active:
if 'html' in line or 'xml' in line or 'rdf' in line:
urlencode = True
start_line = line_ctr start_line = line_ctr
section_active = True section_active = True
else: else:
lines[start_line] = '<code>' lines[start_line] = '<code>'
lines[line_ctr] = '</code>' lines[line_ctr] = '</code>'
if urlencode:
lines[start_line] = '<pre>\n<code>'
lines[line_ctr] = '</code>\n</pre>'
for line_num in range(start_line + 1, line_ctr):
lines[line_num] = \
"".join(html_escape_table.get(char, char)
for char in lines[line_num])
section_active = False section_active = False
changed = True changed = True
urlencode = False
line_ctr += 1 line_ctr += 1
if not changed: if not changed:

View File

@ -405,12 +405,22 @@ def verify_html(session, url: str, debug: bool,
actor = 'http://' + actor actor = 'http://' + actor
else: else:
actor = http_prefix + '://' + actor actor = http_prefix + '://' + actor
# double quotes
link_str = ' rel="me" href="' + actor + '"' link_str = ' rel="me" href="' + actor + '"'
if link_str in verification_site_html: if link_str in verification_site_html:
return True return True
link_str = ' href="' + actor + '" rel="me"' link_str = ' href="' + actor + '" rel="me"'
if link_str in verification_site_html: if link_str in verification_site_html:
return True return True
# single quotes
link_str = " rel=\"me\" href='" + actor + "'"
if link_str in verification_site_html:
return True
link_str = " href='" + actor + "' rel=\"me\""
if link_str in verification_site_html:
return True
return False return False