Compare commits
54 commits
Author | SHA1 | Date | |
---|---|---|---|
559feac56e | |||
bd2e27d4a0 | |||
|
295eb6395e | ||
|
b58346385a | ||
|
1669ebec71 | ||
|
e15d79294a | ||
06bfc5b9eb | |||
f0602406ee | |||
|
a052b05141 | ||
d71d52302c | |||
11c305b64b | |||
14515d8d4a | |||
a03f3a9d89 | |||
|
9a91b5e669 | ||
|
86f05e0683 | ||
|
72186aaf4d | ||
ebfb617b26 | |||
0af8e93135 | |||
98a64ab145 | |||
94d1af2c4c | |||
43c5fd5db0 | |||
c887dd4f2e | |||
ba1ed37edf | |||
f1de9bd9ba | |||
a4bab7bdfa | |||
a7dbca885f | |||
9d7c877de0 | |||
39a878f530 | |||
dcee1b109b | |||
9a8373a3f5 | |||
ccae7ef824 | |||
8504878187 | |||
fef4bae006 | |||
86dcf273c5 | |||
36cb19dbf2 | |||
71d08991ea | |||
d756607112 | |||
367bc9c818 | |||
81caf77223 | |||
551f92dd50 | |||
d9508474b6 | |||
f676007b18 | |||
63f2d1cbef | |||
f91b896731 | |||
af90a4e51b | |||
5e7be063c7 | |||
a1317bf541 | |||
a0dd670e68 | |||
11d29d27b8 | |||
44da806a77 | |||
d7c805b0bb | |||
c52982e9c5 | |||
2e433e106f | |||
bfbe4e8dce |
294 changed files with 44806 additions and 22693 deletions
|
@ -1 +0,0 @@
|
|||
https://github.com/hashnuke/heroku-buildpack-elixir
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -78,3 +78,4 @@ docs/venv
|
|||
# docker stuff
|
||||
docker-db
|
||||
*.iml
|
||||
docker-compose.override.yml
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
platform: linux/amd64
|
||||
labels:
|
||||
platform: linux/amd64
|
||||
|
||||
depends_on:
|
||||
- test
|
||||
|
@ -34,7 +35,7 @@ variables:
|
|||
- &clean "(rm -rf release || true) && (rm -rf _build || true) && (rm -rf /root/.mix)"
|
||||
- &mix-clean "mix deps.clean --all && mix clean"
|
||||
|
||||
pipeline:
|
||||
steps:
|
||||
# Canonical amd64
|
||||
debian-bookworm:
|
||||
image: hexpm/elixir:1.15.4-erlang-26.0.2-debian-bookworm-20230612
|
||||
|
@ -76,6 +77,7 @@ pipeline:
|
|||
- *clean
|
||||
- echo "import Config" > config/prod.secret.exs
|
||||
- *setup-hex
|
||||
- *mix-clean
|
||||
- *tag-build
|
||||
- mix deps.get --only prod
|
||||
- mix release --path release
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
platform: linux/arm64
|
||||
labels:
|
||||
platform: linux/aarch64
|
||||
|
||||
depends_on:
|
||||
- test
|
||||
|
@ -34,7 +35,7 @@ variables:
|
|||
- &clean "(rm -rf release || true) && (rm -rf _build || true) && (rm -rf /root/.mix)"
|
||||
- &mix-clean "mix deps.clean --all && mix clean"
|
||||
|
||||
pipeline:
|
||||
steps:
|
||||
# Canonical arm64
|
||||
debian-bookworm:
|
||||
image: hexpm/elixir:1.15.4-erlang-26.0.2-debian-bookworm-20230612
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
platform: linux/amd64
|
||||
labels:
|
||||
platform: linux/amd64
|
||||
|
||||
depends_on:
|
||||
- test
|
||||
|
@ -45,7 +46,7 @@ variables:
|
|||
- &clean "(rm -rf release || true) && (rm -rf _build || true) && (rm -rf /root/.mix)"
|
||||
- &mix-clean "mix deps.clean --all && mix clean"
|
||||
|
||||
pipeline:
|
||||
steps:
|
||||
docs:
|
||||
<<: *on-point-release
|
||||
secrets:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
platform: linux/amd64
|
||||
labels:
|
||||
platform: linux/amd64
|
||||
|
||||
variables:
|
||||
- &scw-secrets
|
||||
|
@ -41,9 +42,9 @@ variables:
|
|||
- &clean "(rm -rf release || true) && (rm -rf _build || true) && (rm -rf /root/.mix)"
|
||||
- &mix-clean "mix deps.clean --all && mix clean"
|
||||
|
||||
pipeline:
|
||||
steps:
|
||||
lint:
|
||||
image: akkoma/ci-base:1.15-otp26
|
||||
image: akkoma/ci-base:1.16-otp26
|
||||
<<: *on-pr-open
|
||||
environment:
|
||||
MIX_ENV: test
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
platform: linux/amd64
|
||||
labels:
|
||||
platform: linux/amd64
|
||||
|
||||
depends_on:
|
||||
- lint
|
||||
|
@ -7,15 +8,12 @@ matrix:
|
|||
ELIXIR_VERSION:
|
||||
- 1.14
|
||||
- 1.15
|
||||
- 1.16
|
||||
OTP_VERSION:
|
||||
- 25
|
||||
- 26
|
||||
include:
|
||||
- ELIXIR_VERSION: 1.14
|
||||
OTP_VERSION: 25
|
||||
- ELIXIR_VERSION: 1.15
|
||||
OTP_VERSION: 25
|
||||
- ELIXIR_VERSION: 1.15
|
||||
- ELIXIR_VERSION: 1.16
|
||||
OTP_VERSION: 26
|
||||
|
||||
variables:
|
||||
|
@ -70,7 +68,7 @@ services:
|
|||
POSTGRES_USER: postgres
|
||||
POSTGRES_PASSWORD: postgres
|
||||
|
||||
pipeline:
|
||||
steps:
|
||||
test:
|
||||
image: akkoma/ci-base:${ELIXIR_VERSION}-otp${OTP_VERSION}
|
||||
<<: *on-pr-open
|
||||
|
@ -89,5 +87,5 @@ pipeline:
|
|||
- mix ecto.create
|
||||
- mix ecto.migrate
|
||||
- mkdir -p test/tmp
|
||||
- mix test --preload-modules --exclude erratic --exclude federated --exclude mocked
|
||||
- mix test --preload-modules --only mocked
|
||||
- mix test --preload-modules --exclude erratic --exclude federated --exclude mocked || mix test --failed
|
||||
- mix test --preload-modules --only mocked || mix test --failed
|
||||
|
|
78
CHANGELOG.md
78
CHANGELOG.md
|
@ -4,6 +4,73 @@ All notable changes to this project will be documented in this file.
|
|||
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||
|
||||
## 3.13.3
|
||||
|
||||
## BREAKING
|
||||
- Minimum PostgreSQL version is raised to 12
|
||||
- Swagger UI moved from `/akkoma/swaggerui/` to `/pleroma/swaggerui/`
|
||||
|
||||
## Added
|
||||
- Implement [FEP-67ff](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md) (federation documentation)
|
||||
- Meilisearch: it is now possible to use separate keys for search and admin actions
|
||||
- New standalone `prune_orphaned_activities` mix task with configurable batch limit
|
||||
- The `prune_objects` mix task now accepts a `--limit` parameter for initial object pruning
|
||||
|
||||
## Fixed
|
||||
- Meilisearch: order of results returned from our REST API now actually matches how Meilisearch ranks results
|
||||
- Emoji are now federated as anonymous objects, fixing issues with
|
||||
some strict servers e.g. rejecting e.g. remote emoji reactions
|
||||
- AP objects with additional JSON-LD profiles beyond ActivityStreams can now be fetched
|
||||
- Single-selection polls no longer expose the voter_count; MastoAPI demands it be null
|
||||
and this confused some clients leading to vote distributions >100%
|
||||
|
||||
## Changed
|
||||
- Refactored Rich Media to cache the content in the database. Fetching operations that could block status rendering have been eliminated.
|
||||
|
||||
## 2024.04.1 (Security)
|
||||
|
||||
## Fixed
|
||||
- Issue allowing non-owners to use media objects in posts
|
||||
- Issue allowing use of non-media objects as attachments and crashing timeline rendering
|
||||
- Issue allowing webfinger spoofing in certain situations
|
||||
|
||||
## 2024.04
|
||||
|
||||
## Added
|
||||
- Support for [FEP-fffd](https://codeberg.org/fediverse/fep/src/branch/main/fep/fffd/fep-fffd.md) (proxy objects)
|
||||
- Verified support for elixir 1.16
|
||||
- Uploadfilter `Pleroma.Upload.Filter.Exiftool.ReadDescription` returns description values to the FE so they can pre fill the image description field
|
||||
NOTE: this filter MUST be placed before `Exiftool.StripMetadata` to work
|
||||
|
||||
## Changed
|
||||
- Inbound pipeline error handing was modified somewhat, which should lead to less incomprehensible log spam. Hopefully.
|
||||
- Uploadfilter `Pleroma.Upload.Filter.Exiftool` was replaced by `Pleroma.Upload.Filter.Exiftool.StripMetadata`;
|
||||
the latter strips all non-essential metadata by default but can be configured.
|
||||
To regain the old behaviour of only stripping GPS data set `purge: ["gps:all"]`.
|
||||
- Uploadfilter `Pleroma.Upload.Filter.Exiftool` has been renamed to `Pleroma.Upload.Filter.Exiftool.StripMetadata`
|
||||
- MRF.InlineQuotePolicy now prefers to insert display URLs instead of ActivityPub IDs
|
||||
- Old accounts are no longer listed in WebFinger as aliases; this was breaking spec
|
||||
|
||||
## Fixed
|
||||
- Issue preventing fetching anything from IPv6-only instances
|
||||
- Issue allowing post content to leak via opengraph tags despite :estrict\_unauthenticated being set
|
||||
- Move activities no longer operate on stale user data
|
||||
- Missing definitions in our JSON-LD context
|
||||
- Issue mangling newlines in code blocks for RSS/Atom feeds
|
||||
- static\_fe squeezing non-square avatars and emoji
|
||||
- Issue leading to properly JSON-LD compacted emoji reactions being rejected
|
||||
- We now use a standard-compliant Accept header when fetching ActivityPub objects
|
||||
- /api/pleroma/notification\_settings was rejecting body parameters;
|
||||
this also broke changing this setting via akkoma-fe
|
||||
- Issue leading to Mastodon bot accounts being rejected
|
||||
- Scope misdetection of remote posts resulting from not recognising
|
||||
JSON-LD-compacted forms of public scope; affected e.g. federation with bovine
|
||||
- Ratelimits encountered when fetching objects are now respected; 429 responses will cause a backoff when we get one.
|
||||
|
||||
## Removed
|
||||
- ActivityPub Client-To-Server write API endpoints have been disabled;
|
||||
read endpoints are planned to be removed next release unless a clear need is demonstrated
|
||||
|
||||
## 2024.03
|
||||
|
||||
## Added
|
||||
|
@ -39,6 +106,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- our litepub JSON-LD schema is now served with the correct content type
|
||||
- remote APNG attachments are now recognised as images
|
||||
|
||||
## Upgrade Notes
|
||||
|
||||
- As mentioned in "Changed", `Pleroma.Upload, :base_url` **MUST** be configured. Uploads will fail without it.
|
||||
- Akkoma will refuse to start if this is not set.
|
||||
- Same with media proxy.
|
||||
|
||||
## 2024.02
|
||||
|
||||
## Added
|
||||
|
@ -289,6 +362,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
|
||||
## 2022.08
|
||||
|
||||
### Removed
|
||||
- Non-finch HTTP adapters. `:tesla, :adapter` is now highly recommended to be set to the default.
|
||||
|
||||
## 2022.08
|
||||
|
||||
### Added
|
||||
- extended runtime module support, see config cheatsheet
|
||||
- quote posting; quotes are limited to public posts
|
||||
|
|
42
FEDERATION.md
Normal file
42
FEDERATION.md
Normal file
|
@ -0,0 +1,42 @@
|
|||
# Federation
|
||||
|
||||
## Supported federation protocols and standards
|
||||
|
||||
- [ActivityPub](https://www.w3.org/TR/activitypub/) (Server-to-Server)
|
||||
- [WebFinger](https://webfinger.net/)
|
||||
- [Http Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures)
|
||||
- [NodeInfo](https://nodeinfo.diaspora.software/)
|
||||
|
||||
## Supported FEPs
|
||||
|
||||
- [FEP-67ff: FEDERATION](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md)
|
||||
- [FEP-f1d5: NodeInfo in Fediverse Software](https://codeberg.org/fediverse/fep/src/branch/main/fep/f1d5/fep-f1d5.md)
|
||||
- [FEP-fffd: Proxy Objects](https://codeberg.org/fediverse/fep/src/branch/main/fep/fffd/fep-fffd.md)
|
||||
|
||||
## ActivityPub
|
||||
|
||||
Akkoma mostly follows the server-to-server parts of the ActivityPub standard,
|
||||
but implements quirks for Mastodon compatibility as well as Mastodon-specific
|
||||
and custom extensions.
|
||||
|
||||
See our documentation and Mastodon’s federation information
|
||||
linked further below for details on these quirks and extensions.
|
||||
|
||||
Akkoma does not perform JSON-LD processing.
|
||||
|
||||
### Required extensions
|
||||
|
||||
#### HTTP Signatures
|
||||
All AP S2S POST requests to Akkoma instances MUST be signed.
|
||||
Depending on instance configuration the same may be true for GET requests.
|
||||
|
||||
## Nodeinfo
|
||||
|
||||
Akkoma provides many additional entries in its nodeinfo response,
|
||||
see the documentation linked below for details.
|
||||
|
||||
## Additional documentation
|
||||
|
||||
- [Akkoma’s ActivityPub extensions](https://docs.akkoma.dev/develop/development/ap_extensions/)
|
||||
- [Akkoma’s nodeinfo extensions](https://docs.akkoma.dev/develop/development/nodeinfo_extensions/)
|
||||
- [Mastodon’s federation requirements](https://github.com/mastodon/mastodon/blob/main/FEDERATION.md)
|
2
Procfile
2
Procfile
|
@ -1,2 +0,0 @@
|
|||
web: mix phx.server
|
||||
release: mix ecto.migrate
|
|
@ -63,7 +63,6 @@
|
|||
uploader: Pleroma.Uploaders.Local,
|
||||
filters: [],
|
||||
link_name: false,
|
||||
proxy_remote: false,
|
||||
filename_display_max_length: 30,
|
||||
base_url: nil,
|
||||
allowed_mime_types: ["image", "audio", "video"]
|
||||
|
@ -189,8 +188,10 @@
|
|||
receive_timeout: :timer.seconds(15),
|
||||
proxy_url: nil,
|
||||
user_agent: :default,
|
||||
pool_size: 50,
|
||||
adapter: []
|
||||
pool_size: 10,
|
||||
adapter: [],
|
||||
# see: https://hexdocs.pm/finch/Finch.html#start_link/1
|
||||
pool_max_idle_time: :timer.seconds(30)
|
||||
|
||||
config :pleroma, :instance,
|
||||
name: "Akkoma",
|
||||
|
@ -437,8 +438,12 @@
|
|||
Pleroma.Web.RichMedia.Parsers.TwitterCard,
|
||||
Pleroma.Web.RichMedia.Parsers.OEmbed
|
||||
],
|
||||
failure_backoff: :timer.minutes(20),
|
||||
ttl_setters: [Pleroma.Web.RichMedia.Parser.TTL.AwsSignedUrl]
|
||||
failure_backoff: 60_000,
|
||||
ttl_setters: [
|
||||
Pleroma.Web.RichMedia.Parser.TTL.AwsSignedUrl,
|
||||
Pleroma.Web.RichMedia.Parser.TTL.Opengraph
|
||||
],
|
||||
max_body: 5_000_000
|
||||
|
||||
config :pleroma, :media_proxy,
|
||||
enabled: false,
|
||||
|
@ -576,7 +581,9 @@
|
|||
mute_expire: 5,
|
||||
search_indexing: 10,
|
||||
nodeinfo_fetcher: 1,
|
||||
database_prune: 1
|
||||
database_prune: 1,
|
||||
rich_media_backfill: 2,
|
||||
rich_media_expiration: 2
|
||||
],
|
||||
plugins: [
|
||||
Oban.Plugins.Pruner,
|
||||
|
@ -592,7 +599,8 @@
|
|||
retries: [
|
||||
federator_incoming: 5,
|
||||
federator_outgoing: 5,
|
||||
search_indexing: 2
|
||||
search_indexing: 2,
|
||||
rich_media_backfill: 3
|
||||
],
|
||||
timeout: [
|
||||
activity_expiration: :timer.seconds(5),
|
||||
|
@ -614,7 +622,8 @@
|
|||
mute_expire: :timer.seconds(5),
|
||||
search_indexing: :timer.seconds(5),
|
||||
nodeinfo_fetcher: :timer.seconds(10),
|
||||
database_prune: :timer.minutes(10)
|
||||
database_prune: :timer.minutes(10),
|
||||
rich_media_backfill: :timer.seconds(30)
|
||||
]
|
||||
|
||||
config :pleroma, Pleroma.Formatter,
|
||||
|
@ -813,8 +822,10 @@
|
|||
config :pleroma, configurable_from_database: false
|
||||
|
||||
config :pleroma, Pleroma.Repo,
|
||||
parameters: [gin_fuzzy_search_limit: "500"],
|
||||
prepare: :unnamed
|
||||
parameters: [
|
||||
gin_fuzzy_search_limit: "500",
|
||||
plan_cache_mode: "force_custom_plan"
|
||||
]
|
||||
|
||||
config :pleroma, :majic_pool, size: 2
|
||||
|
||||
|
|
|
@ -100,9 +100,9 @@
|
|||
label: "Base URL",
|
||||
type: :string,
|
||||
description:
|
||||
"Base URL for the uploads. Required if you use a CDN or host attachments under a different domain.",
|
||||
"Base URL for the uploads. Required if you use a CDN or host attachments under a different domain - it is HIGHLY recommended that you **do not** set this to be the same as the domain akkoma is hosted on.",
|
||||
suggestions: [
|
||||
"https://cdn-host.com"
|
||||
"https://media.akkoma.dev/media/"
|
||||
]
|
||||
},
|
||||
%{
|
||||
|
@ -118,14 +118,6 @@
|
|||
"font"
|
||||
]
|
||||
},
|
||||
%{
|
||||
key: :proxy_remote,
|
||||
type: :boolean,
|
||||
description: """
|
||||
Proxy requests to the remote uploader.\n
|
||||
Useful if media upload endpoint is not internet accessible.
|
||||
"""
|
||||
},
|
||||
%{
|
||||
key: :filename_display_max_length,
|
||||
type: :integer,
|
||||
|
@ -222,6 +214,26 @@
|
|||
}
|
||||
]
|
||||
},
|
||||
%{
|
||||
group: :pleroma,
|
||||
key: Pleroma.Upload.Filter.Exiftool.StripMetadata,
|
||||
type: :group,
|
||||
description: "Strip specified metadata from image uploads",
|
||||
children: [
|
||||
%{
|
||||
key: :purge,
|
||||
description: "Metadata fields or groups to strip",
|
||||
type: {:list, :string},
|
||||
suggestions: ["all", "CommonIFD0"]
|
||||
},
|
||||
%{
|
||||
key: :preserve,
|
||||
description: "Metadata fields or groups to preserve (takes precedence over stripping)",
|
||||
type: {:list, :string},
|
||||
suggestions: ["ColorSpaces", "Orientation"]
|
||||
}
|
||||
]
|
||||
},
|
||||
%{
|
||||
group: :pleroma,
|
||||
key: Pleroma.Emails.Mailer,
|
||||
|
@ -2697,8 +2709,8 @@
|
|||
%{
|
||||
key: :pool_size,
|
||||
type: :integer,
|
||||
description: "Number of concurrent outbound HTTP requests to allow. Default 50.",
|
||||
suggestions: [50]
|
||||
description: "Number of concurrent outbound HTTP requests to allow PER HOST. Default 10.",
|
||||
suggestions: [10]
|
||||
},
|
||||
%{
|
||||
key: :adapter,
|
||||
|
@ -2721,6 +2733,13 @@
|
|||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
%{
|
||||
key: :pool_max_idle_time,
|
||||
type: :integer,
|
||||
description:
|
||||
"Number of seconds to retain an HTTP pool; pool will remain if actively in use. Default 30 seconds (in ms).",
|
||||
suggestions: [30_000]
|
||||
}
|
||||
]
|
||||
},
|
||||
|
|
|
@ -1,25 +0,0 @@
|
|||
import Config
|
||||
|
||||
config :pleroma, Pleroma.Web.Endpoint,
|
||||
http: [
|
||||
port: String.to_integer(System.get_env("PORT") || "4000"),
|
||||
protocol_options: [max_request_line_length: 8192, max_header_value_length: 8192]
|
||||
],
|
||||
protocol: "http",
|
||||
secure_cookie_flag: false,
|
||||
url: [host: System.get_env("APP_HOST"), scheme: "https", port: 443],
|
||||
secret_key_base: "+S+ULgf7+N37c/lc9K66SMphnjQIRGklTu0BRr2vLm2ZzvK0Z6OH/PE77wlUNtvP"
|
||||
|
||||
database_url =
|
||||
System.get_env("DATABASE_URL") ||
|
||||
raise """
|
||||
environment variable DATABASE_URL is missing.
|
||||
For example: ecto://USER:PASS@HOST/DATABASE
|
||||
"""
|
||||
|
||||
config :pleroma, Pleroma.Repo,
|
||||
# ssl: true,
|
||||
url: database_url,
|
||||
pool_size: String.to_integer(System.get_env("POOL_SIZE") || "10")
|
||||
|
||||
config :pleroma, :instance, name: "#{System.get_env("APP_NAME")} CI Instance"
|
|
@ -22,9 +22,12 @@
|
|||
config :pleroma, :auth, oauth_consumer_strategies: []
|
||||
|
||||
config :pleroma, Pleroma.Upload,
|
||||
base_url: "http://localhost:4001/media/",
|
||||
filters: [],
|
||||
link_name: false
|
||||
|
||||
config :pleroma, :media_proxy, base_url: "http://localhost:4001"
|
||||
|
||||
config :pleroma, Pleroma.Uploaders.Local, uploads: "test/uploads"
|
||||
|
||||
config :pleroma, Pleroma.Emails.Mailer, adapter: Swoosh.Adapters.Test, enabled: true
|
||||
|
@ -48,7 +51,8 @@
|
|||
hostname: System.get_env("DB_HOST") || "localhost",
|
||||
pool: Ecto.Adapters.SQL.Sandbox,
|
||||
pool_size: 50,
|
||||
queue_target: 5000
|
||||
queue_target: 5000,
|
||||
log: false
|
||||
|
||||
config :pleroma, :dangerzone, override_repo_pool_size: true
|
||||
|
||||
|
@ -60,7 +64,8 @@
|
|||
config :pleroma, :rich_media,
|
||||
enabled: false,
|
||||
ignore_hosts: [],
|
||||
ignore_tld: ["local", "localdomain", "lan"]
|
||||
ignore_tld: ["local", "localdomain", "lan"],
|
||||
max_body: 2_000_000
|
||||
|
||||
config :pleroma, :instance,
|
||||
multi_factor_authentication: [
|
||||
|
@ -138,6 +143,8 @@
|
|||
config :pleroma, :instances_favicons, enabled: false
|
||||
config :pleroma, :instances_nodeinfo, enabled: false
|
||||
|
||||
config :pleroma, Pleroma.Web.RichMedia.Backfill, provider: Pleroma.Web.RichMedia.Backfill
|
||||
|
||||
if File.exists?("./config/test.secret.exs") do
|
||||
import_config "test.secret.exs"
|
||||
else
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
{
|
||||
"skip_files": [
|
||||
"test/support",
|
||||
"lib/mix/tasks/pleroma/benchmark.ex",
|
||||
"lib/credo/check/consistency/file_location.ex"
|
||||
]
|
||||
}
|
10
diagnostic-tools/binary-leak-checker.sh
Executable file
10
diagnostic-tools/binary-leak-checker.sh
Executable file
|
@ -0,0 +1,10 @@
|
|||
if [ "$#" -ne 2 ]; then
|
||||
echo "Usage: binary-leak-checker.sh <nodename> <erlang cookie>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "The command you want to run is:
|
||||
:recon.bin_leak(10)
|
||||
"
|
||||
|
||||
iex --sname debug --remsh $1 --erl "-setcookie $2"
|
|
@ -46,7 +46,7 @@ services:
|
|||
volumes:
|
||||
- .:/opt/akkoma
|
||||
|
||||
# Uncomment the following if you want to use a reverse proxy
|
||||
# Copy this into docker-compose.override.yml and uncomment there if you want to use a reverse proxy
|
||||
#proxy:
|
||||
# image: caddy:2-alpine
|
||||
# restart: unless-stopped
|
||||
|
|
|
@ -11,4 +11,4 @@ echo "-- Running migrations..."
|
|||
mix ecto.migrate
|
||||
|
||||
echo "-- Starting!"
|
||||
mix phx.server
|
||||
elixir --erl "+sbwt none +sbwtdcpu none +sbwtdio none" -S mix phx.server
|
||||
|
|
|
@ -50,9 +50,39 @@ This will prune remote posts older than 90 days (configurable with [`config :ple
|
|||
|
||||
- `--keep-threads` - Don't prune posts when they are part of a thread where at least one post has seen local interaction (e.g. one of the posts is a local post, or is favourited by a local user, or has been repeated by a local user...). It also wont delete posts when at least one of the posts in that thread is kept (e.g. because one of the posts has seen recent activity).
|
||||
- `--keep-non-public` - Keep non-public posts like DM's and followers-only, even if they are remote.
|
||||
- `--limit` - limits how many remote posts get pruned. This limit does **not** apply to any of the follow up jobs. If wanting to keep the database load in check it is thus advisable to run the standalone `prune_orphaned_activities` task with a limit afterwards instead of passing `--prune-orphaned-activities` to this task.
|
||||
- `--prune-orphaned-activities` - Also prune orphaned activities afterwards. Activities are things like Like, Create, Announce, Flag (aka reports)... They can significantly help reduce the database size.
|
||||
- `--vacuum` - Run `VACUUM FULL` after the objects are pruned. This should not be used on a regular basis, but is useful if your instance has been running for a long time before pruning.
|
||||
|
||||
## Prune orphaned activities from the database
|
||||
|
||||
This will prune activities which are no longer referenced by anything.
|
||||
Such activities might be the result of running `prune_objects` without `--prune-orphaned-activities`.
|
||||
The same notes and warnings apply as for `prune_objects`.
|
||||
|
||||
The task will print out how many rows were freed in total in its last
|
||||
line of output in the form `Deleted 345 rows`.
|
||||
When running the job in limited batches this can be used to determine
|
||||
when all orphaned activities have been deleted.
|
||||
|
||||
=== "OTP"
|
||||
|
||||
```sh
|
||||
./bin/pleroma_ctl database prune_orphaned_activities [option ...]
|
||||
```
|
||||
|
||||
=== "From Source"
|
||||
|
||||
```sh
|
||||
mix pleroma.database prune_orphaned_activities [option ...]
|
||||
```
|
||||
|
||||
### Options
|
||||
|
||||
- `--limit n` - Only delete up to `n` activities in each query making up this job, i.e. if this job runs two queries at most `2n` activities will be deleted. Running this task repeatedly in limited batches can help maintain the instance’s responsiveness while still freeing up some space.
|
||||
- `--no-singles` - Do not delete activites referencing single objects
|
||||
- `--no-arrays` - Do not delete activites referencing an array of objects
|
||||
|
||||
## Create a conversation for all existing DMs
|
||||
|
||||
Can be safely re-run
|
||||
|
|
|
@ -37,7 +37,8 @@ If any of the options are left unspecified, you will be prompted interactively.
|
|||
- `--static-dir <path>` - the directory custom public files should be read from (custom emojis, frontend bundle overrides, robots.txt, etc.)
|
||||
- `--listen-ip <ip>` - the ip the app should listen to, defaults to 127.0.0.1
|
||||
- `--listen-port <port>` - the port the app should listen to, defaults to 4000
|
||||
- `--strip-uploads <Y|N>` - use ExifTool to strip uploads of sensitive location data
|
||||
- `--strip-uploads-metadata <Y|N>` - use ExifTool to strip uploads of metadata when possible
|
||||
- `--read-uploads-description <Y|N>` - use ExifTool to read image descriptions from uploads
|
||||
- `--anonymize-uploads <Y|N>` - randomize uploaded filenames
|
||||
- `--dedupe-uploads <Y|N>` - store files based on their hash to reduce data storage requirements if duplicates are uploaded with different filenames
|
||||
- `--skip-release-env` - skip generation the release environment file
|
||||
|
|
|
@ -4,12 +4,12 @@
|
|||
|
||||
1. Stop the Akkoma service.
|
||||
2. Go to the working directory of Akkoma (default is `/opt/akkoma`)
|
||||
3. Run[¹] `sudo -Hu postgres pg_dump -d akkoma --format=custom -f </path/to/backup_location/akkoma.pgdump>` (make sure the postgres user has write access to the destination file)
|
||||
4. Copy `akkoma.pgdump`, `config/prod.secret.exs`[²], `config/setup_db.psql` (if still available) and the `uploads` folder to your backup destination. If you have other modifications, copy those changes too.
|
||||
3. Run `sudo -Hu postgres pg_dump -d akkoma --format=custom -f </path/to/backup_location/akkoma.pgdump>`[¹] (make sure the postgres user has write access to the destination file)
|
||||
4. Copy `akkoma.pgdump`, `config/config.exs`[²], `uploads` folder, and [static directory](../configuration/static_dir.md) to your backup destination. If you have other modifications, copy those changes too.
|
||||
5. Restart the Akkoma service.
|
||||
|
||||
[¹]: We assume the database name is "akkoma". If not, you can find the correct name in your config files.
|
||||
[²]: If you've installed using OTP, you need `config/config.exs` instead of `config/prod.secret.exs`.
|
||||
[¹]: We assume the database name is "akkoma". If not, you can find the correct name in your configuration files.
|
||||
[²]: If you have a from source installation, you need `config/prod.secret.exs` instead of `config/config.exs`. The `config/config.exs` file also exists, but in case of from source installations, it only contains the default values and it is tracked by Git, so you don't need to back it up.
|
||||
|
||||
## Restore/Move
|
||||
|
||||
|
@ -17,19 +17,16 @@
|
|||
2. Stop the Akkoma service.
|
||||
3. Go to the working directory of Akkoma (default is `/opt/akkoma`)
|
||||
4. Copy the above mentioned files back to their original position.
|
||||
5. Drop the existing database and user if restoring in-place[¹]. `sudo -Hu postgres psql -c 'DROP DATABASE akkoma;';` `sudo -Hu postgres psql -c 'DROP USER akkoma;'`
|
||||
6. Restore the database schema and akkoma role using either of the following options
|
||||
* You can use the original `setup_db.psql` if you have it[²]: `sudo -Hu postgres psql -f config/setup_db.psql`.
|
||||
* Or recreate the database and user yourself (replace the password with the one you find in the config file) `sudo -Hu postgres psql -c "CREATE USER akkoma WITH ENCRYPTED PASSWORD '<database-password-wich-you-can-find-in-your-config-file>'; CREATE DATABASE akkoma OWNER akkoma;"`.
|
||||
5. Drop the existing database and user[¹]. `sudo -Hu postgres psql -c 'DROP DATABASE akkoma;';` `sudo -Hu postgres psql -c 'DROP USER akkoma;'`
|
||||
6. Restore the database schema and akkoma role[¹] (replace the password with the one you find in the configuration file), `sudo -Hu postgres psql -c "CREATE USER akkoma WITH ENCRYPTED PASSWORD '<database-password-wich-you-can-find-in-your-configuration-file>';"` `sudo -Hu postgres psql -c "CREATE DATABASE akkoma OWNER akkoma;"`.
|
||||
7. Now restore the Akkoma instance's data into the empty database schema[¹]: `sudo -Hu postgres pg_restore -d akkoma -v -1 </path/to/backup_location/akkoma.pgdump>`
|
||||
8. If you installed a newer Akkoma version, you should run `MIX_ENV=prod mix ecto.migrate`[³]. This task performs database migrations, if there were any.
|
||||
8. If you installed a newer Akkoma version, you should run the database migrations `./bin/pleroma_ctl migrate`[²].
|
||||
9. Restart the Akkoma service.
|
||||
10. Run `sudo -Hu postgres vacuumdb --all --analyze-in-stages`. This will quickly generate the statistics so that postgres can properly plan queries.
|
||||
11. If setting up on a new server configure Nginx by using the `installation/akkoma.nginx` config sample or reference the Akkoma installation guide for your OS which contains the Nginx configuration instructions.
|
||||
11. If setting up on a new server, configure Nginx by using the `installation/nginx/akkoma.nginx` configuration sample or reference the Akkoma installation guide which contains the Nginx configuration instructions.
|
||||
|
||||
[¹]: We assume the database name and user are both "akkoma". If not, you can find the correct name in your config files.
|
||||
[²]: You can recreate the `config/setup_db.psql` by running the `mix pleroma.instance gen` task again. You can ignore most of the questions, but make the database user, name, and password the same as found in your backed up config file. This will also create a new `config/generated_config.exs` file which you may delete as it is not needed.
|
||||
[³]: Prefix with `MIX_ENV=prod` to run it using the production config file.
|
||||
[¹]: We assume the database name and user are both "akkoma". If not, you can find the correct name in your configuration files.
|
||||
[²]: If you have a from source installation, the command is `MIX_ENV=prod mix ecto.migrate`. Note that we prefix with `MIX_ENV=prod` to use the `config/prod.secret.exs` configuration file.
|
||||
|
||||
## Remove
|
||||
|
||||
|
|
|
@ -1,12 +1,15 @@
|
|||
# Akkoma Clients
|
||||
Note: Additional clients may work, but these are known to work with Akkoma.
|
||||
Apps listed here might not support all of Akkoma's features.
|
||||
This is a list of clients that are known to work with Akkoma.
|
||||
|
||||
!!! warning
|
||||
**Clients listed here are not officially supported by the Akkoma project.**
|
||||
Some Akkoma features may be unsupported by these clients.
|
||||
|
||||
## Multiplatform
|
||||
### Kaiteki
|
||||
- Homepage: <https://kaiteki.app/>
|
||||
- Source Code: <https://github.com/Kaiteki-Fedi/Kaiteki>
|
||||
- Contact: [@kaiteki@fedi.software](https://fedi.software/@Kaiteki)
|
||||
- Contact: [@kaiteki@social.kaiteki.app](https://social.kaiteki.app/@kaiteki)
|
||||
- Platforms: Web, Windows, Linux, Android
|
||||
- Features: MastoAPI, Supports multiple backends
|
||||
|
||||
|
@ -38,12 +41,6 @@ Apps listed here might not support all of Akkoma's features.
|
|||
- Platforms: Android
|
||||
- Features: MastoAPI, No Streaming, Emoji Reactions, Text Formatting, FE Stickers
|
||||
|
||||
### Fedi
|
||||
- Homepage: <https://www.fediapp.com/>
|
||||
- Source Code: Proprietary, but gratis
|
||||
- Platforms: iOS, Android
|
||||
- Features: MastoAPI, Pleroma-specific features like Reactions
|
||||
|
||||
### Tusky
|
||||
- Homepage: <https://tuskyapp.github.io/>
|
||||
- Source Code: <https://github.com/tuskyapp/Tusky>
|
||||
|
@ -51,12 +48,18 @@ Apps listed here might not support all of Akkoma's features.
|
|||
- Platforms: Android
|
||||
- Features: MastoAPI, No Streaming
|
||||
|
||||
### Subway Tooter
|
||||
- Source Code: <https://github.com/tateisu/SubwayTooter/>
|
||||
- Contact: [@SubwayTooter@mastodon.juggler.jp](https://mastodon.juggler.jp/@SubwayTooter)
|
||||
- Platforms: Android
|
||||
- Features: MastoAPI, Editing, Emoji Reactions (including custom emoji)
|
||||
|
||||
## Alternative Web Interfaces
|
||||
### Pinafore
|
||||
- Note: Pinafore is unmaintained (See [the author's original article](https://nolanlawson.com/2023/01/09/retiring-pinafore/) for details)
|
||||
- Homepage: <https://pinafore.social/>
|
||||
- Source Code: <https://github.com/nolanlawson/pinafore>
|
||||
- Contact: [@pinafore@mastodon.technology](https://mastodon.technology/users/pinafore)
|
||||
### Enafore
|
||||
- An actively developed fork of Pinafore with improved Akkoma support
|
||||
- Homepage: <https://enafore.social/>
|
||||
- Source Code: <https://github.com/enafore/enafore>
|
||||
- Contact: [@enfore@enafore.social](https://meta.enafore.social/@enafore)
|
||||
- Features: MastoAPI, No Streaming
|
||||
|
||||
### Sengi
|
||||
|
|
|
@ -63,6 +63,8 @@ To add configuration to your config file, you can copy it from the base config.
|
|||
* `local_bubble`: Array of domains representing instances closely related to yours. Used to populate the `bubble` timeline. e.g `["example.com"]`, (default: `[]`)
|
||||
* `languages`: List of Language Codes used by the instance. This is used to try and set a default language from the frontend. It will try and find the first match between the languages set here and the user's browser languages. It will default to the first language in this setting if there is no match.. (default `["en"]`)
|
||||
* `export_prometheus_metrics`: Enable prometheus metrics, served at `/api/v1/akkoma/metrics`, requiring the `admin:metrics` oauth scope.
|
||||
* `privileged_staff`: Set to `true` to give moderators access to a few higher responsibility actions.
|
||||
* `federated_timeline_available`: Set to `false` to remove access to the federated timeline for all users.
|
||||
|
||||
## :database
|
||||
* `improved_hashtag_timeline`: Setting to force toggle / force disable improved hashtags timeline. `:enabled` forces hashtags to be fetched from `hashtags` table for hashtags timeline. `:disabled` forces object-embedded hashtags to be used (slower). Keep it `:auto` for automatic behaviour (it is auto-set to `:enabled` [unless overridden] when HashtagsTableMigrator completes).
|
||||
|
@ -336,7 +338,7 @@ config :pleroma, :frontends,
|
|||
|
||||
* `:primary` - The frontend that will be served at `/`
|
||||
* `:admin` - The frontend that will be served at `/pleroma/admin`
|
||||
* `:swagger` - Config for developers to act as an API reference to be served at `/akkoma/swaggerui/` (trailing slash _needed_). Disabled by default.
|
||||
* `:swagger` - Config for developers to act as an API reference to be served at `/pleroma/swaggerui/` (trailing slash _needed_). Disabled by default.
|
||||
* `:mastodon` - The mastodon-fe configuration. This shouldn't need to be changed. This is served at `/web` when installed.
|
||||
|
||||
### :static\_fe
|
||||
|
@ -602,8 +604,7 @@ the source code is here: [kocaptcha](https://github.com/koto-bank/kocaptcha). Th
|
|||
* `filters`: List of [upload filters](#upload-filters) to use.
|
||||
* `link_name`: When enabled Akkoma will add a `name` parameter to the url of the upload, for example `https://instance.tld/media/corndog.png?name=corndog.png`. This is needed to provide the correct filename in Content-Disposition headers
|
||||
* `base_url`: The base URL to access a user-uploaded file; MUST be configured explicitly.
|
||||
Using a (sub)domain distinct from the instance endpoint is **strongly** recommended.
|
||||
* `proxy_remote`: If you're using a remote uploader, Akkoma will proxy media requests instead of redirecting to it.
|
||||
Using a (sub)domain distinct from the instance endpoint is **strongly** recommended. A good value might be `https://media.myakkoma.instance/media/`.
|
||||
* `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation.
|
||||
* `filename_display_max_length`: Set max length of a filename to display. 0 = no limit. Default: 30.
|
||||
|
||||
|
@ -654,9 +655,17 @@ This filter replaces the declared filename (not the path) of an upload.
|
|||
|
||||
* `text`: Text to replace filenames in links. If empty, `{random}.extension` will be used. You can get the original filename extension by using `{extension}`, for example `custom-file-name.{extension}`.
|
||||
|
||||
#### Pleroma.Upload.Filter.Exiftool
|
||||
#### Pleroma.Upload.Filter.Exiftool.StripMetadata
|
||||
|
||||
This filter only strips the GPS and location metadata with Exiftool leaving color profiles and attributes intact.
|
||||
This filter strips metadata with Exiftool leaving color profiles and orientation intact.
|
||||
|
||||
* `purge`: List of Exiftool tag names or tag group names to purge
|
||||
* `preserve`: List of Exiftool tag names or tag group names to preserve even if they occur in the purge list
|
||||
|
||||
|
||||
#### Pleroma.Upload.Filter.Exiftool.ReadDescription
|
||||
|
||||
This filter reads the ImageDescription and iptc:Caption-Abstract fields with Exiftool so clients can prefill the media description field.
|
||||
|
||||
No specific configuration.
|
||||
|
||||
|
|
|
@ -60,4 +60,4 @@ config :pleroma, :frontends,
|
|||
|
||||
Then run the [pleroma.frontend cli task](../../administration/CLI_tasks/frontend) with the name of `swagger-ui` to install the distribution files.
|
||||
|
||||
You will now be able to view documentation at `/akkoma/swaggerui`
|
||||
You will now be able to view documentation at `/pleroma/swaggerui`
|
||||
|
|
|
@ -6,37 +6,17 @@ With the `mediaproxy` function you can use nginx to cache this content, so users
|
|||
|
||||
## Activate it
|
||||
|
||||
* Edit your nginx config and add the following location to your main server block:
|
||||
```
|
||||
location /proxy {
|
||||
return 404;
|
||||
}
|
||||
```
|
||||
|
||||
* Set up a subdomain for the proxy with its nginx config on the same machine
|
||||
*(the latter is not strictly required, but for simplicity we’ll assume so)*
|
||||
* In this subdomain’s server block add
|
||||
```
|
||||
location /proxy {
|
||||
proxy_cache akkoma_media_cache;
|
||||
proxy_cache_lock on;
|
||||
proxy_pass http://localhost:4000;
|
||||
}
|
||||
```
|
||||
Also add the following on top of the configuration, outside of the `server` block:
|
||||
```
|
||||
proxy_cache_path /tmp/akkoma-media-cache levels=1:2 keys_zone=akkoma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
|
||||
```
|
||||
If you came here from one of the installation guides, take a look at the example configuration `/installation/nginx/akkoma.nginx`, where this part is already included.
|
||||
|
||||
* Edit the nginx config for the upload/MediaProxy subdomain to point to the subdomain that has been set up
|
||||
* Append the following to your `prod.secret.exs` or `dev.secret.exs` (depends on which mode your instance is running):
|
||||
```
|
||||
```elixir
|
||||
# Replace media.example.td with the subdomain you set up earlier
|
||||
config :pleroma, :media_proxy,
|
||||
enabled: true,
|
||||
proxy_opts: [
|
||||
redirect_on_failure: true
|
||||
],
|
||||
base_url: "https://cache.akkoma.social"
|
||||
base_url: "https://media.example.tld"
|
||||
```
|
||||
You **really** should use a subdomain to serve proxied files; while we will fix bugs resulting from this, serving arbitrary remote content on your main domain namespace is a significant attack surface.
|
||||
|
||||
|
|
|
@ -130,59 +130,26 @@ config :pleroma, :http_security,
|
|||
enabled: false
|
||||
```
|
||||
|
||||
Use this as the Nginx config:
|
||||
```
|
||||
proxy_cache_path /tmp/akkoma-media-cache levels=1:2 keys_zone=akkoma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
|
||||
# The above already exists in a clearnet instance's config.
|
||||
# If not, add it.
|
||||
|
||||
server {
|
||||
listen 127.0.0.1:14447;
|
||||
server_name youri2paddress;
|
||||
|
||||
# Comment to enable logs
|
||||
access_log /dev/null;
|
||||
error_log /dev/null;
|
||||
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
|
||||
|
||||
client_max_body_size 16m;
|
||||
|
||||
location / {
|
||||
|
||||
In the Nginx config, add the following into the `location /` block:
|
||||
```nginx
|
||||
add_header X-XSS-Protection "0";
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header X-Frame-Options DENY;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Referrer-Policy same-origin;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $http_host;
|
||||
|
||||
proxy_pass http://localhost:4000;
|
||||
|
||||
client_max_body_size 16m;
|
||||
}
|
||||
|
||||
location /proxy {
|
||||
proxy_cache akkoma_media_cache;
|
||||
proxy_cache_lock on;
|
||||
proxy_ignore_client_abort on;
|
||||
proxy_pass http://localhost:4000;
|
||||
}
|
||||
}
|
||||
```
|
||||
reload Nginx:
|
||||
|
||||
Change the `listen` directive to the following:
|
||||
```nginx
|
||||
listen 127.0.0.1:14447;
|
||||
```
|
||||
systemctl stop i2pd.service --no-block
|
||||
systemctl start i2pd.service
|
||||
|
||||
Set `server_name` to your i2p address.
|
||||
|
||||
Reload Nginx:
|
||||
```
|
||||