jonsmy/hotpocket
Archived
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial public commit

Browse Source
This commit is contained in:
Jon
2022-02-20 14:43:11 +00:00
commit 0f3b5a6bac
17 changed files with 969 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

145
docs/debian_11.md Normal file
View File

@@ -0,0 +1,145 @@
**NOTE:** This is out of date and will need to be updated.
# Debian 11 Install Guide for hotpocket
The following guide is intended for Debian or debian-like (Ubuntu) distributions. Non-debian users may follow this guide as well, but they may need to perform additional steps during setup.
## Dependencies
Hotpocket requires `curl`, `mktemp`, `gpg`, `jq`, and `yq` to run.
`mktemp` should already be available on your system. You can install `curl`, `gpg`, and `jq` from the debian repository
```sh
$ apt install curl gpg jq
```
`curl`, `gpg`, and `jq` should now appear in your environment.
```sh
$ which curl gpg jq
/usr/bin/curl
/usr/bin/gpg
/usr/bin/jq
```
To install `yq`, the `yq` developers suggest you use a an ubuntu ppa. You may also install `yq` through `pip3` by running `pip3 install yq`
```sh
$ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9a2d61f6bb03ced7522b8e7d6657dbe0cc86bb64
$ echo 'http://ppa.launchpad.net/rmescandon/yq/ubuntu focal main' > /etc/apt/sources.list.d/rmescandon-ubuntu-yq-focal.list
```
Running `apt update` should now show the PPA among your sources.
```
$ apt update
Get:1 http://ppa.launchpad.net/rmescandon/yq/ubuntu focal InRelease [18.0 kB]
Hit:2 http://deb.debian.org/debian bullseye InRelease
Hit:3 http://security.debian.org/debian-security bullseye-security InRelease
Hit:4 http://deb.debian.org/debian bullseye-updates InRelease
Get:5 http://ppa.launchpad.net/rmescandon/yq/ubuntu focal/main amd64 Packages [488 B]
Get:6 http://ppa.launchpad.net/rmescandon/yq/ubuntu focal Translation-en [264 B]
Fetched 18.8 kB in 1s (29.1 kB/s)
```
You should now be able to install `yq`.
```sh
$ apt install yq
```
Once installed, `yq` should appear in your environment.
```sh
$ which yq
/usr/bin/yq
```
## Installation
Create a `hotpocket` user, and a `hotpocket-data` group.
```sh
$ groupadd hotpocket-data -r
$ useradd hotpocket -g hotpocket-data -d /etc/hotpocket -s /usr/sbin/nologin -MNr
```
You can check `/etc/passwd` and `/etc/shadow` to make sure that the user is properly configured.
*The UID of the hotpocket user will likely be different*
```sh
$ cat /etc/passwd | grep hotpocket
hotpocket:x:998:998::/etc/hotpocket:/usr/sbin/nologin
$ cat /etc/shadow | grep hotpocket
hotpocket:!:19020::::::
$ groups hotpocket
hotpocket : hotpocket-data
```
Next, create the `hotpocket` directory in `etc`.
```sh
$ mkdir /etc/hotpocket
$ chown root:hotpocket-data /etc/hotpocket
$ chmod 750 /etc/hotpocket
```
Your new directory should look like this:
```sh
$ ls -l /etc | grep hotpocket
drwxr-x--- 2 root hotpocket-data 4096 Jan 28 05:50 hotpocket
```
Next, copy in the supplied `config.yaml`, `secrets.yaml`, and `hotpocket.sh`. You do not need to copy `mkpolicy.sh`, you may store that elsewhere.
```sh
$ cd /etc/hotpocket
$ cp /mnt/hotpocket/*.yaml /mnt/hotpocket/hotpocket.sh .
$ touch keyring.gpg
$ chown root:hotpocket-data *
$ chmod 640 *
$ chmod 650 hotpocket.sh
```
Your file permissions should look like this:
```sh
$ ls -l
drw-r----- 1 root hotpocket-data 218 Jan 28 05:52 config.yaml
drw-r-x--- 1 root hotpocket-data 5671 Jan 28 05:52 hotpocket.sh
drw-r----- 1 root hotpocket-data 0 Jan 28 05:52 keyring.gpg
drw-r----- 1 root hotpocket-data 55 Jan 28 05:52 secrets.yaml
```
Next, we're going to want to change some values in `config.yaml` and `secrets.yaml`.
You'll need to change `base_url`, `synapse_base_url`, and `policy_rooms` to sensible values. Ensure that the `base_url` and `synapse_base_url` do not end with `/`.
You will also need to create a synapse admin account for hotpocket to use, then to fill in the `access_token` in `secrets.yaml`. Do not include the `"Bearer "` prefix!
Once done, you can begin setting up your keyring.
## Keyring setup
Hotpocket requires policies to be signed, hotpocket uses `gpg` to validate any policies it finds in your defined policy rooms.
As the user which owns `keyring.gpg` (root in this case), add Jon's public key to the keyring.
```
$ # The hotpocket archive should include the `jon_at_glowers_club.asc` public key.
$ gpg --no-default-keyring --keyring "$PWD/keyring.gpg" --import /mnt/hotpocket/jon_at_glowers_club.asc
gpg: key 1A4A0CC4CE53281B public key "Jonathan (@jon:glowers.club) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
$ gpg --no-default-keyring --keyring "$PWD/keyring.gpg" --list-keys
./keyring.gpg
-------------
pub rsa4096 2022-01-27 [SC] [expires: 2025-01-11]
5C5E17B334E084FE822007D71A4A0CC4CE53281B
uid [ unknown] Jonathan (@jon:glowers.club) <[email protected]>
sub rsa5096 2022-01-27 [E] [expires: 2025-01-11]
```
At this stage you may also wish to import your own public key, or the public keys of other policy rooms admins.

BIN
docs/hotpocket.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.6 KiB

28
docs/tags.md Normal file
View File

@@ -0,0 +1,28 @@
# Standardized tags
The following tags are defined to better ensure intercompatibility between hotpocket policies deployed by different administrators.
| Tag | Liability | Description
--- | --- | ---
| `csam` | Front Door | Child Sexual Abuse Material. i.e: cp
| `jailbait` | High <sup title="Jailbait comprises of legal images of minors, such as child models, however the collection of such images is highly suspect. Jailbait rooms tend to include users who trade CSAM. At minimum, these rooms are a heavy liability">?</sup> | Suggestive images of minors, not technically `casm` but contextually borderline.
| `beastiality` | High <sup title="See local laws">?</sup> | Pornography with features animals.
| `3d_loli` | High <sup title="Questionably legal in the west. As 3D loli tends to be realistically stylised, it may be illegal to posses. See local laws">?</sup> | 3DCG suggestive or explicit depictions of fictional minors.
| `loli` | Moderate <sup title="Questionably legal in the west. See local laws">?</sup> | Drawn suggestive or explicit depictions of fictional minors.
| `anarchy` | Moderate | Rooms which have no room admins or moderators.
| `irl_porn` | Moderate <sup title="Legal with few exceptions, see local laws.">?</sup> | Pornography which features real people.
| `drawn_porn` | Low | Pornography which depicts fictional characters.
| `gore` | Low | Rooms which exists to host gore.
| `commerical` | Low | Rooms which exist exclusively to promote a specific commerical product or group.
| `spam` | Low | Rooms which exist primarily to host spam content.
## Topics:
These additional tags apply to groups of tags. See `scripts/schema/topics.yaml`
| Topic | Description
--- | ---
| `high_risk_porn` | Similar to `high_risk`, limited to porn.
| `high_risk` | Content which has a high risk to host.
| `porn` | Any kind of pornagraphic content.
| `nsfl` | `gore` + `high_risk`
| `nsfw` | `porn` + `nsfl`