fediverse
/
kitsune
mirror of https://github.com/kitsune-soc/kitsune
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use `oranda` for our website (#425) 

* init oranda structure

* switch to non-workspace mode

* generate changelogs from github releases

* port docs to mdbook

* fix opentelemetry docs

* add clacks overhead docs

* fix oidc config

* add other repository
This commit is contained in:
aumetra 2023-11-24 18:37:21 +01:00 committed by GitHub
parent 3c78e75905
commit c97209214c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
25 changed files with 834 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
.github/workflows/web.yml vendored Normal file
View File

@ -0,0 +1,99 @@
# Workflow to build your docs with oranda (and mdbook)
# and deploy them to Github Pages
name: Web
# We're going to push to the gh-pages branch, so we need that permission
permissions:
contents: write
# What situations do we want to build docs in?
# All of these work independently and can be removed / commented out
# if you don't want oranda/mdbook running in that situation
on:
# Check that a PR didn't break docs!
#
# Note that the "Deploy to Github Pages" step won't run in this mode,
# so this won't have any side-effects. But it will tell you if a PR
# completely broke oranda/mdbook. Sadly we don't provide previews (yet)!
pull_request:
# Whenever something gets pushed to main, update the docs!
# This is great for getting docs changes live without cutting a full release.
#
# Note that if you're using cargo-dist, this will "race" the Release workflow
# that actually builds the Github Release that oranda tries to read (and
# this will almost certainly complete first). As a result you will publish
# docs for the latest commit but the oranda landing page won't know about
# the latest release. The workflow_run trigger below will properly wait for
# cargo-dist, and so this half-published state will only last for ~10 minutes.
#
# If you only want docs to update with releases, disable this, or change it to
# a "release" branch. You can, of course, also manually trigger a workflow run
# when you want the docs to update.
push:
branches:
- main
# Whenever a workflow called "Release" completes, update the docs!
#
# If you're using cargo-dist, this is recommended, as it will ensure that
# oranda always sees the latest release right when it's available. Note
# however that Github's UI is wonky when you use workflow_run, and won't
# show this workflow as part of any commit. You have to go to the "actions"
# tab for your repo to see this one running (the gh-pages deploy will also
# only show up there).
workflow_run:
workflows: [ "Release" ]
types:
- completed
# Alright, let's do it!
jobs:
web:
name: Build and deploy site and docs
runs-on: ubuntu-latest
steps:
# Setup
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: dtolnay/rust-toolchain@stable
- uses: swatinem/rust-cache@v2
# If you use any mdbook plugins, here's the place to install them!
# Install and run oranda (and mdbook)
# This will write all output to ./public/ (including copying mdbook's output to there)
- name: Install and run oranda
run: |
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/oranda/releases/latest/download/oranda-installer.sh | sh
oranda build
- name: Prepare HTML for link checking
# untitaker/hyperlink supports no site prefixes, move entire site into
# a subfolder
run: mkdir /tmp/public/ && cp -R public /tmp/public/oranda
- name: Check HTML for broken internal links
uses: untitaker/hyperlink@0.1.29
with:
args: /tmp/public/
# Deploy to our gh-pages branch (creating it if it doesn't exist)
# the "public" dir that oranda made above will become the root dir
# of this branch.
#
# Note that once the gh-pages branch exists, you must
# go into repo's settings > pages and set "deploy from branch: gh-pages"
# the other defaults work fine.
- name: Deploy to Github Pages
uses: JamesIves/github-pages-deploy-action@v4.4.1
# ONLY if we're on main (so no PRs or feature branches allowed!)
if: ${{ github.ref == 'refs/heads/main' }}
with:
repository-name: "kitsune-soc/kitsune-soc.github.io"
branch: gh-pages
# Gotta tell the action where to find oranda's output
folder: public
token: ${{ secrets.GITHUB_TOKEN }}
single-commit: true

4
.gitignore vendored
View File

@ -1,3 +1,7 @@
# Documentation builds
/dist
/docs/book
# Rust target directories
target
target-analyzer

4
README.md
View File

@ -1,7 +1,11 @@
<div align="center">
<div class="oranda-hide">
# kitsune
</div>
![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/kitsune-soc/kitsune/rust.yml?style=for-the-badge)
[![dependency status](https://deps.rs/repo/github/kitsune-soc/kitsune/status.svg?style=for-the-badge)](https://deps.rs/repo/github/kitsune-soc/kitsune)

6
docs/book.toml Normal file
View File

@ -0,0 +1,6 @@
[book]
authors = ["aumetra"]
language = "en"
multilingual = false
src = "src"
title = "Kitsune documentation"

24
docs/src/SUMMARY.md Normal file
View File

@ -0,0 +1,24 @@
# Summary
- [Introduction](./introduction.md)
- [Running]()
- [Installation](./running/installation.md)
- [Basic configuration](./running/basic-configuration.md)
- [Configuring]()
- [Cache](./configuring/cache.md)
- [Captcha](./configuring/captcha.md)
- [Clacks Overhead](./configuring/clacks-overhead.md)
- [Database](./configuring/database.md)
- [Emailing](./configuring/email.md)
- [Federation filter](./configuring/federation-filter.md)
- [Instance](./configuring/instance.md)
- [Job Scheduler](./configuring/job-scheduler.md)
- [Link embedding](./configuring/link-embedding.md)
- [Messaging](./configuring/messaging.md)
- [OIDC (OpenID Connect)](./configuring/oidc.md)
- [OpenTelemetry](./configuring/opentelemetry.md)
- [Search](./configuring/search.md)
- [Storage](./configuring/storage.md)
- [Specification]()
- [HTTP signatures](./spec/http-signatures.md)
- [Webfinger](./spec/webfinger.md)

34
docs/src/configuring/cache.md Normal file
View File

@ -0,0 +1,34 @@
# Cache
Computing things from scratch can be pretty expensive, that's where caching comes in.
To best fit for your specific setup, Kitsune has multiple caching backends:
## No Cache
```toml
[cache]
type = "none"
```
This is the simplest of all caching modes. It just doesn't cache anything at all and utilises Kitsune's no-op cache.
Pretty much only desirable if you are debugging other caches for invalidation issues (or if you have *heavy* memory constraints and no way to get your hands on a Redis instance).
## In-Memory Cache
```toml
[cache]
type = "in-memory"
```
This tells Kitsune to cache data directly into its memory. The cache is bounded so it doesn't make you run out of memory.
## Redis Cache
```toml
[cache]
type = "redis"
redis-url = "redis://[Your Redis instance]"
```
This tells Kitsune to cache data via expiring keys into the configured Redis instance.
This is the optimal configuration for setups where you have multiple Kitsune nodes running at the same time.

35
docs/src/configuring/captcha.md Normal file
View File

@ -0,0 +1,35 @@
# Captcha
Kitsune offers the ability to require captchas on sign-up to protect your service against spam waves.
We offer different implementations to fit your specific needs
## hCaptcha
The rather well-known [hCaptcha service](https://www.hcaptcha.com/) advertises itself as a more privacy-oriented alternative to Google's reCaptcha.
To use it to protect your instance, add the following to your configuration:
```toml
[captcha]
type = "hcaptcha"
verify-url = "[Verify URL]"
site-key = "[Your site key]"
secret-key = "[Your secret key]"
```
## mCaptcha
[mCaptcha](https://mcaptcha.org/) is a lesser known open-source self-hostable captcha service.
Technically it isn't a "captcha" and more of a "proof-of-work verification system", but it should defend your service against large spam attacks.
To use mCaptcha, add the following to your configuration:
```toml
[captcha]
type = "mcaptcha"
widget-link = "[Widget link]"
site-key = "[Your site key]"
secret-key = "[Your secret key]"
verify-url = "[Verify URL]"
```

24
docs/src/configuring/clacks-overhead.md Normal file
View File

@ -0,0 +1,24 @@
# Clacks Overhead
Clacks Overhead is a non-standard HTTP header used for as something like a silent memorial.
The header is appended to each response via a middleware.
The header looks something like this:
```
X-Clacks-Overhead: GNU [Name 1 here], [Name 2 here]
```
[More info about this header](https://xclacksoverhead.org/home/about)
---
The names for the header can be configured like so:
```toml
[server]
clacks-overhead = [
"Natalie Nguyen",
"John \"Soap\" MacTavish"
]
```

25
docs/src/configuring/database.md Normal file
View File

@ -0,0 +1,25 @@
# Database
Kitsune requires a PostgreSQL installation that it can connect to since we make usage of Postgres-specific features, such as their full-text search.
You can find instructions on creating a database (along with password-protected user) [here](https://medium.com/coding-blocks/creating-user-database-and-adding-access-on-postgresql-8bfcd2f4a91e).
> We supported SQLite in the past (before v0.0.1-pre.1), but the support has been dropped due to a high maintenance burden and rather little expected usage.
## Database URL structure
```
postgres://[Username]:[Password]@[DBMS host]:[Port]/[Database name]
```
### Example URL
```
postgres://database-user:password-here@localhost:5432/db-name-here
```
## Maximum connections
The `max-connections` setting defines how many connections the globally shared connection pool will open to the database server *at maximum*.
What you should set this value to depends on many factors.
> We currently do not report any pool metrics via the Prometheus endpoint. This might be added in the future.

49
docs/src/configuring/email.md Normal file
View File

@ -0,0 +1,49 @@
# Emailing
Configuring an Email server for Kitsune automatically enables account confirmation via Email.
The mailer currently only supports SMTP, no provider-specific REST APIs.
## Example
```toml
[email]
from-address = "kitsunemailer@joinkitsune.org"
host = "your.smtp.host"
username = "admin"
password = "password"
starttls = false
```
There is also an option config you can place in front of "from_address" if your email service provider does not do TLS over 465 and instead uses 587 (STARTTLS).
Here is an example configuration utilizing STARTTLS:
```toml
[email]
from_address = "kitsunemailer@joinkitsune.org"
host = "your.smtp-host.example"
username = "admin"
password = "password"
starttls = true
```
## Parameters
```starttls``` :
By default Kitsune users the port 465 to send mail.
Most service providers use this port, but some (for example Postmark) need to have their TLS usage bootstrapped via STARTTLS over port 587.
```from-address``` :
This is the address Kitsune puts into the `From` field of the Email
```host``` :
This is the domain that your SMTP server is reachable under.
```username, password``` :
The credentials to your SMTP server. Which values to put here vary from provider to provider.

33
docs/src/configuring/federation-filter.md Normal file
View File

@ -0,0 +1,33 @@
# Federation filter
Kitsune has a basic federation filter. It has two main modes of operation:
- Allowlist-based
- Denylist-based
The domain list supports [globbing](https://en.wikipedia.org/wiki/Glob_(programming)), so can, among other things, define wildcard blocks.
## Allowlist
As the name might suggests, this mode allows instance administrators to define a set list of domains the server is allowed to interact with.
Federation attempts from any other server are rejected.
### Configuration example
```toml
[instance.federation-filter]
type = "allow"
domains = ["*.myfriends.com", "cool-instan.ce"]
```
## Denylist
This is the opposite of the allowlist-based federation. In this mode, Kitsune generally accepts federation attempts from any instance *except* the ones defined in the domain list.
### Configuration example
```toml
[instance.federation-filter]
type = "deny"
domains = ["*.badstuff.com", "mean-people.biz"]
```

40
docs/src/configuring/instance.md Normal file
View File

@ -0,0 +1,40 @@
# Instance
Kitsune has a number of configurations that change how your instance works.
```toml
[instance]
name = "Kitsune"
description = "https://www.youtube.com/watch?v=6lnnPnr_0SU"
character-limit = 5000
registrations-open = true
```
## `name`
This changes the name of the instance displayed on the landing page and returned via instance metadata endpoints (such as Mastodon's `/api/v1/instance`).
## `description`
Similar to `name`, this setting adjusts the description on the landing page and the one returned via the metadata endpoints.
> **Note**: This field is interpreted as raw HTML
## `character-limit`
This setting sets the character limit specific to your instance.
## `registrations-open`
Determines whether your instance accepts new users or not. When set to `false`, the registration APIs will return a failure code.
## `webfinger-domain`
This enables you to host your `.well-known/webfinger` resource on your main domain (i.e. `example.com`) and the web UI and inboxes on a subdomain (i.e. `kitsune.example.com`).
The advantage of this configuration is that your handle can be `@me@example.com`, while the account is hosted on `fedi.example.com`.
### Example value
```toml
webfinger-domain = "example.com"
```

25
docs/src/configuring/job-scheduler.md Normal file
View File

@ -0,0 +1,25 @@
# Job Scheduler
Kitsune uses the database to store and retrieve jobs that have to be run.
There are options to tune the job scheduler to your specific needs.
```toml
[job-queue]
redis-url = "redis://localhost"
num-workers = 20
```
## `redis-url`
This option configures the Redis instance that the jobs are put on.
We utilize Redis streams and transactional Lua scripting to ensure no jobs are lost even in the case of a crash.
## `job-workers`
This option configures how many jobs are run concurrently at the same time.
Each job is a lightweight task inside Kitsune's async runtime, so you can raise this well above what you'd raise a thread limit to.
> **Caution**: Each activity delivery is a job, and each of the delivery jobs run multiple connections concurrently.
> Raising this job worker limit too high without also increasing the maximum file descriptors might lead to weird issues.

11
docs/src/configuring/link-embedding.md Normal file
View File

@ -0,0 +1,11 @@
# Link embedding
Kitsune has the ability to show link previews as so-called "embed cards".
We use [Lantern Chat's `embed-service`](https://github.com/Lantern-chat/embed-service/) to provide this functionality.
To use it with Kitsune, run the `embed-service` and add the following configuration to Kitsune's configuration file:
```toml
[embed]
service-url = "[URL to the embed service]"
```

26
docs/src/configuring/messaging.md Normal file
View File

@ -0,0 +1,26 @@
# Messaging
Kitsune uses messaging services to exchange events for cache invalidation, notification delivery, etc.
To offer flexibility and to make self-hosting as easy as possible, we have multiple such backends.
## Redis backend
This is backend you should choose when running multiple nodes in parallel. This then uses Redis' PubSub feature to exchange messages.
### Configuration example
```toml
[messaging]
type = "redis"
redis-url = "redis://localhost:6379"
```
## In-process
This backend is optimal for small self-contained installations. It uses Tokio's broadcast channel internally.
### Configuration example
```toml
[messaging]
type = "in-process"

50
docs/src/configuring/oidc.md Normal file
View File

@ -0,0 +1,50 @@
# OIDC (OpenID Connect)
> This feature is gated behind the `oidc` compile-time feature
OpenID Connect (OIDC) is a technology to provide Single Sign-On (SSO) that it shared across multiple services.
This is useful if you, for example, want to run Kitsune together with a bunch of other services and don't want to maintain multiple logins.
In order to enable OIDC for your Kitsune instance, find the `oidc` parameter inside the `server` configuration section.
Set this parameter to the following value:
```toml
[server.oidc]
server-url = "[Issuer URL]"
client-id = "[Kitsune's Client ID]"
client-secret = "[Kitsune's Client Secret]"
[server.oidc.store]
type = "in-memory" # "in-memory" or "redis"
#url = "redis://localhost" # If the configured type is "redis"
```
## Server URL
This is the URL of the issuer; this setting differs between OIDC solutions. Don't worry, Kitsune won't start up if this value is invalid.
## Client ID and Secret
These values are created on the dashboard of the OIDC solution you are using.
Kitsune needs these to obtain an access token from the OIDC server to do introspection and obtain some information about the user.
## Store
The store is where the login state is stored in temporarily until the sign-in has completed.
### Supported backends
- `in-memory`: The state is stored in an in-memory LRU structure
- `redis`: The state is stored in a Redis instance
If you run multiple nodes, you should use Redis. Otherwise sign-ins can randomly fail.
## Kitsune-specific OIDC requirements
The OIDC server **must** return the following values in the claim:
- `preferred_username`
- `email`
> Keep the preferred username field unique. The username is used to identify the user inside Kitsune's database that's getting registered.
> This might change in the future.

15
docs/src/configuring/opentelemetry.md Normal file
View File

@ -0,0 +1,15 @@
# OpenTelemetry
Kitsune can export its traces and metrics via the OpenTelemetry Protocol (or OTLP, for short).
To push the data to an endpoint, add the following to your configuration:
```toml
[opentelemetry]
# Where Kitsune pushes metrics (eg. Prometheus)
metrics-transport = "http" # "http" or "grpc"
metrics-endpoint = "https://localhost:5050/metrics-endpoint"
# Where Kitsune pushes traces (eg. Jaeger)
tracing-transport = "http" # "http" or "grpc"
tracing-endpoint = "https://localhost:5050/tracing-endpoint"
```

36
docs/src/configuring/search.md Normal file
View File

@ -0,0 +1,36 @@
# Search
Kitsune has a number of search backends, each different from the other, to best fit your specific needs.
We want to give you a brief overview over the available backends.
## No Search
```toml
[search]
type = "none"
```
This completely disables the search on your instance. Finding posts and accounts is now only possible via direct links and handles.
## SQL-based Search
```toml
[search]
type = "sql"
```
This runs searches on your database directly. The quality is actually not too bad and uses automatic language detection to make full-text searches relevant.
## Meilisearch
> You need to compile Kitsune with the `meilisearch` feature flag to enable this feature
```toml
[search]
type = "meilisearch"
instance-url = "[URL of your Meilisearch instance]"
api-key = "[API key to access your Meilisearch instance]"
```
This instructs Kitsune to use [Meilisearch](https://www.meilisearch.com/) as the search engine. Meilisearch provides incredibly fast, high-quality full-text search.
Meilisearch also has a cloud offering, making this the easiest high-quality search to use with Kitsune.

71
docs/src/configuring/storage.md Normal file
View File

@ -0,0 +1,71 @@
# Storage
As a microblogging platform, Kitsune also offers users the ability to attach images, videos, and audio to their posts.
We offer multiple different storage backends to store the attachments to.
> **Note**: You might want to increase the upload limit by tweaking the `max-upload-size` parameter in your configuration; the number is the upload limit in bytes.
> The default set by the example configuration is 5MiB.
## File System
This is recommended for small instances.
Kitsune simply stores the media inside a user-defined directory on the local file system.
In order to enable this, add this to your configuration:
```toml
[storage]
type = "fs"
upload-dir = "path/to/upload/directory"
```
This will then place all the uploads into the specified directory.
## S3-compatible storage
When your user count increases (or your requirements change), you might want to consider using an S3-compatible storage solution to store all your media attachments.
In order to make this happen, add this to your configuration:
```toml
[storage]
type = "s3"
bucket-name = "[Name of your bucket]"
endpoint-url = "[Name of the endpoint]"
region = "[Region of your S3 storage]"
force-path-style = false
access-key = "[Access key]"
secret-access-key = "[Secret access key]"
```
### Bucket Name
This setting is pretty self-explanatory. It's the name of the bucket you created and want your attachments to be put in.
### Endpoint URL
The URL of the S3 endpoint. You can either get this from your storage provider's dashboard or documentation; really depends on the provider.
### Region
The S3 region in which you created the bucket. The value of this might be different from provider to provider.
### Force Path Style
Some S3 storage providers don't support the virtual-hosted request style. If your provider is one of those, set this setting to `true` to instruct Kitsune to use the legacy path style.
### (Secret) Access Key
These keys are given to you when creating your bucket. Make sure you keep these private!
### Notes on "get_object" requests
Currently Kitsune proxies all the S3 accesses, meaning each media access results in a "get object" request.
For example, Cloudflare R2 has a "no egress fee policy" which, due to this implementation detail, doesn't apply to Kitsune.
> This is not final, we might change how S3 uploads are handled
### Migrating from file-system storage to S3
The migration is pretty simple. Upload all the files from your upload directory into the S3 bucket (while preserving the same file hirearchy) and change the configuration.
Kitsune should then serve the files without any problems.

17
docs/src/introduction.md Normal file
View File

@ -0,0 +1,17 @@
# Introduction
Kitsune is a decentralised microblogging platform built on the ActivityPub protocol.
This means that anyone can run their own Kitsune on their own hardware and seamlessly interact with each other.
Of course you can also sign up on an existing instance to try it out, no strings attached.
If you are interested in running your own instance, head over to our installation guide.
## Chat
Feel free to join our chat if you have any problems or if you want to contribute.
We have channels on Matrix and Discord which are bridged with each other, so join whichever you are more comfortable with.
[![Matrix](https://img.shields.io/matrix/kitsune-space:matrix.org?label=Matrix%20chat&style=for-the-badge)](https://matrix.to/#/#kitsune-space:matrix.org)
[![Discord](https://img.shields.io/discord/1118538521423138856?label=Discord%20chat&style=for-the-badge)](https://discord.gg/YGAtX7nfrG)
(The side-panel links to the Matrix room since Matrix is the more open and privacy-respecting solution out of the both)

80
docs/src/running/basic-configuration.md Normal file
View File

@ -0,0 +1,80 @@
# Basic configuration
Kitsune is using the [TOML configuration format](https://toml.io) to configure the main application and the job runner.
The syntax itself is easy to grasp and is essentially and extended INI format.
> The auxiliary services/CLI tools are using environment variables at the moment.
> Note that this might change in the future.
> Example configurations for external programs can be found in `kitsune/contrib`.
> The example config for Kitsune can be found in the root directory titled "config.example.toml", move it wherever you like, and feel free to rename it.
The simplest Kitsune configuration looks like this:
```toml
[cache]
type = "in-memory"
[database]
url = "postgres://localhost/kitsune"
max-connections = 20
[instance]
name = "Kitsune"
description = "https://www.youtube.com/watch?v=6lnnPnr_0SU"
character-limit = 5000
registrations-open = true
[instance.federation-filter]
type = "deny"
domains = []
[job-queue]
redis-url = "redis://localhost"
num-workers = 20
[messaging]
type = "in-process"
[server]
frontend-dir = "./kitsune-fe/dist"
max-upload-size = 20242880 # 5MB
media-proxy-enabled = false
port = 5000
request-timeout-secs = 60
[search]
type = "sql"
[storage]
type = "fs"
upload-dir = "./uploads"
[url]
scheme = "https"
domain = "kitsune.example.com"
```
To successfully deploy the application, make sure you **at least** change the following sections to your own:
- `domain`
- Domain of your instance. Used to build the URLs of your activities.
- This is a *very important* setting and **cannot** be changed after the first setup.
- `database`
- Specifically the `url` parameter. Refer to [database section](../configuring/database) page for the expected format.
- `job-queue`
- Specifically the `redis-url` parameter. Refer to the [job scheduler](../configuring/job-scheduler) page for the expected format.
To run the application use the following command:
```bash
./kitsune -c [path-to-config-file]
```
In order to read up on all the possible configurations, check out the "Configuration" section.

65
docs/src/running/installation.md Normal file
View File

@ -0,0 +1,65 @@
# Installation
At the moment, the only way to install Kitsune is to compile it from source.
Don't worry, that sounds way more scary than it actually is. In this guide we will step you through it.
## Dependencies
In order to build Kitsune, need a few dependencies. These are:
1. The Rust toolchain ([recommended installation](https://rustup.rs/))
2. PostgreSQL as a dedicated DBMS
3. Redis for the job queue
4. [NodeJS](https://nodejs.org/en) v16+
5. [Yarn](https://classic.yarnpkg.com/en/docs/install)
6. Reverse Proxy (recommended: [Caddy](https://caddyserver.com/docs/install))
Yes, that's really it. We don't need more. Kitsune is designed to use as few native dependencies as possible to make building from source easy!
### Note on C/C++ compiler requirement
Rust needs a C/C++ compiler to invoke the linker and potentially build some native libraries to statically link to, so make sure you have one installed.
To install it under Debian and Ubuntu, run the following command:
```bash
sudo apt install build-essential
```
The name of the package(s) containing these tools might differ between distributions.
## Building
First, grab yourself a copy of the source code. You can either download the [main branch ZIP archive](https://github.com/kitsune-soc/kitsune/archive/refs/heads/main.zip) or clone it via Git. Both ways will work just fine.
> The recommended way to download the source is via Git since it makes updating and doing a rollback way easier.
To download a Git repository, just run the following command (this assumes you have [Git](https://git-scm.com/) installed):
```bash
git clone https://github.com/kitsune-soc/kitsune.git
```
> If you downloaded the ZIP, just unzip the archive
Next, move into the newly created directory and then into the `kitsune-fe` directory and build the frontend.
To do this run:
```bash
yarn install && yarn build
```
Now move out of the directory and back into the main one. Then build the binaries in release mode.
To do this run the following command:
```bash
cargo build --release
```
After the command finished there should be the following three binaries inside the `target/release` directory:
- `kitsune`: The main Kitsune application. This is the heart of the whole application.
- `kitsune-cli`: The Kitsune CLI utility. Used to give users roles and clear the job scheduler table.
- `kitsune-job-runner`: The dedicated Kitsune job runner
That's it for the building part but before we can actually run our instance, we need to configure it first.

19
docs/src/spec/http-signatures.md Normal file
View File

@ -0,0 +1,19 @@
# HTTP signatures
HTTP signatures are used by Kitsune to validate that the Activity/Object actually originates from the user it claims to.
We implement a subset of [`draft-cavage-http-signatures-12`](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12) to do this.
Only asymmetric cryptographic algorithms are implemented since the symmetric ones:
1. Could lead to potential key-confusion attacks
2. Aren't useful in the context of ActivityPub
We make use of the `keyId` field by looking up the public key material via this ID. The ID is sourced from the ActivityPub actor.
The signature scheme used is inferred by the OID embedded in the public key material. The material is expected to be an X.509 SPKI structure.
At the moment, Kitsune uses RSA keys but has support for implementations that use Ed25519 for signatures.
> We use RSA because Mastodon doesn't support anything else. So if you want compatibility with Mastodon, you have to use RSA.
> As soon as a mainline Mastodon release gets support for Ed25519 signatures, we will release an update that allows to rekey all the users.
But if you are happy to just federate with Kitsune users, you can use Ed25519!

21
docs/src/spec/webfinger.md Normal file
View File

@ -0,0 +1,21 @@
# Webfinger
Kitsune uses Webfinger for resolving mentions and such. For example, when mentioning a user in a post in the form `@user@instance.org`, the mention is interpreted as a Webfinger `acct` query.
We then connect to the remote server and send an HTTP GET request on the path `/.well-known/webfinger` with the query parameter `resource` set to `acct:user@instance.org`.
The server is then expected to return a Webfinger resource containing a link with the `rel` property set to `self` and the `href` attribute pointing to the ActivityPub actor.
Example Webfinger resource:
```json
{
"subject": "acct:user@instance.org",
"aliases": [],
"links": [
{
"rel": "self",
"href": "https://instance.org/users/user"
}
]
}
```

21
oranda.json Normal file
View File

@ -0,0 +1,21 @@
{
"build": {
"dist_dir": "dist"
},
"components": {
"artifacts": {
"cargo_dist": true
},
"changelog": {
"read_changelog_file": false
}
},
"project": {
"name": "Kitsune",
"license": "MIT",
"repository": "https://github.com/kitsune-soc/kitsune"
},
"styles": {
"theme": "hacker"
}
}