README.rst at master · cookie.ebil.club/0x0

cookie.ebil.club / 0x0
[mirror of https://git.0x0.st/mia/0x0] No-bullshit file hosting and URL shortening service https://0x0.st
0x0 / README.rst
at master 4.9 kB view raw
  1The Null Pointer
  2================
  3
  4This is a no-bullshit file hosting and URL shortening service that also runs
  5`0x0.st <https://0x0.st>`_. Use with uWSGI.
  6
  7Configuration
  8-------------
  9
 10To configure 0x0, copy ``instance/config.example.py`` to ``instance/config.py``, then edit
 11it.   Resonable defaults are set, but there's a couple options you'll need to change
 12before running 0x0 for the first time.
 13
 14By default, the configuration is stored in the Flask instance directory.
 15Normally, this is in `./instance`, but it might be different for your system.
 16For details, see
 17`the Flask documentation <https://flask.palletsprojects.com/en/2.0.x/config/#instance-folders>`_.
 18
 19To customize the home and error pages, simply create a ``templates`` directory
 20in your instance directory and copy any templates you want to modify there.
 21
 22If you are running nginx, you should use the ``X-Accel-Redirect`` header.
 23To make it work, include this in your nginx config’s ``server`` block::
 24
 25    location /up {
 26        internal;
 27    }
 28
 29where ``/up`` is whatever you’ve configured as ``FHOST_STORAGE_PATH``.
 30
 31For all other servers, set ``FHOST_USE_X_ACCEL_REDIRECT`` to ``False`` and
 32``USE_X_SENDFILE`` to ``True``, assuming your server supports this.
 33Otherwise, Flask will serve the file with chunked encoding, which has several
 34downsides, one of them being that range requests will not work. This is a
 35problem for example when streaming media files: It won’t be possible to seek,
 36and some ISOBMFF (MP4) files will not play at all.
 37
 38To make files expire, simply run ``FLASK_APP=fhost flask prune`` every
 39now and then. You can use the provided systemd unit files for this::
 40
 41    0x0-prune.service
 42    0x0-prune.timer
 43
 44Make sure to edit them to match your system configuration. In particular,
 45set the user and paths in ``0x0-prune.service``.
 46
 47Before running the service for the first time and every time you update it
 48from this git repository, run ``FLASK_APP=fhost flask db upgrade``.
 49
 50
 51Moderation UI
 52-------------
 53
 54.. image:: modui.webp
 55  :height: 300
 56
 570x0 features a TUI program for file moderation. With it, you can view a list
 58of uploaded files, as well as extended information on them. It allows you to
 59take actions like removing files temporarily or permanently, as well as
 60blocking IP addresses and associated files.
 61
 62If a sufficiently recent version of python-mpv with libmpv is present and
 63your terminal supports it, you also get graphical file previews, including
 64video playback. Upstream mpv currently supports sixels and the
 65`kitty graphics protocol <https://sw.kovidgoyal.net/kitty/graphics-protocol/>`_.
 66For this to work, set the ``MOD_PREVIEW_PROTO`` option in ``instance/config.py``.
 67
 68Requirements:
 69
 70* `Textual <https://textual.textualize.io/>`_
 71
 72Optional:
 73
 74* `python-mpv <https://github.com/jaseg/python-mpv>`_
 75  (graphical previews)
 76* `PyAV <https://github.com/PyAV-Org/PyAV>`_
 77  (information on multimedia files)
 78* `PyMuPDF <https://github.com/pymupdf/PyMuPDF>`_
 79  (previews and file information for PDF, XPS, EPUB, MOBI and FB2)
 80* `libarchive-c <https://github.com/Changaco/python-libarchive-c>`_
 81  (archive content listing)
 82
 83.. note::
 84    `Mosh <https://mosh.org/>`_ currently does not support sixels or kitty graphics.
 85
 86.. hint::
 87    You may need to set the ``COLORTERM`` environment variable to
 88    ``truecolor``.
 89
 90.. tip::
 91    Using compression with SSH (``-C`` option) can significantly
 92    reduce the bandwidth requirements for graphics.
 93
 94
 95NSFW Detection
 96--------------
 97
 980x0 supports classification of NSFW content via
 99`a machine learning model <https://huggingface.co/giacomoarienti/nsfw-classifier>`_.
100This works for images and video files and requires the following
101Python modules:
102
103* torch
104* transformers
105* pillow
106* `av <https://github.com/PyAV-Org/PyAV>`_
107
108
109Virus Scanning
110--------------
111
1120x0 can scan its files with ClamAV’s daemon. As this can take a long time
113for larger files, this does not happen immediately but instead every time
114you run the ``vscan`` command. It is recommended to configure a systemd
115timer or cronjob to do this periodically. Examples are included::
116
117    0x0-vscan.service
118    0x0-vscan.timer
119
120Remember to adjust your size limits in clamd.conf, including
121``StreamMaxLength``!
122
123This feature requires the `clamd module <https://pypi.org/project/clamd/>`_.
124
125
126Network Security Considerations
127-------------------------------
128
129Keep in mind that 0x0 can fetch files from URLs. This includes your local
130network! You should take precautions so that this feature cannot be abused.
1310x0 does not (yet) have a way to filter remote URLs, but on Linux, you can
132use firewall rules and/or namespaces. This is less error-prone anyway.
133
134For instance, if you are using the excellent `FireHOL <https://firehol.org/>`_,
135it’s very easy to create a group on your system and use it as a condition
136in your firewall rules. You would then run the application server under that
137group.