From 5536438bed1da66e233e7fffef82c185a82b9e72 Mon Sep 17 00:00:00 2001 From: Jeff Moe Date: Mon, 24 Apr 2023 10:44:18 -0600 Subject: [PATCH] Split BLOCKS into separate doc --- BLOCKS.md | 207 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 206 +---------------------------------------------------- 2 files changed, 210 insertions(+), 203 deletions(-) create mode 100644 BLOCKS.md diff --git a/BLOCKS.md b/BLOCKS.md new file mode 100644 index 0000000..ad4108c --- /dev/null +++ b/BLOCKS.md @@ -0,0 +1,207 @@ +# Le Spam +There are some on the Internet that like to spam and attack Mastodon nodes. +Often, this is related to political attacks, but it will run the gamut of +the weirdness on Earth. + +Groups of moderators are created, some working together, to allow them +to shape their server as they like. + +## Rapidblock +Rapidblock is software that allows Mastodon nodes to block unwanted servers +more easily. It helps put the community back in charge of their own server. +Or that's at least the goal, as far as I can tell. I am not the author +of it. It is also in very early development, but is mature enough to try +out, if you're familiar with server administration. + +* https://rapidblock.org/ + +* https://github.com/rapidblock-org/rapidblock + +If you are running a `.deb` APT based distro, it may work for you to install +it thusly (if you don't mind running shell scripts unseen--insecure...). + +``` +curl -s https://apt.rapidblock.org/install.sh | sudo bash +``` + +If you want to go right into the repo and grab a `.deb`, they are here: + +* https://apt.rapidblock.org/pool/main/r/rapidblock/ + +Note, there are packages for both amd64 (x86) and arm64. +Those builds don't install on Debian Bullseye (11/stable) though, +because they use zstd compression, which Bullseye APT `dpkg-deb` +doesn't support. + +If you want to build it by hand, here's a +q uick & dirty build for Debian Bullseye (11/stable). + +To build, a newer `go` compiler is needed than ships in the +main Bullseye repo. It is in the Bullseye backports repo. + +Edit `/etc/apt/sources.list` and make sure it has a line like this: +``` +deb http://mirrors.kernel.org/debian bullseye-backports main +``` + +``` +sudo apt update +sudo apt install -t bullseye-backports golang-go +git clone https://github.com/rapidblock-org/rapidblock +cd rapidblock +go install +go build +``` + +That should build a binary `rapidblock`. +To confirm it works, run: + +``` +$ ./rapidblock --help +unknown option: --help +Usage: rapidblock [-tV] [-A value] [-c value] [-d value] [-D value] [-k value] [-m value] [-p value] [-s value] [-S value] [-x value] + -A, --account-data-file=value + [prepare-data] path to the groups.io cookies and database + column mappings + -c, --csv-file=value + [export-csv] path to the CSV file to create + -d, --data-file=value + [prepare-data, export-csv,sign, verify, apply] path to the + JSON file to create, export from, sign, verify, or apply + -D, --database-url=value + [apply] PostgreSQL database URL to connect to + -k, --private-key-file=value + [generate-key, sign] path to the base-64 Ed25519 private key + file to sign with + -m, --mode=value select mode of operation: prepare-data, + export-csv,generate-key, sign, verify, apply + -p, --public-key-file=value + [generate-key, sign, verify] path to the base-64 Ed25519 + public key file to verify with + -s, --signature-file=value + [sign, verify] path to the base-64 Ed25519 signature file to + create or verify + -S, --source-id=value + [prepare-data] ID of the Google Sheet spreadsheet to pull + data from + -t, --text [sign, verify] perform newline canonicalization, under the + assumption that --data-file is text + -V, --version show version information and exit + -x, --software=value + [apply] select which server software is in use: + mastodon-4.x, mastodon-3.x +``` + +Following the same setup as upstream used in their Debian package, we can +manually copy files into place: + +``` +sudo mkdir -p /opt/rapidblock/share + +sudo mkdir -p /opt/rapidblock/scripts + +sudo mkdir -p /opt/rapidblock/bin + +sudo cp dist/cron.crontab /etc/cron.d/rapidblock + +sudo cp dist/cron.default /etc/default/rapidblock + +sudo cp dist/cron.sh /opt/rapidblock/scripts/cron.sh + +sudo cp dist/rapidblock_dot_org.pub /opt/rapidblock/share/rapidblock-dot-org.pub + +sudo cp rapidblock /opt/rapidblock/bin/rapidblock +``` + +This has to be run as the `postgres` user. + +``` +sudo su - postgres + +curl -o /tmp/blocklist.json https://rapidblock.org/blocklist.json + +rapidblock \ + --software=mastodon-4.x \ + --mode=apply \ + --data-file=/tmp/blocklist.json \ + --database-url="postgresql:///mastodon_production" +``` + +Note the database name `mastodon_production` was default for Mastodon +install, but you may have another name. + +Running it may give output similar to this: + +``` +added 166 new block(s) +``` + +Perhaps also: + +``` +# Maybe for convenience ? XXX +sudo ln -s /opt/rapidblock/bin/rapidblock /usr/local/bin + +# Need to find this file ? Not in repo. Downloaded? +#sudo cp XXX opt/rapidblock/share/rapidblock.intoto.jsonl +``` + +I tried this to get an initial blocklist imported. +The import appeared to work, and I can see it in the +logs, but I don't see the actual list of blocked domains +in the admin interface. + + +To get it working with cron, this file will likely need to be edited: + +``` +sudo $EDITOR /etc/default/rapidblock +``` + +Then change this line: + +``` + "mastodon-4.x|postgresql:///mastodon?host=/run/postgresql&port=5433" \ +``` + +To something like this: + +``` + "mastodon-4.x|postgresql:///mastodon_production" \ +``` + +Issues with Rapidblock: + +* Uses proprietary github. +* Uses proprietary google sheets. +* Uses proprietary groups.io. + + +## Oliphant +Oliphant also has a block list. Overview: + +* https://github.com/sgrigson/oliphant + +Raw block list: + +* https://raw.githubusercontent.com/sgrigson/oliphant/main/blocked_domains.csv + +Another nice resource from Oliphant: + +* https://writer.oliphant.social/oliphant/mastodon-handy-links-page + + +## More Block Tools +See: + +* https://github.com/ineffyble/mastodon-block-tools + + +# Copyright +Unofficial project, not part of official Mastodon software or +website. Upstream sources under their respective copyrights. + +License: CC By SA 4.0 International and/or GPLv3+ at your discretion. + +*Copyright © 2023, Jeff Moe.* + diff --git a/README.md b/README.md index 508e926..3f5f131 100644 --- a/README.md +++ b/README.md @@ -17,208 +17,8 @@ This present repo is for small notes and scripts for maintaining my instance. https://spacecruft.org/deepcrayon/mastodon -# Le Spam -There are some on the Internet that like to spam and attack Mastodon nodes. -Often, this is related to political attacks, but it will run the gamut of -the weirdness on Earth. - -Groups of moderators are created, some working together, to allow them -to shape their server as they like. - -## Rapidblock -Rapidblock is software that allows Mastodon nodes to block unwanted servers -more easily. It helps put the community back in charge of their own server. -Or that's at least the goal, as far as I can tell. I am not the author -of it. It is also in very early development, but is mature enough to try -out, if you're familiar with server administration. - -* https://rapidblock.org/ - -* https://github.com/rapidblock-org/rapidblock - -If you are running a `.deb` APT based distro, it may work for you to install -it thusly (if you don't mind running shell scripts unseen--insecure...). - -``` -curl -s https://apt.rapidblock.org/install.sh | sudo bash -``` - -If you want to go right into the repo and grab a `.deb`, they are here: - -* https://apt.rapidblock.org/pool/main/r/rapidblock/ - -Note, there are packages for both amd64 (x86) and arm64. -Those builds don't install on Debian Bullseye (11/stable) though, -because they use zstd compression, which Bullseye APT `dpkg-deb` -doesn't support. - -If you want to build it by hand, here's a -q uick & dirty build for Debian Bullseye (11/stable). - -To build, a newer `go` compiler is needed than ships in the -main Bullseye repo. It is in the Bullseye backports repo. - -Edit `/etc/apt/sources.list` and make sure it has a line like this: -``` -deb http://mirrors.kernel.org/debian bullseye-backports main -``` - -``` -sudo apt update -sudo apt install -t bullseye-backports golang-go -git clone https://github.com/rapidblock-org/rapidblock -cd rapidblock -go install -go build -``` - -That should build a binary `rapidblock`. -To confirm it works, run: - -``` -$ ./rapidblock --help -unknown option: --help -Usage: rapidblock [-tV] [-A value] [-c value] [-d value] [-D value] [-k value] [-m value] [-p value] [-s value] [-S value] [-x value] - -A, --account-data-file=value - [prepare-data] path to the groups.io cookies and database - column mappings - -c, --csv-file=value - [export-csv] path to the CSV file to create - -d, --data-file=value - [prepare-data, export-csv,sign, verify, apply] path to the - JSON file to create, export from, sign, verify, or apply - -D, --database-url=value - [apply] PostgreSQL database URL to connect to - -k, --private-key-file=value - [generate-key, sign] path to the base-64 Ed25519 private key - file to sign with - -m, --mode=value select mode of operation: prepare-data, - export-csv,generate-key, sign, verify, apply - -p, --public-key-file=value - [generate-key, sign, verify] path to the base-64 Ed25519 - public key file to verify with - -s, --signature-file=value - [sign, verify] path to the base-64 Ed25519 signature file to - create or verify - -S, --source-id=value - [prepare-data] ID of the Google Sheet spreadsheet to pull - data from - -t, --text [sign, verify] perform newline canonicalization, under the - assumption that --data-file is text - -V, --version show version information and exit - -x, --software=value - [apply] select which server software is in use: - mastodon-4.x, mastodon-3.x -``` - -Following the same setup as upstream used in their Debian package, we can -manually copy files into place: - -``` -sudo mkdir -p /opt/rapidblock/share - -sudo mkdir -p /opt/rapidblock/scripts - -sudo mkdir -p /opt/rapidblock/bin - -sudo cp dist/cron.crontab /etc/cron.d/rapidblock - -sudo cp dist/cron.default /etc/default/rapidblock - -sudo cp dist/cron.sh /opt/rapidblock/scripts/cron.sh - -sudo cp dist/rapidblock_dot_org.pub /opt/rapidblock/share/rapidblock-dot-org.pub - -sudo cp rapidblock /opt/rapidblock/bin/rapidblock -``` - -This has to be run as the `postgres` user. - -``` -sudo su - postgres - -curl -o /tmp/blocklist.json https://rapidblock.org/blocklist.json - -rapidblock \ - --software=mastodon-4.x \ - --mode=apply \ - --data-file=/tmp/blocklist.json \ - --database-url="postgresql:///mastodon_production" -``` - -Note the database name `mastodon_production` was default for Mastodon -install, but you may have another name. - -Running it may give output similar to this: - -``` -added 166 new block(s) -``` - -Perhaps also: - -``` -# Maybe for convenience ? XXX -sudo ln -s /opt/rapidblock/bin/rapidblock /usr/local/bin - -# Need to find this file ? Not in repo. Downloaded? -#sudo cp XXX opt/rapidblock/share/rapidblock.intoto.jsonl -``` - -I tried this to get an initial blocklist imported. -The import appeared to work, and I can see it in the -logs, but I don't see the actual list of blocked domains -in the admin interface. - - -To get it working with cron, this file will likely need to be edited: - -``` -sudo $EDITOR /etc/default/rapidblock -``` - -Then change this line: - -``` - "mastodon-4.x|postgresql:///mastodon?host=/run/postgresql&port=5433" \ -``` - -To something like this: - -``` - "mastodon-4.x|postgresql:///mastodon_production" \ -``` - -Issues with Rapidblock: - -* Uses proprietary github. -* Uses proprietary google sheets. -* Uses proprietary groups.io. - - -## Oliphant -Oliphant also has a block list. Overview: - -* https://github.com/sgrigson/oliphant - -Raw block list: - -* https://raw.githubusercontent.com/sgrigson/oliphant/main/blocked_domains.csv - -Another nice resource from Oliphant: - -* https://writer.oliphant.social/oliphant/mastodon-handy-links-page - - -## More Block Tools -See: - -* https://github.com/ineffyble/mastodon-block-tools - - -# Disclaimer -I have only been running a Mastodon server for a week, and am just -figuring out how it works as I go. +# Blocks +See `BLOCKS.md` for info about server blocks. # Copyright @@ -227,5 +27,5 @@ website. Upstream sources under their respective copyrights. License: CC By SA 4.0 International and/or GPLv3+ at your discretion. -*Copyright © 2022, Jeff Moe.* +*Copyright © 2023, Jeff Moe.*