OpenBSD化

Dockerfile

@@ -1,25 +0,0 @@
-FROM nimlang/nim:1.6.10-alpine-regular as nim
-LABEL maintainer="setenforce@protonmail.com"
-
-RUN apk --no-cache add libsass-dev pcre
-
-WORKDIR /src/nitter
-
-COPY nitter.nimble .
-RUN nimble install -y --depsOnly
-
-COPY . .
-RUN nimble build -d:danger -d:lto -d:strip \
-    && nimble scss \
-    && nimble md
-
-FROM alpine:latest
-WORKDIR /src/
-RUN apk --no-cache add pcre ca-certificates
-COPY --from=nim /src/nitter/nitter ./
-COPY --from=nim /src/nitter/nitter.example.conf ./nitter.conf
-COPY --from=nim /src/nitter/public ./public
-EXPOSE 8080
-RUN adduser -h /src/ -D -s /bin/sh nitter
-USER nitter
-CMD ./nitter

Dockerfile.arm64

@@ -1,23 +0,0 @@
-FROM alpine:3.17 as nim
-LABEL maintainer="setenforce@protonmail.com"
-
-RUN apk --no-cache add gcc git libc-dev libsass-dev "nim=1.6.8-r0" nimble pcre
-
-WORKDIR /src/nitter
-
-COPY nitter.nimble .
-RUN nimble install -y --depsOnly
-
-COPY . .
-RUN nimble build -d:danger -d:lto -d:strip \
-    && nimble scss \
-    && nimble md
-
-FROM alpine:3.17
-WORKDIR /src/
-RUN apk --no-cache add ca-certificates pcre openssl1.1-compat
-COPY --from=nim /src/nitter/nitter ./
-COPY --from=nim /src/nitter/nitter.example.conf ./nitter.conf
-COPY --from=nim /src/nitter/public ./public
-EXPOSE 8080
-CMD ./nitter

README.md

@@ -1,7 +1,5 @@
-# Nitter
+# Nitter (OpenBSD)
 
-[![Test Matrix](https://github.com/zedeus/nitter/workflows/Tests/badge.svg)](https://github.com/zedeus/nitter/actions/workflows/run-tests.yml)
-[![Test Matrix](https://github.com/zedeus/nitter/workflows/Docker/badge.svg)](https://github.com/zedeus/nitter/actions/workflows/build-docker.yml)
 [![License](https://img.shields.io/github/license/zedeus/nitter?style=flat)](#license)
 
 A free and open source alternative Twitter front-end focused on privacy and
@@ -96,91 +94,83 @@ $ cd nitter
 $ nimble build -d:release
 $ nimble scss
 $ nimble md
-$ cp nitter.example.conf nitter.conf
+$ mkdir /etc/nitter
+$ cp nitter.example.conf /etc/nitter/nitter.conf
+$ cp nitter /usr/local/bin
 ```
 
 Set your hostname, port, HMAC key, https (must be correct for cookies), and
 Redis info in `nitter.conf`. To run Redis, either run
-`redis-server --daemonize yes`, or `systemctl enable --now redis` (or
+`redis-server --daemonize yes`, or `rcctl enable redis && rcctl start redis` (or
 redis-server depending on the distro). Run Nitter by executing `./nitter` or
-using the systemd service below. You should run Nitter behind a reverse proxy
+using the rc service below. You should run Nitter behind a reverse proxy
 such as [Nginx](https://github.com/zedeus/nitter/wiki/Nginx) or
 [Apache](https://github.com/zedeus/nitter/wiki/Apache) for security and
 performance reasons.
 
-### Docker
 
-Page for the Docker image: https://hub.docker.com/r/zedeus/nitter
+### rc.d
 
-#### NOTE: For ARM64 support, please use the separate ARM64 docker image: [`zedeus/nitter:latest-arm64`](https://hub.docker.com/r/zedeus/nitter/tags).
+To run Nitter via rc you can use this service file:
 
-To run Nitter with Docker, you'll need to install and run Redis separately
-before you can run the container. See below for how to also run Redis using
-Docker.
+```sh
+#!/bin/ksh
 
-To build and run Nitter in Docker:
+daemon="/usr/local/bin/nitter"
 
-```bash
-docker build -t nitter:latest .
-docker run -v $(pwd)/nitter.conf:/src/nitter.conf -d --network host nitter:latest
-```
+. /etc/rc.d/rc.subr
 
-Note: For ARM64, use this Dockerfile: [`Dockerfile.arm64`](https://github.com/zedeus/nitter/blob/master/Dockerfile.arm64).
+rc_bg=YES
 
-A prebuilt Docker image is provided as well:
-
-```bash
-docker run -v $(pwd)/nitter.conf:/src/nitter.conf -d --network host zedeus/nitter:latest
-```
-
-Using docker-compose to run both Nitter and Redis as different containers:
-Change `redisHost` from `localhost` to `nitter-redis` in `nitter.conf`, then run:
-
-```bash
-docker-compose up -d
-```
-
-Note the Docker commands expect a `nitter.conf` file in the directory you run
-them.
-
-### systemd
-
-To run Nitter via systemd you can use this service file:
-
-```ini
-[Unit]
-Description=Nitter (An alternative Twitter front-end)
-After=syslog.target
-After=network.target
-
-[Service]
-Type=simple
-
-# set user and group
-User=nitter
-Group=nitter
-
-# configure location
-WorkingDirectory=/home/nitter/nitter
-ExecStart=/home/nitter/nitter/nitter
-
-Restart=always
-RestartSec=15
-
-[Install]
-WantedBy=multi-user.target
+rc_cmd $1
 ```
 
 Then enable and run the service:
-`systemctl enable --now nitter.service`
+`rcctl enable nitter && rcctl start nitter`
 
-### Logging
+### relayd
+```
+# $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $
+#
+# Macros
+#
+relayd_addr="0.0.0.0"
+insrv3_addr="192.168.10.103"
 
-Nitter currently prints some errors to stdout, and there is no real logging
-implemented. If you're running Nitter with systemd, you can check stdout like
-this: `journalctl -u nitter.service` (add `--follow` to see just the last 15
-lines). If you're running the Docker image, you can do this:
-`docker logs --follow *nitter container id*`
+table <twitter> { $insrv3_addr }
+
+http protocol reverse {
+  tcp { nodelay, sack }
+  tls ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
+  tls keypair "owacon.moe"
+
+  match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
+  match request header append "X-Forwarded-Port" value "$REMOTE_PORT"
+
+  match response header set "X-Frame-Options" value "deny"
+  match response header set "X-XSS-Protection" value "1; mode=block"
+  match response header set "X-Content-Type-Options" value "nosniff"
+  match response header set "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload"
+  match response header set "Permissions-Policy" value "accelerometer=()"
+  match response header set "Cache-Control" value "max-age=86400"
+
+  pass request quick header "Host" value "twitter.owacon.moe" forward to <twitter>
+}
+
+relay www_tls {
+  listen on $relayd_addr port 443 tls
+  protocol reverse
+
+  forward to <twitter> port 8089 check tcp
+}
+
+relay www_http {
+  listen on $relayd_addr port 80
+  protocol reverse
+
+  forward to <twitter> port 8089 check tcp
+}
+```
 
 ## Contact
 

docker-compose.yml

@@ -1,47 +0,0 @@
-version: "3"
-
-services:
-
-  nitter:
-    image: zedeus/nitter:latest
-    container_name: nitter
-    ports:
-      - "127.0.0.1:8080:8080" # Replace with "8080:8080" if you don't use a reverse proxy
-    volumes:
-      - ./nitter.conf:/src/nitter.conf:Z,ro
-    depends_on:
-      - nitter-redis
-    restart: unless-stopped
-    healthcheck:
-      test: wget -nv --tries=1 --spider http://127.0.0.1:8080/Jack/status/20 || exit 1
-      interval: 30s
-      timeout: 5s
-      retries: 2
-    user: "998:998"
-    read_only: true
-    security_opt:
-      - no-new-privileges:true
-    cap_drop:
-      - ALL
-
-  nitter-redis:
-    image: redis:6-alpine
-    container_name: nitter-redis
-    command: redis-server --save 60 1 --loglevel warning
-    volumes:
-      - nitter-redis:/data
-    restart: unless-stopped
-    healthcheck:
-      test: redis-cli ping
-      interval: 30s
-      timeout: 5s
-      retries: 2
-    user: "999:1000"
-    read_only: true
-    security_opt:
-      - no-new-privileges:true
-    cap_drop:
-      - ALL
-
-volumes:
-  nitter-redis:

src/nitter.nim

@@ -15,7 +15,7 @@ import routes/[
 const instancesUrl = "https://github.com/zedeus/nitter/wiki/Instances"
 const issuesUrl = "https://github.com/zedeus/nitter/issues"
 
-let configPath = getEnv("NITTER_CONF_FILE", "./nitter.conf")
+let configPath = getEnv("NITTER_CONF_FILE", "/etc/nitter/nitter.conf")
 let (cfg, fullCfg) = getConfig(configPath)
 
 if not cfg.enableDebug:

src/views/rss.nimf

@@ -83,7 +83,6 @@ Twitter feed for: ${desc}. Generated by ${cfg.hostname}
 #end proc
 #
 #proc renderTimelineRss*(profile: Profile; cfg: Config; multi=false): string =
-#let prefs = Prefs(replaceTwitter: cfg.hostname, replaceYouTube: cfg.replaceYouTube, replaceOdysee: cfg.replaceOdysee, replacePixivA: cfg.replacePixivA, replacePixivU: cfg.replacePixivU, replacePixivB: cfg.replacePixivB, replacePixivI: cfg.replacePixivI, replacePixivM: cfg.replacePixivM, replacePixiv: cfg.replacePixiv)
 #let urlPrefix = getUrlPrefix(cfg)
 #result = ""
 #let handle = (if multi: "" else: "@") & profile.user.username
@@ -114,8 +113,7 @@ ${renderRssTweets(profile.tweets.content, cfg, userId=profile.user.id)}
 </rss>
 #end proc
 #
-#proc renderListRss*(tweets: seq[Tweet]; list: List; cfg: Config): string =
-#let prefs = Prefs(replaceTwitter: cfg.hostname, replaceYouTube: cfg.replaceYouTube, replaceOdysee: cfg.replaceOdysee, replacePixivA: cfg.replacePixivA, replacePixivU: cfg.replacePixivU, replacePixivB: cfg.replacePixivB, replacePixivI: cfg.replacePixivI, replacePixivM: cfg.replacePixivM, replacePixiv: cfg.replacePixiv)
+#proc renderListRss*(tweets: seq[Chain]; list: List; cfg: Config): string =
 #let link = &"{getUrlPrefix(cfg)}/i/lists/{list.id}"
 #result = ""
 <?xml version="1.0" encoding="UTF-8"?>
@@ -132,8 +130,7 @@ ${renderRssTweets(tweets, cfg)}
 </rss>
 #end proc
 #
-#proc renderSearchRss*(tweets: seq[Tweet]; name, param: string; cfg: Config): string =
-#let prefs = Prefs(replaceTwitter: cfg.hostname, replaceYouTube: cfg.replaceYouTube, replaceOdysee: cfg.replaceOdysee, replacePixivA: cfg.replacePixivA, replacePixivU: cfg.replacePixivU, replacePixivB: cfg.replacePixivB, replacePixivI: cfg.replacePixivI, replacePixivM: cfg.replacePixivM, replacePixiv: cfg.replacePixiv)
+#proc renderSearchRss*(tweets: seq[Chain]; name, param: string; cfg: Config): string =
 #let link = &"{getUrlPrefix(cfg)}/search"
 #let escName = xmltree.escape(name)
 #result = ""