diff --git a/0x0-prune.service b/0x0-prune.service deleted file mode 100644 index b28fb2d..0000000 --- a/0x0-prune.service +++ /dev/null @@ -1,22 +0,0 @@ -[Unit] -Description=Prune 0x0 files -After=remote-fs.target - -[Service] -Type=oneshot -User=nullptr -WorkingDirectory=/path/to/0x0 -BindPaths=/path/to/0x0 - -Environment=FLASK_APP=fhost -ExecStart=/usr/bin/flask prune -ProtectProc=noaccess -ProtectSystem=strict -ProtectHome=tmpfs -PrivateTmp=true -PrivateUsers=true -ProtectKernelLogs=true -LockPersonality=true - -[Install] -WantedBy=multi-user.target diff --git a/0x0-prune.timer b/0x0-prune.timer deleted file mode 100644 index df6a594..0000000 --- a/0x0-prune.timer +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Prune 0x0 files - -[Timer] -OnCalendar=hourly -Persistent=true - -[Install] -WantedBy=timers.target diff --git a/0x0-vscan.service b/0x0-vscan.service deleted file mode 100644 index 6a48b1c..0000000 --- a/0x0-vscan.service +++ /dev/null @@ -1,22 +0,0 @@ -[Unit] -Description=Scan 0x0 files with ClamAV -After=remote-fs.target clamd.service - -[Service] -Type=oneshot -User=nullptr -WorkingDirectory=/path/to/0x0 -BindPaths=/path/to/0x0 - -Environment=FLASK_APP=fhost -ExecStart=/usr/bin/flask vscan -ProtectProc=noaccess -ProtectSystem=strict -ProtectHome=tmpfs -PrivateTmp=true -PrivateUsers=true -ProtectKernelLogs=true -LockPersonality=true - -[Install] -WantedBy=multi-user.target diff --git a/0x0-vscan.timer b/0x0-vscan.timer deleted file mode 100644 index d2c6486..0000000 --- a/0x0-vscan.timer +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Scan 0x0 files with ClamAV - -[Timer] -OnCalendar=hourly -Persistent=true - -[Install] -WantedBy=timers.target diff --git a/0x0.service b/0x0.service deleted file mode 100644 index f67780d..0000000 --- a/0x0.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=The null pointer -Documentation=https://0x0.st - -[Service] -Type=simple -WorkingDirectory=/usr/local/0x0 -ExecStart=/usr/bin/uwsgi --ini app.ini -Restart=on-failure -User=nullptr -Group=nullptr - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/0x0a-prune.crontab b/0x0a-prune.crontab new file mode 100644 index 0000000..270cf0b --- /dev/null +++ b/0x0a-prune.crontab @@ -0,0 +1,2 @@ +FLASK_APP=fhost +* * 15 * * flask prune diff --git a/0x0a-vscan.crontab b/0x0a-vscan.crontab new file mode 100644 index 0000000..71c5a2c --- /dev/null +++ b/0x0a-vscan.crontab @@ -0,0 +1,2 @@ +FLASK_APP=fhost +@hourly flask vscan diff --git a/README.md b/README.md index a2e153c..37dc637 100644 --- a/README.md +++ b/README.md @@ -36,13 +36,10 @@ This is a problem for example when streaming media files: It won't be possible to seek, and some ISOBMFF (MP4) files will not play at all. To make files expire, simply run `FLASK_APP=fhost flask prune` every now -and then. You can use the provided systemd unit files for this: +and then. You can use the provided crontab files for this. - 0x0-prune.service - 0x0-prune.timer - -Make sure to edit them to match your system configuration. In -particular, set the user and paths in `0x0-prune.service`. +Make sure to edit them to match your system configuration, assuming +you have read `crontab(5)` on a sane OS. Before running the service for the first time and every time you update it from this git repository, run `FLASK_APP=fhost flask db upgrade`. @@ -51,7 +48,7 @@ it from this git repository, run `FLASK_APP=fhost flask db upgrade`. ![image](modui.webp){height="300px"} -0x0 features a TUI program for file moderation. With it, you can view a +0x0a features a TUI program for file moderation. With it, you can view a list of uploaded files, as well as extended information on them. It allows you to take actions like removing files temporarily or permanently, as well as blocking IP addresses and associated files. @@ -59,23 +56,22 @@ permanently, as well as blocking IP addresses and associated files. If a sufficiently recent version of python-mpv with libmpv is present and your terminal supports it, you also get graphical file previews, including video playback. Upstream mpv currently supports sixels and the -[kitty graphics -protocol](https://sw.kovidgoyal.net/kitty/graphics-protocol/). For this +[kitty graphics protocol](https://sw.kovidgoyal.net/kitty/graphics-protocol/). For this to work, set the `MOD_PREVIEW_PROTO` option in `instance/config.py`. Requirements: -- [Textual](https://textual.textualize.io/) +* [Textual](https://textual.textualize.io/) Optional: -- [python-mpv](https://github.com/jaseg/python-mpv) (graphical +* [python-mpv](https://github.com/jaseg/python-mpv) (graphical previews) -- [PyAV](https://github.com/PyAV-Org/PyAV) (information on multimedia +* [PyAV](https://github.com/PyAV-Org/PyAV) (information on multimedia files) -- [PyMuPDF](https://github.com/pymupdf/PyMuPDF) (previews and file +* [PyMuPDF](https://github.com/pymupdf/PyMuPDF) (previews and file information for PDF, XPS, EPUB, MOBI and FB2) -- [libarchive-c](https://github.com/Changaco/python-libarchive-c) +* [libarchive-c](https://github.com/Changaco/python-libarchive-c) (archive content listing) ** Note: [Mosh](https://mosh.org/) currently does not support sixels or kitty @@ -90,7 +86,7 @@ bandwidth requirements for graphics. # NSFW Detection -0x0 supports classification of NSFW content via Yahoo's open\_nsfw Caffe +0x0a supports classification of NSFW content via Yahoo's open\_nsfw Caffe neural network model. This works for images and video files and requires the following: @@ -104,8 +100,7 @@ time for larger files, this does not happen immediately but instead every time you run the `vscan` command. It is recommended to configure a systemd timer or cronjob to do this periodically. Examples are included: - 0x0-vscan.service - 0x0-vscan.timer + 0x0a-vscan.crontab Remember to adjust your size limits in clamd.conf, including `StreamMaxLength`! @@ -115,9 +110,9 @@ module](https://pypi.org/project/clamd/). # Network Security Considerations -Keep in mind that 0x0 can fetch files from URLs. This includes your +Keep in mind that 0x0a can fetch files from URLs. This includes your local network! You should take precautions so that this feature cannot -be abused. 0x0 does not (yet) have a way to filter remote URLs, but on +be abused. 0x0a does not (yet) have a way to filter remote URLs, but on Linux, you can use firewall rules and/or namespaces. This is less error-prone anyway.