/tree - Senary

readme.md

# tap - a tiny activity pub service

tap is a lightweight activity pub service designed for individuals or groups managing one or more public facing accounts. 

## Goals

- a lightweight publishing platform compatible with activity pub
- allow an admin or team to manage of multiple project accounts (e.g. open source software accounts, announcement accounts etc.)
- small code base and static deployment
- basic moderation tools focused on server-server relationship management (i.e. denylists / allowlists)

## Anti-Goals

tap does not intend to be able to be or support any of the following features:

- a drop in replacement for a full-fledged mastodon-esque service
- management of a large number of non/semi trusted users
- ability to view arbitrary remote content
- management of complex trust relationships between users/servers (e.g. limited instances)

## Deployment Instructions

### Web Server Setup

First setup a web server with a hostname, a tls certicate, and forward all traffic to the tap port e.g. for nginx this looks something like:

```
	location /  {
		proxy_pass http://localhost:3009;
	}
```

### Create Account Profiles

In the directory you would like to run your service out of:

`mkdir ./users`
`mkdir ./keys`

`users` contains a set of json encoded files with public user information e.g.:

```
		{"ID":"https://tap.resistant.tech/fuzzbot",
		"Name":"Fuzzbot",
		"UserName":"@fuzzbot",
		"Summary":"<p>Fuzz fuzz fuzz</p>",
		"Icon":"https://tap.resistant.tech/static/fuzzbot.jpg",
		"PublicKey":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTDXJzpkRvJXSo8+HiXJ\nmqnuUE52uxaAMYhhTosL01ICyQoNg1hcmfkMn2ef5vSESECDAowNyMiebmxHqGD1\nGjZSkeMkErz7yXtDkA65ew3ML0jky8e7i1m50psTJpL7JX3tPXWyWvRybiQeyzkx\nK2oDItUa0wVm5Or5fUjTh+tkLgjMgFY9isHVwPRucKHyfvuSsYJOnmS7zvX5xwav\n4fllX7RrPYwL+At11GzP5nWx4NwfZ5Vvm0IdMNd81JMpuQjZD2cy3dv6PveC/5kD\nkfqZZnDTFY5I/lOHFAfhjNl9vJ6iSREZw2SLZshVQ91nyVQnP9zlzQbvJylxTRy1\njwIDAQAB\n-----END PUBLIC KEY-----"}
```


`keys` contains armour encoded private keys for each user in a file names `<username>.key` (without any leading '@'). A key for a user can be produced using something like:

`openssl genrsa -out keys/<username>.key 2048`

And the armoured public key can be obtained using:

`openssl rsa -in keys/<username>.key -outform PEM -pubout -out public.pem`

You will then need to copy the public key to the `users/<user>.json` file. This is probably the most annoying part, in the future it might be nice to provided a script that will prompt the admin for some information about the user and then generate keys etc. automatically.

### Create An Admin User

Create a file called `adminpass` whose contents include a sha256 hash of a strong password e.g.

`echo -n "<password>" |  openssl dgst -binary -sha256 > adminpass`

Place this file in the root tap directory.

### Run the service

Ensuring that the `tap` binary is in your PATH.

Running `tap <hostname> <port>` will start up the service. Alternatively `tap <hostname>` will use the default port.


### Moderation

Tap attempts to load two lists of hosts `allowlist` and `denylist`

If `allowlist` exists then **only** actors verified from hosts listed in this file will be permitted to send messages to the inbox, all other messages will be rejected.

Otherwise, all messages posted to inbox will be permitted, with the exception of posts from actors from hosts on the denylist.