Installation

READ THE INSTRUCTIONS FULLY

I will not provide any support if you gloss over sections that specifically tell you how to do something.

THIS IS NOT FOR PRODUCTION

If you plan to run this seriously and care about your data, it's recommended that you pull your database and migrate to a full bare metal installation. There is no inherent issues with using a AIO install but this was designed to be a quick and easy "i want to test and see if i want to use this" type of install.

Prerequisites

• Docker and Docker Compose Plugin (Ubuntu, Mac, Windows)
• Git (Preinstalled on Linux and Mac, Windows)
• 4 Cores
  • i5-ish CPU Suggested, anything below is really the limits as your are running a database
• 4 GB RAM MINIMUM
• About an hour of your time
• Make sure your Discord client is in Developer Mode to be able to Copy IDs: User Settings > Advanced > Developer Mode
  
• Notepad Application

1. Create a new notepad document and paste this to keep track of the generated infomation:

AuthWare OAuth2 Client ID     : 
AuthWare OAuth2 Client Secret : 
AuthWare Bot Token            : 
Framwwork Client ID           : 
Framework Bot Token           : 
Home Server ID                : 

DOCKER DESKTOP USERS NOTICE

Docker Desktop sets limits on disk usage and you must increase the "Disk Image Size" to a larger size.

• When uploading large amounts of large files to the FileWorker it can flood the MQ and cause the system to run out of storage and possibly corrupt the volume
  • If the volume becomes corrupted you will need to delete the volume docker volume rm sequenzia-compose_mq_data

Setup a new Discord Server

This will guide you on how to create a new server based on the included template

Best Practices

Create a new discord account that will be the owner of the Bots and Storage Servers

• This keeps them out of your server list and enforces restrictions on the visible channels
• Prevents data loss in the event someone could gains access to your account
• There is a built in Elevation commands in AuthWare to get permissions to see the data when you need it

Create your first data storage server, This is where the actual data will be stored. You can create additional servers later for organization.

Explanation

- Data Storage servers should be separate from end users for privacy and security reason
- Community members and administrators that are not actual sequenzia server administrators should NEVER have access to data storage servers.
- There is very little administration that can be done outside of Sequenzia due to the sheer amount of data that can add up and become burred into the channels.
- End users with modified Discord clients are able to snoop on the contents of a server without having permissions or access to channels if they are members
- There should always be a "Home Server" that all logging and commands will occur in, this first server should be it
- Users that will login and access Sequenzia will be in a separate "AuthWare Enabled" server.
- You do not have to but if you want to add other users its easier to just add roles in a existing community
- To start your first servers will have AuthWare enabled, please disable it after you have setup AuthWare on a server.

It is not suggested that you use an existing server if this is your first time and are new to the structure of JuneFS. You can later add an exiting server by manually setting the records in the database and creating the required roles. (Not newby stuff)

• Create a new Discord server based on this Server Template
  

1. Add a image to your server, If you want to use the default there is Sequenzia Logo or Datastore Logo
2. Set a name for your server
3. Give your user account in the server the following permissions (All except the Engine(s), Data Reader, and Modules)

Once done, DO NOT change anything until you have completed the initialization.

Roles

System Roles
These roles must be there and should not be removed for any reason

• 🔐 Security Engine
  • Used by the AuthWare bot and should only contain the authentication framework
• ⚡ System Engine
  • Used by the System Framework bot and should only contain the system framework
• 🔓 Admin Mode
  • Used by AuthWare, this is assigned to you when you run auth sudo command to elevate and is removed by auth sudo exit
  • The point is to hide and restrict channels that contain data when your not running as a admin
  • You can setup 2FA with auth 2fa setup and then use auth sudo 00000 to elevate (00000 being the code provided by your app)
• 🧰 Server Manager
  • This is assigned to any administrator of the system
  • This enabled you to send commands and elevate your account
• 🔍 Content Manager
  • This is assigned to members that should be able to moderate content
  • This also enable ability to make administrative commands from the console in the home server
• 🔑 Sequenzia Access
  • This is assigned to members that should be allowed to login to sequenzia
  • Just giving someone read roles does not allow login

Special Roles
These are reserved roles and are not required but are still used

• 📀 Data Reader
  • This is a "read-only" permission that can be used by other bots that only need to read the contents of the server
• 🧱 Modules
  • This is a "read and write" permission that can be used for other bots, by default it only allows access to the console and such but you can assign it to channels as needed

Names Roles
Used to assign virtual persimmons to groups of channels in Sequenzia, See later in the guide. You should follow this system when creating new roles.

• 🎫 Name
  • Read
• 📥 Name
  • Write
• 🔨 Name
  • Manage

Permissions
These permissions should be set for any parent/channel, Best practice is to set up parents so children do the correct permissions

System Engine

• General
  • View Channels
  • Manage Channels
• Membership
  • Send Messages
  • Send Messages in Threads
  • Create Public/Private Threads
  • Embed Links
  • Attach Files
  • Add Reactions
  • Manage Messages
  • Manage Threads
  • Read Message History
• Voice
  • Connect
  • Speak

Admin Mode

• General
  • View Channels
  • Manage Channels
• Membership
  • Add Reactions
  • Manage Messages
  • Manage Threads
  • Read Message History

Data Reader

• General
  • View Channels
• Membership
  • Read Message History
• Voice
  • Connect

Create the AuthWare application

Important Notes

• You can add this bot to any any existing server as long as you create the required roles
• New servers must be registered with the database manually
• Each AuthWare Server should each have similar Roles like bellow
  • Framework - Bot Role that contains the AuthWare and Sequenzia Bots
  • Admin Mode - Elevated User Status for Administration Tasks (For Elevation Feature) - Required for Data Storage Servers
  • Manager - Elevate to Administrator Mode, and other admin functions - Required for Data Storage Servers
  • Access - Allowed to Login - REQUIRED
    • The named permissions that you would like to assign
    • "Some Permission" Read - Read/View a group of channels
    • "Some Permission" Write - Upload to a group of channels
    • "Some Permission" Manage - Move/Delete from a group of channels
  • The bot must have permissions above the administrator mode in order to elevation
    • If you do not want the security of elevation then "Admin Mode" but Manager Role is still required

Setup an existing Discord Server for Authentication

Roles
You will want to enable a server that contains members to be AuthWare enabled, this will provision users with server specific authentication with the appropriate roles to access Sequenzia and its contents. If a user is a member of multiple servers, the server priority number is used to know what user data and profile is used. User banners are only used from the server profile, this is a issue with discord's API its self.

System Roles
These roles must be there and should not be removed for any reason, The names should match during the installation time and can be changed AFTER you have added and checked that its working

• 🔐 Security Engine
  • Used by the AuthWare bot and should only contain the authentication framework
• 🔓 Admin Mode
  • Used by AuthWare, this is assigned to you when you run auth sudo command to elevate and is removed by auth sudo exit
  • If you use this then you want to keep your account as a normal user of the server with the manager role so that it can enable and disable as needed
• 🧰 Server Manager
  • This is assigned to any administrator of the system
  • This enabled you to send commands and elevate your account
• 🔍 Content Manager
  • This is assigned to members that should be able to moderate content
• 🔑 Sequenzia Access
  • This is assigned to members that should be allowed to login to sequenzia
  • Just giving someone read roles does not allow login

Names Roles
Used to assign virtual persimmons to groups of channels in Sequenzia. You should follow this system when creating new roles.

• 🎫 Name
  • Read
• 📥 Name
  • Write
• 🔨 Name
  • Manage

Role Permissions
These permissions should be set for the bot

Security Engine

• This should be the highest role in the server
• General
  • Manage Roles

• Go to Discord Application
• Click New Application
  • Set a name, Users will see this when they login
  • Set a image, You can use the AuthWare Logo image for the application
  • Set a description
    • Example: Sequenzia-compatible Single Sign-on Authentication Interface
    • Anything you put here IS PUBLIC and is show in the applications section of a users account

Example Image

• Go to OAuth2
  • Copy the Client ID and Click Reset Secret and Copy the Client Secret to a notepad
  • Add Redirect
    • http://localhost:3000/discord/callback
    • https://localhost/discord/callback
    • For external access, you will need to read the section at the end of the readme
  • Save

Example Image

• Go to Bot
  • Add Bot
  • Click Reset Token and Copy Token to a notepad
  • Disable Public Bot
  • Enable both Privileged Gateway Intents (Presence Intent and Server Members Intent)
    • You are responsible for getting you instance of the Bot verified if you are installing this on more then 100 servers
  • Save

Example Image

• Add the Bot to your Community Servers and Data Server
  • Open a new tab and add the bot to your new data storage server: https://discord.com/oauth2/authorize?client_id=123456789012345678&scope=bot+applications.commands
    
    • Replace 123456789012345678 with your Application ID
      
  • Once Added to the Server, Assign the 🔐 Security Engine Role: Server Settings > Roles > AuthWare > Add Members > Select the Bot
    

Example Image

Create the Framework application

Important Notes

Important Notes

• Do not add this to any community servers, The Framework bot should only be installed in storage servers
• It's important that you secure your account and access to the bot token.

• Go to Discord Application
• Click New Application
  • Set a name, Users will see this when they login
  • Set a image, You can use the System Logo image for the application
  • Set a description
• Go to Bot
  • Add Bot
  • Click Reset Token and Copy Token to a notepad
  • Disable Public Bot
  • Enable all 3 Privileged Gateway Intents (Presence Intent, Server Members Intent and Message Content Intent)
    • You are responsible for getting you instance of the Bot verified if you are installing this on more then 100 servers

Example Image

• Add the Bot to your new Discord Server (Not the community servers)
  • Open a new tab and add the bot to your new data storage server: https://discord.com/oauth2/authorize?client_id=123456789012345678&scope=bot+applications.commands
    
    • Replace 123456789012345678 with your Application ID
      
  • Once Added to the Server, Assign the ⚡ System Engine Role: Server Settings > Roles > Framework > Add Members > Select the Bot
    

Example Image

Download the Compose Scripts

cd ~/
git clone https://github.com/UiharuKazari2008/sequenzia-compose
cd sequenzia-compose
chmod +x sequenzia

or manually download the files:

1. Download this projects files and extract them in a place you will be keeping them. Example: Your Documents folder or your home folder.

• ANYWHERE BUT YOUR DOWNLOADS FOLDER, DO NOT JUST UNZIP IT AND KEEP IT IN YOUR DOWNLOADS FOLDER

2. Open a terminal (or PowerShell) and go to the directory

Create Setup Configuration File

Edit the config file

# Located in common/config/user-config.json
./sequenzia config

{
  "Discord_Key": "The framework bots token",
  "Authware_Key": "The authware bots token",
  "DiscordHomeGuild": "The new discord server ID",
  "discord_id": "The authware bot's OAuth client ID",
  "discord_secret": "The authware bot's OAuth client secret",
  "base_url": "http://localhost:3000",
  "cookie_secret": "DockerKanmi@CHANGETHISDAMNSECRET",
  "enable_impersonation": true,
  "use_secure_cookie": false,
  "site_name": "Sequenzia",
  "company_name": "Academy City Research",
  "company_email": "sequenzia@example.com",
  "disable_esm": true
}

Replace the values with the values you have copied during the above steps:

• Discord_Key - The Framework Bot Token
• Authware_Key - The AuthWare Bot Token
• DiscordHomeGuild - The Newly created discord server's ID (Right Click on the server and click Copy ID)
• discord_id - The AuthWare OAuth Client ID
• discord_secret - The AuthWare OAuth Client Secret
• cookie_secret - Set some random string to salt your cookies Remove enable_impersonation if there is not on your localhost or will be accessable externally
  

Windows users must update the environment file to allow polling mode

# Located in common/config/user-config.env
./sequenzia env

CHOKIDAR_USEPOLLING=true

Initialize the server

# Located in common/config/setup-authware.env
./sequenzia setupaw

Edit the file

SETUP_TYPE='storage'
SETUP_SERVERID='991507209546633236'

• SETUP_TYPE should be set to storage
• SETUP_SERVERID should be your new servers ID
• Make sure to remove the # in front of the 2 bottom lines

Now startup with only the authentication core and wait for AuthWare to show that it has booted correctly

./sequenzia test-core

Once you have successfully setup a server, NEVER run the storage setup against an existing server. All data in the database for that server will be removed

• If you get a error regarding the base image not being available you will need to compile it for your system architecture if your not using AMD64

^ You should see [Discord] Connected successfully to Discord! and the account should match

Once you see AuthWare running (looks like above) you can CTRL+C to stop.

• If you want to add another data server
  • Follow the above steps again with the new server ID
  • Restart AuthWare docker compose restart authware
• If you need to add a authentication only server
  • Follow the "Setup an existing Discord Server for Authentication" in AuthWare section
  • Follow the above steps again with the new server ID
  • Change the setup type: SETUP_TYPE: auth
  • Restart AuthWare docker compose restart authware

Start the Server

./sequenzia certgen
./sequenzia start

to view logs run ./sequenzia logs

Upload your first content

Upload some files and images to your server to ensure that there the FileWorker can access and upload data via the Framework as well and write data to the database.

• Copy images and files to /common/data/upload/Tripcode

• File size does not matter and if its over 8MB the FW will handle the parity

• Wait for files to get onboarded and should show up in the #tripcode channel

Example Image

How FileWorker handles data

• Folder mappings are set as watch_folder in kanmi_channels in the database

1. Files are moved to a temp folder once added and the file is no longer locked by your OS
2. Each file is handles in order arrived
3. Thumbnails are generated, large files are broken up into parity files
4. Files and parts are sent to the Framework over MQ
5. Framework uploads the files to Discord and saves metadata to the database
6. Files can then be accessed via Discord or Sequenzia

Login to Sequenzia

• In a browser go to http://localhost:3000
• Click Login with Discord
  • If you want to bypass authentication use http://localhost:3000/discord/impersonate/YOUR_USER_ID
• Login with your Discord Account

• Application not ready will be show due to the service worker not being ready, You will need a proper certificate to use offline file access and client side file compilation.
  • If you see Application not secure until you are connecting over HTTPS
• You should see the home page with a image in the background
  • If you don't see a image make sure you have uploaded something
  • If you have uploaded content make sure that it actually was uploaded
  • If all else failed repair the database with juzo jfs repair all in #console channel
• Click the Latest Media icon in the quick access bar

• You should now be able to see the content you uploaded, any files you can check with Files button

Upload to Sequenzia via Web

• Open the menu by clicking your profile icon
• Click Upload > Upload Files from the Menu bar
• Choose a location, like Tripcode
• Browser for a files and click Upload
• Now click Gallery or Files depending on if you uploaded a image or file

Accessing via HTTPS

You will need to get a real SSL certificate using Certbot or use a frontend reverse proxy to access Sequenzia via HTTPS

• In a browser go to https://localhost
  • If you get an "NET::ERR_CERT_INVALID" error on Mac OS, You must click "Advanced" and type "thisisunsafe" exactly
• Click Login with Discord
  • If you want to bypass authentication use https://localhost/discord/impersonate/YOUR_USER_ID
• Login with your Discord Account

Accessing from the Internet

Read Remote Access using LANTIS for a simple and secure way to share access or if you have your own setup use Remote Access Configuration for just the required information