Baudrate: ActivityPub-enabled Bulletin Board System

About

Baudrate is an ActivityPub-enabled BBS built with Elixir and Phoenix.

Features

• Real-time UI with Phoenix LiveView
• Hierarchical boards -- nested board structure with breadcrumb navigation, sub-board display, per-board role-based access (min_role_to_view, min_role_to_post), and board moderator management
• Guest browsing -- guest-visible boards and articles are accessible without login
• Cross-posted articles -- articles can span multiple boards, with author-controlled forwarding (forwardable toggle) and cross-board forwarding by any user; authors can remove their articles from specific boards
• Threaded comments -- with support for remote replies via ActivityPub
• Role-based access control -- admin, moderator, user, and guest roles with per-board permission levels
• Board moderation -- board moderators can pin/lock threads and delete articles/comments
• TOTP two-factor authentication -- required for admin/moderator, optional for users, with recovery codes
• ActivityPub federation -- federate with Mastodon, Lemmy, and the Fediverse
  • WebFinger and NodeInfo discovery
  • Incoming follows, comments, likes, boosts, updates, deletes, and Flag reports
  • Outbound delivery of articles, deletes, announces, and Flag reports to remote instances
  • DB-backed delivery queue with exponential backoff retry
  • Shared inbox deduplication for efficient delivery
  • HTTP Signature verification and signing, HTML sanitization, SSRF-safe fetches
  • Domain blocklist and allowlist modes for instance-level federation control
  • Federation kill switch and per-board federation toggle
  • Cross-post deduplication for articles arriving via multiple board inboxes
  • Mastodon compatibility: attributedTo arrays, sensitive/summary content warnings, to/cc addressing, <span> tag preservation, article summary and hashtag tags
  • Lemmy compatibility: Page object type, Announce with embedded objects, !board@host WebFinger
• Link previews -- server-side Open Graph / Twitter Card metadata fetching with image proxy for articles, comments, and DMs
• User public profiles -- public profile pages with stats, recent articles, and clickable author names
• Avatar system -- upload, crop, WebP conversion with server-side security
• Flexible registration -- open, approval-required, or invite-only modes with admin-managed invite codes
• Admin dashboard -- site settings, registration mode, pending user approval, federation dashboard, moderation queue, moderation log, invite code management
• Rate limiting on login, TOTP, registration, avatar uploads, and federation endpoints
• Security hardened -- HSTS, CSP, signed + encrypted cookies, TOTP/key encryption at rest
• Notifications -- real-time in-app notifications for replies, mentions, follows, likes, boosts, and moderator actions
• Direct messages -- 1-on-1 conversations with read cursors, mute controls, and federated delivery
• Search -- full-text search across articles and comments with CJK support and search operators
• Polls -- single/multi-choice polls with anonymous voting, expiration, and denormalized counters
• Bookmarks -- bookmark articles and comments for later reference
• Emoji autocomplete -- type :shortcode in any textarea for instant emoji suggestions
• Markdown toolbar -- toolbar with formatting shortcuts for article and comment editing
• RSS/Atom bot accounts -- admin-managed feed bots that periodically fetch RSS 0.9x/2.0, RSS 1.0 (RDF), Atom, and JSON Feed sources and post articles to target boards; configurable fetch interval, per-bot bio and profile fields, automatic favicon avatar fetching, error tracking with exponential backoff, and manual reset-and-retry
• User blocking and muting -- block users to prevent interaction; mute to hide content locally
• Push notifications -- PWA with Web Push support and service worker
• Internationalization -- Gettext with zh_TW and ja_JP locales and Accept-Language auto-detection

Setup

Prerequisites

• Elixir 1.15+
• Erlang/OTP 26+
• PostgreSQL 15+
• libvips (for image processing)
• Rust toolchain (for html5ever and Ammonia NIF compilation)

Installation

# Clone the repository
git clone https://github.com/user/baudrate.git
cd baudrate

# Install dependencies
mix setup

# Generate a self-signed cert for local HTTPS
mix phx.gen.cert

# Start the server
mix phx.server

The app will be available at https://localhost:4001.

On first visit, you will be redirected to /setup to create the initial admin account.

Environment Variables

For production, you will need to configure:

• DATABASE_URL -- PostgreSQL connection string
• SECRET_KEY_BASE -- at least 64 bytes of random data (mix phx.gen.secret)
• PHX_HOST -- your production hostname

Note: Both TOTP secrets and federation private keys are encrypted at rest using keys derived from SECRET_KEY_BASE, so no additional environment variables are needed for encryption.

Documentation

• SysOp Guide — installation, configuration, and maintenance for system operators
• Development Guide — architecture, project structure, and development notes
• AP API Reference — ActivityPub and public API endpoint documentation
• Troubleshooting — common issues and solutions

License

This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).

Acknowledges

Built with these excellent open-source projects:

• Phoenix Framework
• Phoenix LiveView
• Ecto
• Tailwind CSS + DaisyUI
• NimbleTOTP
• Hammer
• Earmark (Markdown rendering)
• Req (HTTP client for federation)
• html5ever (Rust HTML parser NIF for link preview extraction)
• Ammonia (Rust HTML sanitizer)
• feedparser-rs (Rust feed parser NIF for RSS/Atom/JSON Feed)
• Rustler (Rust NIF bindings for Erlang/Elixir)
• regex (Rust regular expressions)