freedombone-app-pleroma

    PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
    if [ "$PLEROMA_DOMAIN_NAME" ]; then
        echo $"Restoring pleroma"
        temp_restore_dir=/root/temppleroma
        pleroma_dir=$PLEROMA_DIR

        systemctl stop pleroma

        PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
        function_check pleroma_create_database
        pleroma_create_database

        USE_POSTGRESQL=1
        restore_database pleroma
        if [ -d $temp_restore_dir ]; then
            rm -rf $temp_restore_dir
        fi

        function_check restore_directory_from_usb
        restore_directory_from_usb $temp_restore_dir pleroma
        if [ -d $temp_restore_dir ]; then
            chown -R pleroma:pleroma $pleroma_dir
            rm -rf $temp_restore_dir
        fi
        systemctl restart pleroma

        echo $"Restore of pleroma complete"
    fi
}

function backup_remote_pleroma {
    PLEROMA_DOMAIN_NAME='pleroma'
    if grep -q "pleroma domain" "$COMPLETION_FILE"; then
        PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
    fi

    systemctl stop pleroma

    function_check suspend_site
    suspend_site "${PLEROMA_DOMAIN_NAME}"

    source_directory=$PLEROMA_DIR
    dest_directory=pleroma
    backup_directory_to_friend $source_directory $dest_directory

    USE_POSTGRESQL=1
    function_check backup_database_to_friend
    backup_database_to_friend pleroma

    function_check restart_site
    restart_site

    systemctl restart pleroma
}

function restore_remote_pleroma {
    if ! grep -q "pleroma domain" "$COMPLETION_FILE"; then
        return
    fi
    PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
    if [ "$PLEROMA_DOMAIN_NAME" ]; then
        echo $"Restoring pleroma"
        temp_restore_dir=/root/temppleroma
        pleroma_dir=$PLEROMA_DIR

        systemctl stop pleroma

        PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
        function_check pleroma_create_database
        pleroma_create_database

        # shellcheck disable=SC2034
        USE_POSTGRESQL=1
        function_check restore_database_from_friend
        restore_database_from_friend pleroma
        if [ -d $temp_restore_dir ]; then
            rm -rf $temp_restore_dir
        fi

        function_check restore_directory_from_friend
        restore_directory_from_friend $temp_restore_dir pleroma
        if [ -d $temp_restore_dir ]; then
            chown -R pleroma:pleroma $pleroma_dir
            rm -rf $temp_restore_dir
        fi

        systemctl restart pleroma

        echo $"Restore of pleroma complete"
    fi
}

function remove_pleroma {
    if [ ${#PLEROMA_DOMAIN_NAME} -eq 0 ]; then
        return
    fi
    systemctl stop pleroma
    systemctl disable pleroma
    rm /etc/systemd/system/pleroma.service

    userdel pleroma
    #remove_elixir

    function_check remove_nodejs
    remove_nodejs pleroma-backend

    read_config_param "PLEROMA_DOMAIN_NAME"
    read_config_param "MY_USERNAME"
    echo "Removing $PLEROMA_DOMAIN_NAME"
    nginx_dissite "$PLEROMA_DOMAIN_NAME"
    remove_certs "$PLEROMA_DOMAIN_NAME"

    if [ -d "/var/www/$PLEROMA_DOMAIN_NAME" ]; then
        rm -rf "/var/www/$PLEROMA_DOMAIN_NAME"
    fi
    if [ -f "/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME" ]; then
        rm "/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME"
    fi
    if [ -d $PLEROMA_DIR ]; then
        rm -rf $PLEROMA_DIR
    fi
    function_check drop_database_postgresql
    drop_database_postgresql pleroma
    function_check remove_onion_service
    remove_onion_service pleroma ${PLEROMA_ONION_PORT}
    remove_app pleroma
    remove_completion_param install_pleroma
    sed -i '/pleroma domain/d' "$COMPLETION_FILE"
    sed -i '/pleroma commit/d' "$COMPLETION_FILE"
    sed -i "/$blocking_script_file/d" /etc/crontab

    if [ -f /usr/bin/pleroma-blocking ]; then
        rm /usr/bin/pleroma-blocking
    fi

    function_check remove_ddns_domain
    remove_ddns_domain "$PLEROMA_DOMAIN_NAME"
}

function image_install_pleroma {
    if [[ "$SOCIALINSTANCE" != 'pleroma' ]]; then
        return
    fi

    # shellcheck disable=SC2154,SC2086
    chroot "$rootdir" $INSTALL_PACKAGES wget imagemagick

    image_install_elixir
    image_install_postgresql
}

function install_pleroma {
    if [ ! $ONION_ONLY ]; then
        ONION_ONLY='no'
    fi

    $INSTALL_PACKAGES wget imagemagick

    # We need elixir 1.4+ here, so the debian repo package won't do
    install_elixir

    function_check install_nodejs
    install_nodejs pleroma-backend
    install_postgresql

    if [ ! -d "/var/www/${PLEROMA_DOMAIN_NAME}/htdocs" ]; then
        mkdir -p "/var/www/${PLEROMA_DOMAIN_NAME}/htdocs"
    fi
    if [ -d $PLEROMA_DIR ]; then
        rm -rf $PLEROMA_DIR
    fi


    # get the repo
    if [ -f /repos/pleroma/index.html ]; then
        mv /repos/pleroma /repos/pleroma-fe
    fi
    if [ -d /repos/pleroma ]; then
        mkdir -p $PLEROMA_DIR
        cp -r -p /repos/pleroma/. $PLEROMA_DIR
        cd "$PLEROMA_DIR" || exit 834537453
        git pull
    else
        function_check git_clone
        git_clone $PLEROMA_REPO $PLEROMA_DIR
    fi

    if [ ! -d $PLEROMA_DIR ]; then
        echo $'Unable to clone pleroma backend repo'
        exit 783523
    fi


    # create user
    useradd -d $PLEROMA_DIR -s /bin/false pleroma


    # checkout the commit
    cd "$PLEROMA_DIR" || exit 62452428
    git checkout $PLEROMA_COMMIT -b $PLEROMA_COMMIT
    set_completion_param "pleroma commit" "$PLEROMA_COMMIT"
    chown -R pleroma:pleroma $PLEROMA_DIR


    # web config
    function_check add_ddns_domain
    add_ddns_domain "$PLEROMA_DOMAIN_NAME"

    PLEROMA_ONION_HOSTNAME=$(add_onion_service pleroma 80 ${PLEROMA_ONION_PORT})

    pleroma_nginx_site=/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME
    if [[ $ONION_ONLY == "no" ]]; then
        function_check nginx_http_redirect
        nginx_http_redirect "$PLEROMA_DOMAIN_NAME" "index index.html"
        { echo '';
          echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;';
          echo '';
          echo 'server {';
          echo '  listen 443 ssl http2;';
          echo '  #listen [::]:443 ssl http2;';
          echo "  server_name $PLEROMA_DOMAIN_NAME;";
          echo '';
          echo '  # Security'; } >> "$pleroma_nginx_site"
        function_check nginx_ssl
        nginx_ssl "$PLEROMA_DOMAIN_NAME"

        function_check nginx_security_options
        nginx_security_options "$PLEROMA_DOMAIN_NAME"

        { echo '  add_header Strict-Transport-Security max-age=0;';
          echo '';
          echo '  # Logs';
          echo '  access_log /dev/null;';
          echo '  error_log /dev/null;';
          echo '';
          echo "  root $PLEROMA_DIR;";
          echo '';
          echo '  index index.html;';
          echo '';
          echo '  gzip_vary on;';
          echo '  gzip_proxied any;';
          echo '  gzip_comp_level 6;';
          echo '  gzip_buffers 16 8k;';
          echo '  gzip_http_version 1.1;';
          echo '  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
          echo '';
          echo '  location / {';
          echo '    client_max_body_size 15m;';
          echo '    client_body_buffer_size 15m;';
          echo '';
          echo '    limit_conn conn_limit_per_ip 50;';
          echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
          echo '';
          echo "    add_header 'Access-Control-Allow-Origin' '*' always;";
          echo "    add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;";
          echo "    add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;";
          echo "    add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;";
          echo "    if (\$request_method = OPTIONS) {";
          echo '        return 204;';
          echo '    }';
          echo '';
          echo "    add_header X-XSS-Protection \"1; mode=block\";";
          echo '    add_header X-Permitted-Cross-Domain-Policies none;';
          echo '    add_header X-Frame-Options DENY;';
          echo '    add_header X-Content-Type-Options nosniff;';
          echo '    add_header Referrer-Policy same-origin;';
          echo '    add_header X-Download-Options noopen;';
          echo '';
          echo '    proxy_http_version 1.1;';
          echo "    proxy_set_header Upgrade \$http_upgrade;";
          echo '    proxy_set_header Connection "upgrade";';
          echo "    proxy_set_header Host \$http_host;";
          echo '';
          echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
          echo '  }';
          echo '';
          echo '  location /proxy {';
          echo '    client_max_body_size 15m;';
          echo '    client_body_buffer_size 15m;';
          echo '';
          echo '    limit_conn conn_limit_per_ip 50;';
          echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
          echo '';
          echo '    proxy_cache pleroma_media_cache;';
          echo '    proxy_cache_lock on;';
          echo '    proxy_ignore_client_abort on;';
          echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
          echo '  }';
          echo '  # include snippets/well-known.conf;';
          echo '}'; } >> "$pleroma_nginx_site"
    else
        echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;' > "$pleroma_nginx_site"
        echo '' >> "$pleroma_nginx_site"
    fi
    { echo 'server {';
      echo "    listen 127.0.0.1:$PLEROMA_ONION_PORT default_server;";
      echo "    server_name $PLEROMA_ONION_HOSTNAME;";
      echo ''; } >> "$pleroma_nginx_site"
    function_check nginx_security_options
    nginx_security_options "$PLEROMA_DOMAIN_NAME"
    { echo '';
      echo '  # Logs';
      echo '  access_log /dev/null;';
      echo '  error_log /dev/null;';
      echo '';
      echo "  root $PLEROMA_DIR;";
      echo '';
      echo '  index index.html;';
      echo '';
      echo '  gzip_vary on;';
      echo '  gzip_proxied any;';
      echo '  gzip_comp_level 6;';
      echo '  gzip_buffers 16 8k;';
      echo '  gzip_http_version 1.1;';
      echo '  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
      echo '';
      echo '  location / {';
      echo '    client_max_body_size 15m;';
      echo '    client_body_buffer_size 15m;';
      echo '';
      echo '    limit_conn conn_limit_per_ip 50;';
      echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
      echo '';
      echo "    add_header 'Access-Control-Allow-Origin' '*' always;";
      echo "    add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;";
      echo "    add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;";
      echo "    add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;";
      echo "    if (\$request_method = OPTIONS) {";
      echo '        return 204;';
      echo '    }';
      echo '';
      echo "    add_header X-XSS-Protection \"1; mode=block\";";
      echo '    add_header X-Permitted-Cross-Domain-Policies none;';
      echo '    add_header X-Frame-Options DENY;';
      echo '    add_header X-Content-Type-Options nosniff;';
      echo '    add_header Referrer-Policy same-origin;';
      echo '    add_header X-Download-Options noopen;';
      echo '';
      echo '    proxy_http_version 1.1;';
      echo "    proxy_set_header Upgrade \$http_upgrade;";
      echo '    proxy_set_header Connection "upgrade";';
      echo "    proxy_set_header Host \$http_host;";
      echo '';
      echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
      echo '  }';
      echo '';
      echo '  location /proxy {';
      echo '    client_max_body_size 15m;';
      echo '    client_body_buffer_size 15m;';
      echo '';
      echo '    limit_conn conn_limit_per_ip 50;';
      echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
      echo '';
      echo '    proxy_cache pleroma_media_cache;';
      echo '    proxy_cache_lock on;';
      echo '    proxy_ignore_client_abort on;';
      echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
      echo '  }';
      echo '  # include snippets/well-known.conf;';
      echo '}'; } >> "$pleroma_nginx_site"

    # back end
    cd "$PLEROMA_DIR" || exit 246824684
    chown -R pleroma:pleroma "$PLEROMA_DIR/"*
    if ! sudo -u pleroma mix local.hex --force; then
        echo $'mix local.hex failed'
        exit 1745673
    fi
    mix local.hex --force
    if ! sudo -u pleroma mix deps.get --force; then
        echo $'mix deps.get failed'
        exit 7325733
    fi

    function_check pleroma_create_database
    pleroma_create_database

    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a pleroma -p "$PLEROMA_ADMIN_PASSWORD"

    # NOTE: we don't need to install the frontend separately,
    # since the backend contains a precompiled version of it

    install_gnusocial_default_background "pleroma" "$PLEROMA_DOMAIN_NAME"
    if [ ! -f "$PLEROMA_DIR/priv/static/static/config.json" ]; then
        echo $"$PLEROMA_DIR/priv/static/static/config.json file missing"
        exit 323689
    fi

    { echo '{';
      echo "\"name\": \"$PLEROMA_TITLE\",";
      echo '"theme": "mammal",';
      echo '"background": "/static/bg_custom.jpg",';
      echo '"logo": "/static/logo_custom.png",';
      echo '"registrationOpen": false,';
      echo '"defaultPath": "/main/all",';
      echo '"chatDisabled": true,';
      echo '"showInstanceSpecificPanel": true,';
      echo '"redirectRootNoLogin": "/main/all",';
      echo '"redirectRootLogin": "/main/friends",';
      echo '"showWhoToFollowPanel": false,';
      echo '"media_proxy": true';
    echo '}'; } > "$PLEROMA_DIR/priv/static/static/config.json"

    if [ "$PLEROMA_BACKGROUND_IMAGE_URL" ]; then
        pleroma_set_background_image_from_url $PLEROMA_DIR/priv/static "$PLEROMA_DOMAIN_NAME" "$PLEROMA_BACKGROUND_IMAGE_URL" "$PLEROMA_TITLE"
        chown -R pleroma:pleroma "$PLEROMA_DIR/priv/static/static"
    fi

    chown -R pleroma:pleroma "$PLEROMA_DIR/priv/static/static"

    # Get certificate
    function_check create_site_certificate
    create_site_certificate "$PLEROMA_DOMAIN_NAME" 'yes'

    function_check nginx_ensite
    nginx_ensite "$PLEROMA_DOMAIN_NAME"

    systemctl restart postgresql
    systemctl restart nginx

    set_completion_param "pleroma domain" "$PLEROMA_DOMAIN_NAME"

    # We need to set up the url option again because it somehow gets
    # lost during mix compile
    if ! grep -q 'watchers: \[],' $pleroma_secret; then
        sed -i 's|watchers: \[\]|watchers: \[\],|g' $pleroma_secret
    fi
    if ! grep -q 'url:' $pleroma_secret; then
        if [[ $ONION_ONLY == 'no' ]]; then
            sed -i "/watchers: /a url: [host: \"$PLEROMA_DOMAIN_NAME\", scheme: \"https\", port: 443]" $pleroma_secret
        else
            sed -i "/watchers: /a url: [host: \"$PLEROMA_ONION_HOSTNAME\", scheme: \"http\", port: 80]" $pleroma_secret
        fi
    fi

    create_pleroma_blocklist

    # daemon
    { echo '[Unit]';
      echo 'Description=Pleroma social network';
      echo 'After=network.target postgresql.service';
      echo '';
      echo '[Service]';
      echo 'User=pleroma';
      echo "WorkingDirectory=$PLEROMA_DIR";
      echo "Environment=\"HOME=$PLEROMA_DIR\"";
      echo 'ExecStart=/usr/local/bin/mix phx.server';
      echo "ExecReload=/bin/kill \$MAINPID";
      echo 'KillMode=process';
      echo 'Restart=on-failure';
      echo '';
      echo '[Install]';
      echo 'WantedBy=multi-user.target';
      echo 'Alias=pleroma.service'; } > /etc/systemd/system/pleroma.service


    # avoid mixed content warnings
    sed -i '/config :pleroma, :media_proxy/!b;n;c####enabled: true,' $PLEROMA_DIR/config/config.exs
    sed -i 's|####enabled|  enabled|g' $PLEROMA_DIR/config/config.exs
    sed -i 's|redirect_on_failure:.*|redirect_on_failure: false|g' $PLEROMA_DIR/config/config.exs
    sed -i 's|:chat, enabled:.*|:chat, enabled: false|g' $PLEROMA_DIR/config/config.exs

    # onion routing
    sed -i '/url:/a config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}' $pleroma_secret
    sed -i 's|config :pleroma, :http, proxy_url:|# config :pleroma, :http, proxy_url:|g' $PLEROMA_DIR/config/config.exs

    # set registrations closed initially
    sed -i 's|registrations_open:.*|registrations_open: false,|g' $PLEROMA_DIR/config/config.exs
    sed -i 's|"registrationOpen":.*|"registrationOpen": false,|g' $PLEROMA_DIR/priv/static/static/config.json

    sed -i 's|"chatDisabled":.*|"chatDisabled": true,|g' $PLEROMA_DIR/priv/static/static/config.json
    sed -i 's|"media_proxy".*|"media_proxy": false|g' $PLEROMA_DIR/priv/static/static/config.json

    systemctl daemon-reload
    systemctl enable pleroma
    systemctl start pleroma

    cd $PLEROMA_DIR || exit 1935638
    sudo -u pleroma mix register_user "$MY_USERNAME" "$MY_USERNAME" "$MY_EMAIL_ADDRESS" $"Your bio goes here" "$PLEROMA_ADMIN_PASSWORD"
    sudo -u pleroma mix set_moderator "$MY_USERNAME" true

    APP_INSTALLED=1
}

# NOTE: deliberately there is no "exit 0"