Newer
Older
if [ -f /repos/pleroma/index.html ]; then
mv /repos/pleroma /repos/pleroma-fe
fi
if [ -d /repos/pleroma ]; then
mkdir -p $PLEROMA_DIR
cp -r -p /repos/pleroma/. $PLEROMA_DIR
git pull
else
function_check git_clone
git_clone $PLEROMA_REPO $PLEROMA_DIR
if [ ! -d $PLEROMA_DIR ]; then
echo $'Unable to clone pleroma backend repo'
exit 783523
fi
# create user
useradd -d $PLEROMA_DIR -s /bin/false pleroma
git checkout $PLEROMA_COMMIT -b $PLEROMA_COMMIT
set_completion_param "pleroma commit" "$PLEROMA_COMMIT"
# web config
function_check add_ddns_domain
PLEROMA_ONION_HOSTNAME=$(add_onion_service pleroma 80 ${PLEROMA_ONION_PORT})
pleroma_nginx_site=/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect "$PLEROMA_DOMAIN_NAME" "index index.html"
{ echo '';
echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;';
echo '';
echo 'server {';
echo ' listen 443 ssl http2;';
echo ' #listen [::]:443 ssl http2;';
echo " server_name $PLEROMA_DOMAIN_NAME;";
echo '';
echo ' # Security'; } >> "$pleroma_nginx_site"
function_check nginx_security_options
nginx_security_options "$PLEROMA_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=0;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo " root $PLEROMA_DIR;";
echo '';
echo ' index index.html;';
echo '';
echo ' gzip_vary on;';
echo ' gzip_proxied any;';
echo ' gzip_comp_level 6;';
echo ' gzip_buffers 16 8k;';
echo ' gzip_http_version 1.1;';
echo ' gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
echo '';
echo ' location / {';
echo ' client_max_body_size 15m;';
echo ' client_body_buffer_size 15m;';
echo '';
echo ' limit_conn conn_limit_per_ip 50;';
echo ' limit_req zone=req_limit_per_ip burst=50 nodelay;';
echo '';
echo " add_header 'Access-Control-Allow-Origin' '*' always;";
echo " add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS' always;";
echo " add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;";
echo " if (\$request_method = OPTIONS) {";
echo ' return 204;';
echo ' }';
echo '';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection "upgrade";';
echo " proxy_set_header Host \$http_host;";
echo '';
echo " proxy_pass http://localhost:$PLEROMA_PORT;";
echo ' }';
echo '';
echo ' location /proxy {';
echo ' client_max_body_size 15m;';
echo ' client_body_buffer_size 15m;';
echo '';
echo ' limit_conn conn_limit_per_ip 50;';
echo ' limit_req zone=req_limit_per_ip burst=50 nodelay;';
echo '';
echo ' proxy_cache pleroma_media_cache;';
echo ' proxy_cache_lock on;';
echo " proxy_pass http://localhost:$PLEROMA_PORT;";
echo ' }';
echo ' # include snippets/well-known.conf;';
echo '}'; } >> "$pleroma_nginx_site"
echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;' > "$pleroma_nginx_site"
echo '' >> "$pleroma_nginx_site"
echo " listen 127.0.0.1:$PLEROMA_ONION_PORT default_server http2;";
echo " server_name $PLEROMA_ONION_HOSTNAME;";
echo ''; } >> "$pleroma_nginx_site"
function_check nginx_security_options
nginx_security_options "$PLEROMA_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo " root $PLEROMA_DIR;";
echo '';
echo ' index index.html;';
echo '';
echo ' gzip_vary on;';
echo ' gzip_proxied any;';
echo ' gzip_comp_level 6;';
echo ' gzip_buffers 16 8k;';
echo ' gzip_http_version 1.1;';
echo ' gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
echo '';
echo ' location / {';
echo ' client_max_body_size 15m;';
echo ' client_body_buffer_size 15m;';
echo '';
echo ' limit_conn conn_limit_per_ip 50;';
echo ' limit_req zone=req_limit_per_ip burst=50 nodelay;';
echo '';
echo " add_header 'Access-Control-Allow-Origin' '*' always;";
echo " add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS' always;";
echo " add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;";
echo " if (\$request_method = OPTIONS) {";
echo ' return 204;';
echo ' }';
echo '';
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection "upgrade";';
echo " proxy_set_header Host \$http_host;";
echo ' location /proxy {';
echo ' client_max_body_size 15m;';
echo ' client_body_buffer_size 15m;';
echo '';
echo ' limit_conn conn_limit_per_ip 50;';
echo ' limit_req zone=req_limit_per_ip burst=50 nodelay;';
echo '';
echo ' proxy_cache pleroma_media_cache;';
echo ' proxy_cache_lock on;';
echo " proxy_pass http://localhost:$PLEROMA_PORT;";
echo ' }';
echo ' # include snippets/well-known.conf;';
echo '}'; } >> "$pleroma_nginx_site"
function_check pleroma_create_database
pleroma_create_database
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a pleroma -p "$PLEROMA_ADMIN_PASSWORD"
# NOTE: we don't need to install the frontend separately,
# since the backend contains a precompiled version of it
install_gnusocial_default_background "pleroma" "$PLEROMA_DOMAIN_NAME"
sed -i 's|"theme":.*|"theme": "base16-summerfruit-dark.css",|g' "$PLEROMA_DIR/priv/static/static/config.json"
pleroma_set_background_image_from_url $PLEROMA_DIR/priv/static "$PLEROMA_DOMAIN_NAME" "$PLEROMA_BACKGROUND_IMAGE_URL" "$PLEROMA_TITLE"
# Get certificate
function_check create_site_certificate
function_check nginx_ensite
systemctl restart postgresql
systemctl restart nginx
set_completion_param "pleroma domain" "$PLEROMA_DOMAIN_NAME"
# We need to set up the url option again because it somehow gets
# lost during mix compile
if ! grep -q 'watchers: [],' $pleroma_secret; then
sed -i 's|watchers: \[\]|watchers: \[\],|g' $pleroma_secret
fi
if ! grep -q 'url:' $pleroma_secret; then
if [[ $ONION_ONLY == 'no' ]]; then
sed -i "/watchers: /a url: [host: \"$PLEROMA_DOMAIN_NAME\", scheme: \"https\", port: 443]" $pleroma_secret
sed -i "/watchers: /a url: [host: \"$PLEROMA_ONION_HOSTNAME\", scheme: \"http\", port: 80]" $pleroma_secret
{ echo '[Unit]';
echo 'Description=Pleroma social network';
echo 'After=network.target postgresql.service';
echo '';
echo '[Service]';
echo 'User=pleroma';
echo "WorkingDirectory=$PLEROMA_DIR";
echo "Environment=\"HOME=$PLEROMA_DIR\"";
echo 'ExecStart=/usr/local/bin/mix phx.server';
echo "ExecReload=/bin/kill \$MAINPID";
echo 'KillMode=process';
echo 'Restart=on-failure';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target';
echo 'Alias=pleroma.service'; } > /etc/systemd/system/pleroma.service
# avoid mixed content warnings
sed -i '/config :pleroma, :media_proxy/!b;n;c####enabled: true,' $PLEROMA_DIR/config/config.exs
sed -i 's|####enabled| enabled|g' $PLEROMA_DIR/config/config.exs
sed -i 's|redirect_on_failure:.*|redirect_on_failure: false|g' $PLEROMA_DIR/config/config.exs
sed -i 's|:chat, enabled:.*|:chat, enabled: false|g' $PLEROMA_DIR/config/config.exs
# set registrations open initially
sed -i 's|registrations_open:.*|registrations_open: true,|g' $PLEROMA_DIR/config/config.exs
sed -i 's|"registrationOpen":.*|"registrationOpen": true,|g' $PLEROMA_DIR/priv/static/static/config.json
if ! grep -q "media_proxy" $PLEROMA_DIR/priv/static/static/config.json; then
sed -i '/"name":/a "media_proxy": true,' $PLEROMA_DIR/priv/static/static/config.json
sed -i 's|"media_proxy"| "media_proxy"|g' $PLEROMA_DIR/priv/static/static/config.json
else
sed -i 's|"media_proxy".*|"media_proxy": false,|g' $PLEROMA_DIR/priv/static/static/config.json
fi
sed -i 's|"chatDisabled":.*|"chatDisabled": true,|g' $PLEROMA_DIR/priv/static/static/config.json
systemctl daemon-reload
systemctl enable pleroma
systemctl start pleroma
cd $PLEROMA_DIR || exit 1935638
mix register_user "$MY_USERNAME" "$MY_USERNAME" "$MY_EMAIL_ADDRESS" $"Your bio goes here" "$PLEROMA_ADMIN_PASSWORD"
APP_INSTALLED=1
}
# NOTE: deliberately there is no "exit 0"