freedombone-app-pleroma

                   --msgbox $"Unable to convert empji image to png format" 6 60
            return
        fi

        # remove the original
        rm "$image_filename"

        image_extension='png'
        image_filename=$PLEROMA_DIR/priv/static/emoji/${shortcode}.${image_extension}
    else
        convert "$image_filename" -resize "$emoji_resolution" "$image_filename"
    fi

    if ! grep -q "${shortcode}," $PLEROMA_DIR/config/emoji.txt; then
        echo "${shortcode}, /emoji/${shortcode}.${image_extension}" >> $PLEROMA_DIR/config/emoji.txt
    else
        sed -i "s|${shortcode},.*|${shortcode}, /emoji/${shortcode}.${image_extension}|g" $PLEROMA_DIR/config/emoji.txt
    fi

    chown -R pleroma:pleroma $PLEROMA_DIR
    clear
    echo ''
    echo $'Recompiling Pleroma with the new emoji'
    systemctl stop pleroma
    pleroma_recompile

    dialog --title $"Add Custom Emoji" \
           --msgbox $"Custom emoji :${shortcode}: has been added" 6 70
}

function pleroma_whitelist {
    whitelist_filename=$PLEROMA_DIR/whitelist.txt
    if [ ! -f $whitelist_filename ]; then
        { echo '# Domain whitelist';
          echo '';
          echo '# If you add domains to this list then pleroma will be';
          echo '# restricted to federating only with those domains';
          echo '';
          echo '# Do not include your own instance domain in this list!';
          echo ''; } > $whitelist_filename
    fi

    editor $whitelist_filename

    first_line=1
    domain_list=
    while read -r domain; do
        if [[ "$domain" == *'#'* || "$domain" != *'.'* ]]; then
            continue
        fi

        if [ ! $first_line ]; then
            domain_list="${domain_list}, \"$domain\""
        else
            domain_list="\"$domain\""
        fi

        first_line=
    done <$whitelist_filename

    if [ ! "$domain_list" ]; then
        sed -i "s|accept: .*|accept: [],|g" $pleroma_secret
    else
        if [[ "$ONION_ONLY" == 'no' ]]; then
            sed -i "s|accept: .*|accept: [ \"$PLEROMA_DOMAIN_NAME\", ${domain_list} ],|g" $pleroma_secret
        else
            pleroma_onion_domain=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
            sed -i "s|accept: .*|accept: [ \"$pleroma_onion_domain\", ${domain_list} ],|g" $pleroma_secret
        fi
    fi

    pleroma_recompile

    if [ "$domain_list" ]; then
        dialog --title $"Pleroma Whitelist" \
               --msgbox $"\\nYou are now only federating with the whitelisted domains" 8 60
    else
        dialog --title $"Pleroma Whitelist" \
               --msgbox $"\\nWhitelist is disabled" 8 40
    fi
}

function configure_interactive_pleroma {
    read_config_param ONION_ONLY
    read_config_param PLEROMA_DOMAIN_NAME
    read_config_param PLEROMA_EXPIRE_MONTHS
    while true
    do
        chatenabled=
        enablechatstr=$'Enable chat system'
        if grep -q ':chat, enabled: true' $PLEROMA_DIR/config/config.exs; then
            chatenabled=1
            enablechatstr=$'Disable chat system'
        fi

        pleromatorstr=$'Enable routing through Tor for onion addresses'
        if grep -q '9050' $pleroma_secret; then
            pleromatorstr=$'Disable routing through Tor'
        fi

        W=(1 $"Set a background image"
           2 $"Set the title"
           3 $"Disable new account registrations"
           4 $"Add a custom emoji"
           5 $"Set post expiry period (currently $PLEROMA_EXPIRE_MONTHS months)"
           6 "$enablechatstr"
           7 "$pleromatorstr"
           8 $'Domain whitelist')

        # shellcheck disable=SC2068
        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Pleroma" --menu $"Choose an operation, or ESC to exit:" 15 60 8 "${W[@]}" 3>&2 2>&1 1>&3)

        if [ ! "$selection" ]; then
            break
        fi

        case $selection in
            1) pleroma_set_background_image;;
            2) pleroma_set_title;;
            3) pleroma_disable_registrations;;
            4) pleroma_add_emoji;;
            5) pleroma_set_expire_months;;
            6) if [ $chatenabled ]; then
                   pleroma_enable_chat false
               else
                   pleroma_enable_chat true
               fi
               ;;
            7) if grep -q '9050' $pleroma_secret; then
                   pleroma_disable_tor
               else
                   pleroma_enable_tor
               fi
               ;;
            8) pleroma_whitelist;;
        esac
    done
}

function pleroma_disable_tor {
    if grep -q '9050' $pleroma_secret; then
        sed -i '/9050/d' $pleroma_secret
        sed -i 's|# config :pleroma, :http, proxy_url:|config :pleroma, :http, proxy_url:|g' $PLEROMA_DIR/config/config.exs
        pleroma_recompile
    fi
}

function pleroma_enable_tor {
    pleroma_tor_update=

    if ! grep -q '9050' $pleroma_secret; then
        pleroma_tor_update=1
    fi

    if ! grep -q '# config :pleroma, :http, proxy_url:' $PLEROMA_DIR/config/config.exs; then
        pleroma_tor_update=1
    fi

    if [ ! $pleroma_tor_update ]; then
        return
    fi

    if ! grep -q '9050' $pleroma_secret; then
        sed -i '/url:/a config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}' $pleroma_secret
    fi

    if ! grep -q '# config :pleroma, :http, proxy_url:' $PLEROMA_DIR/config/config.exs; then
        sed -i 's|config :pleroma, :http, proxy_url:|# config :pleroma, :http, proxy_url:|g' $PLEROMA_DIR/config/config.exs
    fi

    pleroma_recompile
}

function upgrade_pleroma {
    read_config_param PLEROMA_DOMAIN_NAME
    read_config_param PLEROMA_EXPIRE_MONTHS

    expire_pleroma_posts "$PLEROMA_DOMAIN_NAME" "$PLEROMA_EXPIRE_MONTHS"
    create_pleroma_blocklist

    # if the registrations state doesn't exist in the secret config then add it
    if ! grep -q 'registrations_open' $pleroma_secret; then
        if grep -q '"registrationOpen": false' $PLEROMA_DIR/priv/static/static/config.json; then
            pleroma_setting_registration 0
        else
            pleroma_setting_registration 1
        fi
    fi

    # if there is disagreement in the registrations state then
    # default to the value used in config.json
    if grep -q '"registrationOpen": false' $PLEROMA_DIR/priv/static/static/config.json; then
        if grep -q 'registrations_open: true' $PLEROMA_DIR/config/config.exs; then
            pleroma_setting_registration 0
        fi
    fi

    #pleroma_enable_tor

    CURR_PLEROMA_COMMIT=$(get_completion_param "pleroma commit")
    if [[ "$CURR_PLEROMA_COMMIT" == "$PLEROMA_COMMIT" ]]; then
        return
    fi

    pleroma_registrations=open
    if grep -q 'registrations_open: false' $PLEROMA_DIR/config/config.exs; then
        pleroma_registrations=
    fi

    pleroma_chat_enabled=1
    if grep -q ':chat, enabled: false' $PLEROMA_DIR/config/config.exs; then
        pleroma_chat_enabled=
    fi

    # make a copy of the configuration
    cp $PLEROMA_DIR/priv/static/static/config.json $PLEROMA_DIR/priv/static/static/config_prev.json

    if [ -f $PLEROMA_DIR/config/emoji.txt ]; then
        cp $PLEROMA_DIR/config/emoji.txt $PLEROMA_DIR/config/emoji_prev.txt
    fi

    $UPDATE_PACKAGES
    $INSTALL_PACKAGES --only-upgrade esl-erlang
    $INSTALL_PACKAGES --only-upgrade elixir erlang-xmerl erlang-dev erlang-parsetools

    function_check set_repo_commit
    set_repo_commit $PLEROMA_DIR "pleroma commit" "$PLEROMA_COMMIT" $PLEROMA_REPO
    chown -R pleroma:pleroma $PLEROMA_DIR

    # restore the configuration
    cp $PLEROMA_DIR/priv/static/static/config_prev.json $PLEROMA_DIR/priv/static/static/config.json
    chown pleroma:pleroma $PLEROMA_DIR/priv/static/static/config.json

    if [ -f $PLEROMA_DIR/config/emoji_prev.txt ]; then
        cp $PLEROMA_DIR/config/emoji_prev.txt $PLEROMA_DIR/config/emoji.txt
        chown pleroma:pleroma $PLEROMA_DIR/config/emoji.txt
        rm cp $PLEROMA_DIR/config/emoji_prev.txt
    fi

    sudo -u pleroma mix deps.get

    sed -i 's|collapse_message_with_subject:.*|collapse_message_with_subject: true,|g' $pleroma_secret

    if ! grep -q "config :pleroma, :instance" $pleroma_secret; then
        sed -i '/# begin filtering/a   rewrite_policy: Pleroma.Web.ActivityPub.MRF.SimplePolicy' $pleroma_secret
        sed -i 's|rewrite_policy: Pleroma.Web.ActivityPub|  rewrite_policy: Pleroma.Web.ActivityPub|g' $pleroma_secret
        sed -i '/# begin filtering/a finmoji_enabled: true,'; $pleroma_secret
        sed -i 's|finmoji_enabled:|  finmoji_enabled:|g' $pleroma_secret
        sed -i '/# begin filtering/a quarantined_instances: [],'; $pleroma_secret
        sed -i 's|quarantined_instances:|  quarantined_instances:|g' $pleroma_secret
        sed -i '/# begin filtering/a mrf_transparency: true,'; $pleroma_secret
        sed -i 's|mrf_transparency:|  mrf_transparency:|g' $pleroma_secret
        sed -i '/# begin filtering/a config :pleroma, :instance,' $pleroma_secret
    fi

    if ! grep -q "hide_user_stats" $pleroma_secret; then
        sed -i '/show_instance_panel/a hide_user_stats: true,' $pleroma_secret
        sed -i 's|hide_user_stats|  hide_user_stats|g' $pleroma_secret
    else
        sed -i 's|hide_user_stats:.*|hide_user_stats: true,|g' $pleroma_secret
    fi

    if ! grep -q "formatting_options_enabled" $pleroma_secret; then
        sed -i '/show_instance_panel/a formatting_options_enabled: true,' $pleroma_secret
        sed -i 's|formatting_options_enabled|  formatting_options_enabled|g' $pleroma_secret
    else
        sed -i 's|formatting_options_enabled:.*|formatting_options_enabled: true,|g' $pleroma_secret
    fi

    if ! grep -q "strip_exif" $pleroma_secret; then
        sed -i '/config :logger/a strip_exif: true' $pleroma_secret
        sed -i 's|strip_exif|  strip_exif|g' $pleroma_secret

        sed -i '/config :logger/a uploads: "uploads",' $pleroma_secret
        sed -i 's|uploads: "uploads"|  uploads: "uploads"|g' $pleroma_secret

        sed -i '/config :logger/a config :pleroma, Pleroma.Upload,' $pleroma_secret
        sed -i 's|config :pleroma, Pleroma.Upload|  config :pleroma, Pleroma.Upload|g' $pleroma_secret
    fi

    if ! grep -q "mrf_rejectnonpublic" $pleroma_secret; then
        sed -i '/config :pleroma, :fe/i config :pleroma, :mrf_rejectnonpublic,' $pleroma_secret
        sed -i '/config :pleroma, :fe/i allow_followersonly: true,' $pleroma_secret
        sed -i '/config :pleroma, :fe/i allow_direct: true' $pleroma_secret
    fi

    if ! grep -q "mrf_hellthread" $pleroma_secret; then
        sed -i "/config :pleroma, :fe/i config :pleroma, :mrf_hellthread, threshold: $maximum_tagged_thread_participants" $pleroma_secret
    fi

    if [ ! $pleroma_registrations ]; then
        sed -i 's|registrations_open: true|registrations_open: false|g' $PLEROMA_DIR/config/config.exs
        sed -i 's|registrations_open: True|registrations_open: false|g' $PLEROMA_DIR/config/config.exs
    fi

    if [ ! $pleroma_chat_enabled ]; then
        sed -i 's|config :pleroma, :chat.*|config :pleroma, :chat, enabled: false|g' $PLEROMA_DIR/config/config.exs
    else
        sed -i 's|config :pleroma, :chat.*|config :pleroma, :chat, enabled: true|g' $PLEROMA_DIR/config/config.exs
    fi

    if ! grep -q ":http_security," $pleroma_secret; then
        sed -i '/config :pleroma, :fe/i config :pleroma, :http_security,' $pleroma_secret
        if [[ "$ONION_ONLY" == 'no' ]]; then
            sed -i '/config :pleroma, :fe/i enabled: true,' $pleroma_secret
        else
            sed -i '/config :pleroma, :fe/i enabled: false,' $pleroma_secret
        fi
        sed -i '/config :pleroma, :fe/i sts: false,' $pleroma_secret
        sed -i '/config :pleroma, :fe/i sts_max_age: 31_536_000,' $pleroma_secret
        sed -i '/config :pleroma, :fe/i ct_max_age: 2_592_000,' $pleroma_secret
        sed -i '/config :pleroma, :fe/i referrer_policy: "same-origin"' $pleroma_secret
    fi

    if ! grep -q ":cors_plug," $pleroma_secret; then
        sed -i '/config :pleroma, :fe/i config :cors_plug,' $pleroma_secret
        sed -i '/config :pleroma, :fe/i   max_age: 86_400,' $pleroma_secret
        sed -i '/config :pleroma, :fe/i   methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"],' $pleroma_secret
        sed -i '/config :pleroma, :fe/i   expose: [' $pleroma_secret
        sed -i '/config :pleroma, :fe/i     "Link",' $pleroma_secret
        sed -i '/config :pleroma, :fe/i     "X-RateLimit-Reset",' $pleroma_secret
        sed -i '/config :pleroma, :fe/i     "X-RateLimit-Limit",' $pleroma_secret
        sed -i '/config :pleroma, :fe/i     "X-RateLimit-Remaining",' $pleroma_secret
        sed -i '/config :pleroma, :fe/i     "X-Request-Id",' $pleroma_secret
        sed -i '/config :pleroma, :fe/i     "Idempotency-Key"' $pleroma_secret
        sed -i '/config :pleroma, :fe/i   ],' $pleroma_secret
        sed -i '/config :pleroma, :fe/i   credentials: true,' $pleroma_secret
        sed -i '/config :pleroma, :fe/i   headers: ["Authorization", "Content-Type", "Idempotency-Key"]' $pleroma_secret
    fi

    if ! grep -q ":activitypub," $pleroma_secret; then
        sed -i '/config :pleroma, :fe/i config :pleroma, :activitypub,' $pleroma_secret
        sed -i '/config :pleroma, :fe/i   accept_blocks: true,' $pleroma_secret
        sed -i '/config :pleroma, :fe/i   unfollow_blocked: true,' $pleroma_secret
        sed -i '/config :pleroma, :fe/i   outgoing_blocks: true,' $pleroma_secret
        sed -i '/config :pleroma, :fe/i   follow_handshake_timeout: 500' $pleroma_secret
    fi

    if ! grep -q 'web_push_encryption' "$pleroma_secret"; then
        cd $PLEROMA_DIR || exit 35
        sudo -u pleroma mix web_push.gen.keypair | sudo tee -a "$pleroma_secret"
        read_config_param MY_EMAIL_ADDRESS
        sed -i "s|administrator@example.com|$MY_EMAIL_ADDRESS|g" "$pleroma_secret"
        sed -i '/# Put the following/d' "$pleroma_secret"
        sudo -u postgres psql pleroma -c "create extension if not exists pg_trgm"
        sudo -u postgres psql pleroma -c 'create extension if not exists "uuid-ossp"'
        sudo -u pleroma mix ecto.migrate --force

        PLEROMA_PUSH_PUBLIC_KEY=$(grep "public_key:" "$pleroma_secret" | head -n 1 | awk -F '"' '{print $2}')
        PLEROMA_PUSH_PRIVATE_KEY=$(grep "private_key:" "$pleroma_secret" | head -n 1 | awk -F '"' '{print $2}')
        write_config_param PLEROMA_PUSH_PUBLIC_KEY "$PLEROMA_PUSH_PUBLIC_KEY"
        write_config_param PLEROMA_PUSH_PRIVATE_KEY "$PLEROMA_PUSH_PRIVATE_KEY"
    fi

    # if there is a difference between registrations state then default to the one in the secret config
    if grep -q 'registrations_open: false' "$pleroma_secret"; then
        if grep -q 'registrations_open: true' $PLEROMA_DIR/config/config.exs; then
            sed -i 's|registrations_open: true|registrations_open: false|g' $PLEROMA_DIR/config/config.exs
        fi
        if grep -q 'registrations_open: True' $PLEROMA_DIR/config/config.exs; then
            sed -i 's|registrations_open: True|registrations_open: false|g' $PLEROMA_DIR/config/config.exs
        fi
    fi

    pleroma_recompile

    # migrate database
    sudo -u pleroma mix deps.clean --build mime
    sudo -u pleroma mix ecto.migrate

    pleroma_custom_logo "$PLEROMA_DIR"

    expire_pleroma_posts "$PLEROMA_DOMAIN_NAME" "$PLEROMA_EXPIRE_MONTHS"
    create_pleroma_blocklist

    chown -R pleroma:pleroma $PLEROMA_DIR

    # database modification
    cd /etc/postgresql || exit 35
    sudo -u postgres psql pleroma -c "create extension if not exists pg_trgm"
    sudo -u postgres psql pleroma -c 'create extension if not exists "uuid-ossp"'

    systemctl restart pleroma

    if grep 'add_header' "/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME"; then
        sed -i '/add_header/d' "/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME"
        systemctl restart nginx
    fi
}

function backup_local_pleroma {
    PLEROMA_DOMAIN_NAME='pleroma'
    if grep -q "pleroma domain" "$COMPLETION_FILE"; then
        PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
    fi

    systemctl stop pleroma

    function_check suspend_site
    suspend_site "${PLEROMA_DOMAIN_NAME}"

    source_directory=$PLEROMA_DIR
    dest_directory=pleroma
    backup_directory_to_usb $source_directory $dest_directory

    USE_POSTGRESQL=1
    function_check backup_database_to_usb
    backup_database_to_usb pleroma

    function_check restart_site
    restart_site

    systemctl restart pleroma
}

function restore_local_pleroma {
    if ! grep -q "pleroma domain" "$COMPLETION_FILE"; then
        return
    fi
    PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
    if [ "$PLEROMA_DOMAIN_NAME" ]; then
        echo $"Restoring pleroma"
        temp_restore_dir=/root/temppleroma
        pleroma_dir=$PLEROMA_DIR

        systemctl stop pleroma

        PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
        function_check pleroma_create_database
        pleroma_create_database

        USE_POSTGRESQL=1
        restore_database pleroma
        if [ -d $temp_restore_dir ]; then
            rm -rf $temp_restore_dir
        fi

        function_check restore_directory_from_usb
        restore_directory_from_usb $temp_restore_dir pleroma
        if [ -d $temp_restore_dir ]; then
            chown -R pleroma:pleroma $pleroma_dir
            rm -rf $temp_restore_dir
        fi

        pleroma_recompile

        echo $"Restore of pleroma complete"
    fi
}

function backup_remote_pleroma {
    echo -n ''
}

function restore_remote_pleroma {
    echo -n ''
}

function remove_pleroma {
    if [ ${#PLEROMA_DOMAIN_NAME} -eq 0 ]; then
        return
    fi
    systemctl stop pleroma
    systemctl disable pleroma
    rm /etc/systemd/system/pleroma.service

    userdel pleroma
    #remove_elixir

    function_check remove_nodejs
    remove_nodejs pleroma-backend

    read_config_param "PLEROMA_DOMAIN_NAME"
    read_config_param "MY_USERNAME"
    echo "Removing $PLEROMA_DOMAIN_NAME"
    nginx_dissite "$PLEROMA_DOMAIN_NAME"
    remove_certs "$PLEROMA_DOMAIN_NAME"

    if [ -d "/var/www/$PLEROMA_DOMAIN_NAME" ]; then
        rm -rf "/var/www/$PLEROMA_DOMAIN_NAME"
    fi
    if [ -f "/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME" ]; then
        rm "/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME"
    fi
    if [ -d $PLEROMA_DIR ]; then
        rm -rf $PLEROMA_DIR
    fi
    function_check drop_database_postgresql
    drop_database_postgresql pleroma
    function_check remove_onion_service
    remove_onion_service pleroma ${PLEROMA_ONION_PORT}
    remove_app pleroma
    remove_completion_param install_pleroma
    sed -i '/pleroma domain/d' "$COMPLETION_FILE"
    sed -i '/pleroma commit/d' "$COMPLETION_FILE"
    sed -i "/$blocking_script_file/d" /etc/crontab

    if [ -f /usr/bin/pleroma-blocking ]; then
        rm /usr/bin/pleroma-blocking
    fi

    if [ -f /usr/bin/pleroma-recompile ]; then
        rm /usr/bin/pleroma-recompile
    fi

    function_check remove_ddns_domain
    remove_ddns_domain "$PLEROMA_DOMAIN_NAME"
}

function install_pleroma {
    if [ ! $ONION_ONLY ]; then
        ONION_ONLY='no'
    fi

    increment_app_install_progress

    $INSTALL_PACKAGES wget imagemagick

    increment_app_install_progress

    # We need elixir 1.4+ here, so the debian repo package won't do
    install_elixir

    increment_app_install_progress

    function_check install_nodejs
    install_nodejs pleroma-backend

    increment_app_install_progress

    install_postgresql

    increment_app_install_progress

    if [ ! -d "/var/www/${PLEROMA_DOMAIN_NAME}/htdocs" ]; then
        mkdir -p "/var/www/${PLEROMA_DOMAIN_NAME}/htdocs"
    fi
    if [ -d $PLEROMA_DIR ]; then
        rm -rf $PLEROMA_DIR
    fi

    # get the repo
    if [ -f /repos/pleroma/index.html ]; then
        mv /repos/pleroma /repos/pleroma-fe
    fi
    if [ -d /repos/pleroma ]; then
        mkdir -p $PLEROMA_DIR
        cp -r -p /repos/pleroma/. $PLEROMA_DIR
        cd "$PLEROMA_DIR" || exit 83
        git pull
    else
        function_check git_clone
        git_clone $PLEROMA_REPO $PLEROMA_DIR
    fi

    increment_app_install_progress

    if [ ! -d $PLEROMA_DIR ]; then
        echo $'Unable to clone pleroma backend repo'
        exit 78
    fi

    increment_app_install_progress

    # create user
    useradd -d $PLEROMA_DIR -s /bin/false pleroma

    increment_app_install_progress

    # checkout the commit
    cd "$PLEROMA_DIR" || exit 62
    git checkout $PLEROMA_COMMIT -b $PLEROMA_COMMIT
    set_completion_param "pleroma commit" "$PLEROMA_COMMIT"
    chown -R pleroma:pleroma $PLEROMA_DIR

    increment_app_install_progress

    # web config
    function_check add_ddns_domain
    add_ddns_domain "$PLEROMA_DOMAIN_NAME"

    PLEROMA_ONION_HOSTNAME=$(add_onion_service pleroma 80 ${PLEROMA_ONION_PORT})

    increment_app_install_progress

    pleroma_nginx_site=/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME
    if [[ $ONION_ONLY == "no" ]]; then
        function_check nginx_http_redirect
        nginx_http_redirect "$PLEROMA_DOMAIN_NAME" "index index.html"
        { echo '';
          echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;';
          echo '';
          echo 'server {';
          echo '  listen 443 ssl http2;';
          echo '  #listen [::]:443 ssl http2;';
          echo "  server_name $PLEROMA_DOMAIN_NAME;";
          echo '';
          echo '  # Security'; } >> "$pleroma_nginx_site"
        function_check nginx_ssl
        nginx_ssl "$PLEROMA_DOMAIN_NAME"

        function_check nginx_security_options
        nginx_security_options "$PLEROMA_DOMAIN_NAME"

        { echo '';
          echo '  # Logs';
          echo '  access_log /dev/null;';
          echo '  error_log /dev/null;';
          echo '';
          echo "  root $PLEROMA_DIR;";
          echo '';
          echo '  index index.html;';
          echo '';
          echo '  gzip_vary on;';
          echo '  gzip_proxied any;';
          echo '  gzip_comp_level 6;';
          echo '  gzip_buffers 16 8k;';
          echo '  gzip_http_version 1.1;';
          echo '  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
          echo '';
          echo '  location / {';
          echo '    client_max_body_size 15m;';
          echo '    client_body_buffer_size 15m;';
          echo '';
          echo '    limit_conn conn_limit_per_ip 50;';
          echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
          echo '';
          echo '    proxy_http_version 1.1;';
          echo "    proxy_set_header Upgrade \$http_upgrade;";
          echo '    proxy_set_header Connection "upgrade";';
          echo "    proxy_set_header Host \$http_host;";
          echo '';
          echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
          echo '  }';
          echo '';
          echo '  location /proxy {';
          echo '    client_max_body_size 15m;';
          echo '    client_body_buffer_size 15m;';
          echo '';
          echo '    limit_conn conn_limit_per_ip 50;';
          echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
          echo '';
          echo '    proxy_cache pleroma_media_cache;';
          echo '    proxy_cache_lock on;';
          echo '    proxy_ignore_client_abort on;';
          echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
          echo '  }';
          echo '  # include snippets/well-known.conf;';
          echo '}'; } >> "$pleroma_nginx_site"
    else
        echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;' > "$pleroma_nginx_site"
        echo '' >> "$pleroma_nginx_site"
    fi
    { echo 'server {';
      echo "    listen 127.0.0.1:$PLEROMA_ONION_PORT default_server;";
      echo '    port_in_redirect off;';
      echo "    server_name $PLEROMA_ONION_HOSTNAME;";
      echo ''; } >> "$pleroma_nginx_site"
    function_check nginx_security_options
    nginx_security_options "$PLEROMA_DOMAIN_NAME"
    { echo '';
      echo '  # Logs';
      echo '  access_log /dev/null;';
      echo '  error_log /dev/null;';
      echo '';
      echo "  root $PLEROMA_DIR;";
      echo '';
      echo '  index index.html;';
      echo '';
      echo '  gzip_vary on;';
      echo '  gzip_proxied any;';
      echo '  gzip_comp_level 6;';
      echo '  gzip_buffers 16 8k;';
      echo '  gzip_http_version 1.1;';
      echo '  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
      echo '';
      echo '  location / {';
      echo '    client_max_body_size 15m;';
      echo '    client_body_buffer_size 15m;';
      echo '';
      echo '    limit_conn conn_limit_per_ip 50;';
      echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
      echo '';
      echo '    proxy_http_version 1.1;';
      echo "    proxy_set_header Upgrade \$http_upgrade;";
      echo '    proxy_set_header Connection "upgrade";';
      echo "    proxy_set_header Host \$http_host;";
      echo '';
      echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
      echo '  }';
      echo '';
      echo '  location /proxy {';
      echo '    client_max_body_size 15m;';
      echo '    client_body_buffer_size 15m;';
      echo '';
      echo '    limit_conn conn_limit_per_ip 50;';
      echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
      echo '';
      echo '    proxy_cache pleroma_media_cache;';
      echo '    proxy_cache_lock on;';
      echo '    proxy_ignore_client_abort on;';
      echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
      echo '  }';
      echo '  # include snippets/well-known.conf;';
      echo '}'; } >> "$pleroma_nginx_site"

    if grep 'add_header' "$pleroma_nginx_site"; then
        sed -i '/add_header/d' "$pleroma_nginx_site"
    fi

    increment_app_install_progress

    # back end
    cd "$PLEROMA_DIR" || exit 24
    chown -R pleroma:pleroma "$PLEROMA_DIR/"*
    if ! sudo -u pleroma mix local.hex --force; then
        echo $'mix local.hex failed'
        exit 17
    fi

    increment_app_install_progress

    mix local.hex --force
    if ! sudo -u pleroma mix deps.get --force; then
        echo $'mix deps.get failed'
        exit 73
    fi

    increment_app_install_progress

    function_check pleroma_create_database
    pleroma_create_database

    increment_app_install_progress

    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a pleroma -p "$PLEROMA_ADMIN_PASSWORD"

    # NOTE: we don't need to install the frontend separately,
    # since the backend contains a precompiled version of it

    increment_app_install_progress

    install_gnusocial_default_background "pleroma" "$PLEROMA_DOMAIN_NAME"
    if [ ! -f "$PLEROMA_DIR/priv/static/static/config.json" ]; then
        echo $"$PLEROMA_DIR/priv/static/static/config.json file missing"
        exit 32
    fi

    increment_app_install_progress

    { echo '{';
      echo "\"name\": \"$PLEROMA_TITLE\",";
      echo '"theme": "mammal",';
      echo '"background": "/static/bg_custom.jpg",';
      echo '"logo": "/static/logo_custom.png",';
      echo '"logoMask": true,';
      echo '"logoMargin": ".1em",';
      echo '"registrationOpen": false,';
      echo '"defaultPath": "/main/all",';
      echo '"chatDisabled": true,';
      echo '"showInstanceSpecificPanel": true,';
      echo '"redirectRootNoLogin": "/main/all",';
      echo '"redirectRootLogin": "/main/friends",';
      echo '"showWhoToFollowPanel": false,';
      echo '"scopeOptionsEnabled": true,';
      echo '"formattingOptionsEnabled": true,';
      echo '"media_proxy": true';
      echo '"collapseMessageWithSubject": true,';
      echo '"scopeCopy": false,';
      echo '"subjectLineBehavior": "email",';
      echo '"hidePostStats": true,';
      echo '"hideUserStats": true,';
      echo '"loginMethod": "password"';
      echo '}'; } > "$PLEROMA_DIR/priv/static/static/config.json"

    if [ "$PLEROMA_BACKGROUND_IMAGE_URL" ]; then
        pleroma_set_background_image_from_url $PLEROMA_DIR/priv/static "$PLEROMA_DOMAIN_NAME" "$PLEROMA_BACKGROUND_IMAGE_URL" "$PLEROMA_TITLE"
        chown -R pleroma:pleroma "$PLEROMA_DIR/priv/static/static"
    fi

    chown -R pleroma:pleroma "$PLEROMA_DIR/priv/static/static"

    increment_app_install_progress

    # Get certificate
    function_check create_site_certificate
    create_site_certificate "$PLEROMA_DOMAIN_NAME" 'yes'

    increment_app_install_progress

    function_check nginx_ensite
    nginx_ensite "$PLEROMA_DOMAIN_NAME"

    increment_app_install_progress

    systemctl restart postgresql

    increment_app_install_progress

    systemctl restart nginx

    increment_app_install_progress

    set_completion_param "pleroma domain" "$PLEROMA_DOMAIN_NAME"

    # We need to set up the url option again because it somehow gets
    # lost during mix compile
    if ! grep -q 'watchers: \[],' $pleroma_secret; then
        sed -i 's|watchers: \[\]|watchers: \[\],|g' $pleroma_secret
    fi
    if ! grep -q 'url:' $pleroma_secret; then
        if [[ $ONION_ONLY == 'no' ]]; then
            sed -i "/watchers: /a url: [host: \"$PLEROMA_DOMAIN_NAME\", scheme: \"https\", port: 443]" $pleroma_secret
        else
            sed -i "/watchers: /a url: [host: \"$PLEROMA_ONION_HOSTNAME\", scheme: \"http\", port: 80]" $pleroma_secret
        fi
    fi

    increment_app_install_progress

    create_pleroma_blocklist

    increment_app_install_progress

    # daemon
    { echo '[Unit]';
      echo 'Description=Pleroma social network';
      echo 'After=network.target postgresql.service';
      echo '';
      echo '[Service]';
      echo 'User=pleroma';
      echo "WorkingDirectory=$PLEROMA_DIR";
      echo "Environment=\"HOME=$PLEROMA_DIR\"";
      echo 'ExecStart=/usr/local/bin/mix phx.server';
      echo "ExecReload=/bin/kill \$MAINPID";
      echo 'KillMode=process';
      echo 'Restart=on-failure';
      echo 'PrivateTmp=true';
      echo 'PrivateDevices=false';
      echo 'NoNewPrivileges=true';
      echo 'CapabilityBoundingSet=~CAP_SYS_ADMIN';
      echo '';
      echo '[Install]';
      echo 'WantedBy=multi-user.target';
      echo 'Alias=pleroma.service'; } > /etc/systemd/system/pleroma.service


    # avoid mixed content warnings
    sed -i '/config :pleroma, :media_proxy/!b;n;c####enabled: true,' $PLEROMA_DIR/config/config.exs
    sed -i 's|####enabled|  enabled|g' $PLEROMA_DIR/config/config.exs
    sed -i 's|redirect_on_failure:.*|redirect_on_failure: false|g' $PLEROMA_DIR/config/config.exs
    sed -i 's|:chat, enabled:.*|:chat, enabled: false|g' $PLEROMA_DIR/config/config.exs

    # onion routing
    if ! grep -q '9050' $pleroma_secret; then
        sed -i '/url:/a config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}' $pleroma_secret
    fi
    sed -i 's|config :pleroma, :http, proxy_url:|# config :pleroma, :http, proxy_url:|g' $PLEROMA_DIR/config/config.exs

    # set registrations closed initially
    sed -i 's|registrations_open:.*|registrations_open: false,|g' $PLEROMA_DIR/config/config.exs
    sed -i 's|"registrationOpen":.*|"registrationOpen": false,|g' $PLEROMA_DIR/priv/static/static/config.json

    sed -i 's|"chatDisabled":.*|"chatDisabled": true,|g' $PLEROMA_DIR/priv/static/static/config.json
    sed -i 's|"media_proxy".*|"media_proxy": false|g' $PLEROMA_DIR/priv/static/static/config.json

    increment_app_install_progress

    pleroma_set_permissions

    systemctl daemon-reload
    systemctl enable pleroma
    systemctl start pleroma

    increment_app_install_progress

    cd $PLEROMA_DIR || exit 19
    sudo -u pleroma mix pleroma.user new "$MY_USERNAME" "$MY_EMAIL_ADDRESS" --bio $"Your bio goes here" --password "$PLEROMA_ADMIN_PASSWORD"

    increment_app_install_progress

    sudo -u pleroma mix set_moderator "$MY_USERNAME" true

    increment_app_install_progress

    pleroma_create_recompile_command

    if ! grep -q 'web_push_encryption' "$pleroma_secret"; then
        sudo -u pleroma mix web_push.gen.keypair | sudo tee -a "$pleroma_secret"
        sed -i "s|administrator@example.com|$MY_EMAIL_ADDRESS|g" "$pleroma_secret"
        sed -i '/# Put the following/d' "$pleroma_secret"
        increment_app_install_progress
        sudo -u pleroma mix ecto.migrate --force
        increment_app_install_progress
        pleroma_recompile
        increment_app_install_progress

        PLEROMA_PUSH_PUBLIC_KEY=$(grep "public_key:" "$pleroma_secret" | head -n 1 | awk -F '"' '{print $2}')
        PLEROMA_PUSH_PRIVATE_KEY=$(grep "private_key:" "$pleroma_secret" | head -n 1 | awk -F '"' '{print $2}')
        if [ "$PLEROMA_PUSH_PUBLIC_KEY" ]; then
            write_config_param PLEROMA_PUSH_PUBLIC_KEY "$PLEROMA_PUSH_PUBLIC_KEY"
        else
            echo $'web_push_encryption failed'
            return
        fi

        if [ "$PLEROMA_PUSH_PRIVATE_KEY" ]; then
            write_config_param PLEROMA_PUSH_PRIVATE_KEY "$PLEROMA_PUSH_PRIVATE_KEY"
        else
            echo $'web_push_encryption failed'
            return
        fi
    fi

    APP_INSTALLED=1
}

# NOTE: deliberately there is no "exit 0"