majestrate/pleroma-onion.sh

## pleroma-onion.sh
#!/usr/bin/env bash
#
# automated onion installer
set -e
set -x
test $(id -u) = 0 || ( echo "not root" ; exit 1 );
mkdir -p /etc/apt/sources.list.d

_ensure_gpg()
{
    apt update && apt install -y gpg
}

_ensure_deps()
{
    apt update && apt dist-upgrade -y
    apt install -y wget tor git build-essential openssl ssh sudo postgresql-9.6 postgresql-contrib-9.6
}

_ensure_tor_repo()
{
    [ -f /etc/apt/sources.list.d/pleroma-tor.list ] || echo -ne "deb https://deb.torproject.org/torproject.org stretch main\ndeb-src https://deb.torproject.org/torproject.org stretch main\n" > /etc/apt/sources.list.d/pleroma-tor.list
    gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
    gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
    apt install -y apt-transport-https
}

_ensure_elixir()
{
    wget -P /tmp/ https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb && dpkg -i /tmp/erlang-solutions_1.0_all.deb
    apt update && apt install -y elixir erlang-dev erlang-parsetools erlang-xmerl
    rm /tmp/erlang-solutions_1.0_all.deb
}

_ensure_pleroma_user()
{
    id pleroma || adduser --system --quiet --disabled-login --home /usr/local/pleroma/ pleroma
    [ -e /etc/ssh/sshd_config ] && ( grep -i 'denyusers pleroma' /etc/ssh/sshd_config || echo "DenyUsers pleroma" >> /etc/ssh/sshd_config )
}

_run_as_pleroma()
{
    sudo -u pleroma bash -c "$@"
}

_ensure_pleroma_repo()
{
    [ -e $2 ] || _run_as_pleroma "cd $1 && git clone https://git.pleroma.social/pleroma/pleroma $2"
}


_ensure_pleroma_config()
{

    db_pass="$(cat /dev/urandom | base32 | head -1)"
    echo "use Mix.Config" > $1
    echo "" >> $1
    echo "config :pleroma, Pleroma.Web.Endpoint," >> $1
    echo "  url: [host: \"$2\", scheme: \"http\", port: 80, ip: {127, 0, 0, 1} ]," >> $1
    echo "  secret_key_base: \"$( cat /dev/urandom | base32 | head -1 )\"" >> $1
    echo "" >> $1
    echo "config :pleroma, :instance," >> $1
    echo "  name: \"$2\"," >> $1
    echo "  email: \"root@localhost\"," >> $1
    echo "  limit: 500," >> $1
    echo "  registrations_open: true" >> $1
    echo "" >> $1
    echo "config :pleroma, :media_proxy," >> $1
    echo "  enabled: false" >> $1
    echo "" >> $1
    echo "config :pleroma, Pleroma.Repo," >> $1
    echo "  adapter: Ecto.Adapters.Postgres," >> $1
    echo "  username: \"pleroma\"," >> $1
    echo "  password: \"$db_pass\" ," >> $1
    echo "  database: \"pleroma\"," >> $1
    echo "  hostname: \"localhost\"," >> $1
    echo "  pool_size: 10" >> $1
    echo "" >> $1
    echo "config :pleroma, :http," >> $1
    echo "  proxy_url: {:socks5, :localhost, 9050}" >> $1
    echo "" >> $1

    echo "CREATE USER pleroma WITH ENCRYPTED PASSWORD '$db_pass' CREATEDB;" > /tmp/pleroma.sql
    echo "ALTER USER pleroma WITH ENCRYPTED PASSWORD '$db_pass' CREATEDB;" >> /tmp/pleroma.sql
    echo "CREATE DATABASE pleroma OWNER pleroma;" >> /tmp/pleroma.sql
    echo "\c pleroma;" >> /tmp/pleroma.sql
    echo "CREATE EXTENSION IF NOT EXISTS citext;" >> /tmp/pleroma.sql
    chmod +x /tmp/pleroma.sql
    sudo -u postgres psql -f /tmp/pleroma.sql
    chown pleroma $1
    rm -f /tmp/pleroma.sql
}

_ensure_pleroma_built()
{
    _run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix local.hex --force"
    _run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix local.rebar --force"
    _run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix deps.get"
    _run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix ecto.migrate"
    _run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix compile"
}

_ensure_pleroma_unit()
{
    [ -f $1 ] || ( echo -ne "[Unit]\nDescription=Pleroma social network\nAfter=network.target postgresql.service\n\n[Service]\nUser=pleroma\nWorkingDirectory=/usr/local/pleroma/pleroma\nEnvironment=\"MIX_ENV=prod\"\nEnvironment=\"HOME=/usr/local/pleroma\"\nExecStart=/usr/local/bin/mix phx.server\nExecReload=/bin/kill $MAINPID\nKillMode=process\nRestart=on-failure\n\n[Install]\nWantedBy=multi-server.target\nAlias=pleroma.service\n" > $1 ; systemctl restart pleroma )
}

_ensure_onion_service()
{
    grep -i 'hiddenservicedir /var/lib/tor/pleroma' /etc/tor/torrc || echo -ne "\nHiddenServiceDir /var/lib/tor/pleroma\nHiddenServiceVersion 3\nHiddenServicePort 80 127.0.0.1:4000\n" >> /etc/tor/torrc
    systemctl reload tor
}

_ensure_gpg
_ensure_tor_repo
_ensure_deps
_ensure_elixir
_ensure_pleroma_user
_ensure_onion_service
_ensure_pleroma_repo /usr/local/pleroma /usr/local/pleroma/pleroma
_ensure_pleroma_config /usr/local/pleroma/pleroma/config/prod.secret.exs $(head -1 /var/lib/tor/pleroma/hostname)
_ensure_pleroma_built /usr/local/pleroma/pleroma
_ensure_pleroma_unit /etc/systemd/system/pleroma.service
echo "pleroma set up at http://$(head -1 /var/lib/tor/pleroma/hostname)/"
	#!/usr/bin/env bash
	#
	# automated onion installer
	set -e
	set -x
	test $(id -u) = 0 \|\| ( echo "not root" ; exit 1 );
	mkdir -p /etc/apt/sources.list.d

	_ensure_gpg()
	{
	apt update && apt install -y gpg
	}

	_ensure_deps()
	{
	apt update && apt dist-upgrade -y
	apt install -y wget tor git build-essential openssl ssh sudo postgresql-9.6 postgresql-contrib-9.6
	}

	_ensure_tor_repo()
	{
	[ -f /etc/apt/sources.list.d/pleroma-tor.list ] \|\| echo -ne "deb https://deb.torproject.org/torproject.org stretch main\ndeb-src https://deb.torproject.org/torproject.org stretch main\n" > /etc/apt/sources.list.d/pleroma-tor.list
	gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
	gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 \| apt-key add -
	apt install -y apt-transport-https
	}

	_ensure_elixir()
	{
	wget -P /tmp/ https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb && dpkg -i /tmp/erlang-solutions_1.0_all.deb
	apt update && apt install -y elixir erlang-dev erlang-parsetools erlang-xmerl
	rm /tmp/erlang-solutions_1.0_all.deb
	}

	_ensure_pleroma_user()
	{
	id pleroma \|\| adduser --system --quiet --disabled-login --home /usr/local/pleroma/ pleroma
	[ -e /etc/ssh/sshd_config ] && ( grep -i 'denyusers pleroma' /etc/ssh/sshd_config \|\| echo "DenyUsers pleroma" >> /etc/ssh/sshd_config )
	}

	_run_as_pleroma()
	{
	sudo -u pleroma bash -c "$@"
	}

	_ensure_pleroma_repo()
	{
	[ -e $2 ] \|\| _run_as_pleroma "cd $1 && git clone https://git.pleroma.social/pleroma/pleroma $2"
	}


	_ensure_pleroma_config()
	{

	db_pass="$(cat /dev/urandom \| base32 \| head -1)"
	echo "use Mix.Config" > $1
	echo "" >> $1
	echo "config :pleroma, Pleroma.Web.Endpoint," >> $1
	echo " url: [host: \"$2\", scheme: \"http\", port: 80, ip: {127, 0, 0, 1} ]," >> $1
	echo " secret_key_base: \"$( cat /dev/urandom \| base32 \| head -1 )\"" >> $1
	echo "" >> $1
	echo "config :pleroma, :instance," >> $1
	echo " name: \"$2\"," >> $1
	echo " email: \"root@localhost\"," >> $1
	echo " limit: 500," >> $1
	echo " registrations_open: true" >> $1
	echo "" >> $1
	echo "config :pleroma, :media_proxy," >> $1
	echo " enabled: false" >> $1
	echo "" >> $1
	echo "config :pleroma, Pleroma.Repo," >> $1
	echo " adapter: Ecto.Adapters.Postgres," >> $1
	echo " username: \"pleroma\"," >> $1
	echo " password: \"$db_pass\" ," >> $1
	echo " database: \"pleroma\"," >> $1
	echo " hostname: \"localhost\"," >> $1
	echo " pool_size: 10" >> $1
	echo "" >> $1
	echo "config :pleroma, :http," >> $1
	echo " proxy_url: {:socks5, :localhost, 9050}" >> $1
	echo "" >> $1

	echo "CREATE USER pleroma WITH ENCRYPTED PASSWORD '$db_pass' CREATEDB;" > /tmp/pleroma.sql
	echo "ALTER USER pleroma WITH ENCRYPTED PASSWORD '$db_pass' CREATEDB;" >> /tmp/pleroma.sql
	echo "CREATE DATABASE pleroma OWNER pleroma;" >> /tmp/pleroma.sql
	echo "\c pleroma;" >> /tmp/pleroma.sql
	echo "CREATE EXTENSION IF NOT EXISTS citext;" >> /tmp/pleroma.sql
	chmod +x /tmp/pleroma.sql
	sudo -u postgres psql -f /tmp/pleroma.sql
	chown pleroma $1
	rm -f /tmp/pleroma.sql
	}

	_ensure_pleroma_built()
	{
	_run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix local.hex --force"
	_run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix local.rebar --force"
	_run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix deps.get"
	_run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix ecto.migrate"
	_run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix compile"
	}

	_ensure_pleroma_unit()
	{
	[ -f $1 ] \|\| ( echo -ne "[Unit]\nDescription=Pleroma social network\nAfter=network.target postgresql.service\n\n[Service]\nUser=pleroma\nWorkingDirectory=/usr/local/pleroma/pleroma\nEnvironment=\"MIX_ENV=prod\"\nEnvironment=\"HOME=/usr/local/pleroma\"\nExecStart=/usr/local/bin/mix phx.server\nExecReload=/bin/kill $MAINPID\nKillMode=process\nRestart=on-failure\n\n[Install]\nWantedBy=multi-server.target\nAlias=pleroma.service\n" > $1 ; systemctl restart pleroma )
	}

	_ensure_onion_service()
	{
	grep -i 'hiddenservicedir /var/lib/tor/pleroma' /etc/tor/torrc \|\| echo -ne "\nHiddenServiceDir /var/lib/tor/pleroma\nHiddenServiceVersion 3\nHiddenServicePort 80 127.0.0.1:4000\n" >> /etc/tor/torrc
	systemctl reload tor
	}

	_ensure_gpg
	_ensure_tor_repo
	_ensure_deps
	_ensure_elixir
	_ensure_pleroma_user
	_ensure_onion_service
	_ensure_pleroma_repo /usr/local/pleroma /usr/local/pleroma/pleroma
	_ensure_pleroma_config /usr/local/pleroma/pleroma/config/prod.secret.exs $(head -1 /var/lib/tor/pleroma/hostname)
	_ensure_pleroma_built /usr/local/pleroma/pleroma
	_ensure_pleroma_unit /etc/systemd/system/pleroma.service
	echo "pleroma set up at http://$(head -1 /var/lib/tor/pleroma/hostname)/"