/pleroma-onion.sh
Last active Apr 21, 2018
| #!/usr/bin/env bash | |
| # | |
| # automated onion installer | |
| set -e | |
| set -x | |
| test $(id -u) = 0 || ( echo "not root" ; exit 1 ); | |
| mkdir -p /etc/apt/sources.list.d | |
| _ensure_gpg() | |
| { | |
| apt update && apt install -y gpg | |
| } | |
| _ensure_deps() | |
| { | |
| apt update && apt dist-upgrade -y | |
| apt install -y wget tor git build-essential openssl ssh sudo postgresql-9.6 postgresql-contrib-9.6 | |
| } | |
| _ensure_tor_repo() | |
| { | |
| [ -f /etc/apt/sources.list.d/pleroma-tor.list ] || echo -ne "deb https://deb.torproject.org/torproject.org stretch main\ndeb-src https://deb.torproject.org/torproject.org stretch main\n" > /etc/apt/sources.list.d/pleroma-tor.list | |
| gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | |
| gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - | |
| apt install -y apt-transport-https | |
| } | |
| _ensure_elixir() | |
| { | |
| wget -P /tmp/ https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb && dpkg -i /tmp/erlang-solutions_1.0_all.deb | |
| apt update && apt install -y elixir erlang-dev erlang-parsetools erlang-xmerl | |
| rm /tmp/erlang-solutions_1.0_all.deb | |
| } | |
| _ensure_pleroma_user() | |
| { | |
| id pleroma || adduser --system --quiet --disabled-login --home /usr/local/pleroma/ pleroma | |
| [ -e /etc/ssh/sshd_config ] && ( grep -i 'denyusers pleroma' /etc/ssh/sshd_config || echo "DenyUsers pleroma" >> /etc/ssh/sshd_config ) | |
| } | |
| _run_as_pleroma() | |
| { | |
| sudo -u pleroma bash -c "$@" | |
| } | |
| _ensure_pleroma_repo() | |
| { | |
| [ -e $2 ] || _run_as_pleroma "cd $1 && git clone https://git.pleroma.social/pleroma/pleroma $2" | |
| } | |
| _ensure_pleroma_config() | |
| { | |
| db_pass="$(cat /dev/urandom | base32 | head -1)" | |
| echo "use Mix.Config" > $1 | |
| echo "" >> $1 | |
| echo "config :pleroma, Pleroma.Web.Endpoint," >> $1 | |
| echo " url: [host: \"$2\", scheme: \"http\", port: 80, ip: {127, 0, 0, 1} ]," >> $1 | |
| echo " secret_key_base: \"$( cat /dev/urandom | base32 | head -1 )\"" >> $1 | |
| echo "" >> $1 | |
| echo "config :pleroma, :instance," >> $1 | |
| echo " name: \"$2\"," >> $1 | |
| echo " email: \"root@localhost\"," >> $1 | |
| echo " limit: 500," >> $1 | |
| echo " registrations_open: true" >> $1 | |
| echo "" >> $1 | |
| echo "config :pleroma, :media_proxy," >> $1 | |
| echo " enabled: false" >> $1 | |
| echo "" >> $1 | |
| echo "config :pleroma, Pleroma.Repo," >> $1 | |
| echo " adapter: Ecto.Adapters.Postgres," >> $1 | |
| echo " username: \"pleroma\"," >> $1 | |
| echo " password: \"$db_pass\" ," >> $1 | |
| echo " database: \"pleroma\"," >> $1 | |
| echo " hostname: \"localhost\"," >> $1 | |
| echo " pool_size: 10" >> $1 | |
| echo "" >> $1 | |
| echo "config :pleroma, :http," >> $1 | |
| echo " proxy_url: {:socks5, :localhost, 9050}" >> $1 | |
| echo "" >> $1 | |
| echo "CREATE USER pleroma WITH ENCRYPTED PASSWORD '$db_pass' CREATEDB;" > /tmp/pleroma.sql | |
| echo "ALTER USER pleroma WITH ENCRYPTED PASSWORD '$db_pass' CREATEDB;" >> /tmp/pleroma.sql | |
| echo "CREATE DATABASE pleroma OWNER pleroma;" >> /tmp/pleroma.sql | |
| echo "\c pleroma;" >> /tmp/pleroma.sql | |
| echo "CREATE EXTENSION IF NOT EXISTS citext;" >> /tmp/pleroma.sql | |
| chmod +x /tmp/pleroma.sql | |
| sudo -u postgres psql -f /tmp/pleroma.sql | |
| chown pleroma $1 | |
| rm -f /tmp/pleroma.sql | |
| } | |
| _ensure_pleroma_built() | |
| { | |
| _run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix local.hex --force" | |
| _run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix local.rebar --force" | |
| _run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix deps.get" | |
| _run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix ecto.migrate" | |
| _run_as_pleroma "cd $1 && MIX_ENV=prod /usr/local/bin/mix compile" | |
| } | |
| _ensure_pleroma_unit() | |
| { | |
| [ -f $1 ] || ( echo -ne "[Unit]\nDescription=Pleroma social network\nAfter=network.target postgresql.service\n\n[Service]\nUser=pleroma\nWorkingDirectory=/usr/local/pleroma/pleroma\nEnvironment=\"MIX_ENV=prod\"\nEnvironment=\"HOME=/usr/local/pleroma\"\nExecStart=/usr/local/bin/mix phx.server\nExecReload=/bin/kill $MAINPID\nKillMode=process\nRestart=on-failure\n\n[Install]\nWantedBy=multi-server.target\nAlias=pleroma.service\n" > $1 ; systemctl restart pleroma ) | |
| } | |
| _ensure_onion_service() | |
| { | |
| grep -i 'hiddenservicedir /var/lib/tor/pleroma' /etc/tor/torrc || echo -ne "\nHiddenServiceDir /var/lib/tor/pleroma\nHiddenServiceVersion 3\nHiddenServicePort 80 127.0.0.1:4000\n" >> /etc/tor/torrc | |
| systemctl reload tor | |
| } | |
| _ensure_gpg | |
| _ensure_tor_repo | |
| _ensure_deps | |
| _ensure_elixir | |
| _ensure_pleroma_user | |
| _ensure_onion_service | |
| _ensure_pleroma_repo /usr/local/pleroma /usr/local/pleroma/pleroma | |
| _ensure_pleroma_config /usr/local/pleroma/pleroma/config/prod.secret.exs $(head -1 /var/lib/tor/pleroma/hostname) | |
| _ensure_pleroma_built /usr/local/pleroma/pleroma | |
| _ensure_pleroma_unit /etc/systemd/system/pleroma.service | |
| echo "pleroma set up at http://$(head -1 /var/lib/tor/pleroma/hostname)/" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment