Merge branch 'stretch' of https://github.com/bashrc/freedombone

src/freedombone-app-gnusocial

@@ -232,7 +232,7 @@ function gnusocial_set_background_image {
             if [ ${#temp_background} -gt 0 ]; then
                 GNUSOCIAL_BACKGROUND_IMAGE_URL="$temp_background"
                 write_config_param "GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_BACKGROUND_IMAGE_URL"
-                if [[ $(pleroma_set_background_image_from_url "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE" | tail -n 1) == "0" ]]; then
+                if [[ $(pleroma_set_background_image_from_url /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE" | tail -n 1) == "0" ]]; then
                     dialog --title $"Set GNU Social login background" \
                            --msgbox $"The background image has been set" 6 60
                 fi
@@ -363,7 +363,7 @@ function upgrade_gnusocial {
 
     gnusocial_hourly_script gnusocial $GNUSOCIAL_DOMAIN_NAME
     if [ -d $INSTALL_DIR/pleroma ]; then
-        upgrade_pleroma "$GNUSOCIAL_DOMAIN_NAME" "gnusocial" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
+        upgrade_pleroma_frontend "$GNUSOCIAL_DOMAIN_NAME" "gnusocial" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
     fi
     install_gnusocial_default_background "gnusocial" "$GNUSOCIAL_DOMAIN_NAME"
     chown -R www-data:www-data /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
@@ -924,7 +924,7 @@ function install_gnusocial {
     gnusocial_use_qvitter gnusocial
 
     if [ $GNUSOCIAL_BACKGROUND_IMAGE_URL ]; then
-        pleroma_set_background_image_from_url "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
+        pleroma_set_background_image_from_url /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
     fi
 
     APP_INSTALLED=1

src/freedombone-app-pleroma

@@ -0,0 +1,782 @@
+#!/bin/bash
+#
+# .---.                  .              .
+# |                      |              |
+# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
+# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
+# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+#
+#                    Freedom in the Cloud
+#
+# Pleroma backend application
+# https://git.pleroma.social/pleroma/pleroma/wikis/Installing-on-Debian-Based-Distributions
+#
+# License
+# =======
+#
+# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+VARIANTS='full full-vim social'
+
+IN_DEFAULT_INSTALL=0
+SHOW_ON_ABOUT=1
+
+PLEROMA_DOMAIN_NAME=
+PLEROMA_CODE=
+PLEROMA_PORT=4000
+PLEROMA_ONION_PORT=8011
+PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
+PLEROMA_COMMIT='7252f6b054dfdfac1f9bac77c442c5a1ebd898af'
+PLEROMA_ADMIN_PASSWORD=
+PLEROMA_DIR=/etc/pleroma
+PLEROMA_SECRET_KEY=""
+
+PLEROMA_BACKGROUND_IMAGE_URL=
+
+PLEROMA_TITLE='Pleroma Server'
+
+# Number of months after which posts expire
+PLEROMA_EXPIRE_MONTHS=3
+
+pleroma_variables=(ONION_ONLY
+                   PLEROMA_DOMAIN_NAME
+                   PLEROMA_CODE
+                   PLEROMA_WELCOME_MESSAGE
+                   PLEROMA_BACKGROUND_IMAGE_URL
+                   DDNS_PROVIDER
+                   PLEROMA_TITLE
+                   PLEROMA_EXPIRE_MONTHS
+                   MY_EMAIL_ADDRESS
+                   MY_USERNAME)
+
+function pleroma_recompile {
+    # necessary after parameter changes
+    sudo -u pleroma mix clean
+    sudo -u pleroma mix deps.compile
+    sudo -u pleroma mix compile
+
+    if [ -f /etc/systemd/system/pleroma.service ]; then
+        systemctl restart pleroma
+    fi
+}
+
+function logging_on_pleroma {
+    echo -n ''
+}
+
+function logging_off_pleroma {
+    echo -n ''
+}
+
+function remove_user_pleroma {
+    remove_username="$1"
+
+    ${PROJECT_NAME}-pass -u $remove_username --rmapp pleroma
+}
+
+function add_user_pleroma {
+    new_username="$1"
+    new_user_password="$2"
+
+    ${PROJECT_NAME}-pass -u $new_username -a pleroma -p "$new_user_password"
+
+    echo '0'
+}
+
+function install_interactive_pleroma {
+    if [ ! $ONION_ONLY ]; then
+        ONION_ONLY='no'
+    fi
+
+    if [[ $ONION_ONLY != "no" ]]; then
+        PLEROMA_DOMAIN_NAME='pleroma.local'
+    else
+        PLEROMA_DETAILS_COMPLETE=
+        while [ ! $PLEROMA_DETAILS_COMPLETE ]
+        do
+            data=$(tempfile 2>/dev/null)
+            trap "rm -f $data" 0 1 2 5 15
+            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                dialog --backtitle $"Freedombone Configuration" \
+                       --title $"Pleroma Configuration" \
+                       --form $"\nPlease enter your Pleroma details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       $"Domain:" 1 1 "$(grep 'PLEROMA_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
+                       $"Title:" 2 1 "$(grep '$PLEROMA_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep '$PLEROMA_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       $"Code:" 4 1 "$(grep 'PLEROMA_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 25 33 255 \
+                       2> $data
+            else
+                dialog --backtitle $"Freedombone Configuration" \
+                       --title $"Pleroma Configuration" \
+                       --form $"\nPlease enter your Pleroma details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       $"Domain:" 1 1 "$(grep 'PLEROMA_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
+                       $"Title:" 2 1 "$(grep '$PLEROMA_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep '$PLEROMA_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       2> $data
+            fi
+            sel=$?
+            case $sel in
+                1) exit 1;;
+                255) exit 1;;
+            esac
+            PLEROMA_DOMAIN_NAME=$(cat $data | sed -n 1p)
+            title=$(cat $data | sed -n 2p)
+            if [ ${#title} -gt 1 ]; then
+                PLEROMA_TITLE=$welcome_msg
+            fi
+            img_url=$(cat $data | sed -n 3p)
+            if [ ${#img_url} -gt 1 ]; then
+                PLEROMA_BACKGROUND_IMAGE_URL=$img_url
+            fi
+            if [ $PLEROMA_DOMAIN_NAME ]; then
+                if [[ $PLEROMA_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+                    PLEROMA_DOMAIN_NAME=""
+                fi
+                TEST_DOMAIN_NAME=$PLEROMA_DOMAIN_NAME
+                validate_domain_name
+                if [[ $TEST_DOMAIN_NAME != $PLEROMA_DOMAIN_NAME ]]; then
+                    PLEROMA_DOMAIN_NAME=
+                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
+                else
+                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                        PLEROMA_CODE=$(cat $data | sed -n 4p)
+                        validate_freedns_code "$PLEROMA_CODE"
+                        if [ ! $VALID_CODE ]; then
+                            PLEROMA_DOMAIN_NAME=
+                        fi
+                    fi
+                fi
+            fi
+            if [ $PLEROMA_DOMAIN_NAME ]; then
+                PLEROMA_DETAILS_COMPLETE="yes"
+            fi
+        done
+
+        # remove any invalid characters
+        if [ ${#PLEROMA_TITLE} -gt 0 ]; then
+            new_title=$(echo "$PLEROMA_TITLE" | sed "s|'||g")
+            PLEROMA_TITLE="$new_title"
+        fi
+
+        # save the results in the config file
+        write_config_param "PLEROMA_CODE" "$PLEROMA_CODE"
+        write_config_param "PLEROMA_TITLE" "$PLEROMA_TITLE"
+        write_config_param "PLEROMA_BACKGROUND_IMAGE_URL" "$PLEROMA_BACKGROUND_IMAGE_URL"
+    fi
+    write_config_param "PLEROMA_DOMAIN_NAME" "$PLEROMA_DOMAIN_NAME"
+    APP_INSTALLED=1
+}
+
+function change_password_pleroma {
+    curr_username="$1"
+    new_user_password="$2"
+
+    #${PROJECT_NAME}-pass -u "$curr_username" -a pleroma -p "$new_user_password"
+}
+
+function pleroma_create_database {
+    if [ -f $IMAGE_PASSWORD_FILE ]; then
+        PLEROMA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    else
+        if [ ! $PLEROMA_ADMIN_PASSWORD ]; then
+            PLEROMA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        fi
+    fi
+    if [ ! $PLEROMA_ADMIN_PASSWORD ]; then
+        return
+    fi
+
+    add_postgresql_user pleroma "$PLEROMA_ADMIN_PASSWORD" encrypted
+    run_system_query_postgresql "create database pleroma;"
+    # temporarily allow the user to create databases
+    run_system_query_postgresql "ALTER USER pleroma CREATEDB;"
+    run_system_query_postgresql "ALTER USER pleroma SUPERUSER;"
+    run_system_query_postgresql "GRANT ALL ON ALL tables IN SCHEMA public TO pleroma;"
+    run_system_query_postgresql "GRANT ALL ON ALL sequences IN SCHEMA public TO pleroma;"
+    run_system_query_postgresql "CREATE EXTENSION citext;"
+
+    read_config_param "PLEROMA_SECRET_KEY"
+    if [ ${#PLEROMA_SECRET_KEY} -lt 50 ]; then
+        PLEROMA_SECRET_KEY="$(create_password 30)$(create_password 30)"
+        if [ ${#PLEROMA_SECRET_KEY} -lt 50 ]; then
+            run_system_query_postgresql "ALTER USER pleroma NOSUPERUSER;"
+            run_system_query_postgresql "ALTER USER pleroma NOCREATEDB;"
+            echo $'Pleroma secret key not created'
+            exit 6782352
+        fi
+        write_config_param "PLEROMA_SECRET_KEY" "$PLEROMA_SECRET_KEY"
+    fi
+
+    pleroma_secret=config/dev.secret.exs
+    cp config/dev.exs $pleroma_secret
+    sed -i "s|username:.*|username: \"pleroma\",|g" $pleroma_secret
+    sed -i "s|password:.*|password: \"$PLEROMA_ADMIN_PASSWORD\",|g" $pleroma_secret
+    sed -i "s|database:.*|database: \"pleroma\",|g" $pleroma_secret
+    sed -i "/Pleroma.Web.Endpoint/a secret_key_base: \"$PLEROMA_SECRET_KEY\"," $pleroma_secret
+    sed -i 's|secret_key_base: |  secret_key_base: |g' $pleroma_secret
+    sed -i "/Pleroma.Web.Endpoint/a pubsub: [name: Pleroma.Web.PubSub, adapter: Phoenix.PubSub.PG2]," $pleroma_secret
+    sed -i 's|pubsub: |  pubsub: |g' $pleroma_secret
+    sed -i 's|watchers: []|watchers: [],|g' $pleroma_secret
+    sed -i "/watchers: []/a url: [host: \"$PLEROMA_DOMAIN_NAME\", scheme: \"https\", port: 443]" $pleroma_secret
+    sed -i 's|url: |  url: |g' $pleroma_secret
+
+    cd $PLEROMA_DIR
+    chown -R pleroma:pleroma *
+    sudo -u pleroma mix local.rebar --force
+    if [ ! "$?" = "0" ]; then
+        run_system_query_postgresql "ALTER USER pleroma NOSUPERUSER;"
+        run_system_query_postgresql "ALTER USER pleroma NOCREATEDB;"
+        echo $'mix local.rebar failed'
+        exit 73528562
+    fi
+    sudo -u pleroma mix local.hex --force
+    sudo -u pleroma mix deps.compile mimerl
+    sudo -u pleroma mix ecto.create --force
+    if [ ! "$?" = "0" ]; then
+        run_system_query_postgresql "ALTER USER pleroma NOSUPERUSER;"
+        run_system_query_postgresql "ALTER USER pleroma NOCREATEDB;"
+        echo $'mix ecto.create failed'
+        exit 83653582
+    fi
+    sudo -u pleroma mix ecto.migrate --force
+    if [ ! "$?" = "0" ]; then
+        run_system_query_postgresql "ALTER USER pleroma NOSUPERUSER;"
+        run_system_query_postgresql "ALTER USER pleroma NOCREATEDB;"
+        echo $'mix ecto.migrate failed'
+        exit 73752573
+    fi
+
+    # revoke the ability to create databases for this user
+    run_system_query_postgresql "ALTER USER pleroma NOSUPERUSER;"
+    run_system_query_postgresql "ALTER USER pleroma NOCREATEDB;"
+}
+
+function reconfigure_pleroma {
+    echo -n ''
+}
+
+function pleroma_set_background_image {
+    PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
+
+    data=$(tempfile 2>/dev/null)
+    trap "rm -f $data" 0 1 2 5 15
+    dialog --title $"Pleroma" \
+           --backtitle $"Freedombone Control Panel" \
+           --inputbox $'Set a background image URL' 10 60 2>$data
+    sel=$?
+    case $sel in
+        0)
+            temp_background=$(<$data)
+            if [ ${#temp_background} -gt 0 ]; then
+                PLEROMA_BACKGROUND_IMAGE_URL="$temp_background"
+                write_config_param "PLEROMA_BACKGROUND_IMAGE_URL" "$PLEROMA_BACKGROUND_IMAGE_URL"
+                if [[ $(pleroma_set_background_image_from_url $PLEROMA_DIR "$PLEROMA_DOMAIN_NAME" "$PLEROMA_BACKGROUND_IMAGE_URL" "$PLEROMA_TITLE" | tail -n 1) == "0" ]]; then
+                    pleroma_recompile
+                    dialog --title $"Set Pleroma login background" \
+                           --msgbox $"The background image has been set" 6 60
+                fi
+            fi
+           ;;
+    esac
+    rm $data
+}
+
+function pleroma_set_title {
+    data=$(tempfile 2>/dev/null)
+    trap "rm -f $data" 0 1 2 5 15
+    dialog --title $"Pleroma" \
+           --backtitle $"Freedombone Control Panel" \
+           --inputbox $'Set a title' 10 60 2>$data
+    sel=$?
+    case $sel in
+        0)
+            new_title=$(<$data)
+            if [ ${#new_title} -gt 0 ]; then
+                PLEROMA_TITLE="$new_title"
+                PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
+                write_config_param "PLEROMA_TITLE" "$PLEROMA_TITLE"
+                sed -i "s|\"name\":.*|\"name\": \"${PLEROMA_TITLE}\",|g" $PLEROMA_DIR/static/config.json
+                sed -i "s|\"name\":.*|\"name\": \"${PLEROMA_TITLE}\",|g" $PLEROMA_DIR/priv/static/static/config.json
+                sed -i "s|name: .*|name: \"${PLEROMA_TITLE}\",|g" $PLEROMA_DIR/config/config.exs
+                systemctl restart pleroma
+                dialog --title $"Set Pleroma title" \
+                       --msgbox $"The title has been set" 6 60
+            fi
+           ;;
+    esac
+    rm $data
+}
+
+function pleroma_set_expire_months {
+    PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
+    read_config_param "PLEROMA_EXPIRE_MONTHS"
+
+    data=$(tempfile 2>/dev/null)
+    trap "rm -f $data" 0 1 2 5 15
+    dialog --title $"Pleroma" \
+           --backtitle $"Freedombone Control Panel" \
+           --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$PLEROMA_EXPIRE_MONTHS" 2>$data
+    sel=$?
+    case $sel in
+        0)
+            new_expiry_months=$(<$data)
+            if [ ${#new_expiry_months} -gt 0 ]; then
+                # should contain no spaces
+                if [[ "$new_expiry_months" == *" "* ]]; then
+                    return
+                fi
+                # should be a number
+                re='^[0-9]+$'
+                if ! [[ $new_expiry_months =~ $re ]] ; then
+                    return
+                fi
+                # set the new value
+                PLEROMA_EXPIRE_MONTHS=$new_expiry_months
+                write_config_param "PLEROMA_EXPIRE_MONTHS" "$PLEROMA_EXPIRE_MONTHS"
+
+                # TODO
+
+                dialog --title $"Set Pleroma post expiry period" \
+                       --msgbox $"Expiry period set to $PLEROMA_EXPIRE_MONTHS months" 6 60
+            fi
+           ;;
+    esac
+    rm $data
+}
+
+function pleroma_disable_registrations {
+    dialog --title $"Disable new Pleroma user registrations" \
+           --backtitle $"Freedombone Control Panel" \
+           --yesno $"\nDo you wish to disable new registrations?" 10 60
+    sel=$?
+    case $sel in
+        0) sed -i 's|registrations_open:.*|registrations_open: false|g' $PLEROMA_DIR/config/config.exs
+           sed -i 's|"registrationOpen":.*|"registrationOpen": false|g' $PLEROMA_DIR/priv/static/static/config.json
+           ;;
+        1) sed -i 's|registrations_open:.*|registrations_open: true|g' $PLEROMA_DIR/config/config.exs
+           sed -i 's|"registrationOpen":.*|"registrationOpen": true|g' $PLEROMA_DIR/priv/static/static/config.json
+           ;;
+        255) return;;
+    esac
+    pleroma_recompile
+}
+
+function configure_interactive_pleroma {
+    read_config_param PLEROMA_EXPIRE_MONTHS
+    while true
+    do
+        data=$(tempfile 2>/dev/null)
+        trap "rm -f $data" 0 1 2 5 15
+        dialog --backtitle $"Freedombone Control Panel" \
+               --title $"Pleroma" \
+               --radiolist $"Choose an operation:" 14 70 5 \
+               1 $"Set a background image" off \
+               2 $"Set the title" off \
+               3 $"Disable new account registrations" off \
+               4 $"Set post expiry period (currently $PLEROMA_EXPIRE_MONTHS months)" off \
+               5 $"Exit" on 2> $data
+        sel=$?
+        case $sel in
+            1) return;;
+            255) return;;
+        esac
+        case $(cat $data) in
+            1) pleroma_set_background_image;;
+            2) pleroma_set_title;;
+            3) pleroma_disable_registrations;;
+            4) pleroma_set_expire_months;;
+            5) break;;
+        esac
+        rm $data
+    done
+}
+
+function upgrade_pleroma {
+    CURR_PLEROMA_COMMIT=$(get_completion_param "pleroma commit")
+    if [[ "$CURR_PLEROMA_COMMIT" == "$PLEROMA_COMMIT" ]]; then
+        return
+    fi
+
+    function_check set_repo_commit
+    set_repo_commit $PLEROMA_DIR "pleroma commit" "$PLEROMA_COMMIT" $PLEROMA_REPO
+    chown -R pleroma:pleroma $PLEROMA_DIR
+    pleroma_recompile
+}
+
+function backup_local_pleroma {
+    PLEROMA_DOMAIN_NAME='pleroma'
+    if grep -q "pleroma domain" $COMPLETION_FILE; then
+        PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
+    fi
+
+    function_check suspend_site
+    suspend_site ${PLEROMA_DOMAIN_NAME}
+
+    source_directory=$PLEROMA_DIR
+    dest_directory=pleroma
+    backup_directory_to_usb $source_directory $dest_directory
+
+    USE_POSTGRESQL=1
+    function_check backup_database_to_usb
+    backup_database_to_usb pleroma
+
+    function_check restart_site
+    restart_site
+}
+
+function restore_local_pleroma {
+    if ! grep -q "pleroma domain" $COMPLETION_FILE; then
+        return
+    fi
+    PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
+    if [ $PLEROMA_DOMAIN_NAME ]; then
+        echo $"Restoring pleroma"
+        temp_restore_dir=/root/temppleroma
+        pleroma_dir=$PLEROMA_DIR
+
+        function_check pleroma_create_database
+        pleroma_create_database
+
+        USE_POSTGRESQL=1
+        restore_database pleroma
+        if [ -d $temp_restore_dir ]; then
+            rm -rf $temp_restore_dir
+        fi
+
+        function_check restore_directory_from_usb
+        restore_directory_from_usb $temp_restore_dir pleroma
+        if [ -d $temp_restore_dir ]; then
+            chown -R pleroma:pleroma $pleroma_dir
+            rm -rf $temp_restore_dir
+        fi
+
+        echo $"Restore of pleroma complete"
+    fi
+}
+
+function backup_remote_pleroma {
+    PLEROMA_DOMAIN_NAME='pleroma'
+    if grep -q "pleroma domain" $COMPLETION_FILE; then
+        PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
+    fi
+
+    function_check suspend_site
+    suspend_site ${PLEROMA_DOMAIN_NAME}
+
+    source_directory=$PLEROMA_DIR
+    dest_directory=pleroma
+    backup_directory_to_friend $source_directory $dest_directory
+
+    USE_POSTGRESQL=1
+    function_check backup_database_to_friend
+    backup_database_to_friend pleroma
+
+    function_check restart_site
+    restart_site
+}
+
+function restore_remote_pleroma {
+    if ! grep -q "pleroma domain" $COMPLETION_FILE; then
+        return
+    fi
+    PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
+    if [ $PLEROMA_DOMAIN_NAME ]; then
+        echo $"Restoring pleroma"
+        temp_restore_dir=/root/temppleroma
+        pleroma_dir=$PLEROMA_DIR
+
+        function_check pleroma_create_database
+        pleroma_create_database
+
+        USE_POSTGRESQL=1
+        function_check restore_database_from_friend
+        restore_database_from_friend pleroma
+        if [ -d $temp_restore_dir ]; then
+            rm -rf $temp_restore_dir
+        fi
+
+        function_check restore_directory_from_friend
+        restore_directory_from_friend $temp_restore_dir pleroma
+        if [ -d $temp_restore_dir ]; then
+            chown -R pleroma:pleroma $pleroma_dir
+            rm -rf $temp_restore_dir
+        fi
+
+        pleroma_update_after_restore pleroma ${PLEROMA_DOMAIN_NAME}
+
+        echo $"Restore of pleroma complete"
+    fi
+}
+
+function remove_pleroma {
+    if [ ${#PLEROMA_DOMAIN_NAME} -eq 0 ]; then
+        return
+    fi
+    systemctl stop pleroma
+    systemctl disable pleroma
+    rm /etc/systemd/system/pleroma.service
+
+    userdel pleroma
+    apt-get -yq remove esl-erlang elixir erlang-xmerl erlang-dev erlang-parsetools
+
+    function_check remove_nodejs
+    remove_nodejs pleroma-backend
+
+    read_config_param "PLEROMA_DOMAIN_NAME"
+    read_config_param "MY_USERNAME"
+    echo "Removing $PLEROMA_DOMAIN_NAME"
+    nginx_dissite $PLEROMA_DOMAIN_NAME
+    remove_certs $PLEROMA_DOMAIN_NAME
+
+    if [ -d /var/www/$PLEROMA_DOMAIN_NAME ]; then
+        rm -rf /var/www/$PLEROMA_DOMAIN_NAME
+    fi
+    if [ -f /etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME ]; then
+        rm /etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME
+    fi
+    if [ -d $PLEROMA_DIR ]; then
+        rm -rf $PLEROMA_DIR
+    fi
+    function_check drop_database_postgresql
+    drop_database_postgresql pleroma
+    function_check remove_onion_service
+    remove_onion_service pleroma ${PLEROMA_ONION_PORT}
+    remove_app pleroma
+    remove_completion_param install_pleroma
+    sed -i '/pleroma domain/d' $COMPLETION_FILE
+    sed -i '/pleroma commit/d' $COMPLETION_FILE
+
+    function_check remove_ddns_domain
+    remove_ddns_domain $PLEROMA_DOMAIN_NAME
+}
+
+function install_elixir {
+    apt-get -yq install wget build-essential
+
+    if [ ! -d $INSTALL_DIR ]; then
+        mkdir -p $INSTALL_DIR
+    fi
+
+    cd $INSTALL_DIR
+    erlang_package=erlang-solutions_1.0_all.deb
+    wget https://packages.erlang-solutions.com/$erlang_package
+    if [ ! -f $INSTALL_DIR/$erlang_package ]; then
+        exit 72853
+    fi
+    dpkg -i $erlang_package
+    apt-get -yq update
+    apt-get -yq install esl-erlang
+    apt-get -yq install elixir erlang-xmerl erlang-dev erlang-parsetools
+
+    if [ ! -f /usr/local/bin/mix ]; then
+        echo $'/usr/local/bin/mix not found after elixir installation'
+        exit 629352
+    fi
+}
+
+function install_pleroma {
+    if [ ! $ONION_ONLY ]; then
+        ONION_ONLY='no'
+    fi
+
+    # We need elixir 1.4+ here, so the debian repo package won't do
+    install_elixir
+
+    function_check install_nodejs
+    install_nodejs pleroma-backend
+    install_postgresql
+
+    if [ ! -d /var/www/${PLEROMA_DOMAIN_NAME}/htdocs ]; then
+        mkdir -p /var/www/${PLEROMA_DOMAIN_NAME}/htdocs
+    fi
+    if [ -d $PLEROMA_DIR ]; then
+        rm -rf $PLEROMA_DIR
+    fi
+
+
+    # get the repo
+    if [ -f /repos/pleroma/index.html ]; then
+        mv /repos/pleroma /repos/pleroma-fe
+    fi
+    if [ -d /repos/pleroma ]; then
+        mkdir -p $PLEROMA_DIR
+        cp -r -p /repos/pleroma/. $PLEROMA_DIR
+        cd $PLEROMA_DIR
+        git pull
+    else
+        function_check git_clone
+        git_clone $PLEROMA_REPO $PLEROMA_DIR
+    fi
+
+    if [ ! -d $PLEROMA_DIR ]; then
+        echo $'Unable to clone pleroma backend repo'
+        exit 783523
+    fi
+
+
+    # create user
+    useradd -d $PLEROMA_DIR -s /bin/false pleroma
+
+
+    # checkout the commit
+    cd $PLEROMA_DIR
+    git checkout $PLEROMA_COMMIT -b $PLEROMA_COMMIT
+    set_completion_param "pleroma commit" "$PLEROMA_COMMIT"
+    chown -R pleroma:pleroma $PLEROMA_DIR
+
+
+    # web config
+    function_check add_ddns_domain
+    add_ddns_domain $PLEROMA_DOMAIN_NAME
+
+    PLEROMA_ONION_HOSTNAME=$(add_onion_service pleroma 80 ${PLEROMA_ONION_PORT})
+
+    pleroma_nginx_site=/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME
+    if [[ $ONION_ONLY == "no" ]]; then
+        function_check nginx_http_redirect
+        nginx_http_redirect $PLEROMA_DOMAIN_NAME "index index.html"
+        echo 'server {' >> $pleroma_nginx_site
+        echo '  listen 443 ssl;' >> $pleroma_nginx_site
+        echo '  listen [::]:443 ssl;' >> $pleroma_nginx_site
+        echo "  server_name $PLEROMA_DOMAIN_NAME;" >> $pleroma_nginx_site
+        echo '' >> $pleroma_nginx_site
+        function_check nginx_compress
+        nginx_compress $PLEROMA_DOMAIN_NAME
+        echo '' >> $pleroma_nginx_site
+        echo '  # Security' >> $pleroma_nginx_site
+        function_check nginx_ssl
+        nginx_ssl $PLEROMA_DOMAIN_NAME
+
+        function_check nginx_disable_sniffing
+        nginx_disable_sniffing $PLEROMA_DOMAIN_NAME
+
+        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $pleroma_nginx_site
+        echo '' >> $pleroma_nginx_site
+        echo '  # Logs' >> $pleroma_nginx_site
+        echo '  access_log /dev/null;' >> $pleroma_nginx_site
+        echo '  error_log /dev/null;' >> $pleroma_nginx_site
+        echo '' >> $pleroma_nginx_site
+        echo "  root $PLEROMA_DIR;" >> $pleroma_nginx_site
+        echo '' >> $pleroma_nginx_site
+        echo '  index index.html;' >> $pleroma_nginx_site
+        echo '  location / {' >> $pleroma_nginx_site
+        function_check nginx_limits
+        nginx_limits $PLEROMA_DOMAIN_NAME '15m'
+        echo "    proxy_pass http://localhost:$PLEROMA_PORT;" >> $pleroma_nginx_site
+        echo '  }' >> $pleroma_nginx_site
+        echo '  # include snippets/well-known.conf;' >> $pleroma_nginx_site
+        echo '}' >> $pleroma_nginx_site
+    else
+        echo -n '' > $pleroma_nginx_site
+    fi
+    echo 'server {' >> $pleroma_nginx_site
+    echo "    listen 127.0.0.1:$PLEROMA_ONION_PORT default_server;" >> $pleroma_nginx_site
+    echo "    server_name $PLEROMA_ONION_HOSTNAME;" >> $pleroma_nginx_site
+    echo '' >> $pleroma_nginx_site
+    function_check nginx_compress
+    nginx_compress $PLEROMA_DOMAIN_NAME
+    echo '' >> $pleroma_nginx_site
+    function_check nginx_disable_sniffing
+    nginx_disable_sniffing $PLEROMA_DOMAIN_NAME
+    echo '' >> $pleroma_nginx_site
+    echo '  # Logs' >> $pleroma_nginx_site
+    echo '  access_log /dev/null;' >> $pleroma_nginx_site
+    echo '  error_log /dev/null;' >> $pleroma_nginx_site
+    echo '' >> $pleroma_nginx_site
+    echo "  root $PLEROMA_DIR;" >> $pleroma_nginx_site
+    echo '' >> $pleroma_nginx_site
+    echo '  index index.html;' >> $pleroma_nginx_site
+    echo '  location / {' >> $pleroma_nginx_site
+    function_check nginx_limits
+    nginx_limits $PLEROMA_DOMAIN_NAME '15m'
+    echo "    proxy_pass http://localhost:$PLEROMA_PORT;" >> $pleroma_nginx_site
+    echo '  }' >> $pleroma_nginx_site
+    echo '  # include snippets/well-known.conf;' >> $pleroma_nginx_site
+    echo '}' >> $pleroma_nginx_site
+
+
+    # back end
+    cd $PLEROMA_DIR
+    chown -R pleroma:pleroma *
+    sudo -u pleroma mix local.hex --force
+    if [ ! "$?" = "0" ]; then
+        echo $'mix local.hex failed'
+        exit 1745673
+    fi
+    sudo -u pleroma mix deps.get --force
+    if [ ! "$?" = "0" ]; then
+        echo $'mix deps.get failed'
+        exit 7325733
+    fi
+
+    function_check pleroma_create_database
+    pleroma_create_database
+
+    ${PROJECT_NAME}-pass -u $MY_USERNAME -a pleroma -p "$PLEROMA_ADMIN_PASSWORD"
+
+    # NOTE: we don't need to install the frontend separately,
+    # since the backend contains a precompiled version of it
+
+    install_gnusocial_default_background "pleroma" "$PLEROMA_DOMAIN_NAME"
+    if [ ! -f $PLEROMA_DIR/priv/static/static/config.json ]; then
+        echo $"$PLEROMA_DIR/priv/static/static/config.json file missing"
+        exit 323689
+    fi
+    sed -i 's|"theme":.*|"theme": "base16-summerfruit-dark.css",|g' $PLEROMA_DIR/priv/static/static/config.json
+
+    if [ $PLEROMA_BACKGROUND_IMAGE_URL ]; then
+        pleroma_set_background_image_from_url $PLEROMA_DIR/priv/static "$PLEROMA_DOMAIN_NAME" "$PLEROMA_BACKGROUND_IMAGE_URL" "$PLEROMA_TITLE"
+    fi
+
+
+    # Get certificate
+    function_check create_site_certificate
+    create_site_certificate $PLEROMA_DOMAIN_NAME 'yes'
+
+    function_check nginx_ensite
+    nginx_ensite $PLEROMA_DOMAIN_NAME
+
+    systemctl restart postgresql
+    systemctl restart nginx
+
+    set_completion_param "pleroma domain" "$PLEROMA_DOMAIN_NAME"
+
+
+    # daemon
+    echo '[Unit]' > /etc/systemd/system/pleroma.service
+    echo 'Description=Pleroma social network' >> /etc/systemd/system/pleroma.service
+    echo 'After=network.target postgresql.service' >> /etc/systemd/system/pleroma.service
+    echo '' >> /etc/systemd/system/pleroma.service
+    echo '[Service]' >> /etc/systemd/system/pleroma.service
+    echo 'User=pleroma' >> /etc/systemd/system/pleroma.service
+    echo "WorkingDirectory=$PLEROMA_DIR" >> /etc/systemd/system/pleroma.service
+    echo "Environment=\"HOME=$PLEROMA_DIR\"" >> /etc/systemd/system/pleroma.service
+    echo 'ExecStart=/usr/local/bin/mix phx.server' >> /etc/systemd/system/pleroma.service
+    echo 'ExecReload=/bin/kill $MAINPID' >> /etc/systemd/system/pleroma.service
+    echo 'KillMode=process' >> /etc/systemd/system/pleroma.service
+    echo 'Restart=on-failure' >> /etc/systemd/system/pleroma.service
+    echo '' >> /etc/systemd/system/pleroma.service
+    echo '[Install]' >> /etc/systemd/system/pleroma.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/pleroma.service
+    echo 'Alias=pleroma.service' >> /etc/systemd/system/pleroma.service
+    systemctl daemon-reload
+    systemctl enable pleroma
+    systemctl start pleroma
+
+    APP_INSTALLED=1
+}
+
+# NOTE: deliberately there is no "exit 0"

src/freedombone-app-postactiv

@@ -248,7 +248,7 @@ function postactiv_set_background_image {
                 POSTACTIV_BACKGROUND_IMAGE_URL="$temp_background"
                 write_config_param "POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_BACKGROUND_IMAGE_URL"
 
-                if [[ $(pleroma_set_background_image_from_url "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" | tail -n 1) == "0" ]]; then
+                if [[ $(pleroma_set_background_image_from_url /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" | tail -n 1) == "0" ]]; then
                     dialog --title $"Set PostActiv background" \
                            --msgbox $"The background image has been set" 6 60
                 fi
@@ -378,7 +378,7 @@ function upgrade_postactiv {
     gnusocial_block_user_script
     gnusocial_block_domain_script postactiv "$POSTACTIV_DOMAIN_NAME"
 
-    upgrade_pleroma "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
+    upgrade_pleroma_frontend "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
     postactiv_customise_logo
     install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME"
     chown -R www-data:www-data /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
@@ -945,7 +945,7 @@ function install_postactiv {
     gnusocial_use_qvitter postactiv
 
     if [ $POSTACTIV_BACKGROUND_IMAGE_URL ]; then
-        pleroma_set_background_image_from_url "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
+        pleroma_set_background_image_from_url /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
     fi
 
     APP_INSTALLED=1

src/freedombone-app-vpn

@@ -59,11 +59,17 @@ vpn_variables=(MY_EMAIL_ADDRESS
                VPN_TLS_PORT)
 
 function logging_on_vpn {
+    if [ ! -f /etc/openvpn/server.conf ]; then
+        return
+    fi
     sed -i 's|status .*|status /var/log/openvpn.log|g' /etc/openvpn/server.conf
     systemctl restart openvpn
 }
 
 function logging_off_vpn {
+    if [ ! -f /etc/openvpn/server.conf ]; then
+        return
+    fi
     sed -i 's|status .*|status /dev/null|g' /etc/openvpn/server.conf
     systemctl restart openvpn
 }

src/freedombone-backup-local

@@ -337,6 +337,28 @@ function backup_mariadb {
     fi
 }
 
+function backup_postgresql {
+    if [ ! -d /etc/postgresql ]; then
+        return
+    fi
+
+    temp_backup_dir=/root/temppostgresql
+    if [ ! -d $temp_backup_dir ]; then
+        mkdir $temp_backup_dir
+    fi
+    sudo -u postgres pg_dumpall --roles-only > $temp_backup_dir/postgresql.sql
+    if [ ! -s $temp_backup_dir/postgresql.sql ]; then
+        echo $"Unable to backup postgresql settings"
+        rm -rf $temp_backup_dir
+        umount $USB_MOUNT
+        rm -rf $USB_MOUNT
+        exit 684365
+    fi
+    echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
+    chmod 400 $temp_backup_dir/db
+    backup_directory_to_usb $temp_backup_dir postgresql
+}
+
 # has the remove option been set ?
 remove_option=$2
 if [[ $1 == "remove" ]]; then
@@ -355,6 +377,7 @@ backup_configfiles
 backup_blocklist
 backup_admin_readme
 backup_mariadb
+backup_postgresql
 backup_extra_directories local
 backup_unmount_drive $USB_DRIVE $USB_MOUNT
 echo $"Backup to USB drive is complete. You can now unplug it."

src/freedombone-backup-remote

@@ -336,6 +336,28 @@ function backup_mariadb {
     fi
 }
 
+function backup_postgresql {
+    if [ ! -d /etc/postgresql ]; then
+        return
+    fi
+
+    temp_backup_dir=/root/temppostgresql
+    if [ ! -d $temp_backup_dir ]; then
+        mkdir $temp_backup_dir
+    fi
+    sudo -u postgres pg_dumpall --roles-only > $temp_backup_dir/postgresql.sql
+    if [ ! -s $temp_backup_dir/postgresql.sql ]; then
+        echo $"Unable to backup postgresql settings"
+        rm -rf $temp_backup_dir
+        umount $USB_MOUNT
+        rm -rf $USB_MOUNT
+        exit 684365
+    fi
+    echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
+    chmod 400 $temp_backup_dir/db
+    backup_directory_to_friend $temp_backup_dir postgresql
+}
+
 # Returns the filename of a key share
 function get_key_share {
     no_of_shares=$1
@@ -410,6 +432,7 @@ if [[ $TEST_MODE == "no" ]]; then
     backup_web_server
     backup_admin_readme
     backup_mariadb
+    backup_postgresql
     backup_certs
     backup_mailing_list
     backup_apps remote

src/freedombone-controlpanel

@@ -1084,6 +1084,7 @@ function restore_data_from_storage {
     utils_installed=(configfiles
                      blocklist
                      mariadb
+                     postgresql
                      letsencrypt
                      passwords
                      mutt

src/freedombone-image-customise

@@ -1553,18 +1553,25 @@ function image_preinstall_repos {
     git clone $INADYN_REPO $rootdir/repos/inadyn
     git clone $TOMB_REPO $rootdir/repos/tomb
 
+    if [[ $SOCIALINSTANCE == "pleroma" ]]; then
+        git clone $PLEROMA_REPO $rootdir/repos/pleroma
+        #git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
+        git clone $PLEROMA_FRONTEND_REPO $rootdir/repos/pleroma-fe
+        return
+    fi
+
     if [[ $SOCIALINSTANCE == "gnusocial" ]]; then
         git clone $GNUSOCIAL_REPO $rootdir/repos/gnusocial
         git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
         #git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
-        git clone $PLEROMA_REPO $rootdir/repos/pleroma
+        git clone $PLEROMA_FRONTEND_REPO $rootdir/repos/pleroma-fe
         return
     fi
 
     if [[ $SOCIALINSTANCE == "postactiv" ]]; then
         git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
         #git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
-        git clone $PLEROMA_REPO $rootdir/repos/pleroma
+        git clone $PLEROMA_FRONTEND_REPO $rootdir/repos/pleroma-fe
         #git clone $POSTACTIV_REPO $rootdir/repos/postactiv
         return
     fi
@@ -1574,9 +1581,10 @@ function image_preinstall_repos {
     git clone $ETHERPAD_REPO $rootdir/repos/etherpad
     git clone $FRIENDICA_REPO $rootdir/repos/friendica
     git clone $GNUSOCIAL_REPO $rootdir/repos/gnusocial
+    git clone $PLEROMA_REPO $rootdir/repos/pleroma
     git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
     #git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
-    git clone $PLEROMA_REPO $rootdir/repos/pleroma
+    git clone $PLEROMA_FRONTEND_REPO $rootdir/repos/pleroma-fe
     #git clone $POSTACTIV_REPO $rootdir/repos/postactiv
     git clone $SHARINGS_REPO $rootdir/repos/sharings
     git clone $HTMLY_REPO $rootdir/repos/htmly

src/freedombone-restore-local

@@ -289,6 +289,59 @@ function restore_mariadb {
     fi
 }
 
+function restore_postgresql {
+    if [[ $RESTORE_APP != 'all' ]]; then
+        if [[ $RESTORE_APP != 'postgresql' ]]; then
+            return
+        fi
+    fi
+
+    if [[ $(is_completed install_postgresql) == "0" ]]; then
+        function_check install_postgresql
+        install_postgresql
+    fi
+
+    if [ -d $USB_MOUNT/backup/postgresql ]; then
+        echo $"Restoring postgresql settings"
+        temp_restore_dir=/root/temppostgresql
+        restore_directory_from_usb $temp_restore_dir postgresql
+
+        store_original_postgresql_password
+
+        echo $'Obtaining original postgresql password'
+        db_pass=$(cat /root/.postgresqloriginal)
+        if [ ${#db_pass} -gt 0 ]; then
+            echo $"Restore the postgresql user table"
+            if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
+                mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
+            else
+                mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
+            fi
+            if [ ! "$?" = "0" ]; then
+                echo $"Try again using the password obtained from backup"
+                db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
+                if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
+                    mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
+                else
+                    mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
+                fi
+            fi
+            if [ ! "$?" = "0" ]; then
+                echo "$mysqlsuccess"
+                set_user_permissions
+                backup_unmount_drive
+                exit 73825
+            fi
+            echo $"Restarting database"
+            systemctl restart postgresql
+            echo $"Ensure postgresql handles authentication"
+            POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+            DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+        fi
+        rm -rf $temp_restore_dir
+    fi
+}
+
 function restore_letsencrypt {
     if [[ $RESTORE_APP != 'all' ]]; then
         if [[ $RESTORE_APP != 'letsencrypt' ]]; then
@@ -865,6 +918,7 @@ restore_configfiles
 same_admin_user
 restore_passwordstore
 restore_mariadb
+restore_postgresql
 restore_letsencrypt
 restore_tor
 restore_mutt_settings

src/freedombone-restore-remote

@@ -255,6 +255,56 @@ function restore_mariadb {
     fi
 }
 
+function restore_postgresql {
+    if [[ $RESTORE_APP != 'all' ]]; then
+        if [[ $RESTORE_APP != 'postgresql' ]]; then
+            return
+        fi
+    fi
+
+    if [[ $(is_completed install_postgresql) == "0" ]]; then
+        function_check install_postgresql
+        install_postgresql
+    fi
+
+    if [ -d $SERVER_DIRECTORY/backup/postgresql ]; then
+        echo $"Restoring Postgresql settings"
+        temp_restore_dir=/root/temppostgresql
+        restore_directory_from_friend $temp_restore_dir postgresql
+
+        store_original_postgresql_password
+
+        echo $'Obtaining Postgresql password'
+        db_pass=$(cat /root/.postgresqloriginal)
+        if [ ${#db_pass} -gt 0 ]; then
+            echo $"Restore the Postgresql user table"
+            if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
+                mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
+            else
+                mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
+            fi
+            if [ ! "$?" = "0" ]; then
+                echo $"Try again using the password obtained from backup"
+                db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
+                if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
+                    mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
+                else
+                    mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
+                fi
+            fi
+            if [ ! "$?" = "0" ]; then
+                echo "$mysqlsuccess"
+                exit 962
+            fi
+            echo $"Restarting database"
+            systemctl restart postgresql
+            echo $"Ensure postgresql handles authentication"
+            POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+        fi
+        rm -rf ${temp_restore_dir}
+    fi
+}
+
 function restore_letsencrypt {
     if [[ $RESTORE_APP != 'all' ]]; then
         if [[ $RESTORE_APP != 'letsencrypt' ]]; then
@@ -769,6 +819,7 @@ restore_blocklist
 restore_configfiles
 restore_passwordstore
 restore_mariadb
+restore_postgresql
 restore_letsencrypt
 restore_mutt_settings
 restore_gpg

src/freedombone-utils-backup

@@ -235,9 +235,14 @@ function backup_database_local_usb {
     if [ ! -d ${local_database_dir} ]; then
         mkdir -p ${local_database_dir}
     fi
-    keep_database_running
     echo $"Obtaining ${1} database backup"
-    mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.sql
+    if [ ! $USE_POSTGRESQL ]; then
+        keep_database_running
+        mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.sql
+    else
+        USE_POSTGRESQL=
+        sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.sql
+    fi
     if [ -f ${local_database_dir}/${1}.sql ]; then
         if [ ! -s ${local_database_dir}/${1}.sql ]; then
             echo $"${1} database could not be saved"
@@ -545,9 +550,16 @@ function backup_database_remote {
     if [ ! -d ${local_database_dir} ]; then
         mkdir -p ${local_database_dir}
     fi
-    keep_database_running
+
     echo "Obtaining ${1} database backup"
-    mysqldump --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.sql
+    if [ ! $USE_POSTGRESQL ]; then
+        keep_database_running
+        mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.sql
+    else
+        USE_POSTGRESQL=
+        sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.sql
+    fi
+
     if [ -f ${local_database_dir}/${1}.sql ]; then
         if [ ! -s ${local_database_dir}/${1}.sql ]; then
             echo $"${1} database could not be saved"
@@ -642,8 +654,13 @@ function restore_database_from_friend {
             rm -rf ${local_database_dir}
             exit 503
         fi
-        keep_database_running
-        mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${1} -o < ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)
+        if [ ! $USE_POSTGRESQL ]; then
+            keep_database_running
+            mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${1} -o < ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)
+        else
+            USE_POSTGRESQL=
+            mysqlsuccess=$(sudo -u postgres pg_restore ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)
+        fi
         if [ ! "$?" = "0" ]; then
             echo "$mysqlsuccess"
             exit 964
@@ -721,8 +738,13 @@ function restore_database {
             backup_unmount_drive
             exit 503
         fi
-        keep_database_running
-        mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < $database_file)
+        if [ ! $USE_POSTGRESQL ]; then
+            keep_database_running
+            mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < $database_file)
+        else
+            USE_POSTGRESQL=
+            mysqlsuccess=$(sudo -u postgres pg_restore $database_file)
+        fi
         if [ ! "$?" = "0" ]; then
             echo "$mysqlsuccess"
             function_check set_user_permissions

src/freedombone-utils-gnusocialtools

@@ -32,8 +32,8 @@
 QVITTER_THEME_REPO="https://github.com/bashrc/Qvitter"
 QVITTER_THEME_COMMIT='c6f09bda4e45be4290cf7409fa5efb4420538032'
 
-PLEROMA_REPO="https://gitgud.io/lambadalambda/pleroma-fe"
-PLEROMA_COMMIT='cbe652f2d94d81fa54a37378b7ff014c4391ca5e'
+PLEROMA_FRONTEND_REPO="https://gitgud.io/lambadalambda/pleroma-fe"
+PLEROMA_FRONTEND_COMMIT='cbe652f2d94d81fa54a37378b7ff014c4391ca5e'
 
 SHARINGS_REPO="http://github.com/bashrc/Sharings"
 SHARINGS_COMMIT='0d30fe7d153c7ab44e8459970b8f2b5dec06e43c'
@@ -88,9 +88,10 @@ function qvitter_update_background {
 }
 
 function pleroma_set_background_image_from_url {
-    domain_name="$1"
-    url="$2"
-    title="$3"
+    basedir="$1"
+    domain_name="$2"
+    url="$3"
+    title="$4"
 
     if [ ${#domain_name} -eq 0 ]; then
         echo "1"
@@ -111,7 +112,7 @@ function pleroma_set_background_image_from_url {
     fi
 
     if [ ${#ext} -gt 0 ]; then
-        cd /var/www/${domain_name}/htdocs
+        cd $basedir
 
         # remove any existing image
         if [ -f bg_custom.${ext} ]; then
@@ -127,13 +128,20 @@ function pleroma_set_background_image_from_url {
             return
         fi
 
-        if [ -d /var/www/${domain_name}/htdocs/static ]; then
+        if [ -d $basedir/static ]; then
             cp bg_custom.${ext} static/bg_custom.${ext}
             chown www-data:www-data static/bg_custom.${ext}
             sed -i "s|\"background\":.*|\"background\": \"/static/bg_custom.${ext}\",|g" static/config.json
         fi
+        if [ -d priv/static/static ]; then
+            cp bg_custom.${ext} priv/static/static/bg_custom.${ext}
+            chown www-data:www-data priv/static/static/bg_custom.${ext}
+            sed -i "s|\"background\":.*|\"background\": \"/static/bg_custom.${ext}\",|g" priv/static/static/config.json
+        fi
 
-        qvitter_update_background ${domain_name} ${ext}
+        if [[ "$basedir" != $PLEROMA_DIR ]]; then
+            qvitter_update_background ${domain_name} ${ext}
+        fi
 
         rm bg_custom.${ext}
     else
@@ -142,19 +150,28 @@ function pleroma_set_background_image_from_url {
     fi
 
     # customise the logo
-    if [ -f /var/www/${domain_name}/htdocs/static/logo.png ]; then
+    if [ -f $basedir/static/logo.png ]; then
         if [ -f ~/freedombone/img/logo_fbone3.png ]; then
-            cp ~/freedombone/img/logo_fbone3.png /var/www/${domain_name}/htdocs/static/logo.png
+            cp ~/freedombone/img/logo_fbone3.png $basedir/static/logo.png
+            if [ -d $basedir/priv/static/static ]; then
+                cp ~/freedombone/img/logo_fbone3.png $basedir/priv/static/static/logo.png
+            fi
         else
             if [ -f /home/$MY_USERNAME/freedombone/img/logo_fbone3.png ]; then
-                cp /home/$MY_USERNAME/freedombone/img/logo_fbone3.png /var/www/${domain_name}/htdocs/static/logo.png
+                cp /home/$MY_USERNAME/freedombone/img/logo_fbone3.png $basedir/static/logo.png
+                if [ -d $basedir/priv/static/static ]; then
+                    cp /home/$MY_USERNAME/freedombone/img/logo_fbone3.png $basedir/priv/static/static/logo.png
+                fi
             fi
         fi
     fi
 
     # customise the title
-    if [ -f /var/www/${domain_name}/htdocs/static/config.json ]; then
-        sed -i "s|\"name\":.*|\"name\": \"${title}\",|g" /var/www/${domain_name}/htdocs/static/config.json
+    if [ -f $basedir/static/config.json ]; then
+        sed -i "s|\"name\":.*|\"name\": \"${title}\",|g" $basedir/static/config.json
+    fi
+    if [ -f $basedir/priv/static/static/config.json ]; then
+        sed -i "s|\"name\":.*|\"name\": \"${title}\",|g" $basedir/priv/static/static/config.json
     fi
 
     echo "0"
@@ -251,26 +268,31 @@ function install_gnusocial_default_background {
     gnusocial_type=$1
     domain_name=$2
 
+    basedir=/var/www/${domain_name}/htdocs
+    if [[ "$gnusocial_type" == 'pleroma' ]]; then
+        basedir=$PLEROMA_DIR/priv/static
+    fi
+
     # customise the logo
-    if [ -f /var/www/${domain_name}/htdocs/static/logo.png ]; then
+    if [ -f $basedir/static/logo.png ]; then
         if [ -f ~/freedombone/img/logo_fbone3.png ]; then
-            cp ~/freedombone/img/logo_fbone3.png /var/www/${domain_name}/htdocs/static/logo.png
+            cp ~/freedombone/img/logo_fbone3.png $basedir/static/logo.png
         else
             if [ -f /home/$MY_USERNAME/freedombone/img/logo_fbone3.png ]; then
-                cp /home/$MY_USERNAME/freedombone/img/logo_fbone3.png /var/www/${domain_name}/htdocs/static/logo.png
+                cp /home/$MY_USERNAME/freedombone/img/logo_fbone3.png $basedir/static/logo.png
             fi
         fi
     fi
 
-    if [ ! -f /var/www/${domain_name}/htdocs/static/bg.jpg ]; then
+    if [ ! -f $basedir/static/bg.jpg ]; then
         return
     fi
 
     if [ -f ~/freedombone/img/backgrounds/${gnusocial_type}.jpg ]; then
-        cp ~/freedombone/img/backgrounds/${gnusocial_type}.jpg /var/www/${domain_name}/htdocs/static/bg.jpg
+        cp ~/freedombone/img/backgrounds/${gnusocial_type}.jpg $basedir/static/bg.jpg
     else
         if [ -f /home/$MY_USERNAME/freedombone/img/backgrounds/${gnusocial_type}.jpg ]; then
-            cp /home/$MY_USERNAME/freedombone/img/backgrounds/${gnusocial_type}.jpg /var/www/${domain_name}/htdocs/static/bg.jpg
+            cp /home/$MY_USERNAME/freedombone/img/backgrounds/${gnusocial_type}.jpg $basedir/static/bg.jpg
         fi
     fi
 }
@@ -284,14 +306,14 @@ function install_pleroma_front_end {
 
     if [ ! -d $INSTALL_DIR/pleroma ]; then
 
-        if [ -d /repos/pleroma ]; then
+        if [ -d /repos/pleroma-fe ]; then
             mkdir -p $INSTALL_DIR/pleroma
-            cp -r -p /repos/pleroma/. $INSTALL_DIR/pleroma
+            cp -r -p /repos/pleroma-fe/. $INSTALL_DIR/pleroma
             cd $INSTALL_DIR/pleroma
             git pull
         else
             function_check git_clone
-            git_clone $PLEROMA_REPO $INSTALL_DIR/pleroma
+            git_clone $PLEROMA_FRONTEND_REPO $INSTALL_DIR/pleroma
         fi
 
         if [ ! -d $INSTALL_DIR/pleroma ]; then
@@ -301,8 +323,8 @@ function install_pleroma_front_end {
     fi
 
     cd $INSTALL_DIR/pleroma
-    git checkout $PLEROMA_COMMIT -b $PLEROMA_COMMIT
-    set_completion_param "${app_name} pleroma commit" "$PLEROMA_COMMIT"
+    git checkout $PLEROMA_FRONTEND_COMMIT -b $PLEROMA_FRONTEND_COMMIT
+    set_completion_param "${app_name} pleroma commit" "$PLEROMA_FRONTEND_COMMIT"
 
     if [ -d $INSTALL_DIR/pleroma/node_modules ]; then
         rm -rf $INSTALL_DIR/pleroma/node_modules
@@ -328,9 +350,14 @@ function install_pleroma_front_end {
         exit 5282682
     fi
 
-    cp -r $INSTALL_DIR/pleroma/dist/* /var/www/${pleroma_domain}/htdocs/
+    if [[ "$app_name" != 'pleroma' ]]; then
+        cp -r $INSTALL_DIR/pleroma/dist/* /var/www/${pleroma_domain}/htdocs/
+        pleroma_set_background_image_from_url /var/www/${pleroma_domain}/htdocs "$pleroma_domain" "$background_url" "$title"
+    else
+        cp -r $INSTALL_DIR/pleroma/dist/* $PLEROMA_DIR/priv/static
+        pleroma_set_background_image_from_url $PLEROMA_DIR/priv/static "$pleroma_domain" "$background_url" "$title"
+    fi
 
-    pleroma_set_background_image_from_url "$pleroma_domain" "$background_url" "$title"
 
     nginx_site=/etc/nginx/sites-available/${pleroma_domain}
     sed -i 's|index index.php;|index index.html;|g' $nginx_site
@@ -345,17 +372,21 @@ function install_pleroma_front_end {
         rm -rf /root/.cache/yarn
     fi
 
-    chown -R www-data:www-data /var/www/${pleroma_domain}/htdocs
+    if [[ "$app_name" != 'pleroma' ]]; then
+        chown -R www-data:www-data /var/www/${pleroma_domain}/htdocs
+    else
+        chown -R pleroma:pleroma $PLEROMA_DIR
+    fi
 }
 
-function upgrade_pleroma {
+function upgrade_pleroma_frontend {
     domain_name="$1"
     app_name="$2"
     background_url="$3"
     title="$4"
 
     if [ -d $INSTALL_DIR/pleroma ]; then
-        set_repo_commit $INSTALL_DIR/pleroma "${app_name} pleroma commit" "$PLEROMA_COMMIT" $PLEROMA_REPO
+        set_repo_commit $INSTALL_DIR/pleroma "${app_name} pleroma commit" "$PLEROMA_FRONTEND_COMMIT" $PLEROMA_FRONTEND_REPO
         cd $INSTALL_DIR/pleroma
         yarn
         npm run build
@@ -363,31 +394,36 @@ function upgrade_pleroma {
             echo 'Unable to build pleroma'
             exit 268362
         fi
-        if [ -f /var/www/${domain_name}/htdocs/static/logo.png ]; then
-            cp /var/www/${domain_name}/htdocs/static/logo.png /var/www/${domain_name}/htdocs/static/logo.png.old
+
+        basedir=/var/www/${domain_name}/htdocs
+        if [[ "$app_name" == 'pleroma' ]]; then
+            basedir=$PLEROMA_DIR/priv/static
+        fi
+        if [ -f $basedir/static/logo.png ]; then
+            cp $basedir/static/logo.png $basedir/static/logo.png.old
         fi
-        if [ -f /var/www/${domain_name}/htdocs/static/bg.jpg ]; then
-            cp /var/www/${domain_name}/htdocs/static/bg.jpg /var/www/${domain_name}/htdocs/static/bg.jpg.old
+        if [ -f $basedir/static/bg.jpg ]; then
+            cp $basedir/static/bg.jpg $basedir/static/bg.jpg.old
         fi
-        if [ -f /var/www/${domain_name}/htdocs/static/config.json ]; then
-            cp /var/www/${domain_name}/htdocs/static/config.json /var/www/${domain_name}/htdocs/static/config.json.old
+        if [ -f $basedir/static/config.json ]; then
+            cp $basedir/static/config.json $basedir/static/config.json.old
         fi
-        cp -r $INSTALL_DIR/pleroma/dist/* /var/www/${domain_name}/htdocs/
-        if [ -f /var/www/${domain_name}/htdocs/static/config.json.old ]; then
-            mv /var/www/${domain_name}/htdocs/static/config.json.old /var/www/${domain_name}/htdocs/static/config.json
+        cp -r $INSTALL_DIR/pleroma/dist/* $basedir/
+        if [ -f $basedir/static/config.json.old ]; then
+            mv $basedir/static/config.json.old $basedir/static/config.json
         fi
-        sed -i "s|\"name\":.*|\"name\": \"${title}\",|g" /var/www/${domain_name}/htdocs/static/config.json
-        if [ -f /var/www/${domain_name}/htdocs/static/logo.png.old ]; then
-            cp /var/www/${domain_name}/htdocs/static/logo.png.old /var/www/${domain_name}/htdocs/static/logo.png
+        sed -i "s|\"name\":.*|\"name\": \"${title}\",|g" $basedir/static/config.json
+        if [ -f $basedir/static/logo.png.old ]; then
+            cp $basedir/static/logo.png.old $basedir/static/logo.png
         fi
-        if [ -f /var/www/${domain_name}/htdocs/static/bg.jpg.old ]; then
-            cp /var/www/${domain_name}/htdocs/static/bg.jpg.old /var/www/${domain_name}/htdocs/static/bg.jpg
+        if [ -f $basedir/static/bg.jpg.old ]; then
+            cp $basedir/static/bg.jpg.old $basedir/static/bg.jpg
         fi
 
-        if [ -f /var/www/${domain_name}/htdocs/index.php ]; then
-            mv /var/www/${domain_name}/htdocs/index.php /var/www/${domain_name}/htdocs/index_qvitter.php
+        if [ -f $basedir/index.php ]; then
+            mv $basedir/index.php $basedir/index_qvitter.php
         fi
-        chown -R www-data:www-data /var/www/${domain_name}/htdocs
+        chown -R www-data:www-data $basedir
     else
         install_pleroma_front_end "${app_name}" "${domain_name}" "${background_url}" "${title}"
     fi

src/freedombone-utils-postgresql

@@ -0,0 +1,158 @@
+#!/bin/bash
+#
+# .---.                  .              .
+# |                      |              |
+# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
+# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
+# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+#
+#                    Freedom in the Cloud
+#
+# postgresql database functions
+#
+# License
+# =======
+#
+# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Set this when calling backup and restore commands
+USE_POSTGRESQL=
+
+function store_original_postgresql_password {
+    if [ ! -f /root/.postgresqloriginal ]; then
+        echo $'Storing original postgresql password'
+        ORIGINAL_POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+        # We can store this in plaintext because it will soon be of historical interest only
+        echo -n "$ORIGINAL_POSTGRESQL_PASSWORD" > /root/.postgresqloriginal
+    fi
+}
+
+function get_postgresql_password {
+    POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+    if [[ "$POSTGRESQL_PASSWORD" == *'failed'* ]]; then
+        echo $'Could not obtain postgresql password'
+        exit 7835272
+    fi
+}
+
+function install_postgresql {
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        return
+    fi
+
+    function_check get_postgresql_password
+    get_postgresql_password
+    if [ ! $POSTGRESQL_PASSWORD ]; then
+        if [ -f $IMAGE_PASSWORD_FILE ]; then
+            POSTGRESQL_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+        else
+            POSTGRESQL_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
+        fi
+    fi
+    ${PROJECT_NAME}-pass -u root -a postgresql -p "$POSTGRESQL_PASSWORD"
+
+    apt-get -yq install postgresql postgresql-contrib postgresql-client
+    apt-get -yq remove --purge apache2-bin*
+    if [ -d /etc/apache2 ]; then
+        rm -rf /etc/apache2
+        echo $'Removed Apache installation after postgresql install'
+    fi
+
+    if [ ! -d /etc/postgresql ]; then
+        echo $"ERROR: postgresql does not appear to have installed. $CHECK_MESSAGE"
+        exit 78352
+    fi
+
+    if [ ! -f /usr/bin/psql ]; then
+        echo $"ERROR: psql command does not appear to have installed. $CHECK_MESSAGE"
+        exit 835290
+    fi
+
+    mark_completed $FUNCNAME
+}
+
+function add_postgresql_user {
+    postgresql_username=$1
+    postgresql_password=$2
+    if [[ "$3" != 'encrypt'* ]]; then
+        sudo -u postgres psql -c "create user $postgresql_username password '$postgresql_password';"
+    else
+        sudo -u postgres psql -c "create user $postgresql_username;"
+        sudo -u postgres psql -c "ALTER user $postgresql_username with encrypted password '$postgresql_password';"
+    fi
+}
+
+function remove_postgresql_user {
+    postgresql_username=$1
+    sudo -u postgres psql -c "drop user $postgresql_username"
+}
+
+function drop_database_postgresql {
+    database_name="$1"
+    sudo -u postgres psql -c "drop database $database_name"
+}
+
+function run_system_query_postgresql {
+    query=$1
+    sudo -u postgres psql -c "$query"
+}
+
+function run_query_postgresql {
+    database_name=$1
+    database_query=$2
+    sudo -u postgres psql -d $database_name -c "$database_query"
+}
+
+function run_query_postgresql_with_output {
+    database_name=$1
+    database_query=$2
+    output=$(sudo -u postgres psql -d $database_name -c << EOF
+use $database_name;
+$database_query
+EOF
+)
+    echo "$output"
+}
+
+function initialise_database_postgresql {
+    database_name=$1
+    database_file=$2
+    sudo -u postgres psql $database_name < $database_file
+    if [ ! "$?" = "0" ]; then
+        exit 7238525
+    fi
+}
+
+function create_database_postgresql {
+    app_name="$1"
+    app_admin_password="$2"
+    app_admin_username=$3
+    if [ ! -d $INSTALL_DIR ]; then
+        mkdir $INSTALL_DIR
+    fi
+    if [ ! $app_admin_username ]; then
+        app_admin_username=${app_name}admin
+    fi
+
+    echo "create database ${app_name};
+CREATE USER '$app_admin_username@localhost' IDENTIFIED BY '${app_admin_password}';
+GRANT ALL PRIVILEGES ON ${app_name}.* TO '$app_admin_username@localhost';
+flush privileges;
+quit" > $INSTALL_DIR/batch.sql
+    chmod 600 $INSTALL_DIR/batch.sql
+    sudo -u postgres psql -d $database_name --file=$INSTALL_DIR/batch.sql
+    shred -zu $INSTALL_DIR/batch.sql
+}