freedombone/src/freedombone-app-turtl

#!/bin/bash
#  _____               _           _
# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
#                              Freedom in the Cloud
#
# turtl app
#
# http://portallinux.es/instalacion-servidor-turtl-debian-8
# http://framacloud.org/cultiver-son-jardin/installation-de-turtl/
#
# License
# =======
#
# Copyright (C) 2016-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS="full full-vim writer"

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1

TURTL_DOMAIN_NAME=
TURTL_CODE=
TURTL_ONION_PORT=8107
TURTL_PORT=8181
TURTL_REPO="https://github.com/turtl/api.git"
TURTL_COMMIT='53e00a5583f52de8f86ef380fe11c176b5738dcf'
TURTL_ADMIN_PASSWORD=
TURTL_STORAGE_LIMIT_MB=100
TURTL_BASE_DIR=/etc/turtl

# part of a hack to enable/disable signups
TURTL_SIGNUP_STRING='Signup a new user'
turtl_users_file=$TURTL_BASE_DIR/api/controllers/users.lisp

TURTL_SHORT_DESCRIPTION=$'Turtl'
TURTL_DESCRIPTION=$'Turtl notes'
TURTL_MOBILE_APP_URL=

turtl_variables=(ONION_ONLY
                 DEFAULT_DOMAIN_NAME
                 TURTL_DOMAIN_NAME
                 TURTL_CODE
                 TURTL_STORAGE_LIMIT_MB
                 DDNS_PROVIDER
                 MY_EMAIL_ADDRESS
                 MY_USERNAME)

function logging_on_turtl {
    echo -n ''
}

function logging_off_turtl {
    echo -n ''
}

function change_password_turtl {
    echo -n ''
#    change_username="$1"
#    new_user_password="$2"
}

function remove_user_turtl {
    echo -n ''
#    remove_username="$1"
}

function add_user_turtl {
#    new_username="$1"
#    new_user_password="$2"
    echo '0'
}

function install_interactive_turtl {
    if [ ! "$ONION_ONLY" ]; then
        ONION_ONLY='no'
    fi

    if [[ $ONION_ONLY != "no" ]]; then
        TURTL_DOMAIN_NAME='notes.local'
        write_config_param "TURTL_DOMAIN_NAME" "$TURTL_DOMAIN_NAME"
    else
        function_check interactive_site_details
        interactive_site_details "turtl" "TURTL_DOMAIN_NAME" "TURTL_CODE"
    fi
    APP_INSTALLED=1
}

function turtl_disable_registrations {
    if grep -q "$TURTL_SIGNUP_STRING" $turtl_users_file; then
        if [ -f $turtl_users_file ]; then
            cp $turtl_users_file $TURTL_BASE_DIR/.users.lisp
            sed -i '/(route (:post "\/users") (req res)/,/(send-json res user))))/{//!d}' $turtl_users_file
            sed -i 's|(send-json res user))))|())|g' $turtl_users_file
            chown -R turtl:turtl $TURTL_BASE_DIR
            systemctl restart turtl
        fi
    fi
}

function turtl_enable_registrations {
    if ! grep -q "$TURTL_SIGNUP_STRING" $turtl_users_file; then
        if [ -f $TURTL_BASE_DIR/.users.lisp ]; then
            cp $TURTL_BASE_DIR/.users.lisp $turtl_users_file
            rm $TURTL_BASE_DIR/.users.lisp
            chown -R turtl:turtl $TURTL_BASE_DIR
            systemctl restart turtl
        fi
    fi
}

function configure_interactive_turtl_signups {
    # This implements a hack which removes or adds the function needed
    # to sign up new users. It should eventually be removed once that
    # capability exists within the api

    dialog --title $"Allow new turtl signups" \
           --backtitle $"Freedombone Control Panel" \
           --defaultno \
           --yesno $"\\nAllow registration of new users?" 10 60
    sel=$?
    case $sel in
        0)
            turtl_enable_registrations
            dialog --title $"Allow new turtl signups" \
                   --msgbox $"New turtl user registrations are now allowed" 6 60
            return;;
        1)
            turtl_disable_registrations
            dialog --title $"Disable new turtl signups" \
                   --msgbox $"New turtl user registrations are now disabled" 6 60
            return;;
        255) return;;
    esac
}

function configure_interactive_turtl_storage {
    data=$(mktemp 2>/dev/null)
    dialog --title $"Change storage limit" \
           --backtitle $"Freedombone Control Panel" \
           --inputbox $"Enter a storage limit in megabytes." 8 75 "$TURTL_STORAGE_LIMIT_MB" 2>"$data"
    sel=$?
    case $sel in
        0)
            STORAGE=$(<"$data")
            if [ ${#STORAGE} -gt 0 ]; then
                TURTL_STORAGE_LIMIT_MB=$STORAGE
                sed -i "s|defparameter *default-storage-limit*.*|defparameter *default-storage-limit* ${TURTL_STORAGE_LIMIT_MB})|g" $TURTL_BASE_DIR/api/config/config.lisp
                systemctl restart turtl
                dialog --title $"Change storage limit" \
                       --msgbox $"Storage limit changed to ${TURTL_STORAGE_LIMIT_MB}M" 6 50
            fi
            ;;
    esac
    rm -f "$data"
}

function configure_interactive_turtl {
    data=$(mktemp 2>/dev/null)
    dialog --backtitle $"Freedombone Control Panel" \
           --title $"turtl app settings" \
           --radiolist $"Choose an operation:" 12 70 3 \
           1 $"Enable/disable new user registrations" off \
           2 $"Change storage limit" off \
           3 $"Exit" on 2> "$data"
    sel=$?
    case $sel in
        1) rm -f "$data"
           exit 1;;
        255) rm -f "$data"
             exit 1;;
    esac
    case $(cat "$data") in
        1) configure_interactive_turtl_signups;;
        2) configure_interactive_turtl_storage;;
        3) rm -f "$data"
           return;;
    esac
    rm -f "$data"
}

function reconfigure_turtl {
    if [ -d $TURTL_BASE_DIR/data ]; then
        rm -rf $TURTL_BASE_DIR/data/*
    fi
}

function upgrade_turtl {
    CURR_TURTL_COMMIT=$(get_completion_param "turtl commit")
    if [[ "$CURR_TURTL_COMMIT" == "$TURTL_COMMIT" ]]; then
        return
    fi

    read_config_param "TURTL_DOMAIN_NAME"

    function_check set_repo_commit
    set_repo_commit $TURTL_BASE_DIR/api "turtl commit" "$TURTL_COMMIT" $TURTL_REPO

    # this is used as a crude way of disabling signups and so
    # should be superceded in future
    if [ -f $TURTL_BASE_DIR/.users.lisp ]; then
        turtl_disable_registrations
    fi
    systemctl restart turtl

    nginx_dissite $TURTL_DOMAIN_NAME
    chown -R turtl:turtl $TURTL_BASE_DIR
    nginx_ensite $TURTL_DOMAIN_NAME
}

function backup_local_turtl {
    read_config_param "TURTL_DOMAIN_NAME"
    source_directory=$TURTL_BASE_DIR
    if [ -d $source_directory ]; then
        dest_directory=turtl
        function_check suspend_site
        suspend_site ${TURTL_DOMAIN_NAME}

        function_check backup_directory_to_usb
        backup_directory_to_usb $source_directory $dest_directory

        function_check restart_site
        restart_site
    fi
    source_directory=/var/lib/rethinkdb
    if [ -d $source_directory ]; then
        dest_directory=rethinkdb
        function_check suspend_site
        suspend_site ${TURTL_DOMAIN_NAME}

        function_check backup_directory_to_usb
        backup_directory_to_usb $source_directory $dest_directory

        function_check restart_site
        restart_site
    fi
}

function restore_local_turtl {
    read_config_param "TURTL_DOMAIN_NAME"
    if [ $TURTL_DOMAIN_NAME ]; then
        temp_restore_dir=/root/tempturtl
        restore_directory_from_usb $temp_restore_dir turtl

        if [ -d ${temp_restore_dir}/etc/turtl ]; then
            cp -r ${temp_restore_dir}/etc/turtl/* /etc/turtl/
        else
            cp -r ${temp_restore_dir}/* /etc/turtl/
        fi
        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            set_user_permissions
            backup_unmount_drive
            exit 36723
        fi
        rm -rf ${temp_restore_dir}
        chown -R turtl:turtl $TURTL_BASE_DIR

        temp_restore_dir=/root/temprethinkdb
        restore_directory_from_usb $temp_restore_dir rethinkdb

        if [ -d ${temp_restore_dir}/var/lib/rethinkdb ]; then
            cp -r ${temp_restore_dir}/var/lib/rethinkdb/* /var/lib/rethinkdb/
        else
            cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
        fi

        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            set_user_permissions
            backup_unmount_drive
            exit 378324
        fi
        rm -rf ${temp_restore_dir}
    fi
}

function backup_remote_turtl {
    read_config_param "TURTL_DOMAIN_NAME"
    if [ $TURTL_DOMAIN_NAME ]; then
        temp_backup_dir=$TURTL_BASE_DIR
        if [ -d $temp_backup_dir ]; then
            echo $"Backing up turtl"
            backup_directory_to_friend $temp_backup_dir turtl
            echo $"Backup of turtl complete"
        else
            echo $"turtl domain specified but not found in $temp_backup_dir"
            exit 68725
        fi

        temp_backup_dir=/var/lib/rethinkdb
        if [ -d $temp_backup_dir ]; then
            echo $"Backing up rethinkdb"
            backup_directory_to_friend $temp_backup_dir rethinkdb
            echo $"Backup of rethinkdb complete"
        fi
    fi
}

function restore_remote_turtl {
    read_config_param "TURTL_DOMAIN_NAME"
    if [ $TURTL_DOMAIN_NAME ]; then
        temp_restore_dir=/root/tempturtl
        mkdir $temp_restore_dir
        function_check restore_directory_from_friend
        restore_directory_from_friend $temp_restore_dir turtl

        if [ -d ${temp_restore_dir}/etc/turtl ]; then
            cp -r ${temp_restore_dir}/etc/turtl/* /etc/turtl/
        else
            cp -r ${temp_restore_dir}/* /etc/turtl/
        fi

        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            if [ -d /etc/turtl_previous ]; then
                mv /etc/turtl_previous $TURTL_BASE_DIR
            fi
            set_user_permissions
            exit 37823
        fi
        rm -rf ${temp_restore_dir}

        temp_restore_dir=/root/temprethinkdb
        mkdir $temp_restore_dir
        function_check restore_directory_from_friend
        restore_directory_from_friend $temp_restore_dir rethinkdb

        if [ -d ${temp_restore_dir}/var/lib/rethinkdb ]; then
            cp -r ${temp_restore_dir}/var/lib/rethinkdb/* /var/lib/rethinkdb/
        else
            cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
        fi

        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            set_user_permissions
            exit 26783
        fi
        rm -rf ${temp_restore_dir}
    fi
}

function remove_turtl {
    if [ ! -d $TURTL_BASE_DIR ]; then
        return
    fi
    systemctl stop turtl
    systemctl disable turtl
    rm /etc/systemd/system/turtl.service
    systemctl daemon-reload

    remove_rethinkdb
    remove_app turtl
    remove_completion_param install_turtl
    sed -i '/turtl/d' "$COMPLETION_FILE"
    nginx_dissite $TURTL_DOMAIN_NAME
    if [ -f /etc/nginx/sites-available/$TURTL_DOMAIN_NAME ]; then
        rm /etc/nginx/sites-available/$TURTL_DOMAIN_NAME
    fi
    remove_certs $TURTL_DOMAIN_NAME
    function_check remove_onion_service
    remove_onion_service turtl ${TURTL_ONION_PORT}
    function_check remove_ddns_domain
    remove_ddns_domain $TURTL_DOMAIN_NAME
    rm -rf /etc/rethinkdb
    rm -rf /var/lib/rethinkdb
    rm -rf $TURTL_BASE_DIR

    groupdel -f turtl
    userdel -r turtl
}


function turtl_setup {
    PIDFILE=${PIDFILE:-nil}
    BINDADDR=${BINDADDR:-0.0.0.0}
    BINDPORT=${BINDPORT:-8181}
    PROD_ERR_HANDLING=${PROD_ERR_HANDLING:-t}
    if [[ $ONION_ONLY == 'no' ]]; then
        FQDN=${FQDN:-$TURTL_DOMAIN_NAME}
        SITE_URL=${SITE_URL:-https://$TURTL_DOMAIN_NAME}
    else
        FQDN=${FQDN:-$TURTL_ONION_HOSTNAME}
        SITE_URL=${SITE_URL:-http://$TURTL_ONION_HOSTNAME}
    fi
    ADMIN_EMAIL=${ADMIN_EMAIL:-$MY_EMAIL_ADDRESS}
    EMAIL_FROM=${EMAIL_FROM:-noreply@$DEFAULT_DOMAIN_NAME}
    SMTP_USER=${SMTP_USER:-}
    SMTP_PASS=${SMTP_PASS:-}
    DISPLAY_ERRORS=${DISPLAY_ERRORS:-t}
    DEFAULT_STORAGE_LIMIT=${DEFAULT_STORAGE_LIMIT:-100}
    STORAGE_INVITE_CREDIT=${STORAGE_INVITE_CREDIT:-25}
    if [[ $ONION_ONLY == 'no' ]]; then
        LOCAL_UPLOAD_URL=${LOCAL_UPLOAD_URL:-https://$TURTL_DOMAIN_NAME}
    else
        LOCAL_UPLOAD_URL=${LOCAL_UPLOAD_URL:-http://$TURTL_ONION_HOSTNAME}
    fi
    LOCAL_UPLOAD_PATH=${LOCAL_UPLOAD_PATH:-"$TURTL_BASE_DIR/data"}
    AWS_S3_TOKEN=${AWS_S3_TOKEN:-(:token ''
                                  :secret ''
                                  :bucket ''
                                  :endpoint 'https://s3.amazonaws.com')}

    # generates the config-file
    cat  << __ENDCONFIG__ > $TURTL_BASE_DIR/api/config/config.lisp
(in-package :turtl)
(defparameter *root* (asdf:system-relative-pathname :turtl #P""))
(defparameter *pid-file* "${PIDFILE}")
(defvar *server-bind* "${BINDADDR}")
(defvar *server-port* ${BINDPORT})
(defvar *db-name* "turtl")
(defvar *db-host* "127.0.0.1")
(defvar *db-port* 28015)
(defvar *production-error-handling* ${PROD_ERR_HANDLING})
(defvar *enable-hsts-header* nil)
(defvar *site-url* "${SITE_URL}")
(defvar *api-path* "")
(defvar *admin-email* "${ADMIN_EMAIL}")
(defvar *email-from* "${EMAIL_FROM}")
(defvar *email-user* "${SMTP_USER}")
(defvar *email-pass* "${SMTP_PASS}")
(defvar *display-errors* ${DISPLAY_ERRORS})
(defparameter *default-storage-limit* ${DEFAULT_STORAGE_LIMIT})
(defparameter *storage-invite-credit* ${STORAGE_INVITE_CREDIT})
(vom:config :turtl :info)
(defvar *local-upload* "${LOCAL_UPLOAD_PATH}")
(defvar *local-upload-url* "${LOCAL_UPLOAD_URL}")
(defvar *amazon-s3* "${AWS_S3_TOKEN}")
__ENDCONFIG__

    cat $TURTL_BASE_DIR/api/config/config.footer >> $TURTL_BASE_DIR/api/config/config.lisp

    # start the turtl server
    systemctl restart rethinkdb

    if [ ! -f $TURTL_BASE_DIR/quicklisp/setup.lisp ]; then
        echo $"$TURTL_BASE_DIR/quicklisp/setup.lisp was not found"
        exit 6238234
    fi

    { echo '[Unit]';
      echo 'Description=Note taking service';
      echo 'Documentation=http://turtl.it';
      echo 'Requires=network.target';
      echo 'Requires=rethinkdb.service';
      echo 'After=network.target';
      echo 'After=rethinkdb.service';
      echo '';
      echo '[Service]';
      echo 'Type=simple';
      echo 'User=turtl';
      echo "WorkingDirectory=$TURTL_BASE_DIR/api/"; } > /etc/systemd/system/turtl.service

    if [[ "$check_architecture" == *"64"* && "$check_architecture" != *"arm"* ]]; then
        echo "ExecStart=$TURTL_BASE_DIR/ccl/lx86cl64 -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
    else
        if [[ "$check_architecture" != *"arm"* ]]; then
            echo "ExecStart=$TURTL_BASE_DIR/ccl/lx86cl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
        else
            echo "ExecStart=$TURTL_BASE_DIR/ccl/armcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
        fi
    fi
    { echo '';
      echo '[Install]';
      echo 'WantedBy=multi-user.target'; } >> /etc/systemd/system/turtl.service
    chmod +x /etc/systemd/system/turtl.service

    chown -R turtl:turtl $TURTL_BASE_DIR
    systemctl enable turtl
    systemctl daemon-reload
    systemctl start turtl
}

function install_turtl_api {
    # https://github.com/ArthurGarnier/turtl-docker
    apt-get -yq install wget libterm-readline-perl-perl gcc libuv1-dev

    if [ ! -d $TURTL_BASE_DIR ]; then
        mkdir -p $TURTL_BASE_DIR
    fi
    cd "$TURTL_BASE_DIR" || exit 745726542
    mkdir cd $TURTL_BASE_DIR/data
    check_architecture=$(uname -a)

    # Install ccl
    if [[ "$check_architecture" != *"arm"* ]]; then
        wget -P $TURTL_BASE_DIR/ ftp://ftp.clozure.com/pub/release/1.11/ccl-1.11-linuxx86.tar.gz
        mkdir -p $TURTL_BASE_DIR/ccl
        tar xvzf $TURTL_BASE_DIR/ccl-1.11-linuxx86.tar.gz -C $TURTL_BASE_DIR/ccl --strip-components=1
    else
        wget -P $TURTL_BASE_DIR/ ftp://ftp.clozure.com/pub/release/1.11/ccl-1.11-linuxarm.tar.gz
        mkdir -p $TURTL_BASE_DIR/ccl
        tar xvzf $TURTL_BASE_DIR/ccl-1.11-linuxarm.tar.gz -C $TURTL_BASE_DIR/ccl --strip-components=1
    fi

    # install quicklisp
    cat  << __ENDCONFIG__ > $TURTL_BASE_DIR/quicklisp_install
(load (compile-file "asdf.lisp"))
(load (compile-file "quicklisp.lisp"))
(quicklisp-quickstart:install)
(ql:system-apropos "vecto")
(ql:quickload "alexandria")
(ql:quickload "babel")
(ql:quickload "blackbird")
(ql:quickload "bordeaux-threads")
(ql:quickload "cffi")
(ql:quickload "chipz")
(ql:quickload "chunga")
(ql:quickload "cl-annot")
(ql:quickload "cl-async")
(ql:quickload "cl-async-future")
(ql:quickload "cl-base64")
(ql:quickload "cl-fad")
(ql:quickload "cl-libuv")
(ql:quickload "cl-mongo-id")
(ql:quickload "cl-ppcre")
(ql:quickload "cl-rethinkdb")
(ql:quickload "cl-smtp")
(ql:quickload "cl+ssl")
(ql:quickload "cl-syntax")
(ql:quickload "cl-utilities")
(ql:quickload "cl-vectors")
(ql:quickload "do-urlencode")
(ql:quickload "drakma")
(ql:quickload "drakma-async")
(ql:quickload "event-glue")
(ql:quickload "fast-http")
(ql:quickload "fast-io")
(ql:quickload "flexi-streams")
(ql:quickload "ironclad")
(ql:quickload "jonathan")
(ql:quickload "local-time")
(ql:quickload "md5")
(ql:quickload "named-readtables")
(ql:quickload "nibbles")
(ql:quickload "proc-parse")
(ql:quickload "puri")
(ql:quickload "quri")
(ql:quickload "salza2")
(ql:quickload "secure-random")
(ql:quickload "smart-buffer")
(ql:quickload "split-sequence")
(ql:quickload "static-vectors")
(ql:quickload "trivial-backtrace")
(ql:quickload "trivial-features")
(ql:quickload "trivial-garbage")
(ql:quickload "trivial-gray-streams")
(ql:quickload "trivial-types")
(ql:quickload "usocket")
(ql:quickload "vecto")
(ql:quickload "vom")
(ql:quickload "wookie")
(ql:quickload "xmls")
(ql:quickload "xsubseq")
(ql:quickload "yason")
(ql:quickload "zpb-ttf")
(ql:quickload "zpng")
(ql:add-to-init-file)
(ccl::quit)
__ENDCONFIG__

    if [ ! -f asdf.lisp ]; then
        wget https://common-lisp.net/project/asdf/asdf.lisp
    fi
    if [ ! -f quicklisp.lisp ]; then
        wget https://beta.quicklisp.org/quicklisp.lisp
    fi

    if [ -d $TURTL_BASE_DIR ]; then
        chown -R turtl:turtl $TURTL_BASE_DIR
    fi
    adduser --disabled-login --home=$TURTL_BASE_DIR --gecos 'turtl' turtl
    if [ ! -d $TURTL_BASE_DIR ]; then
        echo $"$TURTL_BASE_DIR directory not created"
        exit 263493
    fi

    groupadd turtl
    chown -R turtl:turtl $TURTL_BASE_DIR

    if [[ "$check_architecture" != *"arm"* ]]; then
        if [[ "$check_architecture" == *"64"* ]]; then
            su -c "cat $TURTL_BASE_DIR/quicklisp_install | $TURTL_BASE_DIR/ccl/lx86cl64" - turtl
        else
            su -c "cat $TURTL_BASE_DIR/quicklisp_install | $TURTL_BASE_DIR/ccl/lx86cl" - turtl
        fi
    else
        su -c "cat $TURTL_BASE_DIR/quicklisp_install | $TURTL_BASE_DIR/ccl/larmcl" - turtl
    fi
    rm $TURTL_BASE_DIR/quicklisp_install

    install_rethinkdb
    echo "http-port=8091" > /etc/rethinkdb/instances.d/turtl.conf
    chown -R rethinkdb:rethinkdb /var/lib/rethinkdb

    # install turtl API
    cd "$TURTL_BASE_DIR/" || exit 6428462

    if [ -d /repos/turtl ]; then
        mkdir $TURTL_BASE_DIR/api
        cp -r -p /repos/turtl/. $TURTL_BASE_DIR/api
        cd "$TURTL_BASE_DIR/api" || exit 57141845
        git pull
    else
        git clone $TURTL_REPO $TURTL_BASE_DIR/api
    fi

    cd "$TURTL_BASE_DIR/api" || exit 35814614
    git checkout $TURTL_COMMIT -b $TURTL_COMMIT
    set_completion_param "turtl commit" "$TURTL_COMMIT"
    cd "$TURTL_BASE_DIR/quicklisp/local-projects" || exit 43618941415
    git clone git://github.com/orthecreedence/cl-hash-util
    if [[ "$check_architecture" != *"arm"* ]]; then
        if [[ "$check_architecture" == *"64"* ]]; then
            su -c "cat '(ccl:quit)' | $TURTL_BASE_DIR/ccl/lx86cl64 -l $TURTL_BASE_DIR/quicklisp/setup.lisp" - turtl
        else
            su -c "cat '(ccl:quit)' | $TURTL_BASE_DIR/ccl/lx86cl -l $TURTL_BASE_DIR/quicklisp/setup.lisp" - turtl
        fi
    else
        su -c "cat '(ccl:quit)' | $TURTL_BASE_DIR/ccl/larmcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp" - turtl
    fi

    # config
    { echo '(defvar *enabled-cors-resources* "resource://turtl-at-lyonbros-dot-com"';
      echo '  "When set, will enable CORS for resource:// origins if they match the given';
      echo '   string. Entries should be comma separated (this string is passed verbatim in';
      echo '   the Access-Control-Allow-Origin header).")';
      echo '(defparameter *public-actions*';
      echo "  \`((:post . ,(concatenate 'string *api-path* \"/users\"))";
      echo "    (:post . ,(concatenate 'string *api-path* \"/log/error\"))";
      echo '    (:post . "/cla/sign")';
      echo '    (:get  . "/ping")';
      echo '    (:get  . "/admin")';
      echo "    (:get . ,(cl-ppcre:create-scanner (concatenate 'string *api-path* \"/invites/codes/([0-9a-f-]+)\"))))";
      echo "  \"A list of public resources/actions that do not require authentication.\")";
      echo "(defvar *analytics* '(:enabled t";
      echo '                      :db "analytics"))'; } > "$TURTL_BASE_DIR/api/config/config.footer"

    cp $TURTL_BASE_DIR/asdf.lisp $TURTL_BASE_DIR/api
    echo '(load (compile-file "asdf.lisp"))' > $TURTL_BASE_DIR/api/launch.lisp
    echo "(pushnew \"./\" asdf:*central-registry* :test #'equal)" >> $TURTL_BASE_DIR/api/launch.lisp
    echo '(load "start")' >> $TURTL_BASE_DIR/api/launch.lisp

    TURTL_ONION_HOSTNAME=$(add_onion_service turtl 80 ${TURTL_ONION_PORT})

    turtl_setup
}

function install_turtl_nginx {
    turtl_nginx_site=/etc/nginx/sites-available/$TURTL_DOMAIN_NAME
    if [[ $ONION_ONLY == "no" ]]; then
        function_check nginx_http_redirect
        nginx_http_redirect $TURTL_DOMAIN_NAME
        { echo 'server {';
          echo '  listen 443 ssl;';
          echo '  #listen [::]:443 ssl;';
          echo "  server_name ${TURTL_DOMAIN_NAME};";
          echo '';
          echo '  # Security'; } >> "$turtl_nginx_site"
        function_check nginx_ssl
        nginx_ssl $TURTL_DOMAIN_NAME

        function_check nginx_security_options
        nginx_security_options $TURTL_DOMAIN_NAME

        { echo '  add_header Strict-Transport-Security max-age=15768000;';
          echo '';
          echo '  # Logs';
          echo '  access_log /dev/null;';
          echo '  error_log /dev/null;';
          echo '';
          echo '  location / {'; } >> "$turtl_nginx_site"
        function_check nginx_limits
        nginx_limits $TURTL_DOMAIN_NAME '15m'
        { echo "    proxy_pass        http://localhost:${TURTL_PORT}/;";
          echo "    proxy_set_header  Host \$host;";
          echo '    proxy_buffering   off;';
          echo '  }';
          echo '}'; } >> "$turtl_nginx_site"
    else
        echo -n '' > $turtl_nginx_site
    fi
    { echo 'server {';
      echo "  listen 127.0.0.1:${TURTL_ONION_PORT};";
      echo "  server_name ${TURTL_ONION_HOSTNAME};";
      echo ''; } >> $turtl_nginx_site
    function_check nginx_security_options
    nginx_security_options $TURTL_DOMAIN_NAME
    { echo '';
      echo '  # Logs';
      echo '  access_log /dev/null;';
      echo '  error_log /dev/null;';
      echo '';
      echo '  location / {'; } >> $turtl_nginx_site
    function_check nginx_limits
    nginx_limits $TURTL_DOMAIN_NAME '15m'
    { echo "    proxy_pass        http://localhost:${TURTL_PORT}/;";
      echo "    proxy_set_header  Host \$host;";
      echo '    proxy_buffering   off;';
      echo '  }';
      echo '}'; } >> $turtl_nginx_site

    function_check add_ddns_domain
    add_ddns_domain $TURTL_DOMAIN_NAME

    set_completion_param "turtl domain" "$TURTL_DOMAIN_NAME"

    function_check create_site_certificate
    create_site_certificate $TURTL_DOMAIN_NAME 'yes'

    function_check nginx_ensite
    nginx_ensite $TURTL_DOMAIN_NAME

    systemctl restart nginx
}

function install_turtl {
    install_turtl_api
    install_turtl_nginx

    APP_INSTALLED=1
}