+#!/bin/sh
+set -e
+# Heavily inspired by <https://docs.pleroma.social/otp_en.html>
+
+if [ "$#" -ne 2 ]; then
+ echo 'Need domain name, mail_address as arguments.'
+ false
+fi
+domain="$1"
+mail="$2"
+
+# Install dependencies, set up firewall.
+config_tree_prefix="${HOME}/config/buster"
+./install_for_target.sh web pleroma pleroma_otp
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
+nft -f /etc/nftables.conf
+
+# Set up letsencrypt certificate. TODO: Is it auto-renewed?
+ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+rm /etc/nginx/sites-enabled/default
+
+# Prepare user.
+adduser --system --shell /bin/false --home /opt/pleroma pleroma
+
+# Download and unzip latest stable release, set up Pleroma dirs.
+export FLAVOUR='amd64'
+su pleroma -s $SHELL -lc "
+curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip
+unzip /tmp/pleroma.zip -d /tmp/
+"
+su pleroma -s $SHELL -lc "
+mv /tmp/release/* /opt/pleroma
+rmdir /tmp/release
+rm /tmp/pleroma.zip
+"
+mkdir -p /var/lib/pleroma/uploads
+chown -R pleroma /var/lib/pleroma
+mkdir -p /etc/pleroma
+chown -R pleroma /etc/pleroma
+
+# Configure and set up DB.
+su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen \
+--output /etc/pleroma/config.exs \
+--output-psql /tmp/setup_db.psql \
+--domain ${domain} \
+--instance-name plom-roma \
+--admin-email ${mail} \
+--notify-email ${mail} \
+--dbhost localhost \
+--dbname pleroma \
+--dbuser pleroma \
+--rum N \
+--indexable Y \
+--uploads-dir /var/lib/pleroma/uploads \
+--static-dir /var/lib/pleroma/static \
+--listen-ip 127.0.0.1 \
+--listen-port 4000 \
+--dbpass $(pwgen -s 100 1)"
+su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
+su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
+
+# Since the OTP release does not support .secret.exs configuration
+# files, we hack our own alternative by simply appending custom
+# configurations to /etc/config.exs.
+cat "${config_tree_prefix}/other_files/append_pleroma_config" >> /etc/pleroma/config.exs
+
+# Single-pixel picture hack for removing Pleroma FE images.
+cp "${config_tree_prefix}/other_files/pixel.png" /var/lib/pleroma/static/
+chown pleroma:nogroup /var/lib/pleroma/static/pixel.png
+
+# Info panel and TOS.
+mkdir -p /var/lib/pleroma/static/instance
+mkdir -p /var/lib/pleroma/static/static
+cp "${config_tree_prefix}/other_files/pleroma_panel.html" /var/lib/pleroma/static/instance/panel.html
+cp "${config_tree_prefix}/other_files/pleroma_terms-of-service.html" /var/lib/pleroma/static/static/terms-of-service.html
+
+# Prepare NGINX config for Pleroma.
+cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx
+sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/pleroma.nginx
+ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx
+
+# Systemd integration.
+cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
+systemctl start pleroma
+systemctl enable pleroma
+
+# Only restart NGINX with Pleroma running.
+service nginx restart