diff --git a/Dockerfile b/Dockerfile
new file mode 100755
index 0000000..1263584
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,23 @@
+FROM ubuntu:latest
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt update;apt install -y git build-essential postgresql postgresql-contrib cmake libmagic-dev imagemagick ffmpeg libimage-exiftool-perl nginx certbot unzip libssl-dev automake autoconf libncurses5-dev curl sudo xsltproc libxml2-utils wx-common elixir erlang-dev erlang-nox
+RUN useradd -r -s /bin/false -m -d /var/lib/pleroma -U pleroma;mkdir /opt/pleroma;chown -R pleroma:pleroma /opt/pleroma;chown -R pleroma:pleroma /var/lib/pleroma
+RUN su pleroma -s /bin/bash -lc 'git clone -b soapbox-v1.1.1 https://gitlab.com/soapbox-pub/soapbox-be /opt/pleroma'
+
+WORKDIR /var/lib/pleroma
+RUN su pleroma -s /bin/bash -lc 'git clone https://github.com/asdf-vm/asdf.git /var/lib/pleroma/.asdf'
+RUN su pleroma -s /bin/bash -lc 'echo ". /var/lib/pleroma/.asdf/asdf.sh" >> /var/lib/pleroma/.bashrc;echo ". /var/lib/pleroma/.asdf/completions/asdf.bash" >> /var/lib/pleroma/.bashrc'
+RUN su pleroma -s /bin/bash -lc 'PATH=$PATH:/var/lib/pleroma/.asdf/bin;asdf plugin-add erlang;asdf plugin-add elixir'
+RUN chown -R pleroma:pleroma /opt/pleroma;chown -R pleroma:pleroma /var/lib/pleroma
+RUN su pleroma -s /bin/bash -lc 'PATH=$PATH:/var/lib/pleroma/.asdf/bin;asdf install erlang 24.0;cat /var/lib/pleroma/.asdf/plugins/erlang/kerl-home/builds/asdf_24.0/otp_build_24.0.log'
+
+WORKDIR /opt/pleroma
+RUN su pleroma -s /bin/bash -lc 'mix local.hex --force;mix local.rebar --force;mix deps.get'
+RUN su pleroma -s /bin/bash -lc 'MIX_ENV=prod mix compile'
+COPY setup.sh /opt/
+COPY start.sh /opt/
+COPY crontab /opt/
+COPY backup.sh /opt/
+ADD default.conf /etc/nginx/conf.d/
+CMD bash /opt/start.sh
+
diff --git a/backup.sh b/backup.sh
new file mode 100755
index 0000000..a1cd6ce
--- /dev/null
+++ b/backup.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+su postgres -s /bin/bash -lc "/usr/lib/postgresql/14/bin/pg_dumpall -d pleroma --format=custom > /saves/pleroma-`date +%Y-%m-%d-%H-%M`.pgdump"
+
diff --git a/config/config.exs b/config/config.exs
deleted file mode 100755
index 7442784..0000000
--- a/config/config.exs
+++ /dev/null
@@ -1,67 +0,0 @@
-# Pleroma instance configuration
-
-# NOTE: This file should not be committed to a repo or otherwise made public
-# without removing sensitive information.
-
-import Config
-
-config :pleroma, Pleroma.Web.Endpoint,
- url: [host: "replaceME", scheme: "https", port: 443],
- http: [ip: {0, 0, 0, 0}, port: 4000],
- secret_key_base: "0jKveRU44GNncPeKLgcdGVm+7rJb2hNxCpCWd2g0A8Lw2cVJmDCypNqa3ljMZcwJ",
- signing_salt: "C+0dBzoS"
-
-config :pleroma, :instance,
- name: "admin",
- email: "admin@localhost",
- notify_email: "admin@localhost",
- limit: 5000,
- registrations_open: true
-
-config :pleroma, :media_proxy,
- enabled: false,
- redirect_on_failure: true
- #base_url: "https://cache.pleroma.social"
-
-config :pleroma, :dangerzone, override_repo_pool_size: true
-config :pleroma, Pleroma.Repo,
- adapter: Ecto.Adapters.Postgres,
- username: "root",
- password: "sql",
- database: "pleroma",
- hostname: "postgresql",
- pool_size: 20,
- queue_target: 4000,
- queue_interval: 8000,
- timeout: 120_000,
- prepare: :named,
- parameters: [
- plan_cache_mode: "force_custom_plan"
- ]
-
-# Configure web push notifications
-config :web_push_encryption, :vapid_details,
- subject: "mailto:admin@admin@localhost",
- public_key: "BFXyq2frSPpiMgueoxcmvoMzp6Bm-vXI-dasDM4fAA-zjP7JgILG06LKpQuU4eLdbjGnYsmurUeubD8l7b103zg",
- private_key: "Ths8KtdsPNEXl2EazZj7MQRY3xxIb0FOCjEvai4eI8Y"
-
-config :pleroma, :database, rum_enabled: false
-config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
-config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
-
-# Enable Strict-Transport-Security once SSL is working:
-# config :pleroma, :http_security,
-# sts: true
-
-# Configure S3 support if desired.
-# The public S3 endpoint is different depending on region and provider,
-# consult your S3 provider's documentation for details on what to use.
-#
-# config :pleroma, Pleroma.Uploaders.S3,
-# bucket: "some-bucket",
-# public_endpoint: "https://s3.amazonaws.com"
-#
-#
-config :joken, default_signer: "6EasmUX4lCJSlAnGScL0rXBhIeoaWjarH7TGhdbe9VLXO/MnSkMY2LaZixW7kgaT"
-
-config :pleroma, configurable_from_database: true
diff --git a/crontab b/crontab
new file mode 100755
index 0000000..5fa87dd
--- /dev/null
+++ b/crontab
@@ -0,0 +1,7 @@
+#00 04 * * * cd /opt/pleroma;MIX_ENV=prod mix pleroma.database prune_objects
+#30 04 * * * cd /opt/pleroma;MIX_ENV=prod mix pleroma.database ensure_expiration
+#00 05 * * * su pleroma -s $SHELL -lc "/opt/pleroma/bin/pleroma restart"
+00 01 * * * bash /backup.sh
+#00 04 * * 7 cd /opt/pleroma;MIX_ENV=prod mix pleroma.database vacuum full
+
+
diff --git a/default.conf b/default.conf
new file mode 100755
index 0000000..56c96c7
--- /dev/null
+++ b/default.conf
@@ -0,0 +1,94 @@
+# default nginx site config for Pleroma
+#
+# Simple installation instructions:
+# 1. Install your TLS certificate, possibly using Let's Encrypt.
+# 2. Replace 'example.tld' with your instance's domain wherever it appears.
+# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
+# in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
+
+proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
+ inactive=720m use_temp_path=off;
+
+server {
+ server_name replaceME;
+
+ listen 80;
+ listen [::]:80;
+
+ # Uncomment this if you need to use the 'webroot' method with certbot. Make sure
+ # that the directory exists and that it is accessible by the webserver. If you followed
+ # the guide, you already ran 'mkdir -p /var/lib/letsencrypt' to create the folder.
+ # You may need to load this file with the ssl server block commented out, run certbot
+ # to get the certificate, and then uncomment it.
+ #
+ # location ~ /\.well-known/acme-challenge {
+ # root /var/lib/letsencrypt/;
+ # }
+ location / {
+ return 301 https://$server_name$request_uri;
+ }
+}
+
+# Enable SSL session caching for improved performance
+#ssl_session_cache shared:ssl_session_cache:10m;
+
+server {
+ server_name replaceME;
+
+ #listen 443 ssl http2;
+ listen 0.0.0.0:443 ssl http2;
+ listen [::]:443 ssl http2;
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+ ssl_session_tickets off;
+
+ ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
+ ssl_certificate_key /etc/ssl/certs/nginx-selfsigned.key;
+
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+ ssl_prefer_server_ciphers off;
+ # In case of an old server with an OpenSSL version of 1.0.2 or below,
+ # leave only prime256v1 or comment out the following line.
+ ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
+ ssl_stapling on;
+ ssl_stapling_verify on;
+
+ gzip_vary on;
+ gzip_proxied any;
+ gzip_comp_level 6;
+ gzip_buffers 16 8k;
+ gzip_http_version 1.1;
+ gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
+
+ # the nginx default is 1m, not enough for large media uploads
+ client_max_body_size 16m;
+
+ location / {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
+ # and `localhost.` resolves to [::0] on some systems: see issue #930
+ proxy_pass http://127.0.0.1:4000;
+
+ client_max_body_size 16m;
+ }
+
+ location ~ ^/(media|proxy) {
+ proxy_cache pleroma_media_cache;
+ slice 1m;
+ proxy_cache_key $host$uri$is_args$args$slice_range;
+ proxy_set_header Range $slice_range;
+ proxy_http_version 1.1;
+ proxy_cache_valid 200 206 301 304 1h;
+ proxy_cache_lock on;
+ proxy_ignore_client_abort on;
+ proxy_buffering on;
+ chunked_transfer_encoding on;
+ proxy_pass http://127.0.0.1:4000;
+ }
+}
diff --git a/docker-compose.yaml b/docker-compose.yaml
index b26fedb..7218fce 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,23 +1,16 @@
version: '3'
services:
- postgresql:
- build: ./postgresql
+ pleroma:
+ build: .
restart: "always"
volumes:
- postgresql:/var/lib/postgresql/data
- networks:
- - pleroma
- privileged: true
-
- pleroma:
- build: ./pleroma
- restart: "always"
- volumes:
- - ./config:/etc/pleroma
+ - ./config:/config
- ./var:/var/lib/pleroma
- ./saves:/saves
ports:
- "443:443"
+ - "4000:4000"
networks:
- pleroma
environment:
diff --git a/setup.sh b/setup.sh
new file mode 100755
index 0000000..e660f49
--- /dev/null
+++ b/setup.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+export SHELL="/bin/bash"
+FILE='/tmp/config/prod.secret.exs'
+BACKUP_CONFIG='/config/prod.secret.exs'
+PG_CHECK='/var/lib/postgresql/data/pg_hba.conf'
+
+crontab /opt/crontab
+
+#Postgres Setup
+chown -R postgres:postgres /run/postgresql/
+chown -R postgres:postgres /var/lib/postgresql
+chown -R postgres:postgres /var/log/postgresql
+
+if [ -f "$BACKUP_CONFIG" ]
+then
+ echo;echo "Copying old config....";echo
+ cp -f /config/* /opt/pleroma/config/
+fi
+
+if [ ! -f "$PG_CHECK" ]
+then
+ su postgres -s $SHELL -lc "/usr/lib/postgresql/14/bin/initdb --auth-host=trust -D /var/lib/postgresql/data"
+ echo "host all all 0.0.0.0/0 md5" >> /var/lib/postgresql/data/pg_hba.conf
+fi
+
+su postgres -s $SHELL -lc "/usr/lib/postgresql/14/bin/pg_ctl start -D /var/lib/postgresql/data"
+
+cd /opt/pleroma
+
+#Pleroma Configuration
+if [ ! -f "$FILE" ]
+then
+ MIX_ENV=prod mix pleroma.instance gen
+ mv config/generated_config.exs config/prod.secret.exs
+ cp -f config/* /config/
+ sudo -Hu postgres psql -f config/setup_db.psql
+fi
+
+mkdir -p /var/lib/pleroma/uploads
+mkdir -p /var/lib/pleroma/static
+
+#Nginx and SSL
+sed -i "s/replaceME/${ENDPOINT}/g" /etc/nginx/conf.d/default.conf
+openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=CO/L=Denver/O=$ENDPOINT/CN=$ENDPOINT" -keyout /etc/ssl/certs/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
+mkdir /var/run/nginx
+
+#Database Migrations
+MIX_ENV=prod mix ecto.migrate
+
+touch /configured.txt
+
+#Start Pleroma
+MIX_ENV=prod mix phx.server
+
+
diff --git a/start.sh b/start.sh
new file mode 100755
index 0000000..87073ce
--- /dev/null
+++ b/start.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+export SHELL="/bin/bash"
+FILE='/configured.txt'
+
+# Start the instance to verify that everything is working as expected
+
+#Set Permissions
+chown -R pleroma /var/lib/pleroma
+chmod -R 777 /saves
+
+#Configure Local Time
+cp -f /usr/share/zoneinfo/US/Mountain /etc/localtime
+
+#Start Cron and Postgresql
+crond
+
+#Configure and start Nginx
+mkdir -p /run/nginx
+nginx
+
+#Start Pleroma
+if [ ! -f "$FILE" ]
+then
+su postgres -s $SHELL -lc "/usr/lib/postgresql/14/bin/pg_ctl start -D /var/lib/postgresql/data"
+MIX_ENV=prod mix phx.server
+fi
+
+tail -f /dev/null
+
diff --git a/terms-of-service.html b/terms-of-service.html
new file mode 100755
index 0000000..371ee89
--- /dev/null
+++ b/terms-of-service.html
@@ -0,0 +1,16 @@
+This is MOSTLY a free speech instance. There are are rules and standards of conduct here.
+
+
1. Pornography is discouraged. Mark as NSFW. No LOLI or Child pornography.
+
2. Going out of your way to cause trouble with other friendly instances will not be tolerated.
+
3. Do not post anything that violates the law of the United States.
+
4. Free speech, here as anywhere else, means you can express any opinion you like. Directives and spam are not opinions.
+
5. Accounts with no public posts may be purged after two weeks
+
6. We will take down anything that gets us into legal trouble.
+