don't require manually creating a mastodon user (closes #1)

README.md

@@ -4,7 +4,7 @@
 
 ![Escape the Space Karen](https://user-images.githubusercontent.com/1703673/202923190-95424152-3eb5-45ed-86e7-0ae0c89f917c.JPG)
 
-Be your own boss and host your own [Mastodon](https://joinmastodon.org/) server on the fediverse!
+Be your own [hall monitor](https://twitter.com/elonmusk/status/1594757734267764774) and host your own [Mastodon](https://joinmastodon.org/) server on the fediverse!
 
 ## Requirements
 
@@ -13,16 +13,6 @@ Be your own boss and host your own [Mastodon](https://joinmastodon.org/) server
 
 ## Usage
 
-### Creating a non-root user
-
-This script must be run as a **non-root user with sudo priviledges**. To create one called `mastodon` and switch to it, for example:
-
-```sh
-sudo adduser --gecos 'Mastodon' mastodon
-sudo usermod -aG sudo mastodon
-sudo su - mastodon
-```
-
 ### Running the script
 
 If you trust me (which you shouldn't, _please_ don't trust random people on the internet!) this will download and run the installer automatically:
@@ -45,6 +35,13 @@ chmod +x install.sh
 
 ### What's next?
 
+- [Create your admin account.](https://docs.joinmastodon.org/admin/setup/#admin)
+  - Visit your new instance in your browser (hopefully it's working — try restarting your server if not!) and register for a normal account. Then, run this command in your server's shell to elevate yourself to an administrator:
+
+```sh
+RAILS_ENV=production ~/live/bin/tootctl accounts modify YOUR_USERNAME_HERE --role Owner
+```
+
 - Review the many [config options](https://docs.joinmastodon.org/admin/config/) located in `/home/mastodon/live/.env.production`
 - Harden your server's security using:
   - [UFW](https://www.linode.com/docs/guides/configure-firewall-with-ufw/) or [iptables](https://docs.joinmastodon.org/admin/prerequisites/#install-a-firewall-and-only-allow-ssh-http-and-https-ports)

install.sh

@@ -3,17 +3,32 @@
 # exit when any step fails
 set -euo pipefail
 
-# authenticate w/ sudo up-front
-sudo -v
+# default paths
+MASTODON_ROOT=/home/mastodon
+RBENV_ROOT="$MASTODON_ROOT/.rbenv"
 
-# ask for domain
-read -p "👋  Hi! Enter your Mastodon server's domain or subdomain (without \"http\" or \"https\" - e.g. social.example): " MASTODON_DOMAIN
+# check for existing installation
+if [ -d "$MASTODON_ROOT/live" ]
+then
+  echo "$MASTODON_ROOT/live exists. Are you sure Mastodon isn't already installed?"
+  exit 255
+fi
 
-# initial ubuntu updates
-export DEBIAN_FRONTEND=noninteractive
+# ask for required info up-front
+# TODO: run some basic input validation?
+echo -e "👋  Hi, just a few questions to get your very own Mastodon server up and running! \n"
+read -p "What's your server's domain or subdomain (without \"http\" or \"https\" - e.g. social.example)? " MASTODON_DOMAIN
+read -p "What's a good email address to use for server things? " MASTODON_ADMIN_EMAIL
+read -p "What would you like the server administrator's Mastodon username to be? " MASTODON_ADMIN_USERNAME
+
+# create non-root mastodon user
+sudo adduser --disabled-login --gecos "Mastodon" mastodon || true
+
+# install latest ubuntu updates
 sudo apt update
-sudo apt upgrade -y
-sudo apt install -y curl wget gnupg apt-transport-https lsb-release ca-certificates
+sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y
+sudo DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends \
+  curl wget gnupg apt-transport-https lsb-release ca-certificates
 
 # add node apt repository
 curl -sL https://deb.nodesource.com/setup_16.x | sudo bash -
@@ -25,7 +40,7 @@ echo "deb [signed-by=/usr/share/keyrings/postgresql.asc] http://apt.postgresql.o
 # install prerequisites:
 # https://docs.joinmastodon.org/admin/install/#system-packages
 sudo apt update
-sudo apt install -y \
+sudo DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends \
   imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev file git-core \
   g++ libprotobuf-dev protobuf-compiler pkg-config nodejs gcc autoconf \
   bison build-essential libssl-dev libyaml-dev libreadline6-dev \
@@ -36,49 +51,108 @@ sudo apt install -y \
 # setup yarn
 sudo npm install --global yarn
 sudo corepack enable
-yarn set version classic
 
 # install rbenv & ruby-build
-git clone https://github.com/rbenv/rbenv.git ~/.rbenv
-echo 'eval "$(~/.rbenv/bin/rbenv init - bash)"' >> ~/.bash_profile
-source ~/.bash_profile
-git clone https://github.com/rbenv/ruby-build.git "$(rbenv root)/plugins/ruby-build"
+sudo git clone https://github.com/rbenv/rbenv.git "$RBENV_ROOT"
+sudo git clone https://github.com/rbenv/ruby-build.git "$RBENV_ROOT/plugins/ruby-build"
+echo 'eval "$(~/.rbenv/bin/rbenv init - bash)"' | sudo tee -a "$MASTODON_ROOT/.bash_profile" >/dev/null
 
 # clone mastodon & checkout latest version
-git clone https://github.com/mastodon/mastodon.git ~/live && cd ~/live
-git checkout $(git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)
+sudo -u mastodon git clone https://github.com/mastodon/mastodon.git "$MASTODON_ROOT/live" && cd "$MASTODON_ROOT/live"
+sudo -u mastodon git checkout "$(sudo -u mastodon git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)"
+
+# permission fixes
+sudo chown -R mastodon:mastodon "$MASTODON_ROOT/live" "$RBENV_ROOT"
 
 # install ruby
-RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install "$(cat ./.ruby-version)"
-rbenv global "$(cat ./.ruby-version)"
+sudo -u mastodon RUBY_CONFIGURE_OPTS=--with-jemalloc "$RBENV_ROOT/bin/rbenv" install "$(cat $MASTODON_ROOT/live/.ruby-version)"
+sudo -u mastodon "$RBENV_ROOT/bin/rbenv" global "$(cat $MASTODON_ROOT/live/.ruby-version)"
 
 # install npm and gem dependencies
-gem install bundler --no-document
-bundle config deployment "true"
-bundle config without "development test"
-bundle install -j$(getconf _NPROCESSORS_ONLN)
-yarn install --pure-lockfile --network-timeout 100000
+sudo -u mastodon "$RBENV_ROOT/shims/gem" install bundler --no-document
+sudo -u mastodon "$RBENV_ROOT/shims/bundle" config deployment "true"
+sudo -u mastodon "$RBENV_ROOT/shims/bundle" config without "development test"
+sudo -u mastodon "$RBENV_ROOT/shims/bundle" install --jobs "$(getconf _NPROCESSORS_ONLN)"
+sudo -u mastodon yarn set version classic
+sudo -u mastodon yarn install --pure-lockfile --network-timeout 100000
 
-# set up database
-echo "CREATE USER $(whoami) CREATEDB" | sudo -u postgres psql -f -
+# set up database w/ secure password
+DB_PASSWORD=$(openssl rand -base64 32)
+echo "CREATE USER mastodon WITH PASSWORD '$DB_PASSWORD' CREATEDB" | sudo -u postgres psql -f -
 
-# run interactive mastodon wizard
-RAILS_ENV=production bundle exec rake mastodon:setup
+# populate .env.production config
+echo "# Generated by mastodon-installer @ $(date)
+
+LOCAL_DOMAIN=$MASTODON_DOMAIN
+DB_HOST=localhost
+DB_USER=mastodon
+DB_NAME=mastodon_production
+DB_PASS=$DB_PASSWORD
+DB_PORT=5432
+REDIS_HOST=localhost
+REDIS_PORT=6379
+SECRET_KEY_BASE=$(sudo -u mastodon RAILS_ENV=production "$RBENV_ROOT/shims/bundle" exec rake secret)
+OTP_SECRET=$(sudo -u mastodon RAILS_ENV=production "$RBENV_ROOT/shims/bundle" exec rake secret)
+$(sudo -u mastodon RAILS_ENV=production "$RBENV_ROOT/shims/bundle" exec rake mastodon:webpush:generate_vapid_key)
+
+# -----------------------
+# Add/modify additional config here, see https://docs.joinmastodon.org/admin/config/
+# -----------------------
+SINGLE_USER_MODE=false
+IP_RETENTION_PERIOD=31556952
+SESSION_RETENTION_PERIOD=31556952
+SMTP_SERVER=localhost
+SMTP_PORT=25
+SMTP_AUTH_METHOD=none
+SMTP_OPENSSL_VERIFY_MODE=none
+SMTP_ENABLE_STARTTLS=auto
+SMTP_FROM_ADDRESS=notifications@$MASTODON_DOMAIN
+# SMTP_LOGIN=
+# SMTP_PASSWORD=
+# AWS_ACCESS_KEY_ID=
+# AWS_SECRET_ACCESS_KEY=
+# S3_ENABLED=true
+# S3_BUCKET=files.$MASTODON_DOMAIN
+# S3_ALIAS_HOST=files.$MASTODON_DOMAIN
+# ES_ENABLED=true
+# ES_HOST=localhost
+# ES_PORT=9200
+# ES_USER=optional
+# ES_PASS=optional" | sudo -u mastodon tee "$MASTODON_ROOT/live/.env.production" >/dev/null
+
+# manually setup db
+sudo -u mastodon RAILS_ENV=production "$RBENV_ROOT/shims/bundle" exec rails db:setup
+
+# manually precompile assets
+sudo -u mastodon RAILS_ENV=production "$RBENV_ROOT/shims/bundle" exec rails assets:precompile
 
 # order an ssl certificate from LE
-sudo certbot certonly --nginx -d "$MASTODON_DOMAIN"
+sudo certbot certonly --nginx -d "$MASTODON_DOMAIN" -m "$MASTODON_ADMIN_EMAIL"
 
 # configure nginx
-sudo cp ./dist/nginx.conf "/etc/nginx/sites-available/$MASTODON_DOMAIN.conf"
+sudo cp "$MASTODON_ROOT/live/dist/nginx.conf" "/etc/nginx/sites-available/$MASTODON_DOMAIN.conf"
 sudo sed -i "/etc/nginx/sites-available/$MASTODON_DOMAIN.conf" -e "s/example.com/$MASTODON_DOMAIN/g"
 sudo sed -i "/etc/nginx/sites-available/$MASTODON_DOMAIN.conf" -e "/ssl_certificate/s/^  #//"
 sudo ln -s "/etc/nginx/sites-available/$MASTODON_DOMAIN.conf" "/etc/nginx/sites-enabled/$MASTODON_DOMAIN.conf"
-sudo systemctl restart nginx
+sudo sed -i /etc/nginx/nginx.conf -e "s/user www-data;/user mastodon;/g"
 
 # enable systemd services on startup
-sudo cp ./dist/mastodon-*.service /etc/systemd/system/
+sudo cp "$MASTODON_ROOT"/live/dist/mastodon-*.service /etc/systemd/system/
+
+# start everything up!
 sudo systemctl daemon-reload
 sudo systemctl enable --now mastodon-web mastodon-sidekiq mastodon-streaming
+sudo systemctl restart nginx
 
-echo "All done! Consider working on these highly recommended next steps:"
+# create admin account
+sudo -u mastodon RAILS_ENV=production "$RBENV_ROOT/shims/ruby" "$MASTODON_ROOT/live/bin/tootctl" accounts create \
+  "$MASTODON_ADMIN_USERNAME" \
+  --email "$MASTODON_ADMIN_EMAIL" \
+  --role Owner \
+  --confirmed
+
+echo "🎉 All done!"
+echo -e "\nSign in here as '$MASTODON_ADMIN_EMAIL' with the password above 👆:"
+echo "https://$MASTODON_DOMAIN/auth/sign_in"
+echo -e "\n...and consider working on these highly recommended next steps:"
 echo "https://github.com/jakejarvis/mastodon-installer#whats-next"

upgrade.sh

@@ -3,36 +3,47 @@
 # exit when any step fails
 set -euo pipefail
 
+# default paths
+MASTODON_ROOT=/home/mastodon
+RBENV_ROOT="$MASTODON_ROOT/.rbenv"
+
+# check for existing installation
+if [ ! -d "$MASTODON_ROOT/live" ]
+then
+  echo "$MASTODON_ROOT/live doesn't exist, are you sure Mastodon is installed?"
+  exit 255
+fi
+
 # update ubuntu packages
 sudo apt update
-sudo apt upgrade -y
+sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y
 
 # pull latest mastodon source
-cd ~/live
-git fetch --tags
-git checkout $(git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)
+cd "$MASTODON_ROOT/live"
+sudo -u mastodon git fetch --tags
+sudo -u mastodon git checkout "$(sudo -u mastodon git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)"
 
 # set new ruby version
-RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install "$(cat ./.ruby-version)"
-rbenv global "$(cat ./.ruby-version)"
+sudo -u mastodon RUBY_CONFIGURE_OPTS=--with-jemalloc "$RBENV_ROOT/bin/rbenv" install "$(cat $MASTODON_ROOT/live/.ruby-version)" || true
+sudo -u mastodon "$RBENV_ROOT/bin/rbenv" global "$(cat $MASTODON_ROOT/live/.ruby-version)"
 
 # update dependencies
-bundle install
-yarn install --frozen-lockfile
+sudo -u mastodon "$RBENV_ROOT/shims/bundle" install --jobs "$(getconf _NPROCESSORS_ONLN)"
+sudo -u mastodon yarn install --pure-lockfile --network-timeout 100000
 
 # run migrations:
 # https://docs.joinmastodon.org/admin/upgrading/
-SKIP_POST_DEPLOYMENT_MIGRATIONS=true RAILS_ENV=production bundle exec rails db:migrate
-RAILS_ENV=production bundle exec rails assets:clobber
-RAILS_ENV=production bundle exec rails assets:precompile
+sudo -u mastodon SKIP_POST_DEPLOYMENT_MIGRATIONS=true RAILS_ENV=production "$RBENV_ROOT/shims/bundle" exec rails db:migrate
+sudo -u mastodon RAILS_ENV=production "$RBENV_ROOT/shims/bundle" exec rails assets:clobber
+sudo -u mastodon RAILS_ENV=production "$RBENV_ROOT/shims/bundle" exec rails assets:precompile
 
 # restart mastodon
 sudo systemctl reload mastodon-web
 sudo systemctl restart mastodon-sidekiq
 
 # clear caches & run post-deployment db migration
-RAILS_ENV=production ./bin/tootctl cache clear
-RAILS_ENV=production bundle exec rails db:migrate
+sudo -u mastodon RAILS_ENV=production "$RBENV_ROOT/shims/ruby" "$MASTODON_ROOT/live/bin/tootctl" cache clear
+sudo -u mastodon RAILS_ENV=production "$RBENV_ROOT/shims/bundle" exec rails db:migrate
 
 # restart mastodon again
 sudo systemctl reload mastodon-web