From 7a7c349ded6f7a92e0ec027a9c13dd6f692bfd37 Mon Sep 17 00:00:00 2001
From: Jake Jarvis <jake@jarv.is>
Date: Sun, 18 Dec 2022 14:42:59 -0500
Subject: [PATCH] commit tweaked installer script (with more safeguards if
 you're not me)

---
 README.md                               |  34 +--
 etc/nginx/nginx.conf                    |   2 +-
 etc/nginx/sites-available/mastodon.conf |   2 +-
 init.sh                                 |   4 +-
 scripts/apply_patches.sh                |  13 +-
 scripts/backup.sh                       |   6 +-
 scripts/install.sh                      | 264 ++++++++++++++++++++++++
 scripts/setup_nginx.sh                  |  20 --
 scripts/upgrade.sh                      |  28 ++-
 scripts/version.sh                      |   2 +-
 scripts/weekly_cleanup.sh               |   2 +-
 11 files changed, 317 insertions(+), 60 deletions(-)
 create mode 100755 scripts/install.sh
 delete mode 100755 scripts/setup_nginx.sh

diff --git a/README.md b/README.md
index 55c083a..0f8c4e4 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,8 @@
 # 🦣 Mastodon utilities
 
-Random opinionated helper scripts & front-end customizations for my [personal Mastodon instance](https://fediverse.jarv.is/about) (running on [`glitch-soc`](https://github.com/glitch-soc/mastodon)). You definitely don't want to use any of this as-is — check out my more general purpose [mastodon-installer](https://github.com/jakejarvis/mastodon-installer) scripts instead.
+Random opinionated helper scripts & front-end customizations for my [personal Mastodon instance](https://fediverse.jarv.is/about) (running on [`glitch-soc`](https://github.com/glitch-soc/mastodon)).
+
+> ⚠️ You definitely don't want to use any of this as-is. [Check out my more general-purpose scripts instead.](https://github.com/jakejarvis/mastodon-installer)
 
 ## Notes
 
@@ -9,27 +11,25 @@ The [wiki of this repo](https://github.com/jakejarvis/mastodon-utils/wiki) and t
 - [Grafana & Prometheus](https://github.com/jakejarvis/mastodon-utils/wiki/Prometheus-&-Grafana)
 - [ElasticSearch](https://github.com/jakejarvis/mastodon-utils/wiki/ElasticSearch)
 - [PgBouncer](https://github.com/jakejarvis/mastodon-utils/wiki/Postgres-&-PgBouncer)
-- [Brotli compression](https://github.com/jakejarvis/mastodon-utils/wiki/Brotli-compression-for-nginx)
+- [S3 for media storage](https://github.com/jakejarvis/mastodon-utils/wiki/Media-storage)
+- [Maintenance cronjobs](https://github.com/jakejarvis/mastodon-utils/wiki/Cron-jobs)
+- [nginx tweaks](https://github.com/jakejarvis/mastodon-utils/wiki/nginx)
 
 ## Usage
 
 ***AGAIN, DEFINITELY DO NOT JUST RUN THIS IF YOU'RE NOT ME!!! 😊***
 
-This sets up the bare minimum customizations ***after*** Mastodon is installed:
-
 ```sh
 git clone https://github.com/jakejarvis/mastodon-utils.git /home/mastodon/utils && cd /home/mastodon/utils
 
-# setup nginx using conf files from this repo:
-./scripts/setup_nginx.sh
+# install Mastodon on fresh Ubuntu 20.04:
+./scripts/install.sh
 
 # back up Postgres, Redis, and secrets:
 ./scripts/backup.sh
 
 # pull latest Mastodon (vanilla or glitch-soc) and apply patches from this repo:
 ./scripts/upgrade.sh
-
-# cherry-pick everything else below...
 ```
 
 ## Scripts
@@ -43,15 +43,23 @@ if [ -f /home/mastodon/utils/init.sh ]; then
 fi
 ```
 
-- [`apply_patches.sh`](scripts/apply_patches.sh): Dangerously applies ***every patch*** listed below, and automatically detects if `glitch-soc` patches should also be applied
-- [`backup.sh`](scripts/backup.sh): Backs up Postgres, Redis, and `.env.production` secrets to a `.tar.gz` file in `/home/mastodon/backups` — useful for a [periodic cronjob](https://github.com/jakejarvis/mastodon-utils/wiki/Cron-jobs#backups)
-- [`setup_nginx.sh`](scripts/setup_nginx.sh): Sets up symlinks from `/etc/nginx` to nginx confs in this repo
-- [`upgrade.sh`](scripts/upgrade.sh): Upgrades Mastodon server (latest version if vanilla Mastodon, latest commit if `glitch-soc`) and re-applies patches listed below
 - [`version.sh`](scripts/version.sh): Tests `init.sh` by printing Mastodon, Ruby, and rbenv versions.
-- [`weekly_cleanup.sh`](scripts/weekly_cleanup.sh): Runs Mastodon's built-in [cleanup commands](https://docs.joinmastodon.org/admin/setup/#cleanup), designed for a [weekly cronjob](https://github.com/jakejarvis/mastodon-utils/wiki/Cron-jobs#media-cleanup)
+
+#### Periodic tasks
+
+- [`backup.sh`](scripts/backup.sh): Backs up Postgres, Redis, and `.env.production` secrets to a `.tar.gz` file in `/home/mastodon/backups` — useful for a [periodic cronjob](https://github.com/jakejarvis/mastodon-utils/wiki/Cron-jobs#backups).
+- [`weekly_cleanup.sh`](scripts/weekly_cleanup.sh): Runs Mastodon's built-in [cleanup commands](https://docs.joinmastodon.org/admin/setup/#cleanup), designed for a [weekly cronjob](https://github.com/jakejarvis/mastodon-utils/wiki/Cron-jobs#media-cleanup).
   - Keeps 7 days of media (in object storage)
   - Keeps 90 days of generated preview cards
 
+#### Dangerous
+
+**The following scripts are highly opinionated, catastrophically destructive, and very specific to me.** Check them out line-by-line instead of running them.
+
+- [`install.sh`](scripts/install.sh): Assumes an absolutely clean install of Ubuntu 20.04 and installs Mastodon ***with all of the quirks from this repo.*** [Get the far less dangerous version of `install.sh` here instead.](https://github.com/jakejarvis/mastodon-installer/blob/main/install.sh)
+- [`upgrade.sh`](scripts/upgrade.sh): Upgrades Mastodon server (latest version if vanilla Mastodon, latest commit if `glitch-soc`) and ***re-applies every patch*** listed below. [Get the far less dangerous version of `upgrade.sh` here instead.](https://github.com/jakejarvis/mastodon-installer/blob/main/upgrade.sh)
+- [`apply_patches.sh`](scripts/apply_patches.sh): Apply every patch below on top of the currently installed version of Mastodon.
+
 ## Patches
 
 #### Vanilla and `glitch-soc`:
diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
index 6eec262..7dcfac9 100644
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -3,7 +3,7 @@ worker_processes auto;
 pid /run/nginx.pid;
 
 # compiled brotli modules from https://github.com/google/ngx_brotli
-# see: https://github.com/jakejarvis/mastodon-utils/wiki/Brotli-compression-for-nginx
+# see: https://github.com/jakejarvis/mastodon-utils/wiki/nginx#brotli-compression
 load_module modules/ngx_http_brotli_filter_module.so;
 load_module modules/ngx_http_brotli_static_module.so;
 
diff --git a/etc/nginx/sites-available/mastodon.conf b/etc/nginx/sites-available/mastodon.conf
index 5bd45e2..763c638 100644
--- a/etc/nginx/sites-available/mastodon.conf
+++ b/etc/nginx/sites-available/mastodon.conf
@@ -52,7 +52,7 @@ server {
 			image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
 
 	# https://github.com/google/ngx_brotli#sample-configuration
-	# https://github.com/jakejarvis/mastodon-utils/wiki/Brotli-compression-for-nginx
+	# https://github.com/jakejarvis/mastodon-utils/wiki/nginx#brotli-compression
 	brotli on;
 	brotli_comp_level 4;
 	brotli_static on;
diff --git a/init.sh b/init.sh
index 4cbff14..2877f52 100755
--- a/init.sh
+++ b/init.sh
@@ -30,7 +30,7 @@ fi
 
 # ---
 
-# run a given command as the 'mastodon' user; e.g. `as_mastodon whoami`
+# run a given command as the 'mastodon' user (`as_mastodon whoami`)
 as_mastodon() {
   # don't do unnecessary sudo'ing if we're already mastodon
   if [ "$(whoami)" != "mastodon" ]; then
@@ -40,7 +40,7 @@ as_mastodon() {
   fi
 }
 
-# run /home/mastodon/live/bin/tootctl as 'mastodon' in '/home/mastodon/live'; e.g. `tootctl version`
+# run 'bin/tootctl' as 'mastodon' in '/home/mastodon/live' from anywhere (`tootctl version`)
 tootctl() {
   ( cd "$APP_ROOT" && as_mastodon RAILS_ENV=production ruby "$APP_ROOT/bin/tootctl" "$@" )
 }
diff --git a/scripts/apply_patches.sh b/scripts/apply_patches.sh
index 5845079..d8bb574 100755
--- a/scripts/apply_patches.sh
+++ b/scripts/apply_patches.sh
@@ -4,7 +4,7 @@
 set -euo pipefail
 
 # initialize path
-source "$(dirname "$(realpath "$0")")"/../init.sh
+. "$(dirname "$(realpath "$0")")"/../init.sh
 
 # apply custom patches
 cd "$APP_ROOT"
@@ -14,15 +14,10 @@ if [ -d "$APP_ROOT/app/javascript/flavours/glitch" ]; then
   as_mastodon git apply --reject --allow-binary-replacement "$UTILS_ROOT"/patches/glitch/*.patch
 fi
 
-# update dependencies
-echo "Updating deps..."
-as_mastodon bundle install --jobs "$(getconf _NPROCESSORS_ONLN)"
-as_mastodon yarn install --pure-lockfile --network-timeout 100000
-
 # compile new assets
 echo "Compiling new assets..."
 as_mastodon RAILS_ENV=production bundle exec rails assets:precompile
 
-# restart frontend
-echo "Restarting mastodon-web..."
-sudo systemctl restart mastodon-web
+# optional: create blank custom.css (this overrides any CSS set in the admin panel, but if that's not being used, then
+# this is an easy way to save a request to the backend)
+as_mastodon touch "$APP_ROOT/public/custom.css"
diff --git a/scripts/backup.sh b/scripts/backup.sh
index 458a0e3..2240eaf 100755
--- a/scripts/backup.sh
+++ b/scripts/backup.sh
@@ -8,7 +8,7 @@
 set -euo pipefail
 
 # initialize path
-source "$(dirname "$(realpath "$0")")"/../init.sh
+. "$(dirname "$(realpath "$0")")"/../init.sh
 
 if [ "$(systemctl is-active mastodon-web.service)" = "active" ]; then
   echo "⚠️  Mastodon is currently running."
@@ -34,10 +34,10 @@ echo "Backing up Redis..."
 sudo cp /var/lib/redis/dump.rdb "$TEMP_DIR/redis.rdb"
 
 echo "Backing up secrets..."
-sudo cp "$MASTODON_ROOT/live/.env.production" "$TEMP_DIR/env.production"
+sudo cp "$APP_ROOT/.env.production" "$TEMP_DIR/env.production"
 
 echo "Compressing..."
-ARCHIVE_DEST="$BACKUPS_ROOT/$(date "+%Y.%m.%d-%H.%M.%S").tar.gz"
+ARCHIVE_DEST="$BACKUPS_ROOT/mastodon-$(date "+%Y.%m.%d-%H.%M.%S").tar.gz"
 sudo tar --owner=0 --group=0 -czvf "$ARCHIVE_DEST" -C "$TEMP_DIR" .
 sudo chown mastodon:mastodon "$ARCHIVE_DEST"
 
diff --git a/scripts/install.sh b/scripts/install.sh
new file mode 100755
index 0000000..882b800
--- /dev/null
+++ b/scripts/install.sh
@@ -0,0 +1,264 @@
+#!/bin/bash
+
+# exit when any step fails
+set -euo pipefail
+
+# :)
+MY_NAME_IS_JAKE_JARVIS="false"
+
+# can't say you weren't warned
+if [ "$MY_NAME_IS_JAKE_JARVIS" != "pinky promise" ]; then
+  echo "🚨 LISTEN UP!!!! YOU PROBABLY WANT THIS SCRIPT INSTEAD:"
+  echo "https://github.com/jakejarvis/mastodon-installer/blob/main/install.sh"
+  exit 69
+fi
+
+# initialize path (and silence warnings about things not existing yet because that's why we're running the installer...)
+. "$(dirname "$(realpath "$0")")"/../init.sh >/dev/null 2>&1
+
+# check for existing installation
+if [ -d "$APP_ROOT" ]; then
+  echo "⚠️ $APP_ROOT already exists. Are you sure Mastodon isn't already installed?"
+  exit 255
+fi
+
+# ask for required info up-front
+read -p "Server FQDN? " MASTODON_DOMAIN
+read -p "Public domain? (the second part of usernames, usually the same) " MASTODON_USERNAME_DOMAIN
+read -p "Admin username? " MASTODON_ADMIN_USERNAME
+read -p "Admin email? " MASTODON_ADMIN_EMAIL
+read -p "Linode bucket name? " LINODE_BUCKET_NAME
+
+# leave our mark
+INSTALLER_WUZ_HERE="# Generated by mastodon-installer @ $(date)"
+
+# set FQDN (especially necessary for sendmail)
+echo -e "\n$INSTALLER_WUZ_HERE
+127.0.0.1  localhost $MASTODON_DOMAIN
+::1  localhost $MASTODON_DOMAIN" | sudo tee -a /etc/hosts >/dev/null
+sudo hostnamectl set-hostname "$MASTODON_DOMAIN"
+
+# create non-root mastodon user
+sudo adduser --disabled-login --gecos "Mastodon" mastodon
+
+# install latest ubuntu updates
+sudo apt update
+sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y
+sudo DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends \
+  curl \
+  wget \
+  gnupg \
+  apt-transport-https \
+  lsb-release \
+  ca-certificates
+
+# add nodesource apt repository
+curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/nodesource-archive-keyring.gpg
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nodesource-archive-keyring.gpg] https://deb.nodesource.com/node_16.x $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/nodesource.list >/dev/null
+
+# add official postgresql apt repository
+curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo gpg --dearmor -o /usr/share/keyrings/postgresql-archive-keyring.gpg
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/postgresql-archive-keyring.gpg] http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | sudo tee /etc/apt/sources.list.d/postgresql.list >/dev/null
+
+# add official redis apt repository
+curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list >/dev/null
+
+# add official nginx apt repository
+curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu/ $(lsb_release -cs) nginx" | sudo tee /etc/apt/sources.list.d/nginx.list >/dev/null
+
+# install prerequisites:
+# https://docs.joinmastodon.org/admin/install/#system-packages
+sudo apt update
+sudo DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends \
+  git-core \
+  g++ \
+  libpq-dev \
+  libxml2-dev \
+  libxslt1-dev \
+  imagemagick \
+  nodejs \
+  redis-server \
+  redis-tools \
+  postgresql \
+  postgresql-contrib \
+  libidn11-dev \
+  libicu-dev \
+  libreadline6-dev \
+  autoconf \
+  bison \
+  build-essential \
+  ffmpeg \
+  file \
+  gcc \
+  libffi-dev \
+  libgdbm-dev \
+  libjemalloc-dev \
+  libncurses5-dev \
+  libprotobuf-dev \
+  libssl-dev \
+  libyaml-dev \
+  pkg-config \
+  protobuf-compiler \
+  zlib1g-dev \
+  nginx \
+  python3 \
+  python3-venv \
+  libaugeas0
+
+# setup yarn
+sudo npm install --global yarn
+sudo corepack enable
+
+# install rbenv & ruby-build
+as_mastodon git clone https://github.com/rbenv/rbenv.git "$RBENV_ROOT"
+as_mastodon git clone https://github.com/rbenv/ruby-build.git "$RBENV_ROOT/plugins/ruby-build"
+eval "$("$RBENV_ROOT"/bin/rbenv init -)"
+
+# clone vanilla Mastodon & checkout latest version:
+as_mastodon git clone https://github.com/mastodon/mastodon.git "$APP_ROOT" && cd "$APP_ROOT"
+as_mastodon git checkout "$(as_mastodon git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)"
+# clone glitch-soc & checkout latest commit:
+# as_mastodon git clone https://github.com/glitch-soc/mastodon.git "$APP_ROOT" && cd "$APP_ROOT"
+
+# install ruby
+RUBY_VERSION="$(as_mastodon cat "$APP_ROOT"/.ruby-version)"
+as_mastodon RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install --skip-existing "$RUBY_VERSION"
+as_mastodon rbenv global "$RUBY_VERSION"
+
+# install npm and gem dependencies
+as_mastodon gem install bundler --no-document
+as_mastodon bundle config deployment "true"
+as_mastodon bundle config without "development test"
+as_mastodon bundle install --jobs "$(getconf _NPROCESSORS_ONLN)"
+as_mastodon yarn set version classic
+as_mastodon yarn install --pure-lockfile --network-timeout 100000
+
+# set up database w/ random alphanumeric password
+DB_PASSWORD=$(< /dev/urandom tr -dc A-Za-z0-9 | head -c32; echo)
+echo "CREATE USER mastodon WITH PASSWORD '$DB_PASSWORD' CREATEDB" | sudo -u postgres psql -f -
+
+# populate .env.production config
+echo "$INSTALLER_WUZ_HERE
+
+LOCAL_DOMAIN=$MASTODON_USERNAME_DOMAIN
+WEB_DOMAIN=$MASTODON_DOMAIN
+
+DB_HOST=localhost
+DB_USER=mastodon
+DB_NAME=mastodon_production
+DB_PASS=$DB_PASSWORD
+
+# without pgbouncer:
+DB_PORT=5432
+# with pgbouncer: https://github.com/jakejarvis/mastodon-utils/wiki/Postgres-&-PgBouncer#pgbouncer
+# DB_PORT=6432
+# PREPARED_STATEMENTS=false
+
+REDIS_HOST=localhost
+REDIS_PORT=6379
+
+SECRET_KEY_BASE=$(as_mastodon RAILS_ENV=production bundle exec rake secret)
+OTP_SECRET=$(as_mastodon RAILS_ENV=production bundle exec rake secret)
+$(as_mastodon RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key)
+
+SINGLE_USER_MODE=false
+IP_RETENTION_PERIOD=31556952
+SESSION_RETENTION_PERIOD=31556952
+RAILS_LOG_LEVEL=warn
+
+WEB_CONCURRENCY=3
+MAX_THREADS=10
+STREAMING_CLUSTER_NUM=1
+
+# using linode, not brand name S3: https://cloud.linode.com/object-storage/buckets/create
+# AWS_ACCESS_KEY_ID=XXXXXXXX
+# AWS_SECRET_ACCESS_KEY=XXXXXXXX
+# S3_ENABLED=true
+# S3_BUCKET=$LINODE_BUCKET_NAME
+# S3_PROTOCOL=https
+# S3_HOSTNAME=us-east-1.linodeobjects.com
+# S3_ENDPOINT=https://us-east-1.linodeobjects.com
+# S3_ALIAS_HOST=$LINODE_BUCKET_NAME.us-east-1.linodeobjects.com
+
+# get SES credentials: https://us-east-1.console.aws.amazon.com/ses/home?region=us-east-1#/smtp
+# SMTP_SERVER=email-smtp.us-east-1.amazonaws.com
+# SMTP_PORT=587
+# SMTP_FROM_ADDRESS=\"Mastodon <noreply@$MASTODON_DOMAIN>\"
+# SMTP_LOGIN=XXXXXXXX
+# SMTP_PASSWORD=XXXXXXXX
+
+# https://github.com/jakejarvis/mastodon-utils/wiki/ElasticSearch
+# ES_ENABLED=true
+# ES_HOST=localhost
+# ES_PORT=9200
+# ES_USER=optional
+# ES_PASS=optional
+
+# https://github.com/jakejarvis/mastodon-utils/wiki/Prometheus-&-Grafana
+# STATSD_ADDR=localhost:9125" | as_mastodon tee "$APP_ROOT/.env.production" >/dev/null
+
+# manually setup db
+as_mastodon RAILS_ENV=production bundle exec rails db:setup
+
+# apply custom patches & precompile assets
+. "$UTILS_ROOT/scripts/apply_patches.sh"
+
+# install latest certbot
+# https://certbot.eff.org/instructions?ws=nginx&os=pip
+sudo python3 -m venv /opt/certbot/
+sudo /opt/certbot/bin/pip install --upgrade pip
+sudo /opt/certbot/bin/pip install certbot certbot-nginx
+sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot
+
+# ensure nginx hasn't started itself
+sudo systemctl stop nginx
+
+# order an ssl certificate from LE
+sudo certbot certonly \
+  --non-interactive \
+  --agree-tos \
+  --no-eff-email \
+  --domains "$MASTODON_DOMAIN" \
+  --email "$MASTODON_ADMIN_EMAIL" \
+  --standalone
+
+# configure nginx: sets up symlinks from `/etc/nginx` to confs in this repo
+sudo sed -i "$UTILS_ROOT/etc/nginx/sites-available/mastodon.conf" -e "s/fediverse.jarv.is/$MASTODON_DOMAIN/g"
+sudo rm -rf /etc/nginx/sites-available
+sudo rm -rf /etc/nginx/sites-enabled/*
+sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
+sudo ln -sf "$UTILS_ROOT/etc/nginx/nginx.conf" /etc/nginx/nginx.conf
+sudo ln -sf "$UTILS_ROOT/etc/nginx/modules" /usr/lib/nginx/modules
+sudo ln -sf "$UTILS_ROOT/etc/nginx/sites-available" /etc/nginx/sites-available
+sudo ln -sf /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/default.conf
+sudo ln -sf /etc/nginx/sites-available/mastodon.conf /etc/nginx/sites-enabled/mastodon.conf
+sudo nginx -t
+sudo systemctl start nginx
+
+# configure mastodon systemd services
+sudo cp "$APP_ROOT"/dist/mastodon-*.service /etc/systemd/system/
+
+# start everything up!
+sudo systemctl daemon-reload
+sudo systemctl enable --now mastodon-web mastodon-sidekiq mastodon-streaming
+
+# wait a bit to be safe
+sleep 5
+
+# create admin account
+tootctl accounts create \
+  "$MASTODON_ADMIN_USERNAME" \
+  --email "$MASTODON_ADMIN_EMAIL" \
+  --role Owner \
+  --confirmed
+
+# set cleanup tasks to run weekly
+# https://docs.joinmastodon.org/admin/setup/#cleanup
+(sudo crontab -l; echo -e "\n$INSTALLER_WUZ_HERE
+@weekly  bash -c \"$UTILS_ROOT/scripts/weekly_cleanup.sh >> $LOGS_ROOT/cron.log 2>&1\"
+") | sudo crontab -
+
+echo "🎉 done! don't forget to fill in .env.production with credentials"
+echo "https://$MASTODON_DOMAIN/auth/sign_in"
diff --git a/scripts/setup_nginx.sh b/scripts/setup_nginx.sh
deleted file mode 100755
index 5cc4825..0000000
--- a/scripts/setup_nginx.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-# symlinks files from this repo to their proper location
-
-# exit when any step fails
-set -euo pipefail
-
-# initialize path
-source "$(dirname "$(realpath "$0")")"/../init.sh
-
-# setup nginx config
-sudo rm -rf /etc/nginx/sites-available
-sudo rm -rf /etc/nginx/sites-enabled/*
-sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
-sudo ln -sf "$UTILS_ROOT/etc/nginx/nginx.conf" /etc/nginx/nginx.conf
-sudo ln -sf "$UTILS_ROOT/etc/nginx/modules" /usr/lib/nginx/modules
-sudo ln -sf "$UTILS_ROOT/etc/nginx/sites-available" /etc/nginx/sites-available
-sudo ln -sf /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/default.conf
-sudo ln -sf /etc/nginx/sites-available/mastodon.conf /etc/nginx/sites-enabled/mastodon.conf
-sudo nginx -t
-sudo nginx -s reload
diff --git a/scripts/upgrade.sh b/scripts/upgrade.sh
index 875b2d2..aacc7cb 100755
--- a/scripts/upgrade.sh
+++ b/scripts/upgrade.sh
@@ -3,8 +3,18 @@
 # exit when any step fails
 set -euo pipefail
 
+# :)
+MY_NAME_IS_JAKE_JARVIS="false"
+
+# can't say you weren't warned
+if [ "$MY_NAME_IS_JAKE_JARVIS" != "pinky promise" ]; then
+  echo "🚨 LISTEN UP!!!! YOU PROBABLY WANT THIS SCRIPT INSTEAD:"
+  echo "https://github.com/jakejarvis/mastodon-installer/blob/main/upgrade.sh"
+  exit 69
+fi
+
 # initialize path
-source "$(dirname "$(realpath "$0")")"/../init.sh
+. "$(dirname "$(realpath "$0")")"/../init.sh
 
 # pull latest mastodon source
 cd "$APP_ROOT"
@@ -20,18 +30,18 @@ else
   as_mastodon git checkout "$(as_mastodon git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)"
 fi
 
-# pull & apply latest patches
-. "$UTILS_ROOT/scripts/apply_patches.sh"
-
-# create blank custom.css (this overrides any CSS set in the admin panel, but if that's not being used, then
-# this quickly saves a request to the backend)
-as_mastodon touch "$APP_ROOT/public/custom.css"
-
 # set new ruby version
 RUBY_VERSION="$(as_mastodon cat "$APP_ROOT"/.ruby-version)"
-as_mastodon RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install "$RUBY_VERSION"
+as_mastodon RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install --skip-existing "$RUBY_VERSION"
 as_mastodon rbenv global "$RUBY_VERSION"
 
+# update dependencies
+as_mastodon bundle install --jobs "$(getconf _NPROCESSORS_ONLN)"
+as_mastodon yarn install --pure-lockfile --network-timeout 100000
+
+# pull & apply latest patches
+. "$UTILS_ROOT/scripts/apply_patches.sh"
+
 # run migrations:
 # https://docs.joinmastodon.org/admin/upgrading/
 echo "Running pre-deploy database migrations..."
diff --git a/scripts/version.sh b/scripts/version.sh
index 2073715..9a03cb0 100755
--- a/scripts/version.sh
+++ b/scripts/version.sh
@@ -4,7 +4,7 @@
 set -euo pipefail
 
 # initialize path
-source "$(dirname "$(realpath "$0")")"/../init.sh
+. "$(dirname "$(realpath "$0")")"/../init.sh
 
 echo "* rbenv version: $(rbenv --version)"
 echo "* Ruby version: $(ruby --version)"
diff --git a/scripts/weekly_cleanup.sh b/scripts/weekly_cleanup.sh
index 4a459d0..918bd12 100755
--- a/scripts/weekly_cleanup.sh
+++ b/scripts/weekly_cleanup.sh
@@ -8,7 +8,7 @@
 set -euo pipefail
 
 # initialize path
-source "$(dirname "$(realpath "$0")")"/../init.sh
+. "$(dirname "$(realpath "$0")")"/../init.sh
 
 if [ ! -d "$LOGS_ROOT" ]; then
   as_mastodon mkdir -p "$LOGS_ROOT"