initial commit 🦣

LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2022 Jake Jarvis
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,5 @@
+# Mastodon customizations
+
+## License
+
+MIT

patches/create-account-button.patch

@@ -0,0 +1,24 @@
+diff --git a/app/javascript/mastodon/features/ui/components/header.js b/app/javascript/mastodon/features/ui/components/header.js
+index 1384bebda..89becd19b 100644
+--- a/app/javascript/mastodon/features/ui/components/header.js
++++ b/app/javascript/mastodon/features/ui/components/header.js
+@@ -68,7 +68,6 @@ class Header extends React.PureComponent {
+       content = (
+         <>
+           <a href='/auth/sign_in' className='button'><FormattedMessage id='sign_in_banner.sign_in' defaultMessage='Sign in' /></a>
+-          {signupButton}
+         </>
+       );
+     }
+diff --git a/app/javascript/mastodon/features/ui/components/sign_in_banner.js b/app/javascript/mastodon/features/ui/components/sign_in_banner.js
+index 8bd32edf9..f11ab1893 100644
+--- a/app/javascript/mastodon/features/ui/components/sign_in_banner.js
++++ b/app/javascript/mastodon/features/ui/components/sign_in_banner.js
+@@ -32,7 +32,6 @@ const SignInBanner = () => {
+     <div className='sign-in-banner'>
+       <p><FormattedMessage id='sign_in_banner.text' defaultMessage='Sign in to follow profiles or hashtags, favourite, share and reply to posts, or interact from your account on a different server.' /></p>
+       <a href='/auth/sign_in' className='button button--block'><FormattedMessage id='sign_in_banner.sign_in' defaultMessage='Sign in' /></a>
+-      {signupButton}
+     </div>
+   );
+ };

patches/robots-txt.patch

@@ -0,0 +1,11 @@
+diff --git a/public/robots.txt b/public/robots.txt
+index 771bf2160..1f53798bb 100644
+--- a/public/robots.txt
++++ b/public/robots.txt
+@@ -1,5 +1,2 @@
+-# See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file
+-
+ User-agent: *
+-Disallow: /media_proxy/
+-Disallow: /interact/
++Disallow: /

patches/system-font.patch

@@ -0,0 +1,13 @@
+diff --git a/app/javascript/styles/mastodon/basics.scss b/app/javascript/styles/mastodon/basics.scss
+index 413a1cdd6..efdd7bbd0 100644
+--- a/app/javascript/styles/mastodon/basics.scss
++++ b/app/javascript/styles/mastodon/basics.scss
+@@ -7,7 +7,7 @@
+ }
+ 
+ body {
+-  font-family: $font-sans-serif, sans-serif;
++  font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", $font-sans-serif, sans-serif;
+   background: darken($ui-base-color, 7%);
+   font-size: 13px;
+   line-height: 18px;

scripts/tootctl_shim.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+MASTODON_ROOT=/home/mastodon
+
+tootctl() {
+  ( cd "$MASTODON_ROOT/live" && sudo -u mastodon RAILS_ENV=production "$MASTODON_ROOT/.rbenv/shims/ruby" "$MASTODON_ROOT/live/bin/tootctl" "$@" )
+}

scripts/upgrade_glitch.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# exit when any step fails
+set -euo pipefail
+
+# default paths
+MASTODON_ROOT=/home/mastodon
+RBENV_ROOT="$MASTODON_ROOT/.rbenv"
+
+# check for existing installation
+if [ ! -d "$MASTODON_ROOT/live" ]
+then
+  echo "$MASTODON_ROOT/live doesn't exist, are you sure Mastodon is installed?"
+  exit 255
+fi
+
+# pull latest mastodon source
+cd "$MASTODON_ROOT/live"
+sudo -u mastodon git fetch --all
+sudo -u mastodon git checkout glitch-soc/main
+sudo -u mastodon git pull glitch-soc main
+
+# update dependencies
+echo "Updating deps..."
+sudo -u mastodon "$RBENV_ROOT/shims/bundle" install --jobs "$(getconf _NPROCESSORS_ONLN)"
+sudo -u mastodon yarn install --pure-lockfile --network-timeout 100000
+
+# run migrations:
+# https://docs.joinmastodon.org/admin/upgrading/
+echo "Running pre-deploy database migrations..."
+sudo -u mastodon SKIP_POST_DEPLOYMENT_MIGRATIONS=true RAILS_ENV=production "$RBENV_ROOT/shims/bundle" exec rails db:migrate
+echo "Compiling new assets..."
+sudo -u mastodon RAILS_ENV=production "$RBENV_ROOT/shims/bundle" exec rails assets:precompile
+
+# restart mastodon
+echo "Restarting services (round 1/2)..."
+sudo systemctl reload mastodon-web
+sudo systemctl restart mastodon-sidekiq mastodon-streaming
+
+# clear caches & run post-deployment db migration
+echo "Clearing cache..."
+sudo -u mastodon RAILS_ENV=production "$RBENV_ROOT/shims/ruby" "$MASTODON_ROOT/live/bin/tootctl" cache clear
+echo "Running post-deploy database migrations..."
+sudo -u mastodon RAILS_ENV=production "$RBENV_ROOT/shims/bundle" exec rails db:migrate
+
+# restart mastodon again
+echo "Restarting services (round 2/2)..."
+sudo systemctl reload mastodon-web
+sudo systemctl restart mastodon-sidekiq mastodon-streaming
+
+echo "🎉 done!"

scripts/version.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+. $(dirname "$0")/tootctl_shim.sh
+
+tootctl version

scripts/weekly_cleanup.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# cronjob ran once per week at 3 AM on Sunday; see https://crontab.guru/#0_3_*_*_0
+# syntax for crontab -e:
+#   0 3 * * 0  root  /home/mastodon/scripts/weekly_cleanup.sh >> /home/mastodon/logs/cron.log 2>&1
+
+set -e
+
+. $(dirname "$0")/toot_shim.sh
+
+tootctl media remove --days 7
+tootctl preview_cards remove --days 90
+
+curl -X GET 'https://betteruptime.com/api/v1/heartbeat/EZYUHRmbatzh4tBfTvzX22go'

sites-available/fediverse.jarv.is.conf

@@ -0,0 +1,180 @@
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  ''      close;
+}
+
+upstream backend {
+  server 127.0.0.1:3000 fail_timeout=0;
+}
+
+upstream streaming {
+  server 127.0.0.1:4000 fail_timeout=0;
+}
+
+proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
+
+server {
+  listen 80;
+  listen [::]:80;
+
+  server_name fediverse.jarv.is;
+
+  root /home/mastodon/live/public;
+
+  location /.well-known/acme-challenge/ {
+    allow all;
+  }
+
+  location / {
+    return 301 https://$host$request_uri;
+  }
+
+  access_log off;
+}
+
+server {
+  server_name fediverse.jarv.is;
+
+  listen [::]:443 ssl; # managed by Certbot
+  listen 443 ssl; # managed by Certbot
+
+  ssl_certificate /etc/letsencrypt/live/fediverse.jarv.is/fullchain.pem; # managed by Certbot
+  ssl_certificate_key /etc/letsencrypt/live/fediverse.jarv.is/privkey.pem; # managed by Certbot
+  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+  # jake: added
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  ssl_trusted_certificate /etc/letsencrypt/live/fediverse.jarv.is/chain.pem;
+  # resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
+  # resolver_timeout 5s;
+
+  keepalive_timeout    70;
+  sendfile             on;
+  client_max_body_size 80m;
+
+  root /home/mastodon/live/public;
+
+  gzip on;
+  gzip_disable "msie6";
+  gzip_vary on;
+  gzip_proxied any;
+  gzip_comp_level 6;
+  gzip_buffers 16 8k;
+  gzip_http_version 1.1;
+  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
+  # jake: added
+  gzip_min_length 256;
+
+  access_log off;
+
+  location / {
+    try_files $uri @proxy;
+  }
+
+  # If Docker is used for deployment and Rails serves static files,
+  # then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`.
+  location = /sw.js {
+    add_header Cache-Control "public, max-age=604800, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/assets/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/avatars/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/emoji/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/headers/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/packs/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/shortcuts/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/sounds/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/system/ {
+    add_header Cache-Control "public, max-age=2419200, immutable";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ^~ /api/v1/streaming {
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Proxy "";
+
+    proxy_pass http://streaming;
+    proxy_buffering off;
+    proxy_redirect off;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+
+    tcp_nodelay on;
+  }
+
+  location @proxy {
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Proxy "";
+    # jake: removed
+    # proxy_pass_header Server;
+
+    proxy_pass http://backend;
+    proxy_buffering on;
+    proxy_redirect off;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+
+    proxy_cache CACHE;
+    proxy_cache_valid 200 7d;
+    proxy_cache_valid 410 24h;
+    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+    add_header X-Cached $upstream_cache_status;
+
+    # jake: added
+    add_header X-Got-Milk "2%";
+
+    tcp_nodelay on;
+  }
+
+  error_page 404 500 501 502 503 504 /500.html;
+}