Purge Rejected Follow requests in daily task (#334)
[akkoma] / docs / docs / installation / freebsd_en.md
1 # Installing on FreeBSD
2
3 This document was written for FreeBSD 12.1, but should be work on future releases.
4
5 {! installation/generic_dependencies.include !}
6
7 ## Installing software used in this guide
8
9 This assumes the target system has `pkg(8)`.
10
11 ```
12 # pkg install elixir postgresql12-server postgresql12-client postgresql12-contrib git-lite sudo nginx gmake acme.sh cmake
13 ```
14
15 Copy the rc.d scripts to the right directory:
16
17 Setup the required services to automatically start at boot, using `sysrc(8)`.
18
19 ```
20 # sysrc nginx_enable=YES
21 # sysrc postgresql_enable=YES
22 ```
23
24 ## Initialize postgres
25
26 ```
27 # service postgresql initdb
28 # service postgresql start
29 ```
30
31 ### Install media / graphics packages (optional, see [`docs/installation/optional/media_graphics_packages.md`](../installation/optional/media_graphics_packages.md))
32
33 ```shell
34 # pkg install imagemagick ffmpeg p5-Image-ExifTool
35 ```
36
37 ## Configuring Akkoma
38
39 Create a user for Akkoma:
40
41 ```
42 # pw add user akkoma -m
43 # echo 'export LC_ALL="en_US.UTF-8"' >> /home/akkoma/.profile
44 # su -l akkoma
45 ```
46
47 Clone the repository:
48
49 ```
50 $ cd $HOME # Should be the same as /home/akkoma
51 $ git clone https://akkoma.dev/AkkomaGang/akkoma.git
52 ```
53
54 Configure Akkoma. Note that you need a domain name at this point:
55
56 ```
57 $ cd /home/akkoma/akkoma
58 $ mix deps.get # Enter "y" when asked to install Hex
59 $ MIX_ENV=prod mix pleroma.instance gen # You will be asked a few questions here.
60 $ cp config/generated_config.exs config/prod.secret.exs
61 ```
62
63 Since Postgres is configured, we can now initialize the database. There should
64 now be a file in `config/setup_db.psql` that makes this easier. Edit it, and
65 *change the password* to a password of your choice. Make sure it is secure, since
66 it'll be protecting your database. As root, you can now initialize the database:
67
68 ```
69 # cd /home/akkoma/akkoma
70 # sudo -Hu postgres -g postgres psql -f config/setup_db.psql
71 ```
72
73 Postgres allows connections from all users without a password by default. To
74 fix this, edit `/var/db/postgres/data12/pg_hba.conf`. Change every `trust` to
75 `password`.
76
77 Once this is done, restart Postgres with:
78 ```
79 # service postgresql restart
80 ```
81
82 Run the database migrations.
83
84 Back as the akkoma user, run the following to implement any database migrations.
85
86 ```
87 # su -l akkoma
88 $ cd /home/akkoma/akkoma
89 $ MIX_ENV=prod mix ecto.migrate
90 ```
91
92 You will need to do this whenever you update with `git pull`:
93
94 ## Configuring acme.sh
95
96 We'll be using acme.sh in Stateless Mode for TLS certificate renewal.
97
98 First, as root, allow the user `acme` to have access to the acme log file, as follows:
99
100 ```
101 # touch /var/log/acme.sh.log
102 # chown acme:acme /var/log/acme.sh.log
103 # chmod 600 /var/log/acme.sh.log
104 ```
105
106 Next, obtain your account fingerprint:
107
108 ```
109 # sudo -Hu acme -g acme acme.sh --register-account
110 ```
111
112 You need to add the following to your nginx configuration for the server
113 running on port 80:
114
115 ```
116 location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ {
117 default_type text/plain;
118 return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd";
119 }
120 ```
121
122 Replace the string after after `$1.` with your fingerprint.
123
124 Start nginx:
125
126 ```
127 # service nginx start
128 ```
129
130 It should now be possible to issue a cert (replace `example.com`
131 with your domain name):
132
133 ```
134 # sudo -Hu acme -g acme acme.sh --issue -d example.com --stateless
135 ```
136
137 Let's add auto-renewal to `/etc/crontab`
138 (replace `example.com` with your domain):
139
140 ```
141 /usr/local/bin/sudo -Hu acme -g acme /usr/local/sbin/acme.sh -r -d example.com --stateless
142 ```
143
144 ### Configuring nginx
145
146 FreeBSD's default nginx configuration does not contain an include directive, which is
147 typically used for multiple sites. Therefore, you will need to first create the required
148 directory as follows:
149
150
151 ```
152 # mkdir -p /usr/local/etc/nginx/sites-available
153 ```
154
155 Next, add an `include` directive to `/usr/local/etc/nginx/nginx.conf`, within the `http {}`
156 block, as follows:
157
158
159 ```
160 http {
161 ...
162 include /usr/local/etc/nginx/sites-available/*;
163 }
164 ```
165
166 As root, copy `/home/akkoma/akkoma/installation/nginx/akkoma.nginx` to
167 `/usr/local/etc/nginx/sites-available/akkoma.nginx`.
168
169 Edit the defaults of `/usr/local/etc/nginx/sites-available/akkoma.nginx`:
170
171 * Change `ssl_trusted_certificate` to `/var/db/acme/certs/example.tld/example.tld.cer`.
172 * Change `ssl_certificate` to `/var/db/acme/certs/example.tld/fullchain.cer`.
173 * Change `ssl_certificate_key` to `/var/db/acme/certs/example.tld/example.tld.key`.
174 * Change all references of `example.tld` to your instance's domain name.
175
176 ## Creating a startup script for Akkoma
177
178 Akkoma will need to compile when it initially starts, which typically takes a longer
179 period of time. Therefore, it is good practice to initially run akkoma from the
180 command-line before utilizing the rc.d script. That is done as follows:
181
182 ```
183 # su -l akkoma
184 $ cd $HOME/akkoma
185 $ MIX_ENV=prod mix phx.server
186 ```
187
188 Copy the startup script to the correct location and make sure it's executable:
189
190 ```
191 # cp /home/akkoma/akkoma/installation/freebsd/rc.d/akkoma /usr/local/etc/rc.d/akkoma
192 # chmod +x /usr/local/etc/rc.d/akkoma
193 ```
194
195 Update the `/etc/rc.conf` and start akkoma with the following commands:
196
197 ```
198 # sysrc akkoma_enable=YES
199 # service akkoma start
200 ```
201
202 #### Create your first user
203
204 If your instance is up and running, you can create your first user with administrative rights with the following task:
205
206 ```shell
207 sudo -Hu akkoma MIX_ENV=prod mix pleroma.user new <username> <your@emailaddress> --admin
208 ```
209
210 {! installation/frontends.include !}
211
212 ## Conclusion
213
214 Restart nginx with `# service nginx restart` and you should be up and running.
215
216 Make sure your time is in sync, or other instances will receive your posts with
217 incorrect timestamps. You should have ntpd running.
218
219 {! support.include !}