Fix documentation

fix setup
mount directory
2024-06-04 11:40:49 +01:00 · 2024-06-04 10:27:50 +01:00 · 2024-06-04 10:24:31 +01:00 · 2024-06-04 10:23:06 +01:00 · 2024-06-04 10:21:13 +01:00 · 2024-06-04 10:16:58 +01:00
233 changed files with 23079 additions and 35222 deletions
--- a/.woodpecker/build-amd64.yml
+++ b/.woodpecker/build-amd64.yml
@ -6,12 +6,9 @@ depends_on:
 variables:
  - &scw-secrets
-    SCW_ACCESS_KEY:
+    - SCW_ACCESS_KEY
-      from_secret: SCW_ACCESS_KEY
+    - SCW_SECRET_KEY
-    SCW_SECRET_KEY:
+    - SCW_DEFAULT_ORGANIZATION_ID
      from_secret: SCW_SECRET_KEY
    SCW_DEFAULT_ORGANIZATION_ID:
      from_secret: SCW_DEFAULT_ORGANIZATION_ID
  - &setup-hex "mix local.hex --force && mix local.rebar --force"
  - &on-release
    when:
@ -59,7 +56,7 @@ steps:
  release-debian-bookworm:
    image: akkoma/releaser
    <<: *on-release
-    environment: *scw-secrets
+    secrets: *scw-secrets
    commands:
      - export SOURCE=akkoma-amd64.zip
      # AMD64
@ -88,7 +85,7 @@ steps:
  release-debian-bullseye:
    image: akkoma/releaser
    <<: *on-release
-    environment: *scw-secrets
+    secrets: *scw-secrets
    commands:
      - export SOURCE=akkoma-amd64-debian-bullseye.zip
      # AMD64
@ -114,7 +111,7 @@ steps:
  release-musl:
    image: akkoma/releaser
    <<: *on-stable
-    environment: *scw-secrets
+    secrets: *scw-secrets
    commands:
      - export SOURCE=akkoma-amd64-musl.zip
      - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-amd64-musl.zip
--- a/.woodpecker/build-arm64.yml
+++ b/.woodpecker/build-arm64.yml
@ -1,17 +1,14 @@
 labels:
-  platform: linux/arm64
+  platform: linux/aarch64
 depends_on:
  - test
 variables:
  - &scw-secrets
-    SCW_ACCESS_KEY:
+    - SCW_ACCESS_KEY
-      from_secret: SCW_ACCESS_KEY
+    - SCW_SECRET_KEY
-    SCW_SECRET_KEY:
+    - SCW_DEFAULT_ORGANIZATION_ID
      from_secret: SCW_SECRET_KEY
    SCW_DEFAULT_ORGANIZATION_ID:
      from_secret: SCW_DEFAULT_ORGANIZATION_ID
  - &setup-hex "mix local.hex --force && mix local.rebar --force"
  - &on-release
    when:
@ -59,7 +56,7 @@ steps:
  release-debian-bookworm:
    image: akkoma/releaser:arm64
    <<: *on-release
-    environment: *scw-secrets
+    secrets: *scw-secrets
    commands:
      - export SOURCE=akkoma-arm64.zip
      - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-arm64-ubuntu-jammy.zip
@ -86,7 +83,7 @@ steps:
  release-musl:
    image: akkoma/releaser:arm64
    <<: *on-stable
-    environment: *scw-secrets
+    secrets: *scw-secrets
    commands:
      - export SOURCE=akkoma-arm64-musl.zip
      - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-arm64-musl.zip
--- a/.woodpecker/build-docker.yml
+++ b/.woodpecker/build-docker.yml
@ -0,0 +1,32 @@
 labels:
  platform: linux/amd64
 variables:
  - &on-release
    when:
      event:
        - push
        - tag
      branch:
        - develop
        - stable
  - &on-stable
    when:
      event:
        - push
        - tag
      branch:
        - stable
 steps:
  build:
    image: woodpeckerci/plugin-docker-buildx:latest
    secrets: [docker_username, docker_password]
    settings:
      repo: akkoma/akkoma
      dockerfile: Dockerfile
      platforms: linux/amd64
      tag: next
    when:
      branch: customizable-docker-db
      event: push
--- a/.woodpecker/docs.yml
+++ b/.woodpecker/docs.yml
@ -6,6 +6,10 @@ depends_on:
  - build-amd64
 variables:
  - &scw-secrets
    - SCW_ACCESS_KEY
    - SCW_SECRET_KEY
    - SCW_DEFAULT_ORGANIZATION_ID
  - &setup-hex "mix local.hex --force && mix local.rebar --force"
  - &on-release
    when:
@ -45,14 +49,12 @@ variables:
 steps:
  docs:
    <<: *on-point-release
    secrets:
    - SCW_ACCESS_KEY
    - SCW_SECRET_KEY
    - SCW_DEFAULT_ORGANIZATION_ID
    environment:
      CI: "true"
      SCW_ACCESS_KEY:
        from_secret: SCW_ACCESS_KEY
      SCW_SECRET_KEY:
        from_secret: SCW_SECRET_KEY
      SCW_DEFAULT_ORGANIZATION_ID:
        from_secret: SCW_DEFAULT_ORGANIZATION_ID
    image: python:3.10-slim
    commands:
      - apt-get update && apt-get install -y rclone wget git zip
--- a/.woodpecker/lint.yml
+++ b/.woodpecker/lint.yml
@ -2,6 +2,10 @@ labels:
  platform: linux/amd64
 variables:
  - &scw-secrets
    - SCW_ACCESS_KEY
    - SCW_SECRET_KEY
    - SCW_DEFAULT_ORGANIZATION_ID
  - &setup-hex "mix local.hex --force && mix local.rebar --force"
  - &on-release
    when:
--- a/.woodpecker/test.yml
+++ b/.woodpecker/test.yml
@ -17,6 +17,10 @@ matrix:
      OTP_VERSION: 26
 variables:
  - &scw-secrets
    - SCW_ACCESS_KEY
    - SCW_SECRET_KEY
    - SCW_DEFAULT_ORGANIZATION_ID
  - &setup-hex "mix local.hex --force && mix local.rebar --force"
  - &on-release
    when:
@ -83,5 +87,5 @@ steps:
      - mix ecto.create
      - mix ecto.migrate
      - mkdir -p test/tmp
-      - mix test --preload-modules --exclude erratic --exclude federated --exclude mocked || mix test --failed
+      - mix test --preload-modules --exclude erratic --exclude federated --exclude mocked
-      - mix test --preload-modules --only mocked || mix test --failed
+      - mix test --preload-modules --only mocked
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,66 +4,6 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## Unreleased
 ## Added
 ## Fixed
 ## Changed
 - Dropped obsolete `ap_enabled` indicator from user table and associated buggy logic
 - The remote user count in prometheus metrics is now an estimate instead of an exact number
  since the latter proved unreasonably costly to obtain for a merely nice-to-have statistic
 - Various other tweaks improving stat query performance and avoiding unecessary work on received AP documents
 ## 2025.01.01
 Hotfix: Federation could break if a null value found its way into `should_federate?\1`
 ## 2025.01
 ## Added
 - New config option `:instance, :cleanup_attachments_delay`
 - It is now possible to display custom source URLs in akkoma-fe;
  the settings are part of the frontend configuration
 ## Fixed
 - Media proxy no longer attempts to proxy embedded images
 - Fix significant uneccessary overhead of attachment cleanup;
  it no longer attempts to cleanup attachments of deleted remote posts
 - Fix “Delete & Redraft” often losing attachments if attachment cleanup was enabled
 - ObjectAge policy no longer lets unlisted posts slip through
 - ObjectAge policy no longer leaks belated DMs and follower-only posts
 - the NodeINfo endpoint now uses the correct content type
 ## Changed
 - Anonymous objects now federate completely without an id
  adopting a proposed AP spec errata and restoring federation
  with e.g. IceShrimp.NET and fedify-based implementations
 ## 3.13.3 
 ## BREAKING
 - Minimum PostgreSQL version is raised to 12
 - Swagger UI moved from `/akkoma/swaggerui/` to `/pleroma/swaggerui/`
 ## Added
 - Implement [FEP-67ff](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md) (federation documentation)
 - Meilisearch: it is now possible to use separate keys for search and admin actions
 - New standalone `prune_orphaned_activities` mix task with configurable batch limit
 - The `prune_objects` mix task now accepts a `--limit` parameter for initial object pruning
 ## Fixed
 - Meilisearch: order of results returned from our REST API now actually matches how Meilisearch ranks results
 - Emoji are now federated as anonymous objects, fixing issues with
  some strict servers e.g. rejecting e.g. remote emoji reactions
 - AP objects with additional JSON-LD profiles beyond ActivityStreams can now be fetched
 - Single-selection polls no longer expose the voter_count; MastoAPI demands it be null
  and this confused some clients leading to vote distributions >100%
 ## Changed
 - Refactored Rich Media to cache the content in the database. Fetching operations that could block status rendering have been eliminated.
 ## 2024.04.1 (Security)
 ## Fixed
@ -71,6 +11,15 @@ Hotfix: Federation could break if a null value found its way into `should_federa
 - Issue allowing use of non-media objects as attachments and crashing timeline rendering
 - Issue allowing webfinger spoofing in certain situations
 ## Added
 - Implement [FEP-67ff](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md) (federation documentation)
 ## Added
 - Meilisearch: it is now possible to use separate keys for search and admin actions
 ## Fixed
 - Meilisearch: order of results returned from our REST API now actually matches how Meilisearch ranks results
 ## 2024.04
 ## Added
--- a/60
+++ b/60
@ -1,9 +1,37 @@
-FROM hexpm/elixir:1.15.4-erlang-26.0.2-alpine-3.18.2
+####################################
 # BUILD CONTAINER
 ####################################
 FROM hexpm/elixir:1.16.3-erlang-26.2.5-alpine-3.19.1 AS BUILD
 ENV MIX_ENV=prod
 ENV ERL_EPMD_ADDRESS=127.0.0.1
-ARG HOME=/opt/akkoma
+RUN mkdir /src
 WORKDIR /src
 RUN apk add git gcc g++ musl-dev make cmake file-dev exiftool ffmpeg imagemagick libmagic ncurses postgresql-client
 RUN mix local.hex --force &&\
    mix local.rebar --force
 ADD mix.exs /src/mix.exs
 ADD mix.lock /src/mix.lock
 ADD lib/ /src/lib/
 ADD priv/ /src/priv/
 ADD config/ /src/config/
 ADD rel/ /src/rel/
 ADD restarter/ /src/restarter/
 ADD docs/ /src/docs/
 ADD installation/ /src/installation/
 RUN mix deps.get --only=prod
 RUN mix release --path docker-release
 #################################
 # RUNTIME CONTAINER
 #################################
 FROM alpine:3.19.1
 RUN apk add file-dev exiftool ffmpeg imagemagick libmagic postgresql-client
 LABEL org.opencontainers.image.title="akkoma" \
    org.opencontainers.image.description="Akkoma for Docker" \
@ -14,21 +42,23 @@ LABEL org.opencontainers.image.title="akkoma" \
    org.opencontainers.image.revision=$VCS_REF \
    org.opencontainers.image.created=$BUILD_DATE
-RUN apk add git gcc g++ musl-dev make cmake file-dev exiftool ffmpeg imagemagick libmagic ncurses postgresql-client
+ARG HOME=/opt/akkoma
 EXPOSE 4000
 ARG UID=1000
 ARG GID=1000
 ARG UNAME=akkoma
 RUN addgroup -g $GID $UNAME
 RUN adduser -u $UID -G $UNAME -D -h $HOME $UNAME
 WORKDIR /opt/akkoma
-USER $UNAME
+COPY --from=BUILD /src/docker-release/ $HOME
-RUN mix local.hex --force &&\
+RUN ln -s $HOME/bin/pleroma /bin/pleroma
-    mix local.rebar --force
+# it's nice you know
 RUN ln -s $HOME/bin/pleroma /bin/akkoma
 RUN ln -s $HOME/bin/pleroma_ctl /bin/pleroma_ctl
 RUN ln -s $HOME/bin/pleroma_ctl /bin/akkoma_ctl
 ADD docker-entrypoint.sh $HOME/docker-entrypoint.sh
 ENV AKKOMA_CONFIG_PATH=/opt/akkoma/config/prod.secret.exs
 VOLUME uploads /opt/akkoma/uploads
 VOLUME instance /opt/akkoma/instance
 VOLUME config /opt/akkoma/config
 CMD ["/opt/akkoma/docker-entrypoint.sh"]
--- a/FEDERATION.md
+++ b/FEDERATION.md
@ -10,7 +10,6 @@
 ## Supported FEPs
 - [FEP-67ff: FEDERATION](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md)
 - [FEP-dc88: Formatting Mathematics](https://codeberg.org/fediverse/fep/src/branch/main/fep/dc88/fep-dc88.md)
 - [FEP-f1d5: NodeInfo in Fediverse Software](https://codeberg.org/fediverse/fep/src/branch/main/fep/f1d5/fep-f1d5.md)
 - [FEP-fffd: Proxy Objects](https://codeberg.org/fediverse/fep/src/branch/main/fep/fffd/fep-fffd.md)
--- a/config/config.exs
+++ b/config/config.exs
@ -63,6 +63,7 @@
  uploader: Pleroma.Uploaders.Local,
  filters: [],
  link_name: false,
  proxy_remote: false,
  filename_display_max_length: 30,
  base_url: nil,
  allowed_mime_types: ["image", "audio", "video"]
@ -188,10 +189,8 @@
  receive_timeout: :timer.seconds(15),
  proxy_url: nil,
  user_agent: :default,
-  pool_size: 10,
+  pool_size: 50,
-  adapter: [],
+  adapter: []
  # see: https://hexdocs.pm/finch/Finch.html#start_link/1
  pool_max_idle_time: :timer.seconds(30)
 config :pleroma, :instance,
  name: "Akkoma",
@ -255,7 +254,6 @@
  external_user_synchronization: true,
  extended_nickname_format: true,
  cleanup_attachments: false,
  cleanup_attachments_delay: 1800,
  multi_factor_authentication: [
    totp: [
      # digits 6 or 8
@ -303,7 +301,6 @@
  allow_headings: false,
  allow_tables: false,
  allow_fonts: false,
  allow_math: true,
  scrub_policy: [
    Pleroma.HTML.Scrubber.Default,
    Pleroma.HTML.Transform.MediaProxy
@ -440,12 +437,8 @@
    Pleroma.Web.RichMedia.Parsers.TwitterCard,
    Pleroma.Web.RichMedia.Parsers.OEmbed
  ],
-  failure_backoff: 60_000,
+  failure_backoff: :timer.minutes(20),
-  ttl_setters: [
+  ttl_setters: [Pleroma.Web.RichMedia.Parser.TTL.AwsSignedUrl]
    Pleroma.Web.RichMedia.Parser.TTL.AwsSignedUrl,
    Pleroma.Web.RichMedia.Parser.TTL.Opengraph
  ],
  max_body: 5_000_000
 config :pleroma, :media_proxy,
  enabled: false,
@ -583,9 +576,7 @@
    mute_expire: 5,
    search_indexing: 10,
    nodeinfo_fetcher: 1,
-    database_prune: 1,
+    database_prune: 1
    rich_media_backfill: 2,
    rich_media_expiration: 2
  ],
  plugins: [
    Oban.Plugins.Pruner,
@ -601,8 +592,7 @@
  retries: [
    federator_incoming: 5,
    federator_outgoing: 5,
-    search_indexing: 2,
+    search_indexing: 2
    rich_media_backfill: 1
  ],
  timeout: [
    activity_expiration: :timer.seconds(5),
@ -624,8 +614,7 @@
    mute_expire: :timer.seconds(5),
    search_indexing: :timer.seconds(5),
    nodeinfo_fetcher: :timer.seconds(10),
-    database_prune: :timer.minutes(10),
+    database_prune: :timer.minutes(10)
    rich_media_backfill: :timer.seconds(30)
  ]
 config :pleroma, Pleroma.Formatter,
@ -824,10 +813,8 @@
 config :pleroma, configurable_from_database: false
 config :pleroma, Pleroma.Repo,
-  parameters: [
+  parameters: [gin_fuzzy_search_limit: "500"],
-    gin_fuzzy_search_limit: "500",
+  prepare: :unnamed
    plan_cache_mode: "force_custom_plan"
  ]
 config :pleroma, :majic_pool, size: 2
--- a/config/description.exs
+++ b/config/description.exs
@ -118,6 +118,14 @@
          "font"
        ]
      },
      %{
        key: :proxy_remote,
        type: :boolean,
        description: """
        Proxy requests to the remote uploader.\n
        Useful if media upload endpoint is not internet accessible.
        """
      },
      %{
        key: :filename_display_max_length,
        type: :integer,
@ -1184,7 +1192,7 @@
            logoMask: true,
            minimalScopesMode: false,
            noAttachmentLinks: false,
-            nsfwCensorImage: "",
+            nsfwCensorImage: "/static/img/nsfw.74818f9.png",
            postContentType: "text/plain",
            redirectRootLogin: "/main/friends",
            redirectRootNoLogin: "/main/all",
@ -1194,9 +1202,7 @@
            showInstanceSpecificPanel: false,
            subjectLineBehavior: "email",
            theme: "pleroma-dark",
-            webPushNotifications: false,
+            webPushNotifications: false
            backendCommitUrl: "",
            frontendCommitUrl: ""
          }
        ],
        children: [
@ -1287,7 +1293,7 @@
            type: {:string, :image},
            description:
              "URL of the image to use for hiding NSFW media attachments in the timeline",
-            suggestions: [""]
+            suggestions: ["/static/img/nsfw.74818f9.png"]
          },
          %{
            key: :postContentType,
@ -1400,18 +1406,6 @@
            label: "Stop Gifs",
            type: :boolean,
            description: "Whether to pause animated images until they're hovered on"
          },
          %{
            key: :backendCommitUrl,
            label: "Backend Commit URL",
            type: :string,
            description: "URL prefix for backend commit hashes"
          },
          %{
            key: :frontendCommitUrl,
            label: "Frontend Commit URL",
            type: :string,
            description: "URL prefix for frontend commit hashes"
          }
        ]
      },
@ -2723,8 +2717,8 @@
      %{
        key: :pool_size,
        type: :integer,
-        description: "Number of concurrent outbound HTTP requests to allow PER HOST. Default 10.",
+        description: "Number of concurrent outbound HTTP requests to allow. Default 50.",
-        suggestions: [10]
+        suggestions: [50]
      },
      %{
        key: :adapter,
@ -2747,13 +2741,6 @@
            ]
          }
        ]
      },
      %{
        key: :pool_max_idle_time,
        type: :integer,
        description:
          "Number of seconds to retain an HTTP pool; pool will remain if actively in use. Default 30 seconds (in ms).",
        suggestions: [30_000]
      }
    ]
  },
--- a/config/test.exs
+++ b/config/test.exs
@ -51,8 +51,7 @@
  hostname: System.get_env("DB_HOST") || "localhost",
  pool: Ecto.Adapters.SQL.Sandbox,
  pool_size: 50,
-  queue_target: 5000,
+  queue_target: 5000
  log: false
 config :pleroma, :dangerzone, override_repo_pool_size: true
@ -64,8 +63,7 @@
 config :pleroma, :rich_media,
  enabled: false,
  ignore_hosts: [],
-  ignore_tld: ["local", "localdomain", "lan"],
+  ignore_tld: ["local", "localdomain", "lan"]
  max_body: 2_000_000
 config :pleroma, :instance,
  multi_factor_authentication: [
@ -143,8 +141,6 @@
 config :pleroma, :instances_favicons, enabled: false
 config :pleroma, :instances_nodeinfo, enabled: false
 config :pleroma, Pleroma.Web.RichMedia.Backfill, provider: Pleroma.Web.RichMedia.Backfill
 if File.exists?("./config/test.secret.exs") do
  import_config "test.secret.exs"
 else
--- a/diagnostic-tools/binary-leak-checker.sh
+++ b/diagnostic-tools/binary-leak-checker.sh
@ -1,10 +0,0 @@
 if [ "$#" -ne 2 ]; then
 	echo "Usage: binary-leak-checker.sh <nodename> <erlang cookie>"
 	exit 1
 fi
 echo "The command you want to run is:
 :recon.bin_leak(10)
 "
 iex --sname debug --remsh $1 --erl "-setcookie $2" 
--- a/docker-compose.pgsql-tuning.yml
+++ b/docker-compose.pgsql-tuning.yml
@ -0,0 +1,39 @@
 services:
  db:
    # If you use a config generator, use the value below for your
    # "ram" size
    shm_size: 4gb
    command:
      - "postgres"
      - "-c"
      - "max_connections=40"
      - "-c"
      - "shared_buffers=1GB"
      - "-c"
      - "effective_cache_size=3GB"
      - "-c"
      - "maintenance_work_mem=512MB"
      - "-c"
      - "checkpoint_completion_target=0.9"
      - "-c"
      - "wal_buffers=16MB"
      - "-c"
      - "default_statistics_target=500"
      - "-c"
      - "random_page_cost=1.1"
      - "-c"
      - "effective_io_concurrency=200"
      - "-c"
      - "work_mem=6553kB"
      - "-c"
      - "min_wal_size=4GB"
      - "-c"
      - "max_wal_size=16GB"
      - "-c"
      - "max_worker_processes=4"
      - "-c"
      - "max_parallel_workers_per_gather=2"
      - "-c"
      - "max_parallel_workers=4"
      - "-c"
      - "max_parallel_maintenance_workers=2"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,12 +1,10 @@
 version: "3.7"
 services:
  db:
-    image: akkoma-db:latest
+    image: postgres:16-alpine
    build: ./docker-resources/database
    shm_size: 4gb
    restart: unless-stopped
-    user: ${DOCKER_USER}
+    env_file:
      - .env 
    environment: {
      # This might seem insecure but is usually not a problem.
      # You should leave this at the "akkoma" default.
@ -18,19 +16,15 @@ services:
      POSTGRES_USER: akkoma,
      POSTGRES_PASSWORD: akkoma,
    }
-    env_file:
+    user: ${DOCKER_USER}
      - .env 
    volumes:
      - type: bind
        source: ./pgdata
        target: /var/lib/postgresql/data
  akkoma:
-    image: akkoma:latest
+    image: akkoma/akkoma:next
    build: .
    restart: unless-stopped
-    env_file:
+    user: ${DOCKER_USER}
      - .env
    links:
      - db
    ports: [
@ -44,7 +38,9 @@ services:
      "127.0.0.1:4000:4000",
    ]
    volumes:
-      - .:/opt/akkoma
+      - ./config:/opt/akkoma/config
      - ./uploads:/opt/akkoma/uploads
      - ./instance:/opt/akkoma/instance
  # Copy this into docker-compose.override.yml and uncomment there if you want to use a reverse proxy
  #proxy:
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -8,7 +8,7 @@ while ! pg_isready -U ${DB_USER:-pleroma} -d postgres://${DB_HOST:-db}:5432/${DB
 done
 echo "-- Running migrations..."
-mix ecto.migrate
+/opt/akkoma/bin/pleroma_ctl migrate
 echo "-- Starting!"
-elixir --erl "+sbwt none +sbwtdcpu none +sbwtdio none" -S mix phx.server
+/opt/akkoma/bin/pleroma start
--- a/docker-resources/build.sh
+++ b/docker-resources/build.sh
@ -1,4 +0,0 @@
 #!/bin/sh
 docker compose build --build-arg UID=$(id -u) --build-arg GID=$(id -g) akkoma
 docker compose build --build-arg UID=$(id -u) --build-arg GID=$(id -g) db
--- a/docker-resources/database/Dockerfile
+++ b/docker-resources/database/Dockerfile
@ -1,10 +0,0 @@
 FROM postgres:14-alpine
 ARG UID=1000
 ARG GID=1000
 ARG UNAME=akkoma
 RUN addgroup -g $GID $UNAME
 RUN adduser -u $UID -G $UNAME -D -h $HOME $UNAME
 USER akkoma
--- a/docker-resources/docker-compose.pgsql-tuning.yml
+++ b/docker-resources/docker-compose.pgsql-tuning.yml
@ -0,0 +1,39 @@
 services:
  db:
    # If you use a config generator, use the value below for your
    # "ram" size
    shm_size: 4gb
    command:
      - "postgres"
      - "-c"
      - "max_connections=40"
      - "-c"
      - "shared_buffers=1GB"
      - "-c"
      - "effective_cache_size=3GB"
      - "-c"
      - "maintenance_work_mem=512MB"
      - "-c"
      - "checkpoint_completion_target=0.9"
      - "-c"
      - "wal_buffers=16MB"
      - "-c"
      - "default_statistics_target=500"
      - "-c"
      - "random_page_cost=1.1"
      - "-c"
      - "effective_io_concurrency=200"
      - "-c"
      - "work_mem=6553kB"
      - "-c"
      - "min_wal_size=4GB"
      - "-c"
      - "max_wal_size=16GB"
      - "-c"
      - "max_worker_processes=4"
      - "-c"
      - "max_parallel_workers_per_gather=2"
      - "-c"
      - "max_parallel_workers=4"
      - "-c"
      - "max_parallel_maintenance_workers=2"
--- a/docker-resources/generate-instance.sh
+++ b/docker-resources/generate-instance.sh
@ -0,0 +1,26 @@
 #!/bin/bash
 set -euo pipefail
 mkdir -p pgdata
 # This is sorta special in that we need the generated_config.exs to make it onto the host
 docker compose run \
    --rm \
    -e "PLEROMA_CTL_RPC_DISABLED=true" \
    akkoma ./bin/pleroma_ctl instance gen --no-sql-user --no-db-creation --dbhost db --dbname akkoma --dbuser akkoma --dbpass akkoma --listen-ip 0.0.0.0 --listen-port 4000 --static-dir /opt/akkoma/instance/ --uploads-dir /opt/akkoma/uploads/ --db-configurable y --output /opt/akkoma/config/generated_config.exs --output-psql /opt/akkoma/config/setup_db.psql
 # setup database from generated config
 # we run from the akkoma container to ensure we have the right environment! can't connect to a DB that doesn't exist yet...
 docker compose run \
    --rm \
    -e "PLEROMA_CTL_RPC_DISABLED=true" \
    -e "PGPASSWORD=akkoma" \
    akkoma psql -h db -U akkoma -d akkoma -f /opt/akkoma/config/setup_db.psql
 # stop tzdata trying to write to places it shouldn't
 echo "config :tzdata, :data_dir, "/var/tmp/elixir_tzdata_storage" >> /opt/akkoma/config/generated_config.exs
 echo "Instance generated!"
 echo "Make sure you check your config and copy it to config/prod.secret.exs before starting the instance!"
--- a/docker-resources/manage.sh
+++ b/docker-resources/manage.sh
@ -1,3 +1,4 @@
 #!/bin/sh
-docker compose run --rm akkoma $@
+# this should all be done without needing a running instance
 docker compose run --rm -e "PLEROMA_CTL_RPC_DISABLED=true" akkoma ./bin/pleroma_ctl $@
--- a/docker-resources/migrate-postgresql-version.sh
+++ b/docker-resources/migrate-postgresql-version.sh
@ -0,0 +1,80 @@
 #!/bin/bash
 set -euo pipefail
 # USAGE:
 # migrate-postgresql-version.sh <data_directory> <old_version> <new_version>
 if [ "$#" -ne 3 ]; then
    echo "USAGE: migrate-postgresql-version.sh <data_directory> <old_version> <new_version>"
    echo "Example: migrate-postgresql-version.sh pgdata 14 16"
    exit 1
 fi
 data_directory=$1
 old_version=$2
 new_version=$3
 new_data_directory=$data_directory.new
 # we'll need the credentials to create the new container
 echo "Please provide the credentials for your database"
 echo "If you set a different password for the old container, you'll need to provide it here! Check your config file if you're not sure"
 echo ""
 echo "Database user (default 'akkoma'):"
 read DB_USER
 echo "Database password (default: 'akkoma'):"
 read DB_PASS
 echo "Database name (default: 'akkoma'):"
 read DB_NAME
 echo ""
 echo "Ok! Using user:$DB_USER to migrate db:$DB_NAME from version $old_version to $new_version"
 trap "docker stop pg$old_version pg$new_version" INT TERM
 # Start a PostgreSQL 14 container
 docker run --rm -d --name pg$old_version \
  -v $(pwd)/$data_directory:/var/lib/postgresql/data \
  -e "POSTGRES_PASSWORD=$DB_PASS" \
  -e "POSTGRES_USER=$DB_USER" \
  -e "POSTGRES_DB=$DB_NAME" \
  postgres:$old_version-alpine
 # wait a bit for the container to start
 sleep 10
 # Dump the db from the old container
 echo "Dumping your old database..."
 docker exec pg$old_version pg_dumpall -U $DB_USER > dump.sql
 # Stop the old container
 echo "Stopping the old database..."
 docker stop pg$old_version
 # Start a PostgreSQL 16 container
 echo "Creating a new database with version $new_version..."
 docker run --rm -d --name pg$new_version \
    -v $(pwd)/$new_data_directory:/var/lib/postgresql/data \
    -e "POSTGRES_PASSWORD=password" \
    -e "POSTGRES_USER=$DB_USER" \
    -e "POSTGRES_DB=$DB_NAME" \
    postgres:$new_version-alpine
 # wait for it
 sleep 10
 # Load the db into the new container
 docker exec -i pg$new_version psql -U $DB_USER < dump.sql
 # Stop the new container
 docker stop pg$new_version
 # Remove the dump file
 # rm dump.sql
 echo "Migration complete! Your new database folder is $data_directory.new - you can now move your old data and replace it"
 echo "mv $data_directory $data_directory.old"
 echo "mv $new_data_directory $data_directory"
--- a/docs/docs/administration/CLI_tasks/database.md
+++ b/docs/docs/administration/CLI_tasks/database.md
@ -50,39 +50,9 @@ This will prune remote posts older than 90 days (configurable with [`config :ple
 - `--keep-threads` - Don't prune posts when they are part of a thread where at least one post has seen local interaction (e.g. one of the posts is a local post, or is favourited by a local user, or has been repeated by a local user...). It also wont delete posts when at least one of the posts in that thread is kept (e.g. because one of the posts has seen recent activity).
 - `--keep-non-public` - Keep non-public posts like DM's and followers-only, even if they are remote.
 - `--limit` - limits how many remote posts get pruned. This limit does **not** apply to any of the follow up jobs. If wanting to keep the database load in check it is thus advisable to run the standalone `prune_orphaned_activities` task with a limit afterwards instead of passing `--prune-orphaned-activities` to this task.
 - `--prune-orphaned-activities` - Also prune orphaned activities afterwards. Activities are things like Like, Create, Announce, Flag (aka reports)... They can significantly help reduce the database size.
 - `--vacuum` - Run `VACUUM FULL` after the objects are pruned. This should not be used on a regular basis, but is useful if your instance has been running for a long time before pruning.
 ## Prune orphaned activities from the database
 This will prune activities which are no longer referenced by anything.
 Such activities might be the result of running `prune_objects` without `--prune-orphaned-activities`.
 The same notes and warnings apply as for `prune_objects`.
 The task will print out how many rows were freed in total in its last
 line of output in the form `Deleted 345 rows`.  
 When running the job in limited batches this can be used to determine
 when all orphaned activities have been deleted.
 === "OTP"
    ```sh
    ./bin/pleroma_ctl database prune_orphaned_activities [option ...]
    ```
 === "From Source"
    ```sh
    mix pleroma.database prune_orphaned_activities [option ...]
    ```
 ### Options
 - `--limit n` - Only delete up to `n` activities in each query making up this job, i.e. if this job runs two queries at most `2n` activities will be deleted. Running this task repeatedly in limited batches can help maintain the instance’s responsiveness while still freeing up some space.
 - `--no-singles` - Do not delete activites referencing single objects
 - `--no-arrays` - Do not delete activites referencing an array of objects
 ## Create a conversation for all existing DMs
 Can be safely re-run
--- a/docs/docs/administration/backup.md
+++ b/docs/docs/administration/backup.md
@ -4,12 +4,12 @@
 1. Stop the Akkoma service.
 2. Go to the working directory of Akkoma (default is `/opt/akkoma`)
-3. Run `sudo -Hu postgres pg_dump -d akkoma --format=custom -f </path/to/backup_location/akkoma.pgdump>`[¹] (make sure the postgres user has write access to the destination file)
+3. Run[¹] `sudo -Hu postgres pg_dump -d akkoma --format=custom -f </path/to/backup_location/akkoma.pgdump>` (make sure the postgres user has write access to the destination file)
-4. Copy `akkoma.pgdump`, `config/config.exs`[²], `uploads` folder, and [static directory](../configuration/static_dir.md) to your backup destination. If you have other modifications, copy those changes too.
+4. Copy `akkoma.pgdump`, `config/prod.secret.exs`[²], `config/setup_db.psql` (if still available) and the `uploads` folder to your backup destination. If you have other modifications, copy those changes too.
 5. Restart the Akkoma service.
-[¹]: We assume the database name is "akkoma". If not, you can find the correct name in your configuration files.  
+[¹]: We assume the database name is "akkoma". If not, you can find the correct name in your config files.  
-[²]: If you have a from source installation, you need `config/prod.secret.exs` instead of `config/config.exs`. The `config/config.exs` file also exists, but in case of from source installations, it only contains the default values and it is tracked by Git, so you don't need to back it up.  
+[²]: If you've installed using OTP, you need `config/config.exs` instead of `config/prod.secret.exs`.  
 ## Restore/Move
@ -17,16 +17,19 @@
 2. Stop the Akkoma service.
 3. Go to the working directory of Akkoma (default is `/opt/akkoma`)
 4. Copy the above mentioned files back to their original position.
-5. Drop the existing database and user[¹]. `sudo -Hu postgres psql -c 'DROP DATABASE akkoma;';` `sudo -Hu postgres psql -c 'DROP USER akkoma;'`
+5. Drop the existing database and user if restoring in-place[¹]. `sudo -Hu postgres psql -c 'DROP DATABASE akkoma;';` `sudo -Hu postgres psql -c 'DROP USER akkoma;'`
-6. Restore the database schema and akkoma role[¹] (replace the password with the one you find in the configuration file), `sudo -Hu postgres psql -c "CREATE USER akkoma WITH ENCRYPTED PASSWORD '<database-password-wich-you-can-find-in-your-configuration-file>';"` `sudo -Hu postgres psql -c "CREATE DATABASE akkoma OWNER akkoma;"`.
+6. Restore the database schema and akkoma role using either of the following options
    * You can use the original `setup_db.psql` if you have it[²]: `sudo -Hu postgres psql -f config/setup_db.psql`.
    * Or recreate the database and user yourself (replace the password with the one you find in the config file) `sudo -Hu postgres psql -c "CREATE USER akkoma WITH ENCRYPTED PASSWORD '<database-password-wich-you-can-find-in-your-config-file>'; CREATE DATABASE akkoma OWNER akkoma;"`.
 7. Now restore the Akkoma instance's data into the empty database schema[¹]: `sudo -Hu postgres pg_restore -d akkoma -v -1 </path/to/backup_location/akkoma.pgdump>`
-8. If you installed a newer Akkoma version, you should run the database migrations `./bin/pleroma_ctl migrate`[²].
+8. If you installed a newer Akkoma version, you should run `MIX_ENV=prod mix ecto.migrate`[³]. This task performs database migrations, if there were any.
 9. Restart the Akkoma service.
 10. Run `sudo -Hu postgres vacuumdb --all --analyze-in-stages`. This will quickly generate the statistics so that postgres can properly plan queries.
-11. If setting up on a new server, configure Nginx by using the `installation/nginx/akkoma.nginx` configuration sample or reference the Akkoma installation guide which contains the Nginx configuration instructions.
+11. If setting up on a new server configure Nginx by using the `installation/akkoma.nginx` config sample or reference the Akkoma installation guide for your OS which contains the Nginx configuration instructions.
-[¹]: We assume the database name and user are both "akkoma". If not, you can find the correct name in your configuration files.  
+[¹]: We assume the database name and user are both "akkoma". If not, you can find the correct name in your config files.  
-[²]: If you have a from source installation, the command is `MIX_ENV=prod mix ecto.migrate`. Note that we prefix with `MIX_ENV=prod` to use the `config/prod.secret.exs` configuration file.  
+[²]: You can recreate the `config/setup_db.psql` by running the `mix pleroma.instance gen` task again. You can ignore most of the questions, but make the database user, name, and password the same as found in your backed up config file. This will also create a new `config/generated_config.exs` file which you may delete as it is not needed.  
 [³]: Prefix with `MIX_ENV=prod` to run it using the production config file.  
 ## Remove
--- a/docs/docs/configuration/cheatsheet.md
+++ b/docs/docs/configuration/cheatsheet.md
@ -58,7 +58,6 @@ To add configuration to your config file, you can copy it from the base config.
 * `registration_reason_length`: Maximum registration reason length (default: `500`).
 * `external_user_synchronization`: Enabling following/followers counters synchronization for external users.
 * `cleanup_attachments`: Remove attachments along with statuses. Does not affect duplicate files and attachments without status. Enabling this will increase load to database when deleting statuses on larger instances.
 * `cleanup_attachments_delay`: How many seconds to wait after post deletion before attempting to deletion; useful for “delete & redraft” functionality (default: `1800`)
 * `show_reactions`: Let favourites and emoji reactions be viewed through the API (default: `true`).
 * `password_reset_token_validity`: The time after which reset tokens aren't accepted anymore, in seconds (default: one day).
 * `local_bubble`: Array of domains representing instances closely related to yours. Used to populate the `bubble` timeline. e.g `["example.com"]`, (default: `[]`)
@ -339,7 +338,7 @@ config :pleroma, :frontends,
 * `:primary` - The frontend that will be served at `/`
 * `:admin` - The frontend that will be served at `/pleroma/admin`
-* `:swagger` - Config for developers to act as an API reference to be served at `/pleroma/swaggerui/` (trailing slash _needed_). Disabled by default.
+* `:swagger` - Config for developers to act as an API reference to be served at `/akkoma/swaggerui/` (trailing slash _needed_). Disabled by default.
 * `:mastodon` - The mastodon-fe configuration. This shouldn't need to be changed. This is served at `/web` when installed.
 ### :static\_fe
@ -606,6 +605,7 @@ the source code is here: [kocaptcha](https://github.com/koto-bank/kocaptcha). Th
 * `link_name`: When enabled Akkoma will add a `name` parameter to the url of the upload, for example `https://instance.tld/media/corndog.png?name=corndog.png`. This is needed to provide the correct filename in Content-Disposition headers
 * `base_url`: The base URL to access a user-uploaded file; MUST be configured explicitly.
  Using a (sub)domain distinct from the instance endpoint is **strongly** recommended. A good value might be `https://media.myakkoma.instance/media/`. 
 * `proxy_remote`: If you're using a remote uploader, Akkoma will proxy media requests instead of redirecting to it.
 * `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation.
 * `filename_display_max_length`: Set max length of a filename to display. 0 = no limit. Default: 30.
--- a/docs/docs/configuration/frontend_management.md
+++ b/docs/docs/configuration/frontend_management.md
@ -60,4 +60,4 @@ config :pleroma, :frontends,
 Then run the [pleroma.frontend cli task](../../administration/CLI_tasks/frontend) with the name of `swagger-ui` to install the distribution files.
-You will now be able to view documentation at `/pleroma/swaggerui`
+You will now be able to view documentation at `/akkoma/swaggerui`
--- a/docs/docs/configuration/postgresql.md
+++ b/docs/docs/configuration/postgresql.md
@ -4,10 +4,47 @@ Akkoma performance is largely dependent on performance of the underlying databas
 ## PGTune
-[PgTune](https://pgtune.leopard.in.ua) can be used to get recommended settings. Make sure to set the DB type to "Online transaction processing system" for optimal performance. Also set the number of connections to between 25 and 30. This will allow each connection to have access to more resources while still leaving some room for running maintenance tasks while the instance is still running. 
+[PgTune](https://pgtune.leopard.in.ua) can be used to get recommended settings. Be sure to set "Number of Connections" to 20, otherwise it might produce settings hurtful to database performance. It is also recommended to not use "Network Storage" option.
-It is also recommended to not use "Network Storage" option.
+If your server runs other services, you may want to take that into account. E.g. if you have 4G ram, but 1G of it is already used for other services, it may be better to tell PGTune you only have 3G. In the end, PGTune only provides recomended settings, you can always try to finetune further.
-If your server runs other services, you may want to take that into account. E.g. if you have 4G ram, but 1G of it is already used for other services, it may be better to tell PGTune you only have 3G.
+### Example configurations
-In the end, PGTune only provides recomended settings, you can always try to finetune further.
+Here are some configuration suggestions for PostgreSQL 10+.
 #### 1GB RAM, 1 CPU
 ```
 shared_buffers = 256MB
 effective_cache_size = 768MB
 maintenance_work_mem = 64MB
 work_mem = 13107kB
 ```
 #### 2GB RAM, 2 CPU
 ```
 shared_buffers = 512MB
 effective_cache_size = 1536MB
 maintenance_work_mem = 128MB
 work_mem = 26214kB
 max_worker_processes = 2
 max_parallel_workers_per_gather = 1
 max_parallel_workers = 2
 ```
 ## Disable generic query plans
 When PostgreSQL receives a query, it decides on a strategy for searching the requested data, this is called a query plan. The query planner has two modes: generic and custom. Generic makes a plan for all queries of the same shape, ignoring the parameters, which is then cached and reused. Custom, on the contrary, generates a unique query plan based on query parameters.
 By default PostgreSQL has an algorithm to decide which mode is more efficient for particular query, however this algorithm has been observed to be wrong on some of the queries Akkoma sends, leading to serious performance loss. Therefore, it is recommended to disable generic mode.
 Akkoma already avoids generic query plans by default, however the method it uses is not the most efficient because it needs to be compatible with all supported PostgreSQL versions. For PostgreSQL 12 and higher additional performance can be gained by adding the following to Akkoma configuration:
 ```elixir
 config :pleroma, Pleroma.Repo,
  prepare: :named,
  parameters: [
    plan_cache_mode: "force_custom_plan"
  ]
 ```
 A more detailed explaination of the issue can be found at <https://blog.soykaf.com/post/postgresql-elixir-troubles/>.
--- a/docs/docs/configuration/storing_remote_media.md
+++ b/docs/docs/configuration/storing_remote_media.md
@ -6,7 +6,7 @@ as soon as the post is received by your instance.
 ## Nginx
-The following are excerpts from the [suggested nginx config](https://akkoma.dev/AkkomaGang/akkoma/src/branch/develop/installation/nginx/akkoma.nginx) that demonstrates the necessary config for the media proxy to work.
+The following are excerpts from the [suggested nginx config](../../../installation/nginx/akkoma.nginx) that demonstrates the necessary config for the media proxy to work.
 A `proxy_cache_path` must be defined, for example:
--- a/docs/docs/development/API/admin_api.md
+++ b/docs/docs/development/API/admin_api.md
@ -1033,6 +1033,7 @@ Most of the settings will be applied in `runtime`, this means that you don't nee
  - `:pools`
 - partially settings inside these keys:
  - `:seconds_valid` in `Pleroma.Captcha`
  - `:proxy_remote` in `Pleroma.Upload`
  - `:upload_limit` in `:instance`
 - Params:
@ -1093,6 +1094,7 @@ List of settings which support only full update by subkey:
        {"tuple": [":uploader", "Pleroma.Uploaders.Local"]},
        {"tuple": [":filters", ["Pleroma.Upload.Filter.Dedupe"]]},
        {"tuple": [":link_name", true]},
        {"tuple": [":proxy_remote", false]},
        {"tuple": [":proxy_opts", [
          {"tuple": [":redirect_on_failure", false]},
          {"tuple": [":max_body_length", 1048576]},
--- a/docs/docs/css/fonts/Tiresias_Infofont.ttf
+++ b/docs/docs/css/fonts/Tiresias_Infofont.ttf
--- a/docs/docs/css/fonts/Tiresias_PCfont.ttf
+++ b/docs/docs/css/fonts/Tiresias_PCfont.ttf
--- a/docs/docs/installation/debian_based_en.md
+++ b/docs/docs/installation/debian_based_en.md
@ -35,24 +35,32 @@ sudo useradd -r -s /bin/false -m -d /var/lib/akkoma -U akkoma
 ### Install Elixir and Erlang
 #### Using `apt`
 If your distribution packages a recent enough version of Elixir, you can install it directly from the distro repositories and skip to the next section of the guide:
 ```shell
 sudo apt install elixir erlang-dev erlang-nox
 ```
-#### Using `asdf`
+Otherwise use [asdf](https://github.com/asdf-vm/asdf) to install the latest versions of Elixir and Erlang.
 If your distribution does not have a recent version of Elxir in their repositories, you can use [asdf](https://asdf-vm.com/) to install a newer version of Elixir and Erlang.
 First, install some dependencies needed to build Elixir and Erlang:
 ```shell
 sudo apt install curl unzip build-essential autoconf m4 libncurses5-dev libssh-dev unixodbc-dev xsltproc libxml2-utils libncurses-dev
 ```
-Then login to the `akkoma` user.
+Then login to the `akkoma` user and install asdf:
 ```shell
 git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.11.3
 ```
-Install asdf by following steps 1 to 3 on [their website](https://asdf-vm.com/guide/getting-started.html), then restart the shell to load asdf:
+Add the following lines to `~/.bashrc`:
 ```shell
 . "$HOME/.asdf/asdf.sh"
 # asdf completions
 . "$HOME/.asdf/completions/asdf.bash"
 ```
 Restart the shell:
 ```shell
 exec $SHELL
 ```
@ -61,15 +69,15 @@ Next install Erlang:
 ```shell
 asdf plugin add erlang https://github.com/asdf-vm/asdf-erlang.git
 export KERL_CONFIGURE_OPTIONS="--disable-debug --without-javac"
-asdf install erlang 26.2.5.4
+asdf install erlang 25.3.2.5
-asdf global erlang 26.2.5.4
+asdf global erlang 25.3.2.5
 ```
 Now install Elixir:
 ```shell
 asdf plugin-add elixir https://github.com/asdf-vm/asdf-elixir.git
-asdf install elixir 1.17.3-otp-26
+asdf install elixir 1.15.4-otp-25
-asdf global elixir 1.17.3-otp-26
+asdf global elixir 1.15.4-otp-25
 ```
 Confirm that Elixir is installed correctly by checking the version:
--- a/docs/docs/installation/docker_en.md
+++ b/docs/docs/installation/docker_en.md
@ -28,31 +28,14 @@ echo "DOCKER_USER=$(id -u):$(id -g)" >> .env
 This probably won't need to be changed, it's only there to set basic environment
 variables for the docker compose file.
 ### Building the container
 The container provided is a thin wrapper around akkoma's dependencies, 
 it does not contain the code itself. This is to allow for easy updates
 and debugging if required.
 ```bash
 ./docker-resources/build.sh
 ```
 This will generate a container called `akkoma` which we can use
 in our compose environment.
 ### Generating your instance
 ```bash
 mkdir pgdata
-./docker-resources/manage.sh mix deps.get
+./docker-resources/generate-instance.sh
 ./docker-resources/manage.sh mix compile
 ./docker-resources/manage.sh mix pleroma.instance gen
 ```
-This will ask you a few questions - the defaults are fine for most things,
+This will ask you a few questions - the defaults are fine for most things!
 the database hostname is `db`, the database password is `akkoma`
 (not auto generated), and you will want to set the ip to `0.0.0.0`.
 Now we'll want to copy over the config it just created
@ -60,24 +43,6 @@ Now we'll want to copy over the config it just created
 cp config/generated_config.exs config/prod.secret.exs
 ```
 ### Setting up the database 
 We need to run a few commands on the database container, this isn't too bad
 ```bash
 docker compose run --rm --user akkoma -d db 
 # Note down the name it gives here, it will be something like akkoma_db_run
 docker compose run --rm akkoma psql -h db -U akkoma -f config/setup_db.psql
 docker stop akkoma_db_run # Replace with the name you noted down
 ```
 Now we can actually run our migrations
 ```bash
 ./docker-resources/manage.sh mix ecto.migrate
 # this will recompile your files at the same time, since we changed the config
 ```
 ### Start the server
 We're going to run it in the foreground on the first run, just to make sure
@ -102,7 +67,7 @@ docker compose up -d
 If your instance is up and running, you can create your first user with administrative rights with the following task:
 ```shell
-./docker-resources/manage.sh mix pleroma.user new MY_USERNAME MY_EMAIL@SOMEWHERE --admin
+./docker-resources/manage.sh user new MY_USERNAME MY_EMAIL@SOMEWHERE --admin
 ```
 And follow the prompts 
@ -154,23 +119,43 @@ If you want, you can also run the reverse proxy on the host. This is a bit more
 Follow the guides for source install for your distribution of choice, or adapt
 as needed. Your standard setup can be found in the [Debian Guide](../debian_based_en/#nginx)
 ### Applying Postgresql optimisations
 Your postgresql server will behave better if you tune its settings to your machine.
 There is a file at `docker-resources/docker-compose.pgsql-tuning.yml` which shows you how to apply settings, for example
 those generated by [PgTune](https://pgtune.leopard.in.ua/)
 You can merge this config into a `docker-compose.override.yml` file to apply them. Make sure that you generate your options
 based on the shm_size you allocate!
 ### You're done!
 All that's left is to set up your frontends. 
-The standard from-source commands will apply to you, just make sure you
+The standard OTP commands will apply to you, just make sure you
 prefix them with `./docker-resources/manage.sh`!
 So, for example, if an OTP command would be
 ```
 ./bin/pleroma_ctl user new myuser
 ```
 The equivalent docker command would be
 ```
 ./docker-resources/manage.sh user new myuser
 ```
 {! installation/frontends.include !}
 ### Updating Docker Installs
 ```bash
 git pull
-./docker-resources/build.sh
+docker compose pull
-./docker-resources/manage.sh mix deps.get
+./docker-resources/manage.sh migrate
 ./docker-resources/manage.sh mix compile
 ./docker-resources/manage.sh mix ecto.migrate
 docker compose restart akkoma db
 ```
@ -180,6 +165,20 @@ create a new file called `docker-compose.override.yml`. There you can add any
 overrides or additional services without worrying about git conflicts when a
 new release comes out.
 ### Migrating from the old docker install system
 If you were running akkoma in docker before 2024.06, you will need to do a few little migration steps.
 First off, we need to migrate our postgres installation to a newer version!
 ```bash
 ./docker-resources/migrate-postgresql-version.sh pgdata 14 16    
 ```
 This should be nice and quick.
 After that you can just `docker compose pull` and all should be fine.
 #### Further reading
 {! installation/further_reading.include !}
--- a/docs/docs/installation/frontends.include
+++ b/docs/docs/installation/frontends.include
@ -6,9 +6,7 @@ probably install frontends.
 These are no longer bundled with the distribution and need an extra
 command to install.
-You **must** run frontend management tasks as the akkoma user,
+For most installations, the following will suffice:
 the same way you downloaded the build or cloned the git repo before.
 But otherwise, for most installations, the following will suffice:
 === "OTP" 
    ```sh
@ -30,3 +28,4 @@ But otherwise, for most installations, the following will suffice:
    ```
 For more customised installations, refer to [Frontend Management](../../configuration/frontend_management)
--- a/docs/docs/installation/generic_dependencies.include
+++ b/docs/docs/installation/generic_dependencies.include
@ -1,8 +1,8 @@
 ## Required dependencies
-* PostgreSQL 12+
+* PostgreSQL 9.6+
-* Elixir 1.14+ (currently tested up to 1.17)
+* Elixir 1.14+ (currently tested up to 1.16)
-* Erlang OTP 25+ (currently tested up to OTP27)
+* Erlang OTP 25+ (currently tested up to OTP26)
 * git
 * file / libmagic
 * gcc (clang might also work)
--- a/installation/akkoma.service
+++ b/installation/akkoma.service
@ -19,9 +19,6 @@ Environment="MIX_ENV=prod"
 ; Don't listen epmd on 0.0.0.0
 Environment="ERL_EPMD_ADDRESS=127.0.0.1"
 ; Don't busy wait
 Environment="ERL_AFLAGS=+sbwt none +sbwtdcpu none +sbwtdio none"
 ; Make sure that all paths fit your installation.
 ; Path to the home directory of the user running the Akkoma service.
 Environment="HOME=/var/lib/akkoma"
--- a/installation/caddy/Caddyfile
+++ b/installation/caddy/Caddyfile
@ -12,22 +12,26 @@ example.tld  {
    output file /var/log/caddy/akkoma.log
  }
  encode gzip
  # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
  # and `localhost.` resolves to [::0] on some systems: see issue #930
  reverse_proxy 127.0.0.1:4000
-  @mediaproxy path /media/* /proxy/*
+  # Uncomment if using a separate media subdomain
-  handle @mediaproxy {
+  #@mediaproxy path /media/* /proxy/*
-    redir https://media.example.tld{uri} permanent
+  #handle @mediaproxy {
-  }
+  #  redir https://media.example.tld{uri} permanent
  #}
 }
-media.example.tld {
+# Uncomment if using a separate media subdomain
-  @mediaproxy path /media/* /proxy/*
+#media.example.tld {
-  reverse_proxy @mediaproxy 127.0.0.1:4000 {
+#  @mediaproxy path /media/* /proxy/*
-    transport http {
+#  reverse_proxy @mediaproxy 127.0.0.1:4000 {
-      response_header_timeout 10s
+#    transport http {
-      read_timeout 15s
+#      response_header_timeout 10s
-    }
+#      read_timeout 15s
-  }
+#    }
-}
+#  }
 #}
--- a/installation/init.d/akkoma
+++ b/installation/init.d/akkoma
@ -1,43 +1,23 @@
 #!/sbin/openrc-run
 supervisor=supervise-daemon
-no_new_privs="yes"
+command_user=akkoma:akkoma
 command_background=1
 # Ask process to terminate within 30 seconds, otherwise kill it
 retry="SIGTERM/30/SIGKILL/5"
 pidfile="/var/run/akkoma.pid"
 directory=/opt/akkoma
 healthcheck_delay=60
 healthcheck_timer=30
 no_new_privs="yes"
-# Ask process first to terminate itself within 60s, otherwise kill it
+: ${akkoma_port:-4000}
 retry="SIGTERM/60/SIGKILL/5"
-# if you really want to use start-stop-daemon instead,
+# Needs OpenRC >= 0.42
-# also put the following in the config:
+#respawn_max=0
-#    command_background=1
+#respawn_delay=5
 # Adjust defaults as needed in /etc/conf.d/akkoma;
 # no need to directly edit the service file
 command_user="${command_user:-akkoma:akkoma}"
 directory="${directory:-/var/lib/akkoma/akkoma}"
 akkoma_port="${akkoma_port:-4000}"
 # whether to allow connecting a remote exlixir shell to the running Akkoma instance
 akkoma_console=${akkoma_console:-NO}
 output_log="${output_log:-/var/log/akkoma}"
 error_log="${error_log:-/var/log/akkoma}"
 # 0 means unlimited restarts
 respawn_max="${respawn_max:-0}"
 respawn_delay="${respawn_delay:-5}"
 # define respawn period to only count crashes within a
 # sliding time window towards respawn_max, e.g.:
 #   respawn_period=2850
 healthcheck_delay="${healthcheck_delay:-60}"
 healthcheck_timer="${healthcheck_timer:-30}"
 MIX_ENV=prod
 ERL_EPMD_ADDRESS="${ERL_EPMD_ADDRESS:-127.0.0.1}"
 ERL_AFLAGS="${ERL_AFLAGS:-+sbwt none +sbwtdcpu none +sbwtdio none}"
 supervise_daemon_args="${supervise_daemon_args} --env MIX_ENV=${MIX_ENV}"
 supervise_daemon_args="${supervise_daemon_args} --env ERL_EPMD_ADDRESS=${ERL_EPMD_ADDRESS}"
 supervise_daemon_args="${supervise_daemon_args} --env ERL_AFLAGS='${ERL_AFLAGS}'"
 # put akkoma_console=YES in /etc/conf.d/akkoma if you want to be able to
 # connect to akkoma via an elixir console
 if yesno "${akkoma_console}"; then
 	command=elixir
 	command_args="--name akkoma@127.0.0.1 --erl '-kernel inet_dist_listen_min 9001 inet_dist_listen_max 9001 inet_dist_use_interface {127,0,0,1}' -S mix phx.server"
@ -51,24 +31,13 @@ else
 	command_args="phx.server"
 fi
 export MIX_ENV=prod
 export ERL_EPMD_ADDRESS=127.0.0.1
 depend() {
 	need nginx postgresql
 }
 start_pre() {
 	# Ensure logfile ownership and perms are alright
 	checkpath --file --owner "$command_user" "$output_log" "$error_log" \
 	|| eerror "Logfile(s) not owned by $command_user, or not a file!"
 	checkpath --writable "$output_log" "$error_log" \
 	|| eerror "Logfile(s) not writable!"
 	# If a recompile is needed perform it with lowest prio
 	# (delaying the actual start) to avoid hogging too much
 	# CPU from other services
 	cd "$directory"
 	doas -u "${command_user%%:*}" env MIX_ENV="$MIX_ENV" nice -n 19 "$command" compile
 }
 healthcheck() {
 	# put akkoma_health=YES in /etc/conf.d/akkoma if you want healthchecking
 	# and make sure you have curl installed
--- a/installation/openbsd/rc.d/akkomad
+++ b/installation/openbsd/rc.d/akkomad
@ -11,13 +11,11 @@
 #
 daemon="/usr/local/bin/elixir"
-daemon_flags="-S /usr/local/bin/mix phx.server"
+daemon_flags="--detached -S /usr/local/bin/mix phx.server"
 daemon_user="_akkoma"
 daemon_execdir="/home/_akkoma/akkoma"
 . /etc/rc.d/rc.subr
 rc_bg="YES"
 rc_reload=NO
 pexp="phx.server"
@ -26,7 +24,7 @@ rc_check() {
 }
 rc_start() {
-	rc_exec "${daemon} ${daemon_flags}"
+	${rcexec} "cd akkoma; ${daemon} ${daemon_flags}"
 }
 rc_stop() {
--- a/lib/mix/pleroma.ex
+++ b/lib/mix/pleroma.ex
@ -112,26 +112,18 @@ def shell_prompt(prompt, defval \\ nil, defname \\ nil) do
    end
  end
-  def shell_info(message) when is_binary(message) or is_list(message) do
+  def shell_info(message) do
    if mix_shell?(),
      do: Mix.shell().info(message),
      else: IO.puts(message)
  end
-  def shell_info(message) do
+  def shell_error(message) do
    shell_info("#{inspect(message)}")
  end
  def shell_error(message) when is_binary(message) or is_list(message) do
    if mix_shell?(),
      do: Mix.shell().error(message),
      else: IO.puts(:stderr, message)
  end
  def shell_error(message) do
    shell_error("#{inspect(message)}")
  end
  @doc "Performs a safe check whether `Mix.shell/0` is available (does not raise if Mix is not loaded)"
  def mix_shell?, do: :erlang.function_exported(Mix, :shell, 0)
--- a/lib/mix/tasks/pleroma/activity.ex
+++ b/lib/mix/tasks/pleroma/activity.ex
@ -8,6 +8,7 @@ defmodule Mix.Tasks.Pleroma.Activity do
  alias Pleroma.User
  alias Pleroma.Web.CommonAPI
  alias Pleroma.Pagination
  require Logger
  import Mix.Pleroma
  import Ecto.Query
@ -16,7 +17,7 @@ def run(["get", id | _rest]) do
    id
    |> Activity.get_by_id()
-    |> shell_info()
+    |> IO.inspect()
  end
  def run(["delete_by_keyword", user, keyword | _rest]) do
@ -34,7 +35,7 @@ def run(["delete_by_keyword", user, keyword | _rest]) do
    )
    |> Enum.map(fn x -> CommonAPI.delete(x.id, u) end)
    |> Enum.count()
-    |> shell_info()
+    |> IO.puts()
  end
  defp query_with(q, search_query) do
--- a/lib/mix/tasks/pleroma/database.ex
+++ b/lib/mix/tasks/pleroma/database.ex
@ -20,102 +20,6 @@ defmodule Mix.Tasks.Pleroma.Database do
  @shortdoc "A collection of database related tasks"
  @moduledoc File.read!("docs/docs/administration/CLI_tasks/database.md")
  defp maybe_limit(query, limit_cnt) do
    if is_number(limit_cnt) and limit_cnt > 0 do
      limit(query, [], ^limit_cnt)
    else
      query
    end
  end
  defp limit_statement(limit) when is_number(limit) do
    if limit > 0 do
      "LIMIT #{limit}"
    else
      ""
    end
  end
  defp prune_orphaned_activities_singles(limit) do
    %{:num_rows => del_single} =
      """
      delete from public.activities
      where id in (
        select a.id from public.activities a
        left join public.objects o on a.data ->> 'object' = o.data ->> 'id'
        left join public.activities a2 on a.data ->> 'object' = a2.data ->> 'id'
        left join public.users u  on a.data ->> 'object' = u.ap_id
        where not a.local
        and jsonb_typeof(a."data" -> 'object') = 'string'
        and o.id is null
        and a2.id is null
        and u.id is null
        #{limit_statement(limit)}
      )
      """
      |> Repo.query!([], timeout: :infinity)
    Logger.info("Prune activity singles: deleted #{del_single} rows...")
    del_single
  end
  defp prune_orphaned_activities_array(limit) do
    %{:num_rows => del_array} =
      """
      delete from public.activities
      where id in (
        select a.id from public.activities a
        join json_array_elements_text((a."data" -> 'object')::json) as j
             on a.data->>'type' = 'Flag'
        left join public.objects o on j.value = o.data ->> 'id'
        left join public.activities a2 on j.value = a2.data ->> 'id'
        left join public.users u  on j.value = u.ap_id
        group by a.id
        having max(o.data ->> 'id') is null
        and max(a2.data ->> 'id') is null
        and max(u.ap_id) is null
        #{limit_statement(limit)}
      )
      """
      |> Repo.query!([], timeout: :infinity)
    Logger.info("Prune activity arrays: deleted #{del_array} rows...")
    del_array
  end
  def prune_orphaned_activities(limit \\ 0, opts \\ []) when is_number(limit) do
    # Activities can either refer to a single object id, and array of object ids
    # or contain an inlined object (at least after going through our normalisation)
    #
    # Flag is the only type we support with an array (and always has arrays).
    # Update the only one with inlined objects.
    #
    # We already regularly purge old Delete, Undo, Update and Remove and if
    # rejected Follow requests anyway; no need to explicitly deal with those here.
    #
    # Since there’s an index on types and there are typically only few Flag
    # activites, it’s _much_ faster to utilise the index. To avoid accidentally
    # deleting useful activities should more types be added, keep typeof for singles.
    # Prune activities who link to an array of objects
    del_array =
      if Keyword.get(opts, :arrays, true) do
        prune_orphaned_activities_array(limit)
      else
        0
      end
    # Prune activities who link to a single object
    del_single =
      if Keyword.get(opts, :singles, true) do
        prune_orphaned_activities_singles(limit)
      else
        0
      end
    del_single + del_array
  end
  def run(["remove_embedded_objects" | args]) do
    {options, [], []} =
      OptionParser.parse(
@ -158,37 +62,6 @@ def run(["update_users_following_followers_counts"]) do
    )
  end
  def run(["prune_orphaned_activities" | args]) do
    {options, [], []} =
      OptionParser.parse(
        args,
        strict: [
          limit: :integer,
          singles: :boolean,
          arrays: :boolean
        ]
      )
    start_pleroma()
    {limit, options} = Keyword.pop(options, :limit, 0)
    log_message = "Pruning orphaned activities"
    log_message =
      if limit > 0 do
        log_message <> ", limiting deletion to #{limit} rows"
      else
        log_message
      end
    Logger.info(log_message)
    deleted = prune_orphaned_activities(limit, options)
    Logger.info("Deleted #{deleted} rows")
  end
  def run(["prune_objects" | args]) do
    {options, [], []} =
      OptionParser.parse(
@ -197,8 +70,7 @@ def run(["prune_objects" | args]) do
          vacuum: :boolean,
          keep_threads: :boolean,
          keep_non_public: :boolean,
-          prune_orphaned_activities: :boolean,
+          prune_orphaned_activities: :boolean
          limit: :integer
        ]
      )
@ -207,8 +79,6 @@ def run(["prune_objects" | args]) do
    deadline = Pleroma.Config.get([:instance, :remote_post_retention_days])
    time_deadline = NaiveDateTime.utc_now() |> NaiveDateTime.add(-(deadline * 86_400))
    limit_cnt = Keyword.get(options, :limit, 0)
    log_message = "Pruning objects older than #{deadline} days"
    log_message =
@ -240,16 +110,8 @@ def run(["prune_objects" | args]) do
        log_message
      end
    log_message =
      if limit_cnt > 0 do
        log_message <> ", limiting to #{limit_cnt} rows"
      else
        log_message
      end
    Logger.info(log_message)
    {del_obj, _} =
    if Keyword.get(options, :keep_threads) do
      # We want to delete objects from threads where
      # 1. the newest post is still old
@ -281,13 +143,11 @@ def run(["prune_objects" | args]) do
        |> having([a], max(a.updated_at) < ^time_deadline)
        |> having([a], not fragment("bool_or(?)", a.local))
        |> having([_, b], fragment("max(?::text) is null", b.id))
          |> maybe_limit(limit_cnt)
        |> select([a], fragment("? ->> 'context'::text", a.data))
      Pleroma.Object
      |> where([o], fragment("? ->> 'context'::text", o.data) in subquery(deletable_context))
    else
        deletable =
      if Keyword.get(options, :keep_non_public) do
        Pleroma.Object
        |> where(
@ -308,20 +168,12 @@ def run(["prune_objects" | args]) do
        [o],
        fragment("split_part(?->>'actor', '/', 3) != ?", o.data, ^Pleroma.Web.Endpoint.host())
      )
          |> maybe_limit(limit_cnt)
          |> select([o], o.id)
        Pleroma.Object
        |> where([o], o.id in subquery(deletable))
    end
    |> Repo.delete_all(timeout: :infinity)
    Logger.info("Deleted #{del_obj} objects...")
    if !Keyword.get(options, :keep_threads) do
      # Without the --keep-threads option, it's possible that bookmarked
      # objects have been deleted. We remove the corresponding bookmarks.
      %{:num_rows => del_bookmarks} =
      """
      delete from public.bookmarks
      where id in (
@ -331,39 +183,56 @@ def run(["prune_objects" | args]) do
        where o.id is null
      )
      """
-        |> Repo.query!([], timeout: :infinity)
+      |> Repo.query([], timeout: :infinity)
      Logger.info("Deleted #{del_bookmarks} orphaned bookmarks...")
    end
    if Keyword.get(options, :prune_orphaned_activities) do
-      del_activities = prune_orphaned_activities()
+      # Prune activities who link to a single object
-      Logger.info("Deleted #{del_activities} orphaned activities...")
+      """
      delete from public.activities
      where id in (
        select a.id from public.activities a
        left join public.objects o on a.data ->> 'object' = o.data ->> 'id'
        left join public.activities a2 on a.data ->> 'object' = a2.data ->> 'id'
        left join public.users u  on a.data ->> 'object' = u.ap_id
        where not a.local
        and jsonb_typeof(a."data" -> 'object') = 'string'
        and o.id is null
        and a2.id is null
        and u.id is null
      )
      """
      |> Repo.query([], timeout: :infinity)
      # Prune activities who link to an array of objects
      """
      delete from public.activities
      where id in (
        select a.id from public.activities a
        join json_array_elements_text((a."data" -> 'object')::json) as j on jsonb_typeof(a."data" -> 'object') = 'array'
        left join public.objects o on j.value = o.data ->> 'id'
        left join public.activities a2 on j.value = a2.data ->> 'id'
        left join public.users u  on j.value = u.ap_id
        group by a.id
        having max(o.data ->> 'id') is null
        and max(a2.data ->> 'id') is null
        and max(u.ap_id) is null
      )
      """
      |> Repo.query([], timeout: :infinity)
    end
    %{:num_rows => del_hashtags} =
    """
-      DELETE FROM hashtags
+    DELETE FROM hashtags AS ht
-      USING hashtags AS ht
+    WHERE NOT EXISTS (
-      LEFT JOIN hashtags_objects hto
+      SELECT 1 FROM hashtags_objects hto
-            ON ht.id = hto.hashtag_id
+      WHERE ht.id = hto.hashtag_id)
      LEFT JOIN user_follows_hashtag ufht
            ON ht.id = ufht.hashtag_id
      WHERE
          hashtags.id = ht.id
          AND hto.hashtag_id is NULL
          AND ufht.hashtag_id is NULL
    """
-      |> Repo.query!()
+    |> Repo.query()
    Logger.info("Deleted #{del_hashtags} no longer used hashtags...")
    if Keyword.get(options, :vacuum) do
      Logger.info("Starting vacuum...")
      Maintenance.vacuum("full")
    end
    Logger.info("All done!")
  end
  def run(["prune_task"]) do
--- a/lib/mix/tasks/pleroma/diagnostics.ex
+++ b/lib/mix/tasks/pleroma/diagnostics.ex
@ -3,6 +3,7 @@ defmodule Mix.Tasks.Pleroma.Diagnostics do
  alias Pleroma.Repo
  alias Pleroma.User
  require Logger
  require Pleroma.Constants
  import Mix.Pleroma
@ -13,7 +14,7 @@ def run(["http", url]) do
    start_pleroma()
    Pleroma.HTTP.get(url)
-    |> shell_info()
+    |> IO.inspect()
  end
  def run(["fetch_object", url]) do
@ -26,7 +27,7 @@ def run(["fetch_object", url]) do
  def run(["home_timeline", nickname]) do
    start_pleroma()
    user = Repo.get_by!(User, nickname: nickname)
-    shell_info("Home timeline query #{user.nickname}")
+    Logger.info("Home timeline query #{user.nickname}")
    followed_hashtags =
      user
@ -55,14 +56,14 @@ def run(["home_timeline", nickname]) do
      |> limit(20)
    Ecto.Adapters.SQL.explain(Repo, :all, query, analyze: true, timeout: :infinity)
-    |> shell_info()
+    |> IO.puts()
  end
  def run(["user_timeline", nickname, reading_nickname]) do
    start_pleroma()
    user = Repo.get_by!(User, nickname: nickname)
    reading_user = Repo.get_by!(User, nickname: reading_nickname)
-    shell_info("User timeline query #{user.nickname}")
+    Logger.info("User timeline query #{user.nickname}")
    params =
      %{limit: 20}
@ -86,7 +87,7 @@ def run(["user_timeline", nickname, reading_nickname]) do
      |> limit(20)
    Ecto.Adapters.SQL.explain(Repo, :all, query, analyze: true, timeout: :infinity)
-    |> shell_info()
+    |> IO.puts()
  end
  def run(["notifications", nickname]) do
@ -102,7 +103,7 @@ def run(["notifications", nickname]) do
      |> limit(20)
    Ecto.Adapters.SQL.explain(Repo, :all, query, analyze: true, timeout: :infinity)
-    |> shell_info()
+    |> IO.puts()
  end
  def run(["known_network", nickname]) do
@ -128,6 +129,6 @@ def run(["known_network", nickname]) do
      |> limit(20)
    Ecto.Adapters.SQL.explain(Repo, :all, query, analyze: true, timeout: :infinity)
-    |> shell_info()
+    |> IO.puts()
  end
 end
--- a/lib/mix/tasks/pleroma/emoji.ex
+++ b/lib/mix/tasks/pleroma/emoji.ex
@ -27,11 +27,11 @@ def run(["ls-packs" | args]) do
      ]
      for {param, value} <- to_print do
-        shell_info(IO.ANSI.format([:bright, param, :normal, ": ", value]))
+        IO.puts(IO.ANSI.format([:bright, param, :normal, ": ", value]))
      end
      # A newline
-      shell_info("")
+      IO.puts("")
    end)
  end
@ -49,7 +49,7 @@ def run(["get-packs" | args]) do
        pack = manifest[pack_name]
        src = pack["src"]
-        shell_info(
+        IO.puts(
          IO.ANSI.format([
            "Downloading ",
            :bright,
@ -67,9 +67,9 @@ def run(["get-packs" | args]) do
        sha_status_text = ["SHA256 of ", :bright, pack_name, :normal, " source file is ", :bright]
        if archive_sha == String.upcase(pack["src_sha256"]) do
-          shell_info(IO.ANSI.format(sha_status_text ++ [:green, "OK"]))
+          IO.puts(IO.ANSI.format(sha_status_text ++ [:green, "OK"]))
        else
-          shell_info(IO.ANSI.format(sha_status_text ++ [:red, "BAD"]))
+          IO.puts(IO.ANSI.format(sha_status_text ++ [:red, "BAD"]))
          raise "Bad SHA256 for #{pack_name}"
        end
@ -80,7 +80,7 @@ def run(["get-packs" | args]) do
          |> Path.dirname()
          |> Path.join(pack["files"])
-        shell_info(
+        IO.puts(
          IO.ANSI.format([
            "Fetching the file list for ",
            :bright,
@ -94,7 +94,7 @@ def run(["get-packs" | args]) do
        files = fetch_and_decode!(files_loc)
-        shell_info(IO.ANSI.format(["Unpacking ", :bright, pack_name]))
+        IO.puts(IO.ANSI.format(["Unpacking ", :bright, pack_name]))
        pack_path =
          Path.join([
@ -111,11 +111,11 @@ def run(["get-packs" | args]) do
        {:ok, _} =
          :zip.unzip(binary_archive,
-            cwd: to_charlist(pack_path),
+            cwd: pack_path,
            file_list: files_to_unzip
          )
-        shell_info(IO.ANSI.format(["Writing pack.json for ", :bright, pack_name]))
+        IO.puts(IO.ANSI.format(["Writing pack.json for ", :bright, pack_name]))
        pack_json = %{
          pack: %{
@ -132,7 +132,7 @@ def run(["get-packs" | args]) do
        File.write!(Path.join(pack_path, "pack.json"), Jason.encode!(pack_json, pretty: true))
        Pleroma.Emoji.reload()
      else
-        shell_info(IO.ANSI.format([:bright, :red, "No pack named \"#{pack_name}\" found"]))
+        IO.puts(IO.ANSI.format([:bright, :red, "No pack named \"#{pack_name}\" found"]))
      end
    end
  end
@ -180,14 +180,14 @@ def run(["gen-pack" | args]) do
        custom_exts
      end
-    shell_info("Using #{Enum.join(exts, " ")} extensions")
+    IO.puts("Using #{Enum.join(exts, " ")} extensions")
-    shell_info("Downloading the pack and generating SHA256")
+    IO.puts("Downloading the pack and generating SHA256")
    {:ok, %{body: binary_archive}} = Pleroma.HTTP.get(src)
    archive_sha = :crypto.hash(:sha256, binary_archive) |> Base.encode16()
-    shell_info("SHA256 is #{archive_sha}")
+    IO.puts("SHA256 is #{archive_sha}")
    pack_json = %{
      name => %{
@ -208,7 +208,7 @@ def run(["gen-pack" | args]) do
    File.write!(files_name, Jason.encode!(emoji_map, pretty: true))
-    shell_info("""
+    IO.puts("""
    #{files_name} has been created and contains the list of all found emojis in the pack.
    Please review the files in the pack and remove those not needed.
@ -230,11 +230,11 @@ def run(["gen-pack" | args]) do
        )
      )
-      shell_info("#{pack_file} has been updated with the #{name} pack")
+      IO.puts("#{pack_file} has been updated with the #{name} pack")
    else
      File.write!(pack_file, Jason.encode!(pack_json, pretty: true))
-      shell_info("#{pack_file} has been created with the #{name} pack")
+      IO.puts("#{pack_file} has been created with the #{name} pack")
    end
    Pleroma.Emoji.reload()
@ -243,7 +243,7 @@ def run(["gen-pack" | args]) do
  def run(["reload"]) do
    start_pleroma()
    Pleroma.Emoji.reload()
-    shell_info("Emoji packs have been reloaded.")
+    IO.puts("Emoji packs have been reloaded.")
  end
  defp fetch_and_decode!(from) do
--- a/lib/mix/tasks/pleroma/instance.ex
+++ b/lib/mix/tasks/pleroma/instance.ex
@ -37,7 +37,9 @@ def run(["gen" | rest]) do
          listen_port: :string,
          strip_uploads_metadata: :string,
          read_uploads_description: :string,
-          anonymize_uploads: :string
+          anonymize_uploads: :string,
          no_sql_user: :boolean,
          no_db_creation: :boolean
        ],
        aliases: [
          o: :output,
@ -260,7 +262,9 @@ def run(["gen" | rest]) do
          dbname: dbname,
          dbuser: dbuser,
          dbpass: dbpass,
-          rum_enabled: rum_enabled
+          rum_enabled: rum_enabled,
          no_sql_user: Keyword.get(options, :no_sql_user, false),
          no_db_creation: Keyword.get(options, :no_db_creation, false)
        )
      config_dir = Path.dirname(config_path)
--- a/lib/mix/tasks/pleroma/refresh_counter_cache.ex
+++ b/lib/mix/tasks/pleroma/refresh_counter_cache.ex
@ -11,6 +11,7 @@ defmodule Mix.Tasks.Pleroma.RefreshCounterCache do
  alias Pleroma.CounterCache
  alias Pleroma.Repo
  require Logger
  import Ecto.Query
  def run([]) do
--- a/lib/mix/tasks/pleroma/search/meilisearch.ex
+++ b/lib/mix/tasks/pleroma/search/meilisearch.ex
@ -48,7 +48,7 @@ def run(["index"]) do
        ]
      )
-    shell_info("Created indices. Starting to insert posts.")
+    IO.puts("Created indices. Starting to insert posts.")
    chunk_size = Pleroma.Config.get([Pleroma.Search.Meilisearch, :initial_indexing_chunk_size])
@ -65,7 +65,7 @@ def run(["index"]) do
          )
        count = query |> Pleroma.Repo.aggregate(:count, :data)
-        shell_info("Entries to index: #{count}")
+        IO.puts("Entries to index: #{count}")
        Pleroma.Repo.stream(
          query,
@ -92,10 +92,10 @@ def run(["index"]) do
          with {:ok, res} <- result do
            if not Map.has_key?(res, "indexUid") do
-              shell_info("\nFailed to index: #{inspect(result)}")
+              IO.puts("\nFailed to index: #{inspect(result)}")
            end
          else
-            e -> shell_error("\nFailed to index due to network error: #{inspect(e)}")
+            e -> IO.puts("\nFailed to index due to network error: #{inspect(e)}")
          end
        end)
        |> Stream.run()
@ -128,13 +128,13 @@ def run(["show-keys", master_key]) do
    if decoded["results"] do
      Enum.each(decoded["results"], fn
        %{"name" => name, "key" => key} ->
-          shell_info("#{name}: #{key}")
+          IO.puts("#{name}: #{key}")
        %{"description" => desc, "key" => key} ->
-          shell_info("#{desc}: #{key}")
+          IO.puts("#{desc}: #{key}")
      end)
    else
-      shell_error("Error fetching the keys, check the master key is correct: #{inspect(decoded)}")
+      IO.puts("Error fetching the keys, check the master key is correct: #{inspect(decoded)}")
    end
  end
@ -142,7 +142,7 @@ def run(["stats"]) do
    start_pleroma()
    {:ok, result} = meili_get("/indexes/objects/stats")
-    shell_info("Number of entries: #{result["numberOfDocuments"]}")
+    IO.puts("Number of entries: #{result["numberOfDocuments"]}")
-    shell_info("Indexing? #{result["isIndexing"]}")
+    IO.puts("Indexing? #{result["isIndexing"]}")
  end
 end
--- a/lib/mix/tasks/pleroma/security.ex
+++ b/lib/mix/tasks/pleroma/security.ex
@ -38,7 +38,7 @@ def run(["spoof-uploaded"]) do
    Logger.put_process_level(self(), :notice)
    start_pleroma()
-    shell_info("""
+    IO.puts("""
    +------------------------+
    |  SPOOF SEARCH UPLOADS  |
    +------------------------+
@ -55,7 +55,7 @@ def run(["spoof-inserted"]) do
    Logger.put_process_level(self(), :notice)
    start_pleroma()
-    shell_info("""
+    IO.puts("""
    +----------------------+
    |  SPOOF SEARCH NOTES  |
    +----------------------+
@ -77,7 +77,7 @@ defp do_spoof_uploaded() do
          uploads_search_spoofs_local_dir(Config.get!([Pleroma.Uploaders.Local, :uploads]))
        _ ->
-          shell_info("""
+          IO.puts("""
          NOTE:
            Not using local uploader; thus not affected by this exploit.
            It's impossible to check for files, but in case local uploader was used before
@ -98,13 +98,13 @@ defp do_spoof_uploaded() do
    orphaned_attachs = upload_search_orphaned_attachments(not_orphaned_urls)
-    shell_info("\nSearch concluded; here are the results:")
+    IO.puts("\nSearch concluded; here are the results:")
    pretty_print_list_with_title(emoji, "Emoji")
    pretty_print_list_with_title(files, "Uploaded Files")
    pretty_print_list_with_title(post_attachs, "(Not Deleted) Post Attachments")
    pretty_print_list_with_title(orphaned_attachs, "Orphaned Uploads")
-    shell_info("""
+    IO.puts("""
    In total found
      #{length(emoji)} emoji
      #{length(files)} uploads
@ -116,7 +116,7 @@ defp do_spoof_uploaded() do
  defp uploads_search_spoofs_local_dir(dir) do
    local_dir = String.replace_suffix(dir, "/", "")
-    shell_info("Searching for suspicious files in #{local_dir}...")
+    IO.puts("Searching for suspicious files in #{local_dir}...")
    glob_ext = "{" <> Enum.join(@activity_exts, ",") <> "}"
@ -128,7 +128,7 @@ defp uploads_search_spoofs_local_dir(dir) do
  end
  defp uploads_search_spoofs_notes() do
-    shell_info("Now querying DB for posts with spoofing attachments. This might take a while...")
+    IO.puts("Now querying DB for posts with spoofing attachments. This might take a while...")
    patterns = [local_id_pattern() | activity_ext_url_patterns()]
@ -153,7 +153,7 @@ defp uploads_search_spoofs_notes() do
  end
  defp upload_search_orphaned_attachments(not_orphaned_urls) do
-    shell_info("""
+    IO.puts("""
    Now querying DB for orphaned spoofing attachment (i.e. their post was deleted,
    but if :cleanup_attachments was not enabled traces remain in the database)
    This might take a bit...
@ -184,7 +184,7 @@ defp upload_search_orphaned_attachments(not_orphaned_urls) do
  # | S P O O F - I N S E R T E D |
  # +-----------------------------+
  defp do_spoof_inserted() do
-    shell_info("""
+    IO.puts("""
    Searching for local posts whose Create activity has no ActivityPub id...
      This is a pretty good indicator, but only for spoofs of local actors
      and only if the spoofing happened after around late 2021.
@ -194,9 +194,9 @@ defp do_spoof_inserted() do
      search_local_notes_without_create_id()
      |> Enum.sort()
-    shell_info("Done.\n")
+    IO.puts("Done.\n")
-    shell_info("""
+    IO.puts("""
    Now trying to weed out other poorly hidden spoofs.
    This can't detect all and may have some false positives.
    """)
@ -207,9 +207,9 @@ defp do_spoof_inserted() do
      search_sus_notes_by_id_patterns()
      |> Enum.filter(fn r -> !(r in likely_spoofed_posts_set) end)
-    shell_info("Done.\n")
+    IO.puts("Done.\n")
-    shell_info("""
+    IO.puts("""
    Finally, searching for spoofed, local user accounts.
    (It's impossible to detect spoofed remote users)
    """)
@ -220,7 +220,7 @@ defp do_spoof_inserted() do
    pretty_print_list_with_title(idless_create, "Likely Spoofed Posts")
    pretty_print_list_with_title(spoofed_users, "Spoofed local user accounts")
-    shell_info("""
+    IO.puts("""
    In total found:
      #{length(spoofed_users)} bogus users
      #{length(idless_create)} likely spoofed posts
@ -289,27 +289,27 @@ defp search_bogus_local_users() do
  defp pretty_print_list_with_title(list, title) do
    title_len = String.length(title)
    title_underline = String.duplicate("=", title_len)
-    shell_info(title)
+    IO.puts(title)
-    shell_info(title_underline)
+    IO.puts(title_underline)
    pretty_print_list(list)
  end
-  defp pretty_print_list([]), do: shell_info("")
+  defp pretty_print_list([]), do: IO.puts("")
  defp pretty_print_list([{a, o} | rest])
       when (is_binary(a) or is_number(a)) and is_binary(o) do
-    shell_info("  {#{a}, #{o}}")
+    IO.puts("  {#{a}, #{o}}")
    pretty_print_list(rest)
  end
  defp pretty_print_list([{u, a, o} | rest])
       when is_binary(a) and is_binary(u) and is_binary(o) do
-    shell_info("  {#{u}, #{a}, #{o}}")
+    IO.puts("  {#{u}, #{a}, #{o}}")
    pretty_print_list(rest)
  end
  defp pretty_print_list([e | rest]) when is_binary(e) do
-    shell_info("  #{e}")
+    IO.puts("  #{e}")
    pretty_print_list(rest)
  end
--- a/lib/mix/tasks/pleroma/user.ex
+++ b/lib/mix/tasks/pleroma/user.ex
@ -114,7 +114,7 @@ def run(["reset_password", nickname]) do
         {:ok, token} <- Pleroma.PasswordResetToken.create_token(user) do
      shell_info("Generated password reset token for #{user.nickname}")
-      shell_info("URL: #{~p[/api/v1/pleroma/password_reset/#{token.token}]}")
+      IO.puts("URL: #{~p[/api/v1/pleroma/password_reset/#{token.token}]}")
    else
      _ ->
        shell_error("No local user #{nickname}")
@ -301,7 +301,7 @@ def run(["invite" | rest]) do
      shell_info("Generated user invite token " <> String.replace(invite.invite_type, "_", " "))
      url = url(~p[/registration/#{invite.token}])
-      shell_info(url)
+      IO.puts(url)
    else
      error ->
        shell_error("Could not create invite token: #{inspect(error)}")
@ -373,7 +373,7 @@ def run(["show", nickname]) do
      nickname
      |> User.get_cached_by_nickname()
-    shell_info(user)
+    shell_info("#{inspect(user)}")
  end
  def run(["send_confirmation", nickname]) do
@ -457,7 +457,7 @@ def run(["blocking", nickname]) do
    with %User{local: true} = user <- User.get_cached_by_nickname(nickname) do
      blocks = User.following_ap_ids(user)
-      shell_info(blocks)
+      IO.puts("#{inspect(blocks)}")
    end
  end
@ -516,12 +516,12 @@ def run(["fix_follow_state", local_user, remote_user]) do
           {:follow_data, Pleroma.Web.ActivityPub.Utils.fetch_latest_follow(local, remote)} do
      calculated_state = User.following?(local, remote)
-      shell_info(
+      IO.puts(
        "Request state is #{request_state}, vs calculated state of following=#{calculated_state}"
      )
      if calculated_state == false && request_state == "accept" do
-        shell_info("Discrepancy found, fixing")
+        IO.puts("Discrepancy found, fixing")
        Pleroma.Web.CommonAPI.reject_follow_request(local, remote)
        shell_info("Relationship fixed")
      else
@ -551,14 +551,14 @@ defp refetch_public_keys(query) do
    |> Stream.each(fn users ->
      users
      |> Enum.each(fn user ->
-        shell_info("Re-Resolving: #{user.ap_id}")
+        IO.puts("Re-Resolving: #{user.ap_id}")
        with {:ok, user} <- Pleroma.User.fetch_by_ap_id(user.ap_id),
             changeset <- Pleroma.User.update_changeset(user),
             {:ok, _user} <- Pleroma.User.update_and_set_cache(changeset) do
          :ok
        else
-          error -> shell_info("Could not resolve: #{user.ap_id}, #{inspect(error)}")
+          error -> IO.puts("Could not resolve: #{user.ap_id}, #{inspect(error)}")
        end
      end)
    end)
--- a/lib/pleroma/activity/html.ex
+++ b/lib/pleroma/activity/html.ex
@ -28,7 +28,7 @@ defp get_cache_keys_for(activity_id) do
    end
  end
-  def add_cache_key_for(activity_id, additional_key) do
+  defp add_cache_key_for(activity_id, additional_key) do
    current = get_cache_keys_for(activity_id)
    unless additional_key in current do
--- a/lib/pleroma/application.ex
+++ b/lib/pleroma/application.ex
@ -95,17 +95,34 @@ def start(_type, _args) do
    opts = [strategy: :one_for_one, name: Pleroma.Supervisor, max_restarts: max_restarts]
-    case Supervisor.start_link(children, opts) do
+    with {:ok, data} <- Supervisor.start_link(children, opts) do
-      {:ok, data} ->
+      set_postgres_server_version()
      {:ok, data}
-
+    else
      e ->
-        Logger.critical("Failed to start!")
+        Logger.error("Failed to start!")
-        Logger.critical("#{inspect(e)}")
+        Logger.error("#{inspect(e)}")
        e
    end
  end
  defp set_postgres_server_version do
    version =
      with %{rows: [[version]]} <- Ecto.Adapters.SQL.query!(Pleroma.Repo, "show server_version"),
           {num, _} <- Float.parse(version) do
        num
      else
        e ->
          Logger.warning(
            "Could not get the postgres version: #{inspect(e)}.\nSetting the default value of 9.6"
          )
          9.6
      end
    :persistent_term.put({Pleroma.Repo, :postgres_version}, version)
  end
  def load_custom_modules do
    dir = Config.get([:modules, :runtime_dir])
@ -264,9 +281,7 @@ def limiters_setup do
  defp http_children do
    proxy_url = Config.get([:http, :proxy_url])
    proxy = Pleroma.HTTP.AdapterHelper.format_proxy(proxy_url)
-    pool_size = Config.get([:http, :pool_size], 10)
+    pool_size = Config.get([:http, :pool_size])
    pool_timeout = Config.get([:http, :pool_timeout], 60_000)
    connection_timeout = Config.get([:http, :conn_max_idle_time], 10_000)
    :public_key.cacerts_load()
@ -276,8 +291,6 @@ defp http_children do
      |> Pleroma.HTTP.AdapterHelper.add_pool_size(pool_size)
      |> Pleroma.HTTP.AdapterHelper.maybe_add_proxy_pool(proxy)
      |> Pleroma.HTTP.AdapterHelper.ensure_ipv6()
      |> Pleroma.HTTP.AdapterHelper.add_default_conn_max_idle_time(connection_timeout)
      |> Pleroma.HTTP.AdapterHelper.add_default_pool_max_idle_time(pool_timeout)
      |> Keyword.put(:name, MyFinch)
    [{Finch, config}]
--- a/lib/pleroma/collections/fetcher.ex
+++ b/lib/pleroma/collections/fetcher.ex
@ -14,7 +14,7 @@ defmodule Akkoma.Collections.Fetcher do
  @spec fetch_collection(String.t() | map()) :: {:ok, [Pleroma.Object.t()]} | {:error, any()}
  def fetch_collection(ap_id) when is_binary(ap_id) do
    with {:ok, page} <- Fetcher.fetch_and_contain_remote_object_from_id(ap_id) do
-      partial_as_success(objects_from_collection(page))
+      {:ok, objects_from_collection(page)}
    else
      e ->
        Logger.error("Could not fetch collection #{ap_id} - #{inspect(e)}")
@ -24,12 +24,9 @@ def fetch_collection(ap_id) when is_binary(ap_id) do
  def fetch_collection(%{"type" => type} = page)
      when type in ["Collection", "OrderedCollection", "CollectionPage", "OrderedCollectionPage"] do
-    partial_as_success(objects_from_collection(page))
+    {:ok, objects_from_collection(page)}
  end
  defp partial_as_success({:partial, items}), do: {:ok, items}
  defp partial_as_success(res), do: res
  defp items_in_page(%{"type" => type, "orderedItems" => items})
       when is_list(items) and type in ["OrderedCollection", "OrderedCollectionPage"],
       do: items
@ -56,11 +53,11 @@ defp objects_from_collection(%{"type" => type, "first" => %{"id" => id}})
    fetch_page_items(id)
  end
-  defp objects_from_collection(_page), do: {:ok, []}
+  defp objects_from_collection(_page), do: []
  defp fetch_page_items(id, items \\ []) do
    if Enum.count(items) >= Config.get([:activitypub, :max_collection_objects]) do
-      {:ok, items}
+      items
    else
      with {:ok, page} <- Fetcher.fetch_and_contain_remote_object_from_id(id) do
        objects = items_in_page(page)
@ -68,22 +65,18 @@ defp fetch_page_items(id, items \\ []) do
        if Enum.count(objects) > 0 do
          maybe_next_page(page, items ++ objects)
        else
-          {:ok, items}
+          items
        end
      else
        {:error, :not_found} ->
-          {:ok, items}
+          items
        {:error, :forbidden} ->
-          {:ok, items}
+          items
        {:error, error} ->
          Logger.error("Could not fetch page #{id} - #{inspect(error)}")
-
+          {:error, error}
          case items do
            [] -> {:error, error}
            _ -> {:partial, items}
          end
      end
    end
  end
@ -92,5 +85,5 @@ defp maybe_next_page(%{"next" => id}, items) when is_binary(id) do
    fetch_page_items(id, items)
  end
-  defp maybe_next_page(_, items), do: {:ok, items}
+  defp maybe_next_page(_, items), do: items
 end
--- a/lib/pleroma/config/transfer_task.ex
+++ b/lib/pleroma/config/transfer_task.ex
@ -24,6 +24,7 @@ defp reboot_time_keys,
  defp reboot_time_subkeys,
    do: [
      {:pleroma, Pleroma.Captcha, [:seconds_valid]},
      {:pleroma, Pleroma.Upload, [:proxy_remote]},
      {:pleroma, :instance, [:upload_limit]},
      {:pleroma, :http, [:pool_size]},
      {:pleroma, :http, [:proxy_url]}
--- a/lib/pleroma/emails/mailer.ex
+++ b/lib/pleroma/emails/mailer.ex
@ -84,14 +84,8 @@ defp default_config(Swoosh.Adapters.SMTP, conf, _) do
      cacerts: os_cacerts,
      versions: [:"tlsv1.2", :"tlsv1.3"],
      verify: :verify_peer,
      # some versions have supposedly issues verifying wildcard certs without this
      server_name_indication: relay,
      # This allows wildcard ceritifcates to be verified properly.
      # The :https parameter simply means to use the HTTPS wildcard format
      # (as opposed to say LDAP). SMTP servers tend to use the same type of
      # certs as HTTPS ones so this should work for most.
      customize_hostname_check: [
        match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
      ],
      # the default of 10 is too restrictive
      depth: 32
    ]
--- a/lib/pleroma/emoji/pack.ex
+++ b/lib/pleroma/emoji/pack.ex
@ -125,7 +125,7 @@ def add_file(%Pack{} = pack, _, _, %Plug.Upload{content_type: "application/zip"}
        {:ok, _emoji_files} =
          :zip.unzip(
            to_charlist(file.path),
-            [{:file_list, Enum.map(emojies, & &1[:path])}, {:cwd, to_charlist(tmp_dir)}]
+            [{:file_list, Enum.map(emojies, & &1[:path])}, {:cwd, tmp_dir}]
          )
        {_, updated_pack} =
--- a/lib/pleroma/frontend.ex
+++ b/lib/pleroma/frontend.ex
@ -79,10 +79,6 @@ def unzip(zip, dest) do
        new_file_path = Path.join(dest, path)
        new_file_path
        |> Path.dirname()
        |> File.rm()
        new_file_path
        |> Path.dirname()
        |> File.mkdir_p!()
--- a/lib/pleroma/html.ex
+++ b/lib/pleroma/html.ex
@ -6,6 +6,8 @@ defmodule Pleroma.HTML do
  # Scrubbers are compiled on boot so they can be configured in OTP releases
  #  @on_load :compile_scrubbers
  @cachex Pleroma.Config.get([:cachex, :provider], Cachex)
  def compile_scrubbers do
    dir = Path.join(:code.priv_dir(:pleroma), "scrubbers")
@ -65,9 +67,22 @@ def ensure_scrubbed_html(
    end
  end
-  @spec extract_first_external_url_from_object(Pleroma.Object.t()) :: String.t() | nil
+  def extract_first_external_url_from_object(%{data: %{"content" => content}} = object)
  def extract_first_external_url_from_object(%{data: %{"content" => content}})
      when is_binary(content) do
    unless object.data["fake"] do
      key = "URL|#{object.id}"
      @cachex.fetch!(:scrubber_cache, key, fn _key ->
        {:commit, {:ok, extract_first_external_url(content)}}
      end)
    else
      {:ok, extract_first_external_url(content)}
    end
  end
  def extract_first_external_url_from_object(_), do: {:error, :no_content}
  def extract_first_external_url(content) do
    content
    |> Floki.parse_fragment!()
    |> Floki.find("a:not(.mention,.hashtag,.attachment,[rel~=\"tag\"])")
@ -75,6 +90,4 @@ def extract_first_external_url_from_object(%{data: %{"content" => content}})
    |> Floki.attribute("href")
    |> Enum.at(0)
  end
  def extract_first_external_url_from_object(_), do: nil
 end
--- a/lib/pleroma/http.ex
+++ b/lib/pleroma/http.ex
@ -74,12 +74,7 @@ def request(method, url, body, headers, options) when is_binary(url) do
    request = build_request(method, headers, options, url, body, params)
    client = Tesla.client([Tesla.Middleware.FollowRedirects, Tesla.Middleware.Telemetry])
    Logger.debug("Outbound: #{method} #{url}")
    request(client, request)
  rescue
    e ->
      Logger.error("Failed to fetch #{url}: #{inspect(e)}")
      {:error, :fetch_error}
  end
  @spec request(Client.t(), keyword()) :: {:ok, Env.t()} | {:error, any()}
--- a/lib/pleroma/http/adapter_helper.ex
+++ b/lib/pleroma/http/adapter_helper.ex
@ -116,20 +116,6 @@ defp maybe_add_transport_opts(opts) do
    put_in(opts, [:pools, :default, :conn_opts, :transport_opts, :inet6], true)
  end
  def add_default_pool_max_idle_time(opts, pool_timeout) do
    opts
    |> maybe_add_pools()
    |> maybe_add_default_pool()
    |> put_in([:pools, :default, :pool_max_idle_time], pool_timeout)
  end
  def add_default_conn_max_idle_time(opts, connection_timeout) do
    opts
    |> maybe_add_pools()
    |> maybe_add_default_pool()
    |> put_in([:pools, :default, :conn_max_idle_time], connection_timeout)
  end
  @doc """
  Merge default connection & adapter options with received ones.
  """
--- a/lib/pleroma/instances/instance.ex
+++ b/lib/pleroma/instances/instance.ex
@ -158,14 +158,6 @@ def needs_update(%Instance{metadata_updated_at: metadata_updated_at}) do
    NaiveDateTime.diff(now, metadata_updated_at) > 86_400
  end
  def needs_update(%URI{host: host}) do
    with %Instance{} = instance <- Repo.get_by(Instance, %{host: host}) do
      needs_update(instance)
    else
      _ -> true
    end
  end
  def local do
    %Instance{
      host: Pleroma.Web.Endpoint.host(),
@ -188,7 +180,7 @@ def update_metadata(%URI{host: host} = uri) do
  defp do_update_metadata(%URI{host: host} = uri, existing_record) do
    if existing_record do
      if needs_update(existing_record) do
-        Logger.debug("Updating metadata for #{host}")
+        Logger.info("Updating metadata for #{host}")
        favicon = scrape_favicon(uri)
        nodeinfo = scrape_nodeinfo(uri)
@ -207,7 +199,7 @@ defp do_update_metadata(%URI{host: host} = uri, existing_record) do
      favicon = scrape_favicon(uri)
      nodeinfo = scrape_nodeinfo(uri)
-      Logger.debug("Creating metadata for #{host}")
+      Logger.info("Creating metadata for #{host}")
      %Instance{}
      |> changeset(%{
--- a/lib/pleroma/keys.ex
+++ b/lib/pleroma/keys.ex
@ -0,0 +1,46 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Keys do
  # Native generation of RSA keys is only available since OTP 20+ and in default build conditions
  # We try at compile time to generate natively an RSA key otherwise we fallback on the old way.
  try do
    _ = :public_key.generate_key({:rsa, 2048, 65_537})
    def generate_rsa_pem do
      key = :public_key.generate_key({:rsa, 2048, 65_537})
      entry = :public_key.pem_entry_encode(:RSAPrivateKey, key)
      pem = :public_key.pem_encode([entry]) |> String.trim_trailing()
      {:ok, pem}
    end
  rescue
    _ ->
      def generate_rsa_pem do
        port = Port.open({:spawn, "openssl genrsa"}, [:binary])
        {:ok, pem} =
          receive do
            {^port, {:data, pem}} -> {:ok, pem}
          end
        Port.close(port)
        if Regex.match?(~r/RSA PRIVATE KEY/, pem) do
          {:ok, pem}
        else
          :error
        end
      end
  end
  def keys_from_pem(pem) do
    with [private_key_code] <- :public_key.pem_decode(pem),
         private_key <- :public_key.pem_entry_decode(private_key_code),
         {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} <- private_key do
      {:ok, private_key, {:RSAPublicKey, modulus, exponent}}
    else
      error -> {:error, error}
    end
  end
 end
--- a/lib/pleroma/object.ex
+++ b/lib/pleroma/object.ex
@ -9,6 +9,7 @@ defmodule Pleroma.Object do
  import Ecto.Changeset
  alias Pleroma.Activity
  alias Pleroma.Config
  alias Pleroma.Hashtag
  alias Pleroma.Object
  alias Pleroma.Object.Fetcher
@ -215,11 +216,6 @@ def get_cached_by_ap_id(ap_id) do
    end
  end
  # Intentionally accepts non-Object arguments!
  @spec is_tombstone_object?(term()) :: boolean()
  def is_tombstone_object?(%Object{data: %{"type" => "Tombstone"}}), do: true
  def is_tombstone_object?(_), do: false
  def make_tombstone(%Object{data: %{"id" => id, "type" => type}}, deleted \\ DateTime.utc_now()) do
    %ObjectTombstone{
      id: id,
@ -245,11 +241,23 @@ def delete(%Object{data: %{"id" => id}} = object) do
    with {:ok, _obj} = swap_object_with_tombstone(object),
         deleted_activity = Activity.delete_all_by_object_ap_id(id),
         {:ok, _} <- invalid_object_cache(object) do
-      AttachmentsCleanupWorker.enqueue_if_needed(object.data)
+      cleanup_attachments(
        Config.get([:instance, :cleanup_attachments]),
        %{object: object}
      )
      {:ok, object, deleted_activity}
    end
  end
  @spec cleanup_attachments(boolean(), %{required(:object) => map()}) ::
          {:ok, Oban.Job.t() | nil}
  def cleanup_attachments(true, %{object: _} = params) do
    AttachmentsCleanupWorker.enqueue("cleanup_attachments", params)
  end
  def cleanup_attachments(_, _), do: {:ok, nil}
  def prune(%Object{data: %{"id" => _id}} = object) do
    with {:ok, object} <- Repo.delete(object),
         {:ok, _} <- invalid_object_cache(object) do
--- a/lib/pleroma/object/containment.ex
+++ b/lib/pleroma/object/containment.ex
@ -12,6 +12,8 @@ defmodule Pleroma.Object.Containment do
  spoofing, therefore removal of object containment functions is NOT recommended.
  """
  alias Pleroma.Web.ActivityPub.Transmogrifier
  def get_actor(%{"actor" => actor}) when is_binary(actor) do
    actor
  end
@ -48,39 +50,16 @@ def get_object(_) do
  defp compare_uris(%URI{host: host} = _id_uri, %URI{host: host} = _other_uri), do: :ok
  defp compare_uris(_id_uri, _other_uri), do: :error
-  defp uri_strip_slash(%URI{path: path} = uri) when is_binary(path),
+  defp compare_uris_exact(uri, uri), do: :ok
    do: %{uri | path: String.replace_suffix(path, "/", "")}
-  defp uri_strip_slash(uri), do: uri
+  defp compare_uris_exact(%URI{} = id, %URI{} = other),
    do: compare_uris_exact(URI.to_string(id), URI.to_string(other))
-  # domain names are case-insensitive per spec (other parts of URIs aren’t necessarily)
+  defp compare_uris_exact(id_uri, other_uri)
-  defp uri_normalise_host(%URI{host: host} = uri) when is_binary(host),
+       when is_binary(id_uri) and is_binary(other_uri) do
-    do: %{uri | host: String.downcase(host, :ascii)}
+    norm_id = String.replace_suffix(id_uri, "/", "")
-
+    norm_other = String.replace_suffix(other_uri, "/", "")
-  defp uri_normalise_host(uri), do: uri
+    if norm_id == norm_other, do: :ok, else: :error
  defp compare_uri_identities(uri, uri), do: :ok
  defp compare_uri_identities(id_uri, other_uri) when is_binary(id_uri) and is_binary(other_uri),
    do: compare_uri_identities(URI.parse(id_uri), URI.parse(other_uri))
  defp compare_uri_identities(%URI{} = id, %URI{} = other) do
    normid =
      %{id | fragment: nil}
      |> uri_strip_slash()
      |> uri_normalise_host()
    normother =
      %{other | fragment: nil}
      |> uri_strip_slash()
      |> uri_normalise_host()
    # Conversion back to binary avoids issues from non-normalised deprecated authority field
    if URI.to_string(normid) == URI.to_string(normother) do
      :ok
    else
      :error
    end
  end
  @doc """
@ -114,13 +93,21 @@ def contain_origin(id, %{"attributedTo" => actor} = params),
  def contain_origin(_id, _data), do: :ok
  @doc """
-  Check whether the fetch URL (after redirects) is the
+  Check whether the fetch URL (after redirects) exactly (sans tralining slash) matches either
-  same location the canonical ActivityPub id points to.
+  the canonical ActivityPub id or the objects url field (for display URLs from *key and Mastodon)
  Since this is meant to be used for fetches, anonymous or transient objects are not accepted here.
  """
-  def contain_id_to_fetch(url, %{"id" => id}) when is_binary(id) do
+  def contain_id_to_fetch(url, %{"id" => id} = data) when is_binary(id) do
-    compare_uri_identities(url, id)
+    with {:id, :error} <- {:id, compare_uris_exact(id, url)},
         # "url" can be a "Link" object and this is checked before full normalisation
         display_url <- Transmogrifier.fix_url(data)["url"],
         true <- display_url != nil do
      compare_uris_exact(display_url, url)
    else
      {:id, :ok} -> :ok
      _ -> :error
    end
  end
  def contain_id_to_fetch(_url, _data), do: :error
--- a/lib/pleroma/object/fetcher.ex
+++ b/lib/pleroma/object/fetcher.ex
@ -116,7 +116,7 @@ defp reinject_object(%Object{} = object, new_data) do
  @doc "Assumes object already is in our database and refetches from remote to update (e.g. for polls)"
  def refetch_object(%Object{data: %{"id" => id}} = object) do
    with {:local, false} <- {:local, Object.local?(object)},
-         {:ok, new_data} <- fetch_and_contain_remote_object_from_id(id, true),
+         {:ok, new_data} <- fetch_and_contain_remote_object_from_id(id),
         {:id, true} <- {:id, new_data["id"] == id},
         {:ok, object} <- reinject_object(object, new_data) do
      {:ok, object}
@ -253,17 +253,14 @@ defp maybe_date_fetch(headers, date) do
    end
  end
-  @doc """
+  @doc "Fetches arbitrary remote object and performs basic safety and authenticity checks"
-  Fetches arbitrary remote object and performs basic safety and authenticity checks.
+  def fetch_and_contain_remote_object_from_id(id)
  When the fetch URL is known to already be a canonical AP id, checks are stricter.
  """
  def fetch_and_contain_remote_object_from_id(id, is_ap_id \\ false)
-  def fetch_and_contain_remote_object_from_id(%{"id" => id}, is_ap_id),
+  def fetch_and_contain_remote_object_from_id(%{"id" => id}),
-    do: fetch_and_contain_remote_object_from_id(id, is_ap_id)
+    do: fetch_and_contain_remote_object_from_id(id)
-  def fetch_and_contain_remote_object_from_id(id, is_ap_id) when is_binary(id) do
+  def fetch_and_contain_remote_object_from_id(id) when is_binary(id) do
-    Logger.debug("Fetching object #{id} via AP [ap_id=#{is_ap_id}]")
+    Logger.debug("Fetching object #{id} via AP")
    with {:valid_uri_scheme, true} <- {:valid_uri_scheme, String.starts_with?(id, "http")},
         %URI{} = uri <- URI.parse(id),
@ -273,31 +270,18 @@ def fetch_and_contain_remote_object_from_id(id, is_ap_id) when is_binary(id) do
           {:mrf_accept_check, Pleroma.Web.ActivityPub.MRF.SimplePolicy.check_accept(uri)},
         {:local_fetch, :ok} <- {:local_fetch, Containment.contain_local_fetch(id)},
         {:ok, final_id, body} <- get_object(id),
         # a canonical ID shouldn't be a redirect
         true <- !is_ap_id || final_id == id,
         {:ok, data} <- safe_json_decode(body),
-         {_, :ok} <- {:containment, Containment.contain_origin(final_id, data)},
+         {_, :ok} <- {:strict_id, Containment.contain_id_to_fetch(final_id, data)},
-         {_, _, :ok} <- {:strict_id, data["id"], Containment.contain_id_to_fetch(final_id, data)} do
+         {_, :ok} <- {:containment, Containment.contain_origin(final_id, data)} do
      unless Instances.reachable?(final_id) do
        Instances.set_reachable(final_id)
      end
      {:ok, data}
    else
-      # E.g.  Mastodon and *key serve the AP object directly under their display URLs without
+      {:strict_id, _} = e ->
      # redirecting to their canonical location first, thus ids will expectedly differ.
      # Similarly keys, either use a fragment ID and are a subobjects or a distinct ID
      # but for compatibility are still a subobject presenting their owning actors ID at the toplevel.
      # Refetching _once_ from the listed id, should yield a strict match afterwards.
      {:strict_id, ap_id, _} = e ->
        case is_ap_id do
          false ->
            fetch_and_contain_remote_object_from_id(ap_id, true)
          true ->
        log_fetch_error(id, e)
        {:error, :id_mismatch}
        end
      {:mrf_reject_check, _} = e ->
        log_fetch_error(id, e)
@ -317,7 +301,7 @@ def fetch_and_contain_remote_object_from_id(id, is_ap_id) when is_binary(id) do
      {:containment, reason} ->
        log_fetch_error(id, reason)
-        {:error, {:containment, reason}}
+        {:error, reason}
      {:error, e} ->
        {:error, e}
@ -327,13 +311,25 @@ def fetch_and_contain_remote_object_from_id(id, is_ap_id) when is_binary(id) do
    end
  end
-  def fetch_and_contain_remote_object_from_id(_id, _is_ap_id),
+  def fetch_and_contain_remote_object_from_id(_id),
    do: {:error, :invalid_id}
  defp check_crossdomain_redirect(final_host, original_url)
  # HOPEFULLY TEMPORARY
  # Basically none of our Tesla mocks in tests set the (supposed to
  # exist for Tesla proper) url parameter for their responses
  # causing almost every fetch in test to fail otherwise
  if @mix_env == :test do
    defp check_crossdomain_redirect(nil, _) do
      {:cross_domain_redirect, false}
    end
  end
  defp check_crossdomain_redirect(final_host, original_url) do
    {:cross_domain_redirect, final_host != URI.parse(original_url).host}
  end
  if @mix_env == :test do
    defp get_final_id(nil, initial_url), do: initial_url
    defp get_final_id("", initial_url), do: initial_url
@ -359,6 +355,10 @@ def get_object(id) do
    with {:ok, %{body: body, status: code, headers: headers, url: final_url}}
         when code in 200..299 <-
           HTTP.Backoff.get(id, headers),
         remote_host <-
           URI.parse(final_url).host,
         {:cross_domain_redirect, false} <-
           check_crossdomain_redirect(remote_host, id),
         {:has_content_type, {_, content_type}} <-
           {:has_content_type, List.keyfind(headers, "content-type", 0)},
         {:parse_content_type, {:ok, "application", subtype, type_params}} <-
@ -369,12 +369,8 @@ def get_object(id) do
        {"activity+json", _} ->
          {:ok, final_id, body}
-        {"ld+json", %{"profile" => profiles}} ->
+        {"ld+json", %{"profile" => "https://www.w3.org/ns/activitystreams"}} ->
          if "https://www.w3.org/ns/activitystreams" in String.split(profiles) do
          {:ok, final_id, body}
          else
            {:error, {:content_type, content_type}}
          end
        _ ->
          {:error, {:content_type, content_type}}
--- a/lib/pleroma/search/database_search.ex
+++ b/lib/pleroma/search/database_search.ex
@ -21,12 +21,19 @@ def search(user, search_query, options \\ []) do
    offset = Keyword.get(options, :offset, 0)
    author = Keyword.get(options, :author)
    search_function =
      if :persistent_term.get({Pleroma.Repo, :postgres_version}) >= 11 do
        :websearch
      else
        :plain
      end
    try do
      Activity
      |> Activity.with_preloaded_object()
      |> Activity.restrict_deactivated_users()
      |> restrict_public()
-      |> query_with(index_type, search_query)
+      |> query_with(index_type, search_query, search_function)
      |> maybe_restrict_local(user)
      |> maybe_restrict_author(author)
      |> maybe_restrict_blocked(user)
@ -40,6 +47,12 @@ def search(user, search_query, options \\ []) do
    end
  end
  @impl true
  def add_to_index(_activity), do: nil
  @impl true
  def remove_from_index(_object), do: nil
  def maybe_restrict_author(query, %User{} = author) do
    Activity.Queries.by_author(query, author)
  end
@ -59,7 +72,25 @@ def restrict_public(q) do
    )
  end
-  defp query_with(q, :gin, search_query) do
+  defp query_with(q, :gin, search_query, :plain) do
    %{rows: [[tsc]]} =
      Ecto.Adapters.SQL.query!(
        Pleroma.Repo,
        "select current_setting('default_text_search_config')::regconfig::oid;"
      )
    from([a, o] in q,
      where:
        fragment(
          "to_tsvector(?::oid::regconfig, ?->>'content') @@ plainto_tsquery(?)",
          ^tsc,
          o.data,
          ^search_query
        )
    )
  end
  defp query_with(q, :gin, search_query, :websearch) do
    %{rows: [[tsc]]} =
      Ecto.Adapters.SQL.query!(
        Pleroma.Repo,
@ -77,7 +108,19 @@ defp query_with(q, :gin, search_query) do
    )
  end
-  defp query_with(q, :rum, search_query) do
+  defp query_with(q, :rum, search_query, :plain) do
    from([a, o] in q,
      where:
        fragment(
          "? @@ plainto_tsquery(?)",
          o.fts_content,
          ^search_query
        ),
      order_by: [fragment("? <=> now()::date", o.inserted_at)]
    )
  end
  defp query_with(q, :rum, search_query, :websearch) do
    from([a, o] in q,
      where:
        fragment(
@ -89,29 +132,21 @@ defp query_with(q, :rum, search_query) do
    )
  end
-  def should_restrict_local(user) do
+  def maybe_restrict_local(q, user) do
    limit = Pleroma.Config.get([:instance, :limit_to_local_content], :unauthenticated)
    case {limit, user} do
-      {:all, _} -> true
+      {:all, _} -> restrict_local(q)
-      {:unauthenticated, %User{}} -> false
+      {:unauthenticated, %User{}} -> q
-      {:unauthenticated, _} -> true
+      {:unauthenticated, _} -> restrict_local(q)
-      {false, _} -> false
+      {false, _} -> q
    end
  end
  def maybe_restrict_local(q, user) do
    case should_restrict_local(user) do
      true -> restrict_local(q)
      false -> q
    end
  end
  defp restrict_local(q), do: where(q, local: true)
  def maybe_fetch(activities, user, search_query) do
-    with false <- should_restrict_local(user),
+    with true <- Regex.match?(~r/https?:/, search_query),
         true <- Regex.match?(~r/https?:/, search_query),
         {:ok, object} <- Fetcher.fetch_object_from_id(search_query),
         %Activity{} = activity <- Activity.get_create_by_object_ap_id(object.data["id"]),
         true <- Visibility.visible_for_user?(activity, user) do
--- a/lib/pleroma/search/search_backend.ex
+++ b/lib/pleroma/search/search_backend.ex
@ -14,6 +14,4 @@ defmodule Pleroma.Search.SearchBackend do
  from index.
  """
  @callback remove_from_index(object :: Pleroma.Object.t()) :: {:ok, any()} | {:error, any()}
  @optional_callbacks add_to_index: 1, remove_from_index: 1
 end
--- a/lib/pleroma/signature.ex
+++ b/lib/pleroma/signature.ex
@ -5,25 +5,47 @@
 defmodule Pleroma.Signature do
  @behaviour HTTPSignatures.Adapter
  alias Pleroma.EctoType.ActivityPub.ObjectValidators
  alias Pleroma.Keys
  alias Pleroma.User
-  alias Pleroma.User.SigningKey
+  alias Pleroma.Web.ActivityPub.ActivityPub
-  require Logger
+
  @known_suffixes ["/publickey", "/main-key", "#key"]
  def key_id_to_actor_id(key_id) do
-    case SigningKey.key_id_to_ap_id(key_id) do
+    uri =
-      nil ->
+      key_id
-        # hm, we SHOULD have gotten this in the pipeline before we hit here!
+      |> URI.parse()
-        Logger.error("Could not figure out who owns the key #{key_id}")
+      |> Map.put(:fragment, nil)
-        {:error, :key_owner_not_found}
+      |> Map.put(:query, nil)
      |> remove_suffix(@known_suffixes)
-      key ->
+    maybe_ap_id = URI.to_string(uri)
-        {:ok, key}
+
    case ObjectValidators.ObjectID.cast(maybe_ap_id) do
      {:ok, ap_id} ->
        {:ok, ap_id}
      _ ->
        case Pleroma.Web.WebFinger.finger(maybe_ap_id) do
          {:ok, %{"ap_id" => ap_id}} -> {:ok, ap_id}
          _ -> {:error, maybe_ap_id}
        end
    end
  end
  defp remove_suffix(uri, [test | rest]) do
    if not is_nil(uri.path) and String.ends_with?(uri.path, test) do
      Map.put(uri, :path, String.replace(uri.path, test, ""))
    else
      remove_suffix(uri, rest)
    end
  end
  defp remove_suffix(uri, []), do: uri
  def fetch_public_key(conn) do
    with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
         {:ok, %SigningKey{}} <- SigningKey.get_or_fetch_by_key_id(kid),
         {:ok, actor_id} <- key_id_to_actor_id(kid),
         {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
      {:ok, public_key}
@ -35,8 +57,8 @@ def fetch_public_key(conn) do
  def refetch_public_key(conn) do
    with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
         {:ok, %SigningKey{}} <- SigningKey.get_or_fetch_by_key_id(kid),
         {:ok, actor_id} <- key_id_to_actor_id(kid),
         {:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id),
         {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
      {:ok, public_key}
    else
@ -45,9 +67,9 @@ def refetch_public_key(conn) do
    end
  end
-  def sign(%User{} = user, headers) do
+  def sign(%User{keys: keys} = user, headers) do
-    with {:ok, private_key} <- SigningKey.private_key(user) do
+    with {:ok, private_key, _} <- Keys.keys_from_pem(keys) do
-      HTTPSignatures.sign(private_key, SigningKey.local_key_id(user.ap_id), headers)
+      HTTPSignatures.sign(private_key, user.ap_id <> "#main-key", headers)
    end
  end
--- a/lib/pleroma/stats.ex
+++ b/lib/pleroma/stats.ex
@ -10,7 +10,6 @@ defmodule Pleroma.Stats do
  alias Pleroma.CounterCache
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Instances.Instance
  @interval :timer.seconds(300)
@ -40,8 +39,7 @@ def force_update do
  @spec get_stats() :: %{
          domain_count: non_neg_integer(),
          status_count: non_neg_integer(),
-          user_count: non_neg_integer(),
+          user_count: non_neg_integer()
          remote_user_count: non_neg_integer()
        }
  def get_stats do
    %{stats: stats} = GenServer.call(__MODULE__, :get_state)
@ -62,39 +60,41 @@ def get_peers do
          stats: %{
            domain_count: non_neg_integer(),
            status_count: non_neg_integer(),
-            user_count: non_neg_integer(),
+            user_count: non_neg_integer()
            remote_user_count: non_neg_integer()
          }
        }
  def calculate_stat_data do
    # instances table has an unique constraint on the host column
    peers =
      from(
-        i in Instance,
+        u in User,
-        select: i.host
+        select: fragment("distinct split_part(?, '@', 2)", u.nickname),
        where: u.local != ^true
      )
      |> Repo.all()
      |> Enum.filter(& &1)
    domain_count = Enum.count(peers)
    status_count = Repo.aggregate(User.Query.build(%{local: true}), :sum, :note_count)
-    # there are few enough local users for postgres to use an index scan
+    users_query =
    # (also here an exact count is a bit more important)
    user_count =
      from(u in User,
        where: u.is_active == true,
        where: u.local == true,
        where: not is_nil(u.nickname),
        where: not u.invisible
      )
      |> Repo.aggregate(:count, :id)
-    # but mostly numerous remote users leading to a full a full table scan
+    remote_users_query =
-    # (ecto currently doesn't allow building queries without explicit table)
+      from(u in User,
-    %{rows: [[remote_user_count]]} =
+        where: u.is_active == true,
-      "SELECT estimate_remote_user_count();"
+        where: u.local == false,
-      |> Pleroma.Repo.query!()
+        where: not is_nil(u.nickname),
        where: not u.invisible
      )
    user_count = Repo.aggregate(users_query, :count, :id)
    remote_user_count = Repo.aggregate(remote_users_query, :count, :id)
    %{
      peers: peers,
--- a/lib/pleroma/upload/filter/exiftool/strip_metadata.ex
+++ b/lib/pleroma/upload/filter/exiftool/strip_metadata.ex
@ -18,7 +18,6 @@ defmodule Pleroma.Upload.Filter.Exiftool.StripMetadata do
  # Formats not compatible with exiftool at this time
  def filter(%Pleroma.Upload{content_type: "image/webp"}), do: {:ok, :noop}
  def filter(%Pleroma.Upload{content_type: "image/bmp"}), do: {:ok, :noop}
  def filter(%Pleroma.Upload{content_type: "image/svg+xml"}), do: {:ok, :noop}
  def filter(%Pleroma.Upload{tempfile: file, content_type: "image" <> _}) do
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -25,6 +25,7 @@ defmodule Pleroma.User do
  alias Pleroma.Hashtag
  alias Pleroma.User.HashtagFollow
  alias Pleroma.HTML
  alias Pleroma.Keys
  alias Pleroma.MFA
  alias Pleroma.Notification
  alias Pleroma.Object
@ -42,7 +43,6 @@ defmodule Pleroma.User do
  alias Pleroma.Web.OAuth
  alias Pleroma.Web.RelMe
  alias Pleroma.Workers.BackgroundWorker
  alias Pleroma.User.SigningKey
  use Pleroma.Web, :verified_routes
@ -101,6 +101,7 @@ defmodule Pleroma.User do
    field(:password, :string, virtual: true)
    field(:password_confirmation, :string, virtual: true)
    field(:keys, :string)
    field(:public_key, :string)
    field(:ap_id, :string)
    field(:avatar, :map, default: %{})
    field(:local, :boolean, default: true)
@ -127,6 +128,7 @@ defmodule Pleroma.User do
    field(:domain_blocks, {:array, :string}, default: [])
    field(:is_active, :boolean, default: true)
    field(:no_rich_text, :boolean, default: false)
    field(:ap_enabled, :boolean, default: false)
    field(:is_moderator, :boolean, default: false)
    field(:is_admin, :boolean, default: false)
    field(:show_role, :boolean, default: true)
@ -220,10 +222,6 @@ defmodule Pleroma.User do
      on_replace: :delete
    )
    # FOR THE FUTURE: We might want to make this a one-to-many relationship
    # it's entirely possible right now, but we don't have a use case for it
    has_one(:signing_key, SigningKey, foreign_key: :user_id)
    timestamps()
  end
@ -442,7 +440,6 @@ defp fix_follower_address(params), do: params
  def remote_user_changeset(struct \\ %User{local: false}, params) do
    bio_limit = Config.get([:instance, :user_bio_length], 5000)
    name_limit = Config.get([:instance, :user_name_length], 100)
    fields_limit = Config.get([:instance, :max_remote_account_fields], 0)
    name =
      case params[:name] do
@ -456,12 +453,10 @@ def remote_user_changeset(struct \\ %User{local: false}, params) do
      |> Map.put_new(:last_refreshed_at, NaiveDateTime.utc_now())
      |> truncate_if_exists(:name, name_limit)
      |> truncate_if_exists(:bio, bio_limit)
      |> Map.update(:fields, [], &Enum.take(&1, fields_limit))
      |> truncate_fields_param()
      |> fix_follower_address()
    struct
    |> Repo.preload(:signing_key)
    |> cast(
      params,
      [
@ -471,7 +466,9 @@ def remote_user_changeset(struct \\ %User{local: false}, params) do
        :inbox,
        :shared_inbox,
        :nickname,
        :public_key,
        :avatar,
        :ap_enabled,
        :banner,
        :background,
        :is_locked,
@ -498,7 +495,6 @@ def remote_user_changeset(struct \\ %User{local: false}, params) do
    |> validate_required([:ap_id])
    |> validate_required([:name], trim: false)
    |> unique_constraint(:nickname)
    |> cast_assoc(:signing_key, with: &SigningKey.remote_changeset/2, required: false)
    |> validate_format(:nickname, @email_regex)
    |> validate_length(:bio, max: bio_limit)
    |> validate_length(:name, max: name_limit)
@ -530,6 +526,7 @@ def update_changeset(struct, params \\ %{}) do
        :name,
        :emoji,
        :avatar,
        :public_key,
        :inbox,
        :shared_inbox,
        :is_locked,
@ -573,7 +570,6 @@ def update_changeset(struct, params \\ %{}) do
      :pleroma_settings_store,
      &{:ok, Map.merge(struct.pleroma_settings_store, &1)}
    )
    |> cast_assoc(:signing_key, with: &SigningKey.remote_changeset/2, requred: false)
    |> validate_fields(false, struct)
  end
@ -832,10 +828,8 @@ def put_following_and_follower_and_featured_address(changeset) do
  end
  defp put_private_key(changeset) do
-    ap_id = get_field(changeset, :ap_id)
+    {:ok, pem} = Keys.generate_rsa_pem()
-
+    put_change(changeset, :keys, pem)
    changeset
    |> put_assoc(:signing_key, SigningKey.generate_local_keys(ap_id))
  end
  defp autofollow_users(user) do
@ -1004,8 +998,12 @@ def maybe_direct_follow(%User{} = follower, %User{local: true} = followed) do
  end
  def maybe_direct_follow(%User{} = follower, %User{} = followed) do
    if not ap_enabled?(followed) do
      follow(follower, followed)
    else
      {:ok, follower, followed}
    end
  end
  @doc "A mass follow for local users. Respects blocks in both directions but does not create activities."
  @spec follow_all(User.t(), list(User.t())) :: {atom(), User.t()}
@ -1148,8 +1146,7 @@ def update_and_set_cache(%{data: %Pleroma.User{} = user} = changeset) do
    was_superuser_before_update = User.superuser?(user)
    with {:ok, user} <- Repo.update(changeset, stale_error_field: :id) do
-      user
+      set_cache(user)
      |> set_cache()
    end
    |> maybe_remove_report_notifications(was_superuser_before_update)
  end
@ -1627,12 +1624,8 @@ def blocks_user?(%User{} = user, %User{} = target) do
  def blocks_user?(_, _), do: false
-  def blocks_domain?(%User{} = user, %User{ap_id: ap_id}) do
+  def blocks_domain?(%User{} = user, %User{} = target) do
-    blocks_domain?(user, ap_id)
+    %{host: host} = URI.parse(target.ap_id)
  end
  def blocks_domain?(%User{} = user, url) when is_binary(url) do
    %{host: host} = URI.parse(url)
    Enum.member?(user.domain_blocks, host)
    # TODO: functionality should probably be changed such that subdomains block as well,
    # but as it stands, this just hecks up the relationships endpoint
@ -1820,6 +1813,7 @@ def purge_user_changeset(user) do
      confirmation_token: nil,
      domain_blocks: [],
      is_active: false,
      ap_enabled: false,
      is_moderator: false,
      is_admin: false,
      mastofe_settings: nil,
@ -1999,20 +1993,8 @@ def get_or_fetch_by_ap_id(ap_id, options \\ []) do
      {%User{} = user, _} ->
        {:ok, user}
      {_, {:error, {:reject, :mrf}}} ->
        Logger.debug("Rejected to fetch user due to MRF: #{ap_id}")
        {:error, {:reject, :mrf}}
      {_, {:error, :not_found}} ->
        Logger.debug("User doesn't exist (anymore): #{ap_id}")
        {:error, :not_found}
      {_, {:error, e}} ->
        Logger.error("Could not fetch user #{ap_id}, #{inspect(e)}")
        {:error, e}
      e ->
-        Logger.error("Unexpected error condition while fetching user #{ap_id}, #{inspect(e)}")
+        Logger.error("Could not fetch user #{ap_id}, #{inspect(e)}")
        {:error, :not_found}
    end
  end
@ -2065,19 +2047,31 @@ defp create_service_actor(uri, nickname) do
    |> set_cache()
  end
-  defdelegate public_key(user), to: SigningKey
+  def public_key(%{public_key: public_key_pem}) when is_binary(public_key_pem) do
    key =
      public_key_pem
      |> :public_key.pem_decode()
      |> hd()
      |> :public_key.pem_entry_decode()
    {:ok, key}
  end
  def public_key(_), do: {:error, "key not found"}
  def get_public_key_for_ap_id(ap_id) do
    with {:ok, %User{} = user} <- get_or_fetch_by_ap_id(ap_id),
-         {:ok, public_key} <- SigningKey.public_key(user) do
+         {:ok, public_key} <- public_key(user) do
      {:ok, public_key}
    else
-      e ->
+      _ -> :error
        Logger.error("Could not get public key for #{ap_id}.\n#{inspect(e)}")
        {:error, e}
    end
  end
  def ap_enabled?(%User{local: true}), do: true
  def ap_enabled?(%User{ap_enabled: ap_enabled}), do: ap_enabled
  def ap_enabled?(_), do: false
  @doc "Gets or fetch a user by uri or nickname."
  @spec get_or_fetch(String.t()) :: {:ok, User.t()} | {:error, String.t()}
  def get_or_fetch("http://" <> _host = uri), do: get_or_fetch_by_ap_id(uri)
@ -2581,10 +2575,10 @@ def add_pinned_object_id(%User{} = user, object_id) do
          [pinned_objects: "You have already pinned the maximum number of statuses"]
        end
      end)
      |> update_and_set_cache()
    else
-      {:ok, user}
+      change(user)
    end
    |> update_and_set_cache()
  end
  @spec remove_pinned_object_id(User.t(), String.t()) :: {:ok, t()} | {:error, term()}
--- a/lib/pleroma/user/signing_key.ex
+++ b/lib/pleroma/user/signing_key.ex
@ -1,255 +0,0 @@
 defmodule Pleroma.User.SigningKey do
  use Ecto.Schema
  import Ecto.Query
  import Ecto.Changeset
  require Pleroma.Constants
  alias Pleroma.User
  alias Pleroma.Repo
  require Logger
  @primary_key false
  schema "signing_keys" do
    belongs_to(:user, Pleroma.User, type: FlakeId.Ecto.CompatType)
    field :public_key, :string
    field :private_key, :string
    # This is an arbitrary field given by the remote instance
    field :key_id, :string, primary_key: true
    timestamps()
  end
  def load_key(%User{} = user) do
    user
    |> Repo.preload(:signing_key)
  end
  def key_id_of_local_user(%User{local: true} = user) do
    case Repo.preload(user, :signing_key) do
      %User{signing_key: %__MODULE__{key_id: key_id}} -> key_id
      _ -> nil
    end
  end
  @spec remote_changeset(__MODULE__, map) :: Changeset.t()
  def remote_changeset(%__MODULE__{} = signing_key, attrs) do
    signing_key
    |> cast(attrs, [:public_key, :key_id])
    |> validate_required([:public_key, :key_id])
  end
  @spec key_id_to_user_id(String.t()) :: String.t() | nil
  @doc """
  Given a key ID, return the user ID associated with that key.
  Returns nil if the key ID is not found.
  """
  def key_id_to_user_id(key_id) do
    from(sk in __MODULE__, where: sk.key_id == ^key_id)
    |> select([sk], sk.user_id)
    |> Repo.one()
  end
  @spec key_id_to_ap_id(String.t()) :: String.t() | nil
  @doc """
  Given a key ID, return the AP ID associated with that key.
  Returns nil if the key ID is not found.
  """
  def key_id_to_ap_id(key_id) do
    Logger.debug("Looking up key ID: #{key_id}")
    result =
      from(sk in __MODULE__, where: sk.key_id == ^key_id)
      |> join(:inner, [sk], u in User, on: sk.user_id == u.id)
      |> select([sk, u], %{user: u})
      |> Repo.one()
    case result do
      %{user: %User{ap_id: ap_id}} -> ap_id
      _ -> nil
    end
  end
  @spec generate_rsa_pem() :: {:ok, binary()}
  @doc """
  Generate a new RSA private key and return it as a PEM-encoded string.
  """
  def generate_rsa_pem do
    key = :public_key.generate_key({:rsa, 2048, 65_537})
    entry = :public_key.pem_entry_encode(:RSAPrivateKey, key)
    pem = :public_key.pem_encode([entry]) |> String.trim_trailing()
    {:ok, pem}
  end
  @spec generate_local_keys(String.t()) :: {:ok, Changeset.t()} | {:error, String.t()}
  @doc """
  Generate a new RSA key pair and create a changeset for it
  """
  def generate_local_keys(ap_id) do
    {:ok, private_pem} = generate_rsa_pem()
    {:ok, local_pem} = private_pem_to_public_pem(private_pem)
    %__MODULE__{}
    |> change()
    |> put_change(:public_key, local_pem)
    |> put_change(:private_key, private_pem)
    |> put_change(:key_id, local_key_id(ap_id))
  end
  @spec local_key_id(String.t()) :: String.t()
  @doc """
  Given an AP ID, return the key ID for the local user.
  """
  def local_key_id(ap_id) do
    ap_id <> "#main-key"
  end
  @spec private_pem_to_public_pem(binary) :: {:ok, binary()} | {:error, String.t()}
  @doc """
  Given a private key in PEM format, return the corresponding public key in PEM format.
  """
  def private_pem_to_public_pem(private_pem) do
    [private_key_code] = :public_key.pem_decode(private_pem)
    private_key = :public_key.pem_entry_decode(private_key_code)
    {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key
    public_key = {:RSAPublicKey, modulus, exponent}
    public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
    {:ok, :public_key.pem_encode([public_key])}
  end
  @spec public_key(User.t()) :: {:ok, binary()} | {:error, String.t()}
  @doc """
  Given a user, return the public key for that user in binary format.
  """
  def public_key(%User{} = user) do
    case Repo.preload(user, :signing_key) do
      %User{signing_key: %__MODULE__{public_key: public_key_pem}} ->
        key =
          public_key_pem
          |> :public_key.pem_decode()
          |> hd()
          |> :public_key.pem_entry_decode()
        {:ok, key}
      _ ->
        {:error, "key not found"}
    end
  end
  def public_key(_), do: {:error, "key not found"}
  def public_key_pem(%User{} = user) do
    case Repo.preload(user, :signing_key) do
      %User{signing_key: %__MODULE__{public_key: public_key_pem}} -> {:ok, public_key_pem}
      _ -> {:error, "key not found"}
    end
  end
  def public_key_pem(_e) do
    {:error, "key not found"}
  end
  @spec private_key(User.t()) :: {:ok, binary()} | {:error, String.t()}
  @doc """
  Given a user, return the private key for that user in binary format.
  """
  def private_key(%User{} = user) do
    case Repo.preload(user, :signing_key) do
      %{signing_key: %__MODULE__{private_key: private_key_pem}} ->
        key =
          private_key_pem
          |> :public_key.pem_decode()
          |> hd()
          |> :public_key.pem_entry_decode()
        {:ok, key}
      _ ->
        {:error, "key not found"}
    end
  end
  @spec get_or_fetch_by_key_id(String.t()) :: {:ok, __MODULE__} | {:error, String.t()}
  @doc """
  Given a key ID, return the signing key associated with that key.
  Will either return the key if it exists locally, or fetch it from the remote instance.
  """
  def get_or_fetch_by_key_id(key_id) do
    case key_id_to_user_id(key_id) do
      nil ->
        fetch_remote_key(key_id)
      user_id ->
        {:ok, Repo.get_by(__MODULE__, user_id: user_id)}
    end
  end
  @spec fetch_remote_key(String.t()) :: {:ok, __MODULE__} | {:error, String.t()}
  @doc """
  Fetch a remote key by key ID.
  Will send a request to the remote instance to get the key ID.
  This request should, at the very least, return a user ID and a public key object.
  Though bear in mind that some implementations (looking at you, pleroma) may require a signature for this request.
  This has the potential to create an infinite loop if the remote instance requires a signature to fetch the key...
  So if we're rejected, we should probably just give up.
  """
  def fetch_remote_key(key_id) do
    Logger.debug("Fetching remote key: #{key_id}")
    with {:ok, _body} = resp <-
           Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id(key_id),
         {:ok, ap_id, public_key_pem} <- handle_signature_response(resp) do
      Logger.debug("Fetched remote key: #{ap_id}")
      # fetch the user
      {:ok, user} = User.get_or_fetch_by_ap_id(ap_id)
      # store the key
      key = %__MODULE__{
        user_id: user.id,
        public_key: public_key_pem,
        key_id: key_id
      }
      Repo.insert(key, on_conflict: :replace_all, conflict_target: :key_id)
    else
      e ->
        Logger.debug("Failed to fetch remote key: #{inspect(e)}")
        {:error, "Could not fetch key"}
    end
  end
  # Take the response from the remote instance and extract the key details
  # will check if the key ID matches the owner of the key, if not, error
  defp extract_key_details(%{"id" => ap_id, "publicKey" => public_key}) do
    if ap_id !== public_key["owner"] do
      {:error, "Key ID does not match owner"}
    else
      %{"publicKeyPem" => public_key_pem} = public_key
      {:ok, ap_id, public_key_pem}
    end
  end
  defp handle_signature_response({:ok, body}) do
    case body do
      %{
        "type" => "CryptographicKey",
        "publicKeyPem" => public_key_pem,
        "owner" => ap_id
      } ->
        {:ok, ap_id, public_key_pem}
      # for when we get a subset of the user object
      %{
        "id" => _user_id,
        "publicKey" => _public_key,
        "type" => actor_type
      }
      when actor_type in Pleroma.Constants.actor_types() ->
        extract_key_details(body)
      %{"error" => error} ->
        {:error, error}
    end
  end
  defp handle_signature_response({:error, e}), do: {:error, e}
  defp handle_signature_response(other), do: {:error, "Could not fetch key: #{inspect(other)}"}
 end
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@ -155,7 +155,9 @@ def insert(map, local \\ true, fake \\ false, bypass_actor_check \\ false) when
      # Splice in the child object if we have one.
      activity = Maps.put_if_present(activity, :object, object)
-      Pleroma.Web.RichMedia.Card.get_by_activity(activity)
+      ConcurrentLimiter.limit(Pleroma.Web.RichMedia.Helpers, fn ->
        Task.start(fn -> Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity) end)
      end)
      # Add local posts to search index
      if local, do: Pleroma.Search.add_to_index(activity)
@ -183,7 +185,7 @@ def insert(map, local \\ true, fake \\ false, bypass_actor_check \\ false) when
          id: "pleroma:fakeid"
        }
-        Pleroma.Web.RichMedia.Card.get_by_activity(activity)
+        Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
        {:ok, activity}
      {:remote_limit_pass, _} ->
@ -1547,17 +1549,6 @@ defp normalize_attachment(%{} = attachment), do: [attachment]
  defp normalize_attachment(attachment) when is_list(attachment), do: attachment
  defp normalize_attachment(_), do: []
  defp maybe_make_public_key_object(data) do
    if is_map(data["publicKey"]) && is_binary(data["publicKey"]["publicKeyPem"]) do
      %{
        public_key: data["publicKey"]["publicKeyPem"],
        key_id: data["publicKey"]["id"]
      }
    else
      nil
    end
  end
  defp object_to_user_data(data, additional) do
    fields =
      data
@ -1589,16 +1580,9 @@ defp object_to_user_data(data, additional) do
    featured_address = data["featured"]
    {:ok, pinned_objects} = fetch_and_prepare_featured_from_ap_id(featured_address)
-    # first, check that the owner is correct
+    public_key =
-    signing_key =
+      if is_map(data["publicKey"]) && is_binary(data["publicKey"]["publicKeyPem"]) do
-      if data["id"] !== data["publicKey"]["owner"] do
+        data["publicKey"]["publicKeyPem"]
        Logger.error(
          "Owner of the public key is not the same as the actor - not saving the public key."
        )
        nil
      else
        maybe_make_public_key_object(data)
      end
    shared_inbox =
@ -1626,6 +1610,7 @@ defp object_to_user_data(data, additional) do
    %{
      ap_id: data["id"],
      uri: get_actor_url(data["url"]),
      ap_enabled: true,
      banner: normalize_image(data["image"]),
      background: normalize_image(data["backgroundUrl"]),
      fields: fields,
@ -1641,7 +1626,7 @@ defp object_to_user_data(data, additional) do
      bio: data["summary"] || "",
      actor_type: actor_type,
      also_known_as: also_known_as,
-      signing_key: signing_key,
+      public_key: public_key,
      inbox: data["inbox"],
      shared_inbox: shared_inbox,
      pinned_objects: pinned_objects,
@ -1742,7 +1727,7 @@ def user_data_from_user_object(data, additional \\ []) do
    end
  end
-  defp fetch_and_prepare_user_from_ap_id(ap_id, additional) do
+  def fetch_and_prepare_user_from_ap_id(ap_id, additional \\ []) do
    with {:ok, data} <- Fetcher.fetch_and_contain_remote_object_from_id(ap_id),
         {:valid, {:ok, _, _}} <- {:valid, UserValidator.validate(data, [])},
         {:ok, data} <- user_data_from_user_object(data, additional) do
@ -1750,16 +1735,19 @@ defp fetch_and_prepare_user_from_ap_id(ap_id, additional) do
    else
      # If this has been deleted, only log a debug and not an error
      {:error, {"Object has been deleted", _, _} = e} ->
-        Logger.debug("User was explicitly deleted #{ap_id}, #{inspect(e)}")
+        Logger.debug("Could not decode user at fetch #{ap_id}, #{inspect(e)}")
-        {:error, :not_found}
+        {:error, e}
-      {:reject, _reason} = e ->
+      {:reject, reason} = e ->
        Logger.debug("Rejected user #{ap_id}: #{inspect(reason)}")
        {:error, e}
      {:valid, reason} ->
-        {:error, {:validate, reason}}
+        Logger.debug("Data is not a valid user #{ap_id}: #{inspect(reason)}")
        {:error, "Not a user"}
      {:error, e} ->
        Logger.error("Could not decode user at fetch #{ap_id}, #{inspect(e)}")
        {:error, e}
    end
  end
@ -1797,7 +1785,7 @@ def pin_data_from_featured_collection(%{
    else
      e ->
        Logger.error("Could not decode featured collection at fetch #{first}, #{inspect(e)}")
-        %{}
+        {:ok, %{}}
    end
  end
@ -1807,18 +1795,14 @@ def pin_data_from_featured_collection(
        } = collection
      )
      when type in ["OrderedCollection", "Collection"] do
-    with {:ok, objects} <- Collections.Fetcher.fetch_collection(collection) do
+    {:ok, objects} = Collections.Fetcher.fetch_collection(collection)
    # Items can either be a map _or_ a string
    objects
    |> Map.new(fn
      ap_id when is_binary(ap_id) -> {ap_id, NaiveDateTime.utc_now()}
      %{"id" => object_ap_id} -> {object_ap_id, NaiveDateTime.utc_now()}
    end)
    else
      e ->
        Logger.warning("Failed to fetch featured collection #{collection}, #{inspect(e)}")
        %{}
    end
  end
  def pin_data_from_featured_collection(obj) do
@ -1857,6 +1841,9 @@ def enqueue_pin_fetches(_), do: nil
  def make_user_from_ap_id(ap_id, additional \\ []) do
    user = User.get_cached_by_ap_id(ap_id)
    if user && !User.ap_enabled?(user) do
      Transmogrifier.upgrade_user_from_ap_id(ap_id)
    else
      with {:ok, data} <- fetch_and_prepare_user_from_ap_id(ap_id, additional) do
        user =
          if data.ap_id != ap_id do
@ -1881,6 +1868,7 @@ def make_user_from_ap_id(ap_id, additional \\ []) do
        end
      end
    end
  end
  def make_user_from_nickname(nickname) do
    with {:ok, %{"ap_id" => ap_id, "subject" => "acct:" <> acct}} when not is_nil(ap_id) <-
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@ -60,26 +60,7 @@ defp relay_active?(conn, _) do
    end
  end
-  @doc """
+  def user(conn, %{"nickname" => nickname}) do
  Render the user's AP data
  WARNING: we cannot actually check if the request has a fragment! so let's play defensively
  - IF we have a valid signature, serve full user
  - IF we do not, and authorized_fetch_mode is enabled, serve the key only
  - OTHERWISE, serve the full actor (since we don't need to worry about the signature)
  """
  def user(%{assigns: %{valid_signature: true}} = conn, params) do
    render_full_user(conn, params)
  end
  def user(conn, params) do
    if Pleroma.Config.get([:activitypub, :authorized_fetch_mode], false) do
      render_key_only_user(conn, params)
    else
      render_full_user(conn, params)
    end
  end
  defp render_full_user(conn, %{"nickname" => nickname}) do
    with %User{local: true} = user <- User.get_cached_by_nickname(nickname) do
      conn
      |> put_resp_content_type("application/activity+json")
@ -91,18 +72,6 @@ defp render_full_user(conn, %{"nickname" => nickname}) do
    end
  end
  def render_key_only_user(conn, %{"nickname" => nickname}) do
    with %User{local: true} = user <- User.get_cached_by_nickname(nickname) do
      conn
      |> put_resp_content_type("application/activity+json")
      |> put_view(UserView)
      |> render("keys.json", %{user: user})
    else
      nil -> {:error, :not_found}
      %{local: false} -> {:error, :not_found}
    end
  end
  def object(%{assigns: assigns} = conn, _) do
    with ap_id <- Endpoint.url() <> conn.request_path,
         %Object{} = object <- Object.get_cached_by_ap_id(ap_id),
--- a/lib/pleroma/web/activity_pub/mrf.ex
+++ b/lib/pleroma/web/activity_pub/mrf.ex
@ -233,7 +233,7 @@ def config_descriptions(policies) do
      if function_exported?(policy, :config_description, 0) do
        description =
          @default_description
-          |> Map.merge(policy.config_description())
+          |> Map.merge(policy.config_description)
          |> Map.put(:group, :pleroma)
          |> Map.put(:tab, :mrf)
          |> Map.put(:type, :group)
--- a/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
@ -34,34 +34,16 @@ defp check_reject(message, actions) do
    end
  end
  @spec delete_and_count(list(), term()) :: {integer(), list()}
  defp delete_and_count(list, element), do: delete_and_count(list, element, {0, [], list})
  defp delete_and_count([], _element, {0, _nlist, olist}), do: {0, olist}
  defp delete_and_count([], _element, {count, nlist, _olist}), do: {count, Enum.reverse(nlist)}
  defp delete_and_count([h | r], h, {count, nlist, olist}),
    do: delete_and_count(r, h, {count + 1, nlist, olist})
  defp delete_and_count([h | r], element, {count, nlist, olist}),
    do: delete_and_count(r, element, {count, [h | nlist], olist})
  defp insert_if_needed(list, oldcount, element) do
    if oldcount <= 0 || Enum.member?(list, element) do
      list
    else
      [element | list]
    end
  end
  defp check_delist(message, actions) do
    if :delist in actions do
      with %User{} = user <- User.get_cached_by_ap_id(message["actor"]) do
-        {pubcnt, to} = delete_and_count(message["to"] || [], Pleroma.Constants.as_public())
+        to =
-        {flwcnt, cc} = delete_and_count(message["cc"] || [], user.follower_address)
+          List.delete(message["to"] || [], Pleroma.Constants.as_public()) ++
            [user.follower_address]
-        cc = insert_if_needed(cc, pubcnt, Pleroma.Constants.as_public())
+        cc =
-        to = insert_if_needed(to, flwcnt, user.follower_address)
+          List.delete(message["cc"] || [], user.follower_address) ++
            [Pleroma.Constants.as_public()]
        message =
          message
@ -83,8 +65,8 @@ defp check_delist(message, actions) do
  defp check_strip_followers(message, actions) do
    if :strip_followers in actions do
      with %User{} = user <- User.get_cached_by_ap_id(message["actor"]) do
-        {_, to} = delete_and_count(message["to"] || [], user.follower_address)
+        to = List.delete(message["to"] || [], user.follower_address)
-        {_, cc} = delete_and_count(message["cc"] || [], user.follower_address)
+        cc = List.delete(message["cc"] || [], user.follower_address)
        message =
          message
--- a/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex
@ -101,19 +101,10 @@ defp get_extension_if_safe(response) do
    end
  end
  defp get_int_header(headers, header_name, default \\ nil) do
    with rawval when rawval != :undefined <- :proplists.get_value(header_name, headers),
         {int, ""} <- Integer.parse(rawval) do
      int
    else
      _ -> default
    end
  end
  defp is_remote_size_within_limit?(url) do
    with {:ok, %{status: status, headers: headers} = _response} when status in 200..299 <-
           Pleroma.HTTP.request(:head, url, nil, [], []) do
-      content_length = get_int_header(headers, "content-length")
+      content_length = :proplists.get_value("content-length", headers, nil)
      size_limit = Config.get([:mrf_steal_emoji, :size_limit], @size_limit)
      accept_unknown =
@ -181,7 +172,7 @@ def filter(message), do: {:ok, message}
              description: <<_::272, _::_*256>>,
              key: :hosts | :rejected_shortcodes | :size_limit,
              suggestions: [any(), ...],
-              type: {:list, :string} | {:list, :string} | :integer | :boolean
+              type: {:list, :string} | {:list, :string} | :integer
            },
            ...
          ],
@ -218,12 +209,6 @@ def config_description do
          type: :integer,
          description: "File size limit (in bytes), checked before an emoji is saved to the disk",
          suggestions: ["100000"]
        },
        %{
          key: :download_unknown_size,
          type: :boolean,
          description: "Whether to download emoji if size can't be determined ahead of time",
          suggestions: [false, true]
        }
      ]
    }
--- a/lib/pleroma/web/activity_pub/object_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validator.ex
@ -15,7 +15,6 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do
  alias Pleroma.EctoType.ActivityPub.ObjectValidators
  alias Pleroma.Object
  alias Pleroma.Object.Containment
  alias Pleroma.Object.Fetcher
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ObjectValidators.AcceptRejectValidator
  alias Pleroma.Web.ActivityPub.ObjectValidators.AddRemoveValidator
@ -254,28 +253,9 @@ def fetch_actor(object) do
  end
  def fetch_actor_and_object(object) do
-    # Fetcher.fetch_object_from_id already first does a local db lookup
+    fetch_actor(object)
-    with {:ok, %User{}} <- fetch_actor(object),
+    Object.normalize(object["object"], fetch: true)
         {:ap_id, id} when is_binary(id) <-
           {:ap_id, Pleroma.Web.ActivityPub.Utils.get_ap_id(object["object"])},
         {:ok, %Object{}} <- Fetcher.fetch_object_from_id(id) do
    :ok
    else
      {:ap_id, id} ->
        {:error, {:validate, "Invalid AP id: #{inspect(id)}"}}
      # if actor: late post from a previously unknown, deleted profile
      # if object: private post we're not allowed to access
      # (other HTTP replies might just indicate a temporary network failure though!)
      {:error, e} when e in [:not_found, :forbidden] ->
        {:error, :ignore}
      {:error, _} = e ->
        e
      e ->
        {:error, e}
    end
  end
  defp for_each_history_item(
--- a/lib/pleroma/web/activity_pub/object_validators/add_remove_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/add_remove_validator.ex
@ -9,7 +9,6 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AddRemoveValidator do
  import Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations
  require Pleroma.Constants
  require Logger
  alias Pleroma.User
@ -28,21 +27,14 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AddRemoveValidator do
  end
  def cast_and_validate(data) do
-    with {_, {:ok, actor}} <- {:user, User.get_or_fetch_by_ap_id(data["actor"])},
+    {:ok, actor} = User.get_or_fetch_by_ap_id(data["actor"])
-         {_, {:ok, actor}} <- {:feataddr, maybe_refetch_user(actor)} do
+
    {:ok, actor} = maybe_refetch_user(actor)
    data
    |> maybe_fix_data_for_mastodon(actor)
    |> cast_data()
    |> validate_data(actor)
    else
      {:feataddr, _} ->
        {:error,
         {:validate,
          "Actor doesn't provide featured collection address to verify against: #{data["id"]}"}}
      {:user, _} ->
        {:error, :link_resolve_failed}
    end
  end
  defp maybe_fix_data_for_mastodon(data, actor) do
@ -81,9 +73,6 @@ defp maybe_refetch_user(%User{featured_address: address} = user) when is_binary(
  end
  defp maybe_refetch_user(%User{ap_id: ap_id}) do
-    # If the user didn't expose a featured collection before,
+    Pleroma.Web.ActivityPub.Transmogrifier.upgrade_user_from_ap_id(ap_id)
    # recheck now so we can verify perms for add/remove.
    # But wait at least 5s to avoid rapid refetches in edge cases
    User.get_or_fetch_by_ap_id(ap_id, maximum_age: 5)
  end
 end
--- a/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/article_note_page_validator.ex
@ -71,7 +71,7 @@ defp fix_tag(data), do: Map.drop(data, ["tag"])
  defp fix_replies(%{"replies" => replies} = data) when is_list(replies), do: data
-  defp fix_replies(%{"replies" => %{"first" => first}} = data) when is_binary(first) do
+  defp fix_replies(%{"replies" => %{"first" => first}} = data) do
    with {:ok, replies} <- Akkoma.Collections.Fetcher.fetch_collection(first) do
      Map.put(data, "replies", replies)
    else
@ -81,10 +81,6 @@ defp fix_replies(%{"replies" => %{"first" => first}} = data) when is_binary(firs
    end
  end
  defp fix_replies(%{"replies" => %{"first" => %{"items" => replies}}} = data)
       when is_list(replies),
       do: Map.put(data, "replies", replies)
  defp fix_replies(%{"replies" => %{"items" => replies}} = data) when is_list(replies),
    do: Map.put(data, "replies", replies)
--- a/lib/pleroma/web/activity_pub/object_validators/common_validations.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/common_validations.ex
@ -54,14 +54,10 @@ def validate_actor_presence(cng, options \\ []) do
  def validate_object_presence(cng, options \\ []) do
    field_name = Keyword.get(options, :field_name, :object)
    allowed_types = Keyword.get(options, :allowed_types, false)
    allowed_categories = Keyword.get(options, :allowed_object_categores, [:object, :activity])
    cng
    |> validate_change(field_name, fn field_name, object_id ->
-      object =
+      object = Object.get_cached_by_ap_id(object_id) || Activity.get_by_ap_id(object_id)
        (:object in allowed_categories && Object.get_cached_by_ap_id(object_id)) ||
          (:activity in allowed_categories && Activity.get_by_ap_id(object_id)) ||
          nil
      cond do
        !object ->
--- a/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/delete_validator.ex
@ -61,10 +61,7 @@ defp validate_data(cng) do
    |> validate_inclusion(:type, ["Delete"])
    |> validate_delete_actor(:actor)
    |> validate_modification_rights()
-    |> validate_object_or_user_presence(
+    |> validate_object_or_user_presence(allowed_types: @deletable_types)
      allowed_types: @deletable_types,
      allowed_object_categories: [:object]
    )
    |> add_deleted_activity_id()
  end
--- a/lib/pleroma/web/activity_pub/object_validators/emoji_react_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/emoji_react_validator.ex
@ -129,7 +129,7 @@ defp validate_data(data_cng) do
    |> validate_inclusion(:type, ["EmojiReact"])
    |> validate_required([:id, :type, :object, :actor, :context, :to, :cc, :content])
    |> validate_actor_presence()
-    |> validate_object_presence(allowed_object_categories: [:object])
+    |> validate_object_presence()
    |> validate_emoji()
    |> maybe_validate_tag_presence()
  end
--- a/lib/pleroma/web/activity_pub/object_validators/like_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/like_validator.ex
@ -66,7 +66,7 @@ defp validate_data(data_cng) do
    |> validate_inclusion(:type, ["Like"])
    |> validate_required([:id, :type, :object, :actor, :context, :to, :cc])
    |> validate_actor_presence()
-    |> validate_object_presence(allowed_object_categories: [:object])
+    |> validate_object_presence()
    |> validate_existing_like()
  end
--- a/lib/pleroma/web/activity_pub/object_validators/undo_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/undo_validator.ex
@ -44,7 +44,7 @@ defp validate_data(data_cng) do
    |> validate_inclusion(:type, ["Undo"])
    |> validate_required([:id, :type, :object, :actor, :to, :cc])
    |> validate_undo_actor(:actor)
-    |> validate_object_presence(allowed_object_categories: [:activity])
+    |> validate_object_presence()
    |> validate_undo_rights()
  end
--- a/lib/pleroma/web/activity_pub/object_validators/user_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/user_validator.ex
@ -14,6 +14,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UserValidator do
  @behaviour Pleroma.Web.ActivityPub.ObjectValidator.Validating
  alias Pleroma.Object.Containment
  alias Pleroma.Signature
  require Pleroma.Constants
@ -22,7 +23,8 @@ def validate(object, meta)
  def validate(%{"type" => type, "id" => _id} = data, meta)
      when type in Pleroma.Constants.actor_types() do
-    with :ok <- validate_inbox(data),
+    with :ok <- validate_pubkey(data),
         :ok <- validate_inbox(data),
         :ok <- contain_collection_origin(data) do
      {:ok, data, meta}
    else
@ -33,6 +35,33 @@ def validate(%{"type" => type, "id" => _id} = data, meta)
  def validate(_, _), do: {:error, "Not a user object"}
  defp mabye_validate_owner(nil, _actor), do: :ok
  defp mabye_validate_owner(actor, actor), do: :ok
  defp mabye_validate_owner(_owner, _actor), do: :error
  defp validate_pubkey(
         %{"id" => id, "publicKey" => %{"id" => pk_id, "publicKeyPem" => _key}} = data
       )
       when id != nil do
    with {_, {:ok, kactor}} <- {:key, Signature.key_id_to_actor_id(pk_id)},
         true <- id == kactor,
         :ok <- mabye_validate_owner(Map.get(data, "owner"), id) do
      :ok
    else
      {:key, _} ->
        {:error, "Unable to determine actor id from key id"}
      false ->
        {:error, "Key id does not relate to user id"}
      _ ->
        {:error, "Actor does not own its public key"}
    end
  end
  # pubkey is optional atm
  defp validate_pubkey(_data), do: :ok
  defp validate_inbox(%{"id" => id, "inbox" => inbox}) do
    case Containment.same_origin(id, inbox) do
      :ok -> :ok
--- a/lib/pleroma/web/activity_pub/publisher.ex
+++ b/lib/pleroma/web/activity_pub/publisher.ex
@ -112,7 +112,7 @@ defp allowed_instances do
    Config.get([:mrf_simple, :accept])
  end
-  def should_federate?(url) when is_binary(url) do
+  def should_federate?(url) do
    %{host: host} = URI.parse(url)
    with {nil, false} <- {nil, is_nil(host)},
@ -137,8 +137,6 @@ def should_federate?(url) when is_binary(url) do
    end
  end
  def should_federate?(_), do: false
  @spec recipients(User.t(), Activity.t()) :: list(User.t()) | []
  defp recipients(actor, activity) do
    followers =
@ -219,6 +217,7 @@ def publish(%User{} = actor, %{data: %{"bcc" => bcc}} = activity)
    inboxes =
      recipients
      |> Enum.filter(&User.ap_enabled?/1)
      |> Enum.map(fn actor -> actor.inbox end)
      |> Enum.filter(fn inbox -> should_federate?(inbox) end)
      |> Instances.filter_reachable()
@ -260,6 +259,7 @@ def publish(%User{} = actor, %Activity{} = activity) do
    json = Jason.encode!(data)
    recipients(actor, activity)
    |> Enum.filter(fn user -> User.ap_enabled?(user) end)
    |> Enum.map(fn %User{} = user ->
      determine_inbox(activity, user)
    end)
--- a/lib/pleroma/web/activity_pub/side_effects.ex
+++ b/lib/pleroma/web/activity_pub/side_effects.ex
@ -225,7 +225,9 @@ def handle(%{data: %{"type" => "Create"}} = activity, meta) do
        end
      end
-      Pleroma.Web.RichMedia.Card.get_by_activity(activity)
+      ConcurrentLimiter.limit(Pleroma.Web.RichMedia.Helpers, fn ->
        Task.start(fn -> Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity) end)
      end)
      Pleroma.Search.add_to_index(Map.put(activity, :object, object))
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@ -21,6 +21,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
  alias Pleroma.Web.ActivityPub.Visibility
  alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes
  alias Pleroma.Web.Federator
  alias Pleroma.Workers.TransmogrifierWorker
  import Ecto.Query
@ -519,22 +520,10 @@ defp handle_incoming_normalised(
  defp handle_incoming_normalised(%{"type" => type} = data, _options)
       when type in ~w{Like EmojiReact Announce Add Remove} do
-    with {_, :ok} <- {:link, ObjectValidator.fetch_actor_and_object(data)},
+    with :ok <- ObjectValidator.fetch_actor_and_object(data),
         {:ok, activity, _meta} <- Pipeline.common_pipeline(data, local: false) do
      {:ok, activity}
    else
      {:link, {:error, :ignore}} ->
        {:error, :ignore}
      {:link, {:error, {:validate, _}} = e} ->
        e
      {:link, {:error, {:reject, _}} = e} ->
        e
      {:link, _} ->
        {:error, :link_resolve_failed}
      e ->
        {:error, e}
    end
@ -556,45 +545,22 @@ defp handle_incoming_normalised(
         %{"type" => "Delete"} = data,
         _options
       ) do
-    oid_result = ObjectValidators.ObjectID.cast(data["object"])
+    with {:ok, activity, _} <-
-
+           Pipeline.common_pipeline(data, local: false) do
    with {_, {:ok, object_id}} <- {:object_id, oid_result},
         object <- Object.get_cached_by_ap_id(object_id),
         {_, false} <- {:tombstone, Object.is_tombstone_object?(object) && !data["actor"]},
         {:ok, activity, _} <- Pipeline.common_pipeline(data, local: false) do
      {:ok, activity}
    else
-      {:object_id, _} ->
+      {:error, {:validate, _}} = e ->
        {:error, {:validate, "Invalid object id: #{data["object"]}"}}
      {:tombstone, true} ->
        {:error, :ignore}
      {:error, {:validate, {:error, %Ecto.Changeset{errors: errors}}}} = e ->
        if errors[:object] == {"can't find object", []} do
        # Check if we have a create activity for this
          # (e.g. from a db prune without --prune-activities)
          # We'd still like to process side effects so insert a fake tombstone and retry
          # (real tombstones from Object.delete do not have an actor field)
        with {:ok, object_id} <- ObjectValidators.ObjectID.cast(data["object"]),
-               {_, %Activity{data: %{"actor" => actor}}} <-
+             %Activity{data: %{"actor" => actor}} <-
-                 {:create, Activity.create_by_object_ap_id(object_id) |> Repo.one()},
+               Activity.create_by_object_ap_id(object_id) |> Repo.one(),
             # We have one, insert a tombstone and retry
             {:ok, tombstone_data, _} <- Builder.tombstone(actor, object_id),
             {:ok, _tombstone} <- Object.create(tombstone_data) do
          handle_incoming(data)
        else
            {:create, _} -> {:error, :ignore}
          _ -> e
        end
        else
          e
        end
      {:error, _} = e ->
        e
      e ->
        {:error, e}
    end
  end
@ -627,20 +593,6 @@ defp handle_incoming_normalised(
       when type in ["Like", "EmojiReact", "Announce", "Block"] do
    with {:ok, activity, _} <- Pipeline.common_pipeline(data, local: false) do
      {:ok, activity}
    else
      {:error, {:validate, {:error, %Ecto.Changeset{errors: errors}}}} = e ->
        # If we never saw the activity being undone, no need to do anything.
        # Inspectinging the validation error content is a bit akward, but looking up the Activity
        # ahead of time here would be too costly since Activity queries are not cached
        # and there's no way atm to pass the retrieved result along along
        if errors[:object] == {"can't find object", []} do
          {:error, :ignore}
        else
          e
        end
      e ->
        e
    end
  end
@ -998,7 +950,8 @@ defp build_emoji_tag({name, url}) do
      "icon" => %{"url" => "#{URI.encode(url)}", "type" => "Image"},
      "name" => ":" <> name <> ":",
      "type" => "Emoji",
-      "updated" => "1970-01-01T00:00:00Z"
+      "updated" => "1970-01-01T00:00:00Z",
      "id" => url
    }
  end
@ -1055,6 +1008,47 @@ defp strip_internal_tags(%{"tag" => tags} = object) do
  defp strip_internal_tags(object), do: object
  def perform(:user_upgrade, user) do
    # we pass a fake user so that the followers collection is stripped away
    old_follower_address = User.ap_followers(%User{nickname: user.nickname})
    from(
      a in Activity,
      where: ^old_follower_address in a.recipients,
      update: [
        set: [
          recipients:
            fragment(
              "array_replace(?,?,?)",
              a.recipients,
              ^old_follower_address,
              ^user.follower_address
            )
        ]
      ]
    )
    |> Repo.update_all([])
  end
  def upgrade_user_from_ap_id(ap_id) do
    with %User{local: false} = user <- User.get_cached_by_ap_id(ap_id),
         {:ok, data} <- ActivityPub.fetch_and_prepare_user_from_ap_id(ap_id),
         {:ok, user} <- update_user(user, data) do
      ActivityPub.enqueue_pin_fetches(user)
      TransmogrifierWorker.enqueue("user_upgrade", %{"user_id" => user.id})
      {:ok, user}
    else
      %User{} = user -> {:ok, user}
      e -> e
    end
  end
  defp update_user(user, data) do
    user
    |> User.remote_user_changeset(data)
    |> User.update_and_set_cache()
  end
  def maybe_fix_user_url(%{"url" => url} = data) when is_map(url) do
    Map.put(data, "url", url["href"])
  end
--- a/lib/pleroma/web/activity_pub/views/user_view.ex
+++ b/lib/pleroma/web/activity_pub/views/user_view.ex
@ -5,6 +5,7 @@
 defmodule Pleroma.Web.ActivityPub.UserView do
  use Pleroma.Web, :view
  alias Pleroma.Keys
  alias Pleroma.Object
  alias Pleroma.Repo
  alias Pleroma.User
@ -32,7 +33,9 @@ def render("endpoints.json", %{user: %User{local: true} = _user}) do
  def render("endpoints.json", _), do: %{}
  def render("service.json", %{user: user}) do
-    {:ok, public_key} = User.SigningKey.public_key_pem(user)
+    {:ok, _, public_key} = Keys.keys_from_pem(user.keys)
    public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
    public_key = :public_key.pem_encode([public_key])
    endpoints = render("endpoints.json", %{user: user})
@ -49,7 +52,7 @@ def render("service.json", %{user: user}) do
      "url" => user.ap_id,
      "manuallyApprovesFollowers" => false,
      "publicKey" => %{
-        "id" => User.SigningKey.local_key_id(user.ap_id),
+        "id" => "#{user.ap_id}#main-key",
        "owner" => user.ap_id,
        "publicKeyPem" => public_key
      },
@ -67,12 +70,9 @@ def render("user.json", %{user: %User{nickname: "internal." <> _} = user}),
    do: render("service.json", %{user: user}) |> Map.put("preferredUsername", user.nickname)
  def render("user.json", %{user: user}) do
-    public_key =
+    {:ok, _, public_key} = Keys.keys_from_pem(user.keys)
-      case User.SigningKey.public_key_pem(user) do
+    public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
-        {:ok, public_key} -> public_key
+    public_key = :public_key.pem_encode([public_key])
        _ -> nil
      end
    user = User.sanitize_html(user)
    endpoints = render("endpoints.json", %{user: user})
@ -97,7 +97,7 @@ def render("user.json", %{user: user}) do
      "url" => user.ap_id,
      "manuallyApprovesFollowers" => user.is_locked,
      "publicKey" => %{
-        "id" => User.SigningKey.local_key_id(user.ap_id),
+        "id" => "#{user.ap_id}#main-key",
        "owner" => user.ap_id,
        "publicKeyPem" => public_key
      },
@ -116,20 +116,6 @@ def render("user.json", %{user: user}) do
    |> Map.merge(Utils.make_json_ld_header())
  end
  def render("keys.json", %{user: user}) do
    {:ok, public_key} = User.SigningKey.public_key_pem(user)
    %{
      "id" => user.ap_id,
      "publicKey" => %{
        "id" => User.SigningKey.key_id_of_local_user(user),
        "owner" => user.ap_id,
        "publicKeyPem" => public_key
      }
    }
    |> Map.merge(Utils.make_json_ld_header())
  end
  def render("following.json", %{user: user, page: page} = opts) do
    showing_items = (opts[:for] && opts[:for] == user) || !user.hide_follows
    showing_count = showing_items || !user.hide_follows_count
--- a/lib/pleroma/web/api_spec/schemas/poll.ex
+++ b/lib/pleroma/web/api_spec/schemas/poll.ex
@ -32,9 +32,7 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Poll do
      },
      voters_count: %Schema{
        type: :integer,
-        nullable: true,
+        description: "How many unique accounts have voted. Number."
        description:
          "How many unique accounts have voted for a multi-selection poll. Number, or null if single-selection poll."
      },
      voted: %Schema{
        type: :boolean,
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@ -66,10 +66,10 @@ defmodule Pleroma.Web.Endpoint do
    }
  )
-  plug(Plug.Static.IndexHtml, at: "/pleroma/swaggerui/")
+  plug(Plug.Static.IndexHtml, at: "/akkoma/swaggerui")
  plug(Pleroma.Web.Plugs.FrontendStatic,
-    at: "/pleroma/swaggerui",
+    at: "/akkoma/swaggerui",
    frontend_type: :swagger,
    gzip: true,
    if: &Pleroma.Web.Swagger.ui_enabled?/0,
--- a/lib/pleroma/web/federator.ex
+++ b/lib/pleroma/web/federator.ex
@ -6,6 +6,7 @@ defmodule Pleroma.Web.Federator do
  alias Pleroma.Activity
  alias Pleroma.Object.Containment
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.ActivityPub.Transmogrifier
  alias Pleroma.Web.ActivityPub.Utils
  alias Pleroma.Web.Federator.Publisher
@ -91,7 +92,8 @@ def perform(:incoming_ap_doc, params) do
    # NOTE: we use the actor ID to do the containment, this is fine because an
    # actor shouldn't be acting on objects outside their own AP server.
-    with nil <- Activity.normalize(params["id"]),
+    with {_, {:ok, _user}} <- {:actor, ap_enabled_actor(actor)},
         nil <- Activity.normalize(params["id"]),
         {_, :ok} <-
           {:correct_origin?, Containment.contain_origin_from_id(actor, params)},
         {:ok, activity} <- Transmogrifier.handle_incoming(params) do
@ -117,11 +119,17 @@ def perform(:incoming_ap_doc, params) do
      e ->
        # Just drop those for now
        Logger.debug(fn -> "Unhandled activity\n" <> Jason.encode!(params, pretty: true) end)
-
+        {:error, e}
        case e do
          {:error, _} -> e
          _ -> {:error, e}
    end
  end
  def ap_enabled_actor(id) do
    user = User.get_cached_by_ap_id(id)
    if User.ap_enabled?(user) do
      {:ok, user}
    else
      ActivityPub.make_user_from_ap_id(id)
    end
  end
 end
--- a/lib/pleroma/web/mastodon_api/views/poll_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/poll_view.ex
@ -19,7 +19,7 @@ def render("show.json", %{object: object, multiple: multiple, options: options}
      expired: expired,
      multiple: multiple,
      votes_count: votes_count,
-      voters_count: voters_count(multiple, object),
+      voters_count: voters_count(object),
      options: options,
      emojis: Pleroma.Web.MastodonAPI.StatusView.build_emojis(object.data["emoji"])
    }
@ -68,19 +68,11 @@ defp options_and_votes_count(options) do
    end)
  end
-  defp voters_count(false, _poll_data) do
+  defp voters_count(%{data: %{"voters" => voters}}) when is_list(voters) do
    # Mastodon always sets voter count to "null" unless multiple options were selectable
    # Some clients may rely on this to detect multiple selection polls and it can mess
    # up percentages for some clients if we never got a correct remote voter count and
    # only count local voters here; see https://akkoma.dev/AkkomaGang/akkoma/issues/190
    nil
  end
  defp voters_count(_multiple, %{data: %{"voters" => voters}}) when is_list(voters) do
    length(voters)
  end
-  defp voters_count(_, _), do: 0
+  defp voters_count(_), do: 0
  defp voted_and_own_votes(%{object: object} = params, options) do
    if params[:for] do
--- a/lib/pleroma/web/mastodon_api/views/status_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/status_view.ex
@ -22,13 +22,17 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
  alias Pleroma.Web.MediaProxy
  alias Pleroma.Web.PleromaAPI.EmojiReactionController
  require Logger
  alias Pleroma.Web.RichMedia.Card
  import Pleroma.Web.ActivityPub.Visibility, only: [get_visibility: 1, visible_for_user?: 2]
  # This is a naive way to do this, just spawning a process per activity
  # to fetch the preview. However it should be fine considering
  # pagination is restricted to 40 activities at a time
  defp fetch_rich_media_for_activities(activities) do
    Enum.each(activities, fn activity ->
-      Card.get_by_activity(activity)
+      spawn(fn ->
        Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
      end)
    end)
  end
@ -89,7 +93,9 @@ def render("index.json", opts) do
    # To do: check AdminAPIControllerTest on the reasons behind nil activities in the list
    activities = Enum.filter(opts.activities, & &1)
-    # Start prefetching rich media before doing anything else
+    # Start fetching rich media before doing anything else, so that later calls to get the cards
    # only block for timeout in the worst case, as opposed to
    # length(activities_with_links) * timeout
    fetch_rich_media_for_activities(activities)
    replied_to_activities = get_replied_to_activities(activities)
@ -303,12 +309,6 @@ def render("show.json", %{activity: %{id: id, data: %{"object" => _object}} = ac
          "mastoapi:content:#{chrono_order}"
        )
      card =
        case Card.get_by_activity(activity) do
          %Card{} = result -> render("card.json", result)
          _ -> nil
        end
      content_plaintext =
        content
        |> Activity.HTML.get_cached_stripped_html_for_activity(
@ -318,6 +318,8 @@ def render("show.json", %{activity: %{id: id, data: %{"object" => _object}} = ac
      summary = object.data["summary"] || ""
      card = render("card.json", Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity))
      url =
        if user.local do
          url(~p[/notice/#{activity}])
@ -526,30 +528,37 @@ def render("source.json", %{activity: %{data: %{"object" => _object}} = activity
    }
  end
-  def render("card.json", %Card{fields: rich_media}) do
+  def render("card.json", %{rich_media: rich_media, page_url: page_url}) do
-    page_url_data = URI.parse(rich_media["url"])
+    page_url_data = URI.parse(page_url)
    page_url_data =
      if is_binary(rich_media["url"]) do
        URI.merge(page_url_data, URI.parse(rich_media["url"]))
      else
        page_url_data
      end
    page_url = page_url_data |> to_string
-    image_url = proxied_url(rich_media["image"], page_url_data)
+    image_url_data =
-    audio_url = proxied_url(rich_media["audio"], page_url_data)
+      if is_binary(rich_media["image"]) do
-    video_url = proxied_url(rich_media["video"], page_url_data)
+        URI.parse(rich_media["image"])
      else
        nil
      end
    image_url = build_image_url(image_url_data, page_url_data)
    %{
      type: "link",
      provider_name: page_url_data.host,
      provider_url: page_url_data.scheme <> "://" <> page_url_data.host,
      url: page_url,
-      image: image_url,
+      image: image_url |> MediaProxy.url(),
      image_description: rich_media["image:alt"] || "",
      title: rich_media["title"] || "",
      description: rich_media["description"] || "",
      pleroma: %{
-        opengraph:
+        opengraph: rich_media
          rich_media
          |> Maps.put_if_present("image", image_url)
          |> Maps.put_if_present("audio", audio_url)
          |> Maps.put_if_present("video", video_url)
      }
    }
  end
@ -627,14 +636,6 @@ def render("context.json", %{activity: activity, activities: activities, user: u
    }
  end
  defp proxied_url(url, page_url_data) do
    if is_binary(url) do
      build_image_url(URI.parse(url), page_url_data) |> MediaProxy.url()
    else
      nil
    end
  end
  def get_reply_to(activity, %{replied_to_activities: replied_to_activities}) do
    object = Object.normalize(activity, fetch: false)
@ -739,7 +740,19 @@ defp build_application(%{"type" => _type, "name" => name, "url" => url}),
  defp build_application(_), do: nil
  # Workaround for Elixir issue #10771
  # Avoid applying URI.merge unless necessary
  # TODO: revert to always attempting URI.merge(image_url_data, page_url_data)
  # when Elixir 1.12 is the minimum supported version
  @spec build_image_url(struct() | nil, struct()) :: String.t() | nil
  defp build_image_url(
         %URI{scheme: image_scheme, host: image_host} = image_url_data,
         %URI{} = _page_url_data
       )
       when not is_nil(image_scheme) and not is_nil(image_host) do
    image_url_data |> to_string
  end
  defp build_image_url(%URI{} = image_url_data, %URI{} = page_url_data) do
    URI.merge(page_url_data, image_url_data) |> to_string
  end
--- a/lib/pleroma/web/mastodon_api/websocket_handler.ex
+++ b/lib/pleroma/web/mastodon_api/websocket_handler.ex
@ -18,8 +18,6 @@ defmodule Pleroma.Web.MastodonAPI.WebsocketHandler do
  @timeout :timer.seconds(60)
  # Hibernate every X messages
  @hibernate_every 100
  # Tune garabge collect for long-lived websocket process
  @fullsweep_after 20
  def init(%{qs: qs} = req, state) do
    with params <- Enum.into(:cow_qs.parse_qs(qs), %{}),
@ -61,10 +59,6 @@ def websocket_init(state) do
      "#{__MODULE__} accepted websocket connection for user #{(state.user || %{id: "anonymous"}).id}, topic #{state.topic}"
    )
    # process is long-lived and can sometimes accumulate stale data in such a way it's
    # not freed by young garbage cycles, thus make full collection sweeps more frequent
    :erlang.process_flag(:fullsweep_after, @fullsweep_after)
    Streamer.add_socket(state.topic, state.oauth_token)
    {:ok, %{state | timer: timer()}}
  end
--- a/lib/pleroma/web/media_proxy.ex
+++ b/lib/pleroma/web/media_proxy.ex
@ -52,11 +52,11 @@ def url(url) do
  @spec url_proxiable?(String.t()) :: boolean()
  def url_proxiable?(url) do
-    not local?(url) and not whitelisted?(url) and not blocked?(url) and http_scheme?(url)
+    not local?(url) and not whitelisted?(url) and not blocked?(url)
  end
  def preview_url(url, preview_params \\ []) do
-    if preview_enabled?() and url_proxiable?(url) do
+    if preview_enabled?() do
      encode_preview_url(url, preview_params)
    else
      url(url)
@ -71,8 +71,6 @@ def preview_enabled?, do: enabled?() and !!Config.get([:media_preview_proxy, :en
  def local?(url), do: String.starts_with?(url, Endpoint.url())
  def http_scheme?(url), do: String.starts_with?(url, ["http:", "https:"])
  def whitelisted?(url) do
    %{host: domain} = URI.parse(url)
--- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
+++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
@ -31,7 +31,7 @@ def nodeinfo(conn, %{"version" => version}) when version in ["2.0", "2.1"] do
    conn
    |> put_resp_header(
      "content-type",
-      "application/json; profile=\"http://nodeinfo.diaspora.software/ns/schema/#{version}#\"; charset=utf-8"
+      "application/json; profile=http://nodeinfo.diaspora.software/ns/schema/2.0#; charset=utf-8"
    )
    |> json(Nodeinfo.get_nodeinfo(version))
  end
--- a/lib/pleroma/web/pleroma_api/controllers/emoji_reaction_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/emoji_reaction_controller.ex
@ -52,14 +52,6 @@ defp filter_allowed_user_by_ap_id(ap_ids, excluded_ap_ids) do
    end)
  end
  defp filter_allowed_users_by_domain(ap_ids, %User{} = for_user) do
    Enum.reject(ap_ids, fn ap_id ->
      User.blocks_domain?(for_user, ap_id)
    end)
  end
  defp filter_allowed_users_by_domain(ap_ids, nil), do: ap_ids
  def filter_allowed_users(reactions, user, with_muted) do
    exclude_ap_ids =
      if is_nil(user) do
@ -70,10 +62,7 @@ def filter_allowed_users(reactions, user, with_muted) do
      end
    filter_emoji = fn emoji, users, url ->
-      users
+      case filter_allowed_user_by_ap_id(users, exclude_ap_ids) do
      |> filter_allowed_user_by_ap_id(exclude_ap_ids)
      |> filter_allowed_users_by_domain(user)
      |> case do
        [] -> nil
        users -> {emoji, users, url}
      end
--- a/lib/pleroma/web/plugs/ensure_user_public_key_plug.ex
+++ b/lib/pleroma/web/plugs/ensure_user_public_key_plug.ex
@ -1,32 +0,0 @@
 defmodule Pleroma.Web.Plugs.EnsureUserPublicKeyPlug do
  @moduledoc """
  This plug will attempt to pull in a user's public key if we do not have it.
  We _should_ be able to request the URL from the key URL...
  """
  alias Pleroma.User
  def init(options), do: options
  def call(conn, _opts) do
    key_id = key_id_from_conn(conn)
    unless is_nil(key_id) do
      User.SigningKey.get_or_fetch_by_key_id(key_id)
      # now we SHOULD have the user that owns the key locally. maybe.
      # if we don't, we'll error out when we try to validate.
    end
    conn
  end
  defp key_id_from_conn(conn) do
    case HTTPSignatures.signature_for_conn(conn) do
      %{"keyId" => key_id} when is_binary(key_id) ->
        key_id
      _ ->
        nil
    end
  end
 end
--- a/lib/pleroma/web/plugs/http_signature_plug.ex
+++ b/lib/pleroma/web/plugs/http_signature_plug.ex
@ -44,26 +44,6 @@ def route_aliases(%{path_info: ["objects", id], query_string: query_string}) do
  def route_aliases(_), do: []
  def maybe_put_created_psudoheader(conn) do
    case HTTPSignatures.signature_for_conn(conn) do
      %{"created" => created} ->
        put_req_header(conn, "(created)", created)
      _ ->
        conn
    end
  end
  def maybe_put_expires_psudoheader(conn) do
    case HTTPSignatures.signature_for_conn(conn) do
      %{"expires" => expires} ->
        put_req_header(conn, "(expires)", expires)
      _ ->
        conn
    end
  end
  defp assign_valid_signature_on_route_aliases(conn, []), do: conn
  defp assign_valid_signature_on_route_aliases(%{assigns: %{valid_signature: true}} = conn, _),
@ -75,8 +55,6 @@ defp assign_valid_signature_on_route_aliases(conn, [path | rest]) do
    conn =
      conn
      |> put_req_header("(request-target)", request_target)
      |> maybe_put_created_psudoheader()
      |> maybe_put_expires_psudoheader()
      |> case do
        %{assigns: %{digest: digest}} = conn -> put_req_header(conn, "digest", digest)
        conn -> conn
@ -139,17 +117,12 @@ defp maybe_require_signature(
  defp maybe_require_signature(conn), do: conn
  defp signature_host(conn) do
-    with {:key_id, %{"keyId" => kid}} <- {:key_id, HTTPSignatures.signature_for_conn(conn)},
+    with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
-         {:actor_id, {:ok, actor_id}} <- {:actor_id, Signature.key_id_to_actor_id(kid)} do
+         {:ok, actor_id} <- Signature.key_id_to_actor_id(kid) do
      actor_id
    else
-      {:key_id, e} ->
+      e ->
-        Logger.error("Failed to extract key_id from signature: #{inspect(e)}")
+        {:error, e}
        nil
      {:actor_id, e} ->
        Logger.error("Failed to extract actor_id from signature: #{inspect(e)}")
        nil
    end
  end
 end
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Floatingghost	dbbfeeb748	Fix documentation Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/build-docker Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details	2024-06-04 11:40:49 +01:00
Floatingghost	569851f14c	fix setup Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-04 10:27:50 +01:00
Floatingghost	6ab2e960d7	mount directory Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-04 10:24:31 +01:00
Floatingghost	3e8388e2de	use long syntax for bind Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-04 10:23:06 +01:00
Floatingghost	bb37aa3be5	put setup file in init.d Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-04 10:21:13 +01:00
Floatingghost	6e06308354	fix setup script Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-04 10:16:58 +01:00
Floatingghost	44a5d0507b	i baka Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-01 10:56:46 +01:00
Floatingghost	e8b7ab5e1e	mount entire config directory Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-01 10:56:16 +01:00
Floatingghost	f5409783b6	let the compose file handle mounts Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-01 10:54:48 +01:00
Floatingghost	616c9878a5	don't chmod Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-01 10:53:41 +01:00
Floatingghost	1c06f6de29	use z flag Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-01 10:52:19 +01:00
Floatingghost	5e0c61fa8f	fix setup script Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-01 10:43:34 +01:00
Floatingghost	863630eb73	don't set config file in dockerfile All checks were successful ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details ci/woodpecker/push/build-docker Pipeline was successful Details	2024-06-01 10:06:06 +01:00
Floatingghost	cb678e8659	only build amd64 for now All checks were successful ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details ci/woodpecker/push/build-docker Pipeline was successful Details	2024-06-01 09:31:17 +01:00
Floatingghost	4450f7463b	add assistive flags for docker Some checks failed ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test unknown status Details ci/woodpecker/push/build-arm64 unknown status Details ci/woodpecker/push/build-amd64 unknown status Details ci/woodpecker/push/docs unknown status Details ci/woodpecker/push/build-docker Pipeline failed Details	2024-06-01 09:11:02 +01:00
Floatingghost	2f1569b931	use standard user	2024-06-01 08:29:44 +01:00
Floatingghost	06dbb96b28	Merge branch 'develop' into customizable-docker-db Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-06-01 08:25:59 +01:00
Floatingghost	7522735b2a	support aarch64 in docker	2024-05-29 06:24:30 +01:00
Floatingghost	5e3c58ae79	crie All checks were successful ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details ci/woodpecker/push/build-docker Pipeline was successful Details	2024-05-29 06:23:17 +01:00
Floatingghost	212686ae9f	use proper commands All checks were successful ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details ci/woodpecker/push/build-docker Pipeline was successful Details	2024-05-29 06:15:01 +01:00
Floatingghost	bf90bc0c17	use next tag Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-05-29 06:13:46 +01:00
Floatingghost	c38555de5c	don't require RPC Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-05-29 06:12:23 +01:00
Floatingghost	f2d59a2922	manage should use ctl Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-05-29 06:11:03 +01:00
Floatingghost	c777a97f60	remove now-unused files Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-05-29 06:10:20 +01:00
Floatingghost	0a7b074508	bind instance and uploads volumes Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-05-29 06:07:35 +01:00
Floatingghost	df40ab6831	use real db user Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-05-29 06:02:20 +01:00
Floatingghost	f3c2aae62b	mount config file in the right place Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-05-29 05:36:52 +01:00
Floatingghost	9e480ab73e	add config volume Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-05-29 05:33:39 +01:00
Floatingghost	770913f9aa	update pg version to 16 Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-05-29 05:31:34 +01:00
Floatingghost	8f8c7c76dc	correct migration script	2024-05-29 05:30:54 +01:00
Floatingghost	995225b783	use alpine containers Some checks are pending ci/woodpecker/push/build-amd64 Pipeline is pending Details ci/woodpecker/push/build-arm64 Pipeline is pending Details ci/woodpecker/push/build-docker Pipeline is pending Details ci/woodpecker/push/docs Pipeline is pending Details ci/woodpecker/push/lint Pipeline is pending Details ci/woodpecker/push/test Pipeline is pending Details	2024-05-29 05:20:20 +01:00
Floatingghost	38d93a0f97	add script to migrate postgres versions	2024-05-29 05:19:46 +01:00
Floatingghost	a2dfab971d	add shm_size in overrides	2024-05-29 05:01:18 +01:00
Floatingghost	2b6c5c94f9	add docker-compose file to tune database	2024-05-29 05:00:33 +01:00
Floatingghost	23c7271f05	am i baka? maybe All checks were successful ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details ci/woodpecker/push/build-docker Pipeline was successful Details	2024-05-28 12:23:13 +01:00
Floatingghost	5fc47d4b80	i am a moron Some checks failed ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/docs Pipeline was successful Details ci/woodpecker/push/build-docker Pipeline failed Details	2024-05-28 12:15:10 +01:00
Floatingghost	23da9903d5	add test docker build Some checks failed ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/push/build-amd64 Pipeline was successful Details ci/woodpecker/push/build-arm64 Pipeline was successful Details ci/woodpecker/push/build-docker Pipeline failed Details ci/woodpecker/push/docs Pipeline was successful Details	2024-05-28 12:12:38 +01:00
`@ -60,4 +60,4 @@ config :pleroma, :frontends,`

	Then run the [pleroma.frontend cli task](../../administration/CLI_tasks/frontend) with the name of `swagger-ui` to install the distribution files.	Then run the [pleroma.frontend cli task](../../administration/CLI_tasks/frontend) with the name of `swagger-ui` to install the distribution files.

	You will now be able to view documentation at `/pleroma/swaggerui`	You will now be able to view documentation at `/akkoma/swaggerui`