Merge branch 'stretch' of https://github.com/bashrc/freedombone

doc/EN/app_mumble.org

@@ -49,8 +49,8 @@ Search for and install Plumble.
 
 Press the plus button to add a Mumble server.
 
-Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the *About* screen of the *Administrator control panel*, your username (which can also be anything) and the mumble password which can be found in the *Passwords* section of the *Administrator control panel*.
+Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the *About* screen of the *Administrator control panel*, your username (which can also be anything) and the mumble password which can be found in the *Passwords* section of the *Administrator control panel*. Leave the port number unchanged.
 
-Open the settings. Select General, then Connect via Tor. This will provide better protection, making it more difficult for adversaries to know who is talking to who.
+Open the settings. Select *General*, then *Connect via Tor*. This will provide better protection, making it more difficult for adversaries to know who is talking to who. If connecting through Tor is unreliable and causes crashes then unselect *Connect via Tor* on the *General settings* and then just use your ordinary domain name.
 
 Selecting the server by pressing on it then connects you to the server so that you can chat with other connected users.

doc/EN/fediverse.org

@@ -39,5 +39,5 @@ It may seem like a good idea and it may seem like you're doing a service to the
 
 
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
+This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
 #+END_CENTER

doc/EN/homeserver.org

@@ -153,5 +153,5 @@ man freedombone-image
 #+end_src
 
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
+This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion
 #+END_CENTER

doc/EN/index.org

@@ -42,5 +42,5 @@ If you find bugs, or want to add a new app to this system see the [[./devguide.h
 Ready made disk images which can be copied onto USB or microSD drives are [[./downloads/current][available here]].
 
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
+This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
 #+END_CENTER

doc/EN/mesh.org

@@ -35,5 +35,5 @@ Systems only need to be within wifi range of each other for the mesh to be creat
 Like [[https://libremesh.org][LibreMesh]], this system uses a combination of [[https://en.wikipedia.org/wiki/B.A.T.M.A.N.][batman-adv]] on network layer 2 and [[http://bmx6.net][BMX]] on layer 3. Routing protocols [[http://www.olsr.org][OLSR2]] and [[https://www.irif.fr/~jch/software/babel][Babel]] are also selectable.
 
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
+This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion
 #+END_CENTER

doc/EN/mesh_images.org

@@ -37,7 +37,7 @@ The MultiWriter tool is also available within mesh client images, so that you ca
 [[file:images/mesh_netbook.jpg]]
 #+END_CENTER
 
-"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 8GB in size.
+"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 16GB in size.
 
 #+begin_src bash
 sudo apt-get install xz-utils wget

doc/EN/support.org

@@ -18,13 +18,11 @@
 
 * Contact details
 
-This site can also be accessed via a Tor browser at *http://pazyv7nkllp76hqr.onion*
+This site can also be accessed via a Tor browser at *http://7ec7btgr6m7c5r3h.onion*
 
 *Email:* bob@freedombone.net
 
-*PGP/GPG Key ID:* EA982E38
-
-*PGP/GPG Fingerprint:* D538 1159 CD7A 2F80 2F06 ABA0 0452 CC7C EA98 2E38
+*PGP/GPG Fingerprint:* 9ABB82C00ABF39F82680487DCC2536191FA7C33F
 
 *XMPP:* bob@freedombone.net with OMEMO or OTR
 

src/freedombone-app-ghost

@@ -228,14 +228,21 @@ function backup_local_ghost {
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
 
+    suspend_site ${GHOST_DOMAIN_NAME}
+    systemctl stop ghost
+
     ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
     if [ -d $ghost_path ]; then
-        suspend_site ${GHOST_DOMAIN_NAME}
-        systemctl stop ghost
         backup_directory_to_usb $ghost_path ghostcontent
-        systemctl start ghost
-        restart_site
     fi
+
+    ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
+    if [ -d $ghost_path ]; then
+        backup_directory_to_usb $ghost_path ghostcurrent
+    fi
+
+    systemctl start ghost
+    restart_site
 }
 
 function restore_local_ghost {
@@ -254,12 +261,31 @@ function restore_local_ghost {
             if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
                 cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
             else
+                if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
+                    mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
+                fi
                 cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
             fi
             chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/content
             rm -rf $temp_restore_dir
         fi
 
+        temp_restore_dir=/root/tempghostcurrent
+        function_check restore_directory_from_usb
+        restore_directory_from_usb $temp_restore_dir ghostcurrent
+        if [ -d $temp_restore_dir ]; then
+            if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
+                cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+            else
+                if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
+                    mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+                fi
+                cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+            fi
+            chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+            rm -rf $temp_restore_dir
+        fi
+
         systemctl start ghost
         restart_site
     fi
@@ -271,15 +297,27 @@ function backup_remote_ghost {
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
 
+    suspend_site ${GHOST_DOMAIN_NAME}
+
     temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
     if [ -d $temp_backup_dir ]; then
-        suspend_site ${GHOST_DOMAIN_NAME}
         backup_directory_to_friend $temp_backup_dir ghostcontent
-        restart_site
     else
+        restart_site
         echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}"
         exit 2578
     fi
+
+    temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
+    if [ -d $temp_backup_dir ]; then
+        backup_directory_to_friend $temp_backup_dir ghostcurrent
+    else
+        restart_site
+        echo $"Ghost domain specified but not found in $temp_backup_dir"
+        exit 78353
+    fi
+
+    restart_site
 }
 
 function restore_remote_ghost {
@@ -298,12 +336,31 @@ function restore_remote_ghost {
         if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
             cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
         else
+            if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
+                mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
+            fi
             cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
         fi
         chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
         rm -rf $temp_restore_dir
     fi
 
+    temp_restore_dir=/root/tempghostcurrent
+    function_check restore_directory_from_friend
+    restore_directory_from_friend $temp_restore_dir ghostcurrent
+    if [ -d $temp_restore_dir ]; then
+        if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
+            cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+        else
+            if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
+                mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+            fi
+            cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+        fi
+        chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
+        rm -rf $temp_restore_dir
+    fi
+
     systemctl start ghost
     restart_site
 }

src/freedombone-app-koel

@@ -39,7 +39,7 @@ KOEL_CODE=
 KOEL_ONION_PORT=8118
 KOEL_PORT=9002
 KOEL_REPO="https://github.com/phanan/koel"
-KOEL_COMMIT='70464a'
+KOEL_COMMIT='8e9b021aa09f2b1460977bdd52fff14ea2bc1607'
 KOEL_ADMIN_PASSWORD=
 
 koel_variables=(ONION_ONLY

src/freedombone-app-lychee

@@ -163,11 +163,22 @@ function restore_local_lychee {
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
     if [ $LYCHEE_DOMAIN_NAME ]; then
+        suspend_site ${LYCHEE_DOMAIN_NAME}
+
         function_check lychee_create_database
         lychee_create_database
 
         function_check restore_database
         restore_database lychee ${LYCHEE_DOMAIN_NAME}
+
+        if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
+            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
+            MARIADB_PASSWORD=
+        fi
+
+        restart_site
+        chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
     fi
 }
 
@@ -195,12 +206,21 @@ function restore_remote_lychee {
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
 
+    suspend_site ${LYCHEE_DOMAIN_NAME}
+
     function_check restore_database_from_friend
 
     function_check lychee_create_database
     lychee_create_database
 
     restore_database_from_friend lychee ${LYCHEE_DOMAIN_NAME}
+
+    if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
+        MARIADB_PASSWORD=
+    fi
+
     restart_site
     chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
 }

src/freedombone-app-mumble

@@ -43,6 +43,7 @@ MUMBLE_DATABASE="mumble-server.sqlite"
 MUMBLE_CONFIG_FILE="mumble-server.ini"
 
 mumble_variables=(MY_USERNAME
+                  DEFAULT_DOMAIN_NAME
                   MUMBLE_PORT
                   ONION_ONLY
                   ADMIN_USERNAME)
@@ -84,6 +85,21 @@ function upgrade_mumble {
     if [ -d /etc/letsencrypt ]; then
         usermod -a -G ssl-cert mumble-server
     fi
+
+    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+        if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
+            sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
+            sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
+            systemctl restart mumble
+        fi
+    else
+        if ! grep -q "${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/mumble-server.ini; then
+            usermod -a -G ssl-cert mumble-server
+            sed -i "s|sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
+            sed -i "s|sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
+            systemctl restart mumble
+        fi
+    fi
 }
 
 function backup_local_mumble {
@@ -242,7 +258,7 @@ function install_mumble {
         if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then
             mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
         fi
-        if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
             if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
                 rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt
             fi
@@ -265,7 +281,7 @@ function install_mumble {
 
 
     # Make an ssl cert for the server
-    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
         if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
             ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
             function_check check_certificates
@@ -307,12 +323,12 @@ function install_mumble {
         echo 'allowping=False' >> /etc/mumble-server.ini
     fi
     sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
-    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
         sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
         sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
     else
-        sed -i "s|#sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini
-        sed -i "s|#sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini
+        sed -i "s|#sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
+        sed -i "s|#sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
     fi
     sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
     sed -i 's|users=100|users=10|g' /etc/mumble-server.ini

src/freedombone-app-pleroma

@@ -58,6 +58,8 @@ PLEROMA_TITLE='Pleroma Server'
 
 # Number of months after which posts expire
 PLEROMA_EXPIRE_MONTHS=3
+pleroma_expire_posts_script=/usr/bin/pleroma-expire-posts
+blocking_script_file=/usr/bin/pleroma-blocking
 
 pleroma_variables=(ONION_ONLY
                    PLEROMA_DOMAIN_NAME
@@ -70,6 +72,81 @@ pleroma_variables=(ONION_ONLY
                    MY_EMAIL_ADDRESS
                    MY_USERNAME)
 
+function create_pleroma_blocklist {
+    echo '#!/bin/bash' > $blocking_script_file
+    echo "if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then" >> $blocking_script_file
+    echo '    exit 0' >> $blocking_script_file
+    echo 'fi' >> $blocking_script_file
+    echo 'cd /etc/postgresql' >> $blocking_script_file
+    echo 'while read blocked; do' >> $blocking_script_file
+    echo '    if [[ "$blocked" == *"."* || "$blocked" == *"@"* ]]; then' >> $blocking_script_file
+    echo '        if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file
+    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\"" >> $blocking_script_file
+    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM users WHERE nickname ilike '%\${blocked}%'\"" >> $blocking_script_file
+    echo '            if [[ "$blocked" != *"@"* ]]; then' >> $blocking_script_file
+    echo "                sudo -u postgres psql -d pleroma -c \"DELETE FROM websub_server_subscriptions WHERE callback like '%\${blocked}%'\"" >> $blocking_script_file
+    echo '            fi' >> $blocking_script_file
+    echo '        fi' >> $blocking_script_file
+    echo '    fi' >> $blocking_script_file
+    echo "done </root/${PROJECT_NAME}-firewall-domains.cfg" >> $blocking_script_file
+    chmod +x $blocking_script_file
+
+    if ! grep -q "$blocking_script_file" /etc/crontab; then
+        echo "*/2            * *   *   *   root $blocking_script_file > /dev/null" >> /etc/crontab
+    fi
+}
+
+function expire_pleroma_posts {
+    domain_name=$1
+    expire_months=$3
+
+    if [ ! $expire_months ]; then
+        expire_months=3
+    fi
+
+    expire_days=$((expire_months * 30))
+
+    # files are what take up most of the backup time, so don't keep them for very long
+    expire_days_files=7
+
+    # To prevent the database size from growing endlessly this script expires posts
+    # after a number of months
+    if [ ! -d /etc/pleroma ]; then
+        return
+    fi
+
+    echo '#!/bin/bash' > $pleroma_expire_posts_script
+    echo "plmonths=\"$PLEROMA_EXPIRE_MONTHS\"" >> $pleroma_expire_posts_script
+    echo 'if [ ${#plmonths} -eq 0 ]; then' >> $pleroma_expire_posts_script
+    echo '    exit 1' >> $pleroma_expire_posts_script
+    echo 'fi' >> $pleroma_expire_posts_script
+    echo 'if [[ "$plmonths" == "0" ]]; then' >> $pleroma_expire_posts_script
+    echo '    exit 2' >> $pleroma_expire_posts_script
+    echo 'fi' >> $pleroma_expire_posts_script
+    echo 'oldate=$(date +%Y-%m-%d --date="$plmonths months ago")' >> $pleroma_expire_posts_script
+    echo 'cd /etc/postgresql' >> $pleroma_expire_posts_script
+    echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
+    echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
+    chmod +x $pleroma_expire_posts_script
+
+    pleroma_expire_script=/etc/cron.daily/pleroma-expire
+    echo '#!/bin/bash' > $pleroma_expire_script
+    echo "find /etc/pleroma/uploads/* -mtime +${expire_days_files} -exec rm -rf {} +" >> $pleroma_expire_script
+    echo "$pleroma_expire_posts_script 2> /dev/null" >> $pleroma_expire_script
+    chmod +x $pleroma_expire_script
+
+    # remove any old cron job
+    if grep -q "pleroma-expire" /etc/crontab; then
+        sed -i "/pleroma-expire/d" /etc/crontab
+        rm /usr/bin/pleroma-expire
+    fi
+
+    # remove old expire script
+    if [ -f /etc/cron.weekly/clear-pleroma-database ]; then
+        rm /etc/cron.weekly/clear-pleroma-database
+    fi
+}
+
 function pleroma_recompile {
     # necessary after parameter changes
     chown -R pleroma:pleroma $PLEROMA_DIR
@@ -80,6 +157,7 @@ function pleroma_recompile {
     if [ -f /etc/systemd/system/pleroma.service ]; then
         systemctl restart pleroma
     fi
+
 }
 
 function logging_on_pleroma {
@@ -353,6 +431,7 @@ function pleroma_set_title {
 
 function pleroma_set_expire_months {
     PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
+    read_config_param "PLEROMA_DOMAIN_NAME"
     read_config_param "PLEROMA_EXPIRE_MONTHS"
 
     data=$(tempfile 2>/dev/null)
@@ -378,7 +457,8 @@ function pleroma_set_expire_months {
                 PLEROMA_EXPIRE_MONTHS=$new_expiry_months
                 write_config_param "PLEROMA_EXPIRE_MONTHS" "$PLEROMA_EXPIRE_MONTHS"
 
-                # TODO
+                expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
+                create_pleroma_blocklist
 
                 dialog --title $"Set Pleroma post expiry period" \
                        --msgbox $"Expiry period set to $PLEROMA_EXPIRE_MONTHS months" 6 60
@@ -499,6 +579,7 @@ function pleroma_add_emoji {
 }
 
 function configure_interactive_pleroma {
+    read_config_param PLEROMA_DOMAIN_NAME
     read_config_param PLEROMA_EXPIRE_MONTHS
     while true
     do
@@ -531,6 +612,16 @@ function configure_interactive_pleroma {
 }
 
 function upgrade_pleroma {
+    read_config_param PLEROMA_DOMAIN_NAME
+    read_config_param PLEROMA_EXPIRE_MONTHS
+
+    if [ ! -f $pleroma_expire_posts_script ]; then
+        expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
+    fi
+    if [ ! -f $blocking_script_file ]; then
+        create_pleroma_blocklist
+    fi
+
     CURR_PLEROMA_COMMIT=$(get_completion_param "pleroma commit")
     if [[ "$CURR_PLEROMA_COMMIT" == "$PLEROMA_COMMIT" ]]; then
         return
@@ -542,6 +633,9 @@ function upgrade_pleroma {
 
     sudo -u pleroma mix deps.get
     pleroma_recompile
+
+    expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
+    create_pleroma_blocklist
 }
 
 function backup_local_pleroma {
@@ -688,6 +782,7 @@ function remove_pleroma {
     remove_completion_param install_pleroma
     sed -i '/pleroma domain/d' $COMPLETION_FILE
     sed -i '/pleroma commit/d' $COMPLETION_FILE
+    sed -i "/$blocking_script_file/d" /etc/crontab
 
     function_check remove_ddns_domain
     remove_ddns_domain $PLEROMA_DOMAIN_NAME
@@ -900,6 +995,8 @@ function install_pleroma {
         fi
     fi
 
+    create_pleroma_blocklist
+
     # daemon
     echo '[Unit]' > /etc/systemd/system/pleroma.service
     echo 'Description=Pleroma social network' >> /etc/systemd/system/pleroma.service

src/freedombone-app-riot

@@ -65,6 +65,10 @@ function add_user_riot {
     echo '0'
 }
 
+function riot_remove_bad_links {
+    sed -i '/riot.im/d' /var/www/$RIOT_DOMAIN_NAME/htdocs/home.html
+}
+
 function install_interactive_riot {
     if [[ $ONION_ONLY != "no" ]]; then
         RIOT_DOMAIN_NAME='riot.local'
@@ -177,6 +181,7 @@ function upgrade_riot {
 
     riot_download
     sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" ${COMPLETION_FILE}
+    riot_remove_bad_links
 
     systemctl restart nginx
 }
@@ -246,23 +251,25 @@ function install_riot {
     riot_download
 
     cd /var/www/$RIOT_DOMAIN_NAME/htdocs
-    cp config.sample.json config.json
 
     if [[ $ONION_ONLY == 'no' ]]; then
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
-        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" config.json
-        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" config.json
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" config.json
-        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," config.json
+        riot_config_file="config.${RIOT_DOMAIN_NAME}.json"
+        cp config.sample.json $riot_config_file
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" $riot_config_file
+        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," $riot_config_file
     else
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
-        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" config.json
-        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" config.json
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" config.json
-        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," config.json
+        riot_config_file="config.${MATRIX_ONION_DOMAIN_NAME}.json"
+        cp config.sample.json $riot_config_file
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" $riot_config_file
+        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," $riot_config_file
     fi
+    sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" $riot_config_file
+    sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" $riot_config_file
+    sed -i 's|https://piwik.riot.im/||g' $riot_config_file
 
     RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})
 
@@ -340,6 +347,7 @@ function install_riot {
     function_check add_ddns_domain
     add_ddns_domain $RIOT_DOMAIN_NAME
 
+    riot_remove_bad_links
     chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs
 
     systemctl restart nginx

src/freedombone-app-syncthing

@@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -318,14 +318,6 @@ function restore_local_syncthing {
             mkdir -p $SYNCTHING_SHARED_DATA
         fi
         cp -r ${temp_restore_dir}shared/* $SYNCTHING_SHARED_DATA/
-
-        if [ ! "$?" = "0" ]; then
-            set_user_permissions
-            backup_unmount_drive
-            systemctl start syncthing
-            systemctl start cron
-            exit 37904
-        fi
         rm -rf ${temp_restore_dir}shared
     fi
 
@@ -341,7 +333,15 @@ function restore_local_syncthing {
                 if [ -d ${temp_restore_dir}/home/$USERNAME/Sync ]; then
                     cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/
                 else
-                    cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+                    if [ ! -d /home/$USERNAME/Sync ]; then
+                        mkdir /home/$USERNAME/Sync
+                    fi
+                    if [ -d /root/Sync ]; then
+                        cp -r /root/Sync/* /home/$USERNAME/Sync/
+                        rm -rf /root/Sync
+                    else
+                        cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+                    fi
                 fi
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
@@ -425,7 +425,7 @@ function restore_remote_syncthing {
         if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
             mkdir -p $SYNCTHING_CONFIG_PATH
         fi
-        cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/
+        cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/
         if [ ! "$?" = "0" ]; then
             systemctl start syncthing
             systemctl start cron
@@ -439,17 +439,11 @@ function restore_remote_syncthing {
         temp_restore_dir=/root/tempsyncthingshared
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir syncthingshared
-        #cp -r $temp_restore_dir/* /
         if [ ! -d $SYNCTHING_SHARED_DATA ]; then
             mkdir -p $SYNCTHING_SHARED_DATA
         fi
-        cp -r ${temp_restore_dir}shared/* $SYNCTHING_SHARED_DATA/
-        if [ ! "$?" = "0" ]; then
-            systemctl start syncthing
-            systemctl start cron
-            exit 37904
-        fi
-        rm -rf $temp_restore_dir
+        cp -r ${temp_restore_dir}/* $SYNCTHING_SHARED_DATA/
+        rm -rf ${temp_restore_dir}
     fi
 
     if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then
@@ -466,7 +460,15 @@ function restore_remote_syncthing {
                 if [ -d $temp_restore_dir/home/$USERNAME/Sync ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/
                 else
-                    cp -r $temp_restore_dir/* /home/$USERNAME/Sync/
+                    if [ ! -d /home/$USERNAME/Sync ]; then
+                        mkdir /home/$USERNAME/Sync
+                    fi
+                    if [ -d /root/Sync ]; then
+                        cp -r /root/Sync/* /home/$USERNAME/Sync/
+                        rm -rf /root/Sync
+                    else
+                        cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+                    fi
                 fi
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir

src/freedombone-app-xmpp

@@ -407,6 +407,25 @@ function upgrade_xmpp {
     update_prosody_modules
     xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
 
+    if grep -q "/etc/ssl/certs/xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
+        cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam
+        chown prosody:prosody /etc/prosody/xmpp.dhparam
+        sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+
+    if grep -q "/etc/ssl/private/xmpp.key" /etc/prosody/prosody.cfg.lua; then
+        if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem ]; then
+            sed -i "s|/etc/ssl/private/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
+        fi
+    fi
+
+    if grep -q "/etc/ssl/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
+        if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+            sed -i "s|/etc/ssl/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
+        fi
+    fi
+
     curr_prosody_filename=$(cat $COMPLETION_FILE | grep "prosody_filename" | awk -F ':' '{print $2}')
     if [[ "$curr_prosody_filename" != "$prosody_filename" ]]; then
         if [ -d ${INSTALL_DIR}/${prosody_filename} ]; then
@@ -1051,9 +1070,28 @@ function install_xmpp {
     chmod -R 700 /etc/prosody/conf.d
     usermod -a -G www-data prosody
 
+    # Avoid STIG failures
+    if [ -f /usr/lib/ssl/private/xmpp.key ]; then
+        chown root:root /usr/lib/ssl/private/xmpp.key
+    fi
+    if [ -f /usr/lib/ssl/certs/xmpp.crt ]; then
+        chown root:root /usr/lib/ssl/certs/xmpp.crt
+    fi
+    if [ -f /usr/lib/ssl/certs/xmpp.dhparam ]; then
+        chown root:root /usr/lib/ssl/certs/xmpp.dhparam
+    fi
+
     if [ -d /etc/letsencrypt ]; then
         usermod -a -G ssl-cert prosody
     fi
+
+    if [ -f /etc/ssl/certs/xmpp.dhparam ]; then
+        cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam
+        chown prosody:prosody /etc/prosody/xmpp.dhparam
+        sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+
     apt-mark -q hold prosody
     systemctl restart prosody
 

src/freedombone-controlpanel

@@ -1326,9 +1326,14 @@ function reset_tripwire {
         return
     fi
     if [ ! -f /etc/tripwire/${HOSTNAME}-local.key ]; then
-        echo $'Error: missing local key'
-        any_key
-        return
+        if [ -f /etc/tripwire/${PROJECT_NAME}-local.key ]; then
+            mv /etc/tripwire/${PROJECT_NAME}-local.key /etc/tripwire/${HOSTNAME}-local.key
+            mv /etc/tripwire/${PROJECT_NAME}-site.key /etc/tripwire/${HOSTNAME}-site.key
+        else
+            echo $'Error: missing local key'
+            any_key
+            return
+        fi
     fi
     clear
     echo $'Turing off logging...'
@@ -1921,7 +1926,7 @@ function domain_blocking_add {
     trap "rm -f $data" 0 1 2 5 15
     dialog --title $"Block a domain or user" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the domain name or GNU Social/postActiv nick@domain that you wish to block" 8 60 "" 2>$data
+           --inputbox $"Enter the domain name or GNU Social/postActiv/Pleroma nick@domain that you wish to block" 8 60 "" 2>$data
     sel=$?
     case $sel in
         0)
@@ -1933,7 +1938,7 @@ function domain_blocking_add {
                         dialog --title $"Block a domain" \
                                --msgbox $"The domain $blocked_domain has been blocked" 6 40
                     else
-                        dialog --title $"Block a GNU Social/postActiv nickname" \
+                        dialog --title $"Block a GNU Social/postActiv/Pleroma nickname" \
                                --msgbox $"$blocked_domain has been blocked" 6 40
                     fi
                 fi

src/freedombone-image

@@ -547,7 +547,7 @@ if [[ $VARIANT == 'meshclient' || $VARIANT == 'meshusb' ]]; then
     fi
 
     if [ ! $IMAGE_SIZE_SPECIFIED ]; then
-        IMAGE_SIZE=7.9G
+        IMAGE_SIZE=15.0G
     fi
 fi
 

src/freedombone-restore-local

@@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -464,6 +464,9 @@ function restore_gpg {
                 if [ -d $temp_restore_dir/home/$USERNAME/.gnupg ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.gnupg /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.gnupg ]; then
+                        mkdir /home/$USERNAME/.gnupg
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.gnupg/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -543,6 +546,9 @@ function restore_spamassassin {
                     if [ -d $temp_restore_dir/home/$USERNAME ]; then
                         cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
                     else
+                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
+                        mkdir /home/$USERNAME/.spamassassin
+                    fi
                         cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
                     fi
                     if [ ! "$?" = "0" ]; then
@@ -611,6 +617,9 @@ function restore_user_ssh_keys {
                 if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.ssh ]; then
+                        mkdir /home/$USERNAME/.ssh
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -644,6 +653,9 @@ function restore_user_config {
                 if [ -d $temp_restore_dir/home/$USERNAME/.config ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.config ]; then
+                        mkdir /home/$USERNAME/.config
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.config/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -677,6 +689,9 @@ function restore_user_monkeysphere {
                 if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
+                        mkdir /home/$USERNAME/.monkeysphere
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -718,6 +733,9 @@ function restore_user_fin {
                 if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.fin ]; then
+                        mkdir /home/$USERNAME/.fin
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -751,6 +769,9 @@ function restore_user_local {
                 if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.local ]; then
+                        mkdir /home/$USERNAME/.local
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.local/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -837,6 +858,9 @@ function restore_personal_settings {
                     if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
                         mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
                     else
+                        if [ ! -d /home/$USERNAME/personal ]; then
+                            mkdir /home/$USERNAME/personal
+                        fi
                         cp -r $temp_restore_dir/* /home/$USERNAME/personal/
                     fi
                     if [ ! "$?" = "0" ]; then

src/freedombone-restore-remote

@@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -419,6 +419,9 @@ function restore_gpg {
                 if [ -d ${temp_restore_dir}/home/$USERNAME/.gnupg ]; then
                     cp -r ${temp_restore_dir}/home/$USERNAME/.gnupg /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.gnupg ]; then
+                        mkdir /home/$USERNAME/.gnupg
+                    fi
                     cp -r ${temp_restore_dir}/* /home/$USERNAME/.gnupg/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -488,6 +491,9 @@ function restore_spamassassin {
                 if [ -d $temp_restore_dir/home/$USERNAME ]; then
                     cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
+                        mkdir /home/$USERNAME/.spamassassin
+                    fi
                     cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -542,6 +548,9 @@ function restore_ssh_keys {
                 if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.ssh ]; then
+                        mkdir /home/$USERNAME/.ssh
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -573,6 +582,9 @@ function restore_user_config {
                 if [ -d $temp_restore_dir/home/$USERNAME ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.config ]; then
+                        mkdir /home/$USERNAME/.config
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.config/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -604,6 +616,9 @@ function restore_user_monkeysphere {
                 if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
+                        mkdir /home/$USERNAME/.monkeysphere
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -643,6 +658,9 @@ function restore_user_fin {
                 if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.fin ]; then
+                        mkdir /home/$USERNAME/.fin
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -674,6 +692,9 @@ function restore_user_local {
                 if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.local ]; then
+                        mkdir /home/$USERNAME/.local
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.local/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -754,6 +775,9 @@ function restore_personal_settings {
                     fi
                     mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
                 else
+                    if [ ! -d /home/$USERNAME/personal ]; then
+                        mkdir /home/$USERNAME/personal
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/personal/
                 fi
                 if [ ! "$?" = "0" ]; then

src/freedombone-utils-firewall

@@ -547,6 +547,9 @@ function firewall_block_domain {
         if [ -f /usr/bin/postactiv-firewall ]; then
             /usr/bin/postactiv-firewall
         fi
+        if [ -f /usr/bin/pleroma-blocking ]; then
+            /usr/bin/pleroma-blocking
+        fi
     fi
 }
 

src/freedombone-utils-mesh

@@ -107,12 +107,12 @@ function mesh_protocol_init {
     fi
 }
 
-function get_ipv4_wlan {
-    echo $(ip -o -f inet addr show dev "$IFACE" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
+function get_ipv6_wlan {
+    echo $(ifconfig ${IFACE} | grep inet6 | awk -F ' ' '{print $2}')
 }
 
 function mesh_hotspot_ip_address {
-    echo $(ip -o -f inet addr show dev "${BRIDGE}" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
+    echo $(ifconfig ${BRIDGE} | grep inet6 | awk -F ' ' '{print $2}')
 }
 
 function global_rate_limit {
@@ -368,7 +368,7 @@ function enable_mesh_scuttlebot {
     if [ -f /etc/scuttlebot/.ssb/config ]; then
         ethernet_connected=$(cat /sys/class/net/eth0/carrier)
         if [[ "$ethernet_connected" != "0" ]]; then
-            sed -i "s|\"host\": .*|\"host\": \"$(get_ipv4_wlan)\",|g" /etc/scuttlebot/.ssb/config
+            sed -i "s|\"host\": .*|\"host\": \"$(get_ipv6_wlan)\",|g" /etc/scuttlebot/.ssb/config
             systemctl restart scuttlebot
         else
             if [ ! -f /etc/nginx/sites-available/git_ssb ]; then

src/freedombone-utils-ssh

@@ -59,8 +59,8 @@ function configure_ssh {
     if ! grep -q 'HostbasedAuthentication' /etc/ssh/sshd_config; then
         echo 'HostbasedAuthentication no' >> /etc/ssh/sshd_config
     fi
-    sed 's|#HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
-    sed 's|HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
+    sed -i 's|#HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
+    sed -i 's|HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
     sed -i 's|#PrintLastLog.*|PrintLastLog yes|g' /etc/ssh/sshd_config
     sed -i 's|PrintLastLog.*|PrintLastLog yes|g' /etc/ssh/sshd_config
     sed -i 's|#IgnoreRhosts.*|IgnoreRhosts yes|g' /etc/ssh/sshd_config

src/freedombone-utils-web

@@ -756,81 +756,85 @@ function configure_firewall_for_web_access {
 function update_default_domain {
     echo $'Updating default domain'
     if [[ $ONION_ONLY == 'no' ]]; then
-        if [ -d /etc/prosody ]; then
-            if [ -f /etc/mumble-server.ini ]; then
-                if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-                    if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
-                        sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
-                        sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
-                        systemctl restart mumble
-                    fi
-                else
-                    if ! grep -q "${DEFAULT_DOMAIN_NAME}.pem" /etc/mumble-server.ini; then
-                        usermod -a -G ssl-cert mumble-server
-                        sed -i "s|sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini
-                        sed -i "s|sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini
-                        systemctl restart mumble
-                    fi
+        if [ -f /etc/mumble-server.ini ]; then
+            if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+                if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
+                    sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
+                    sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
+                    systemctl restart mumble
+                fi
+            else
+                if ! grep -q "${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/mumble-server.ini; then
+                    usermod -a -G ssl-cert mumble-server
+                    sed -i "s|sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
+                    sed -i "s|sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
+                    systemctl restart mumble
                 fi
             fi
+        fi
 
+        if [ -d /etc/prosody ]; then
             if [ ! -d /etc/prosody/certs ]; then
                 mkdir /etc/prosody/certs
             fi
             cp /etc/ssl/private/xmpp* /etc/prosody/certs
             cp /etc/ssl/certs/xmpp* /etc/prosody/certs
-            if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+            if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
                 usermod -a -G ssl-cert prosody
                 if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-                    sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+                    sed -i "s|/etc/prosody/certs/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
                 fi
                 if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-                    sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+                    sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
                 fi
 
                 if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/prosody.cfg.lua; then
-                    sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
+                    sed -i "s|/etc/prosody/certs/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
                 fi
                 if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
-                    sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
+                    sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
                 fi
-            fi
 
-            if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
-            fi
+                if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+                    sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+                fi
 
-            if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
-            fi
+                if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+                    sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+                fi
 
-            if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/prosody.cfg.lua; then
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
-            fi
+                if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/prosody.cfg.lua; then
+                    sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
+                fi
 
-            if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/prosody.cfg.lua; then
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
+                if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/prosody.cfg.lua; then
+                    sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
+                fi
             fi
 
             chown -R prosody:default /etc/prosody
             chmod -R 700 /etc/prosody/certs/*
             chmod 600 /etc/prosody/prosody.cfg.lua
-            cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
+            if [ -d $INSTALL_DIR/prosody-modules ]; then
+                cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
+                cp -r $INSTALL_DIR/prosody-modules/* /usr/lib/prosody/modules/
+            fi
             chown -R prosody:prosody /var/lib/prosody/prosody-modules
+            chown -R prosody:prosody /usr/lib/prosody/modules
             systemctl reload prosody
         fi
 
         if [ -d /home/znc/.znc ]; then
             echo $'znc found'
-            if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
+            if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
                 pkill znc
                 cat /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key > /home/znc/.znc/znc.pem
                 chown znc:znc /home/znc/.znc/znc.pem
                 chmod 700 /home/znc/.znc/znc.pem
 
-                sed -i "s|CertFile =.*|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/ngircd/ngircd.conf
+                sed -i "s|CertFile =.*|CertFile = /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/ngircd/ngircd.conf
                 sed -i "s|DHFile =.*|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" /etc/ngircd/ngircd.conf
-                sed -i "s|KeyFile =.*|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" /etc/ngircd/ngircd.conf
+                sed -i "s|KeyFile =.*|KeyFile = /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem" /etc/ngircd/ngircd.conf
                 echo $'irc certificates updated'
 
                 systemctl restart ngircd
@@ -839,16 +843,17 @@ function update_default_domain {
         fi
 
         if [ ${#DEFAULT_DOMAIN_NAME} -gt 0 ]; then
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+            if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
                 if [ -d /etc/dovecot ]; then
-                    if ! grep -q "ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then
-                        sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
-                        sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
+                    if ! grep -q "ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/dovecot/conf.d/10-ssl.conf; then
+                        sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
+                        sed -i "s|ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
                         systemctl restart dovecot
                     fi
                 fi
 
                 if [ -d /etc/exim4 ]; then
+                    # Unfortunately there doesn't appear to be any other way than copying certs here
                     cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/{fullchain,privkey}.pem /etc/exim4/
                     chown root:Debian-exim /etc/exim4/*.pem
                     chmod 640 /etc/exim4/*.pem

website/EN/app_mumble.html

@@ -3,10 +3,10 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2016-12-10 Sat 15:19 -->
+<!-- 2018-01-21 Sun 11:01 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
-<title></title>
+<title>&lrm;</title>
 <meta name="generator" content="Org mode" />
 <meta name="author" content="Bob Mottram" />
 <meta name="description" content="How to use Mumble"
@@ -71,6 +71,7 @@
   pre.src-fortran:before { content: 'Fortran'; }
   pre.src-gnuplot:before { content: 'gnuplot'; }
   pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
   pre.src-java:before { content: 'Java'; }
   pre.src-js:before { content: 'Javascript'; }
   pre.src-latex:before { content: 'LaTeX'; }
@@ -188,7 +189,7 @@
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
@@ -251,18 +252,18 @@ for the JavaScript code in this tag.
 Mumble is a well known VoIP system originally used for gaming, but which works just as well for any general conference calls or meetings.
 </p>
 
-<div id="outline-container-orgb69e7cf" class="outline-2">
-<h2 id="orgb69e7cf">Text chat</h2>
-<div class="outline-text-2" id="text-orgb69e7cf">
+<div id="outline-container-org208d455" class="outline-2">
+<h2 id="org208d455">Text chat</h2>
+<div class="outline-text-2" id="text-org208d455">
 <p>
 In addition to voice it is also possible to do text chat via mumble. The security of this is pretty good provided that you do it via Plumble and Orbot on mobile, but compared to other options such as XMPP/Conversations or Tox the security is not as good, since the mumble server currently doesn't support forward secrecy.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgd3559d7" class="outline-2">
-<h2 id="orgd3559d7">Using with Ubuntu</h2>
-<div class="outline-text-2" id="text-orgd3559d7">
+<div id="outline-container-orge57116e" class="outline-2">
+<h2 id="orge57116e">Using with Ubuntu</h2>
+<div class="outline-text-2" id="text-orge57116e">
 <p>
 First ensure that tor is installed. Within a terminal:
 </p>
@@ -298,9 +299,9 @@ Click on "add new" to add a new server and enter the <b>default domain name</b>
 </div>
 </div>
 
-<div id="outline-container-org0e1c0da" class="outline-2">
-<h2 id="org0e1c0da">Using with Android</h2>
-<div class="outline-text-2" id="text-org0e1c0da">
+<div id="outline-container-orgb9f0d9d" class="outline-2">
+<h2 id="orgb9f0d9d">Using with Android</h2>
+<div class="outline-text-2" id="text-orgb9f0d9d">
 <p>
 Install <a href="https://f-droid.org/">F-Droid</a>
 </p>
@@ -318,11 +319,11 @@ Press the plus button to add a Mumble server.
 </p>
 
 <p>
-Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the <b>About</b> screen of the <b>Administrator control panel</b>, your username (which can also be anything) and the mumble password which can be found in the <b>Passwords</b> section of the <b>Administrator control panel</b>.
+Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the <b>About</b> screen of the <b>Administrator control panel</b>, your username (which can also be anything) and the mumble password which can be found in the <b>Passwords</b> section of the <b>Administrator control panel</b>. Leave the port number unchanged.
 </p>
 
 <p>
-Open the settings. Select General, then Connect via Tor. This will provide better protection, making it more difficult for adversaries to know who is talking to who.
+Open the settings. Select <b>General</b>, then <b>Connect via Tor</b>. This will provide better protection, making it more difficult for adversaries to know who is talking to who. If connecting through Tor is unreliable and causes crashes then unselect <b>Connect via Tor</b> on the <b>General settings</b> and then just use your ordinary domain name.
 </p>
 
 <p>

website/EN/fediverse.html

@@ -3,10 +3,10 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-06-27 Tue 13:17 -->
+<!-- 2018-01-21 Sun 11:13 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
-<title></title>
+<title>&lrm;</title>
 <meta name="generator" content="Org mode" />
 <meta name="author" content="Bob Mottram" />
 <meta name="description" content="Homesteading the Fediverse"
@@ -252,54 +252,54 @@ for the JavaScript code in this tag.
 Some things you might want to know about the Fediverse:
 </p>
 
-<div id="outline-container-orgdcdb846" class="outline-2">
-<h2 id="orgdcdb846">Keep the number of users on each server small</h2>
-<div class="outline-text-2" id="text-orgdcdb846">
+<div id="outline-container-org7ef0ae3" class="outline-2">
+<h2 id="org7ef0ae3">Keep the number of users on each server small</h2>
+<div class="outline-text-2" id="text-org7ef0ae3">
 <p>
 The importance of this can't be overstated. Servers with lots of users always eventually have problems where the interests of the users are not the same as the interests of the server administrator. If you are the server administrator, or if there are only a small squad-size group of people on the server, then it's a lot easier to resolve differences and everyone's interests are likely to be similar.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org51ce16d" class="outline-2">
-<h2 id="org51ce16d">Drama will happen</h2>
-<div class="outline-text-2" id="text-org51ce16d">
+<div id="outline-container-orgb78d10c" class="outline-2">
+<h2 id="orgb78d10c">Drama will happen</h2>
+<div class="outline-text-2" id="text-orgb78d10c">
 <p>
 It's inevitable in any social network, but fortunately your options for dealing with it are better than they are in the giant proprietary monoliths. In the proprietary world Google or Facebook don't give a damn about the fate of individual users. On a server with a small number of users if you're getting griefed then the administrator is likely to care and be able to do something about it.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org449c739" class="outline-2">
-<h2 id="org449c739">Don't be afraid to block</h2>
-<div class="outline-text-2" id="text-org449c739">
+<div id="outline-container-orgac5dc10" class="outline-2">
+<h2 id="orgac5dc10">Don't be afraid to block</h2>
+<div class="outline-text-2" id="text-orgac5dc10">
 <p>
 Especially if other servers are publishing content which may not be legal in your jurisdiction then don't be afraid to use domain or user blocking from the <b>Administrator control panel</b>. The same applies if users on other servers are trying to harass you. Blocking creates politics and drama but <span class="underline">this is a feature not a bug</span>. It allows you to craft your own distinct community and user experience while also existing in the wider federation. It's hard to do this on sites like Twitter or Facebook. Try to keep blocking to a minimum though and avoid doing it for insubstantial reasons. If you have other users on your server then publish the blocked domains list somewhere they can see. That avoids disappointment and enables you to have a discussion about the validity of blocking decisions.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org3692a0e" class="outline-2">
-<h2 id="org3692a0e">Network structure maps on to social structure</h2>
-<div class="outline-text-2" id="text-org3692a0e">
+<div id="outline-container-orgec4f5cf" class="outline-2">
+<h2 id="orgec4f5cf">Network structure maps on to social structure</h2>
+<div class="outline-text-2" id="text-orgec4f5cf">
 <p>
 Over time follows and blocking rules come to match the underlying social geography of affinity groups. Blocking will happen and users will move around or start new servers. Drama related to blocking will dissipate.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org05184eb" class="outline-2">
-<h2 id="org05184eb">Keep your follows under the Dunbar number</h2>
-<div class="outline-text-2" id="text-org05184eb">
+<div id="outline-container-org07b0224" class="outline-2">
+<h2 id="org07b0224">Keep your follows under the Dunbar number</h2>
+<div class="outline-text-2" id="text-org07b0224">
 <p>
 Keep the number of other users you're following and who are also active to under a couple of hundred. Any more than that and you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will dissolve in a sea of entropy. There are no algorithmic timelines, and even if they're introduced then they create their own problems as an opaque form of censorship. <span class="underline">Real community happens at tribal scale</span>. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgfbf8e98" class="outline-2">
-<h2 id="orgfbf8e98">Avoid big public servers</h2>
-<div class="outline-text-2" id="text-orgfbf8e98">
+<div id="outline-container-org07a661a" class="outline-2">
+<h2 id="org07a661a">Avoid big public servers</h2>
+<div class="outline-text-2" id="text-org07a661a">
 <p>
 It may seem like a good idea and it may seem like you're doing a service to the community by allowing random strangers to register, but servers with thousands of users only cause problems - social, administrative, financial and possibly also legal. The financial strain of running a powerful server with high reliability may be enough to encourage the administrator to begin pushing advertising onto the system, or sell user content, and then before you know it you have identical problems to Twitter. Instead try to encourage people to set up their own servers. Follow this principle and a lot of arguments and stress will be more easily avoided.
 </p>
@@ -308,7 +308,7 @@ It may seem like a good idea and it may seem like you're doing a service to the
 
 <div class="org-center">
 <p>
-This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
+This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
 </p>
 </div>
 </div>

website/EN/homeserver.html

@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-12-28 Thu 21:15 -->
+<!-- 2018-01-21 Sun 11:15 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -478,7 +478,7 @@ Of course, this is just one way in which you can install the Freedombone system.
 
 <div class="org-center">
 <p>
-This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>
+This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>
 </p>
 </div>
 </div>

website/EN/index.html

@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-12-20 Wed 13:53 -->
+<!-- 2018-01-21 Sun 11:15 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -299,7 +299,7 @@ Ready made disk images which can be copied onto USB or microSD drives are <a hre
 
 <div class="org-center">
 <p>
-This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
+This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
 </p>
 </div>
 </div>

website/EN/mesh.html

@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-01-17 Wed 23:49 -->
+<!-- 2018-01-21 Sun 11:15 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -284,7 +284,7 @@ Like <a href="https://libremesh.org">LibreMesh</a>, this system uses a combinati
 
 <div class="org-center">
 <p>
-This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>
+This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>
 </p>
 </div>
 </div>

website/EN/mesh_images.html

@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-12-29 Fri 23:16 -->
+<!-- 2018-01-18 Thu 18:15 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -246,13 +246,13 @@ for the JavaScript code in this tag.
 
 <center><h1>Mesh Network: Images</h1></center>
 
-<div id="outline-container-org92a36a4" class="outline-2">
-<h2 id="org92a36a4">Pre-built Disk Images</h2>
-<div class="outline-text-2" id="text-org92a36a4">
+<div id="outline-container-orgff89f51" class="outline-2">
+<h2 id="orgff89f51">Pre-built Disk Images</h2>
+<div class="outline-text-2" id="text-orgff89f51">
 </div>
-<div id="outline-container-orgf74ea4c" class="outline-3">
-<h3 id="orgf74ea4c">Writing many images quickly</h3>
-<div class="outline-text-3" id="text-orgf74ea4c">
+<div id="outline-container-orgd2bd6dc" class="outline-3">
+<h3 id="orgd2bd6dc">Writing many images quickly</h3>
+<div class="outline-text-3" id="text-orgd2bd6dc">
 <p>
 There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the <b>dd</b> command is used for writing to the target drive, but to write to multiple drives you can use a tool such as <a href="https://wiki.gnome.org/Apps/MultiWriter">GNOME MultiWriter</a>.
 </p>
@@ -280,9 +280,9 @@ The MultiWriter tool is also available within mesh client images, so that you ca
 </p>
 </div>
 </div>
-<div id="outline-container-orgdd8f201" class="outline-3">
-<h3 id="orgdd8f201">Client images</h3>
-<div class="outline-text-3" id="text-orgdd8f201">
+<div id="outline-container-orgaa45ffa" class="outline-3">
+<h3 id="orgaa45ffa">Client images</h3>
+<div class="outline-text-3" id="text-orgaa45ffa">
 <div class="org-center">
 
 <div class="figure">
@@ -292,7 +292,7 @@ The MultiWriter tool is also available within mesh client images, so that you ca
 </div>
 
 <p>
-"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 8GB in size.
+"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 16GB in size.
 </p>
 
 <div class="org-src-container">
@@ -331,16 +331,16 @@ sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-n
 </div>
 </div>
 
-<div id="outline-container-org231f975" class="outline-3">
-<h3 id="org231f975">Router images</h3>
-<div class="outline-text-3" id="text-org231f975">
+<div id="outline-container-org6ca93ec" class="outline-3">
+<h3 id="org6ca93ec">Router images</h3>
+<div class="outline-text-3" id="text-org6ca93ec">
 <p>
 Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do.
 </p>
 </div>
-<div id="outline-container-orgbe92b46" class="outline-4">
-<h4 id="orgbe92b46">Beaglebone Black</h4>
-<div class="outline-text-4" id="text-orgbe92b46">
+<div id="outline-container-org69b5cfa" class="outline-4">
+<h4 id="org69b5cfa">Beaglebone Black</h4>
+<div class="outline-text-4" id="text-org69b5cfa">
 <div class="org-center">
 
 <div class="figure">
@@ -377,9 +377,9 @@ There is still a software freedom issue with the Beaglebone Black, but it doesn'
 </div>
 </div>
 
-<div id="outline-container-orgd948176" class="outline-2">
-<h2 id="orgd948176">Building Disk Images</h2>
-<div class="outline-text-2" id="text-orgd948176">
+<div id="outline-container-org6b309a0" class="outline-2">
+<h2 id="org6b309a0">Building Disk Images</h2>
+<div class="outline-text-2" id="text-org6b309a0">
 <p>
 It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
 </p>

website/EN/support.html

@@ -3,10 +3,10 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-06-27 Tue 13:16 -->
+<!-- 2018-01-21 Sun 11:14 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
-<title></title>
+<title>&lrm;</title>
 <meta name="generator" content="Org mode" />
 <meta name="author" content="Bob Mottram" />
 <meta name="description" content="Turn the Beaglebone Black into a personal communications server"
@@ -248,11 +248,11 @@ for the JavaScript code in this tag.
 <h1>Support</h1>
 </center>
 
-<div id="outline-container-orgb1a7204" class="outline-2">
-<h2 id="orgb1a7204">Contact details</h2>
-<div class="outline-text-2" id="text-orgb1a7204">
+<div id="outline-container-org3dddbf5" class="outline-2">
+<h2 id="org3dddbf5">Contact details</h2>
+<div class="outline-text-2" id="text-org3dddbf5">
 <p>
-This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a></b>
+This site can also be accessed via a Tor browser at <b><a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a></b>
 </p>
 
 <p>
@@ -260,11 +260,7 @@ This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkl
 </p>
 
 <p>
-<b>PGP/GPG Key ID:</b> EA982E38
-</p>
-
-<p>
-<b>PGP/GPG Fingerprint:</b> D538 1159 CD7A 2F80 2F06 ABA0 0452 CC7C EA98 2E38
+<b>PGP/GPG Fingerprint:</b> 9ABB82C00ABF39F82680487DCC2536191FA7C33F
 </p>
 
 <p>
@@ -277,22 +273,22 @@ This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkl
 </div>
 </div>
 
-<div id="outline-container-orga7a8570" class="outline-2">
-<h2 id="orga7a8570">Things which would be nice to have</h2>
-<div class="outline-text-2" id="text-orga7a8570">
+<div id="outline-container-org654de23" class="outline-2">
+<h2 id="org654de23">Things which would be nice to have</h2>
+<div class="outline-text-2" id="text-org654de23">
 </div>
-<div id="outline-container-orgce3bc4d" class="outline-3">
-<h3 id="orgce3bc4d">Ideas</h3>
-<div class="outline-text-3" id="text-orgce3bc4d">
+<div id="outline-container-org9171145" class="outline-3">
+<h3 id="org9171145">Ideas</h3>
+<div class="outline-text-3" id="text-org9171145">
 <p>
 Know of some fabulous web system which could run on Freedombone, but currently doesn't? Contact the above, and be prepared to make a compelling argument for why it should be included.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org1104d91" class="outline-3">
-<h3 id="org1104d91">Money</h3>
-<div class="outline-text-3" id="text-org1104d91">
+<div id="outline-container-org71c7a97" class="outline-3">
+<h3 id="org71c7a97">Money</h3>
+<div class="outline-text-3" id="text-org71c7a97">
 <p>
 At the present time this project is not seeking any funding. There is no crowdfunding campaign and no slick marketing video. Those aren't ruled out as future possibilities, but for now they're just not needed.
 </p>
@@ -303,27 +299,27 @@ If you find this project useful then you may wish to consider donating to <a hre
 </div>
 </div>
 
-<div id="outline-container-orge4c8d46" class="outline-3">
-<h3 id="orge4c8d46">Testing and reporting bugs</h3>
-<div class="outline-text-3" id="text-orge4c8d46">
+<div id="outline-container-org012655b" class="outline-3">
+<h3 id="org012655b">Testing and reporting bugs</h3>
+<div class="outline-text-3" id="text-org012655b">
 <p>
 Testing of the install on different hardware. Also pentesting on test installations to find vulnerabilities.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org3ea4978" class="outline-3">
-<h3 id="org3ea4978">Web design and artwork</h3>
-<div class="outline-text-3" id="text-org3ea4978">
+<div id="outline-container-org2ec5168" class="outline-3">
+<h3 id="org2ec5168">Web design and artwork</h3>
+<div class="outline-text-3" id="text-org2ec5168">
 <p>
 A better design for this website would be nice to have. Photos, icons or other artwork are all welcome. I've always liked the cartoon artwork of the <a href="https://www.mediagoblin.org/">Mediagoblin</a> project, and attractive graphics can help to get people initially interested.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgac92852" class="outline-3">
-<h3 id="orgac92852">More education and promotion</h3>
-<div class="outline-text-3" id="text-orgac92852">
+<div id="outline-container-org76b8351" class="outline-3">
+<h3 id="org76b8351">More education and promotion</h3>
+<div class="outline-text-3" id="text-org76b8351">
 <div class="org-center">
 
 <div class="figure">
@@ -341,18 +337,18 @@ Raising awareness beyond the near zero current level, overcoming fear and parano
 </div>
 </div>
 
-<div id="outline-container-orgf1745de" class="outline-3">
-<h3 id="orgf1745de">Translations</h3>
-<div class="outline-text-3" id="text-orgf1745de">
+<div id="outline-container-org5332549" class="outline-3">
+<h3 id="org5332549">Translations</h3>
+<div class="outline-text-3" id="text-org5332549">
 <p>
 To add translations modify the json files within the <b>locale</b> subdirectory. Then make a pull request on the <a href="https://github.com/bashrc/freedombone">Github site</a>.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org6cc7753" class="outline-3">
-<h3 id="org6cc7753">Packaging</h3>
-<div class="outline-text-3" id="text-org6cc7753">
+<div id="outline-container-orgd4e3504" class="outline-3">
+<h3 id="orgd4e3504">Packaging</h3>
+<div class="outline-text-3" id="text-orgd4e3504">
 <p>
 Helping to package GNU Social and Hubzilla for Debian would be beneficial.
 </p>