Browse Source

Merge branch 'stretch' of https://github.com/bashrc/freedombone

Bob Mottram 7 years ago
parent
commit
079fb21212

+ 2
- 2
doc/EN/app_mumble.org View File

@@ -49,8 +49,8 @@ Search for and install Plumble.
49 49
 
50 50
 Press the plus button to add a Mumble server.
51 51
 
52
-Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the *About* screen of the *Administrator control panel*, your username (which can also be anything) and the mumble password which can be found in the *Passwords* section of the *Administrator control panel*.
52
+Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the *About* screen of the *Administrator control panel*, your username (which can also be anything) and the mumble password which can be found in the *Passwords* section of the *Administrator control panel*. Leave the port number unchanged.
53 53
 
54
-Open the settings. Select General, then Connect via Tor. This will provide better protection, making it more difficult for adversaries to know who is talking to who.
54
+Open the settings. Select *General*, then *Connect via Tor*. This will provide better protection, making it more difficult for adversaries to know who is talking to who. If connecting through Tor is unreliable and causes crashes then unselect *Connect via Tor* on the *General settings* and then just use your ordinary domain name.
55 55
 
56 56
 Selecting the server by pressing on it then connects you to the server so that you can chat with other connected users.

+ 1
- 1
doc/EN/fediverse.org View File

@@ -39,5 +39,5 @@ It may seem like a good idea and it may seem like you're doing a service to the
39 39
 
40 40
 
41 41
 #+BEGIN_CENTER
42
-This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
42
+This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
43 43
 #+END_CENTER

+ 1
- 1
doc/EN/homeserver.org View File

@@ -153,5 +153,5 @@ man freedombone-image
153 153
 #+end_src
154 154
 
155 155
 #+BEGIN_CENTER
156
-This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
156
+This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion
157 157
 #+END_CENTER

+ 1
- 1
doc/EN/index.org View File

@@ -42,5 +42,5 @@ If you find bugs, or want to add a new app to this system see the [[./devguide.h
42 42
 Ready made disk images which can be copied onto USB or microSD drives are [[./downloads/current][available here]].
43 43
 
44 44
 #+BEGIN_CENTER
45
-This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
45
+This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
46 46
 #+END_CENTER

+ 1
- 1
doc/EN/mesh.org View File

@@ -35,5 +35,5 @@ Systems only need to be within wifi range of each other for the mesh to be creat
35 35
 Like [[https://libremesh.org][LibreMesh]], this system uses a combination of [[https://en.wikipedia.org/wiki/B.A.T.M.A.N.][batman-adv]] on network layer 2 and [[http://bmx6.net][BMX]] on layer 3. Routing protocols [[http://www.olsr.org][OLSR2]] and [[https://www.irif.fr/~jch/software/babel][Babel]] are also selectable.
36 36
 
37 37
 #+BEGIN_CENTER
38
-This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
38
+This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion
39 39
 #+END_CENTER

+ 1
- 1
doc/EN/mesh_images.org View File

@@ -37,7 +37,7 @@ The MultiWriter tool is also available within mesh client images, so that you ca
37 37
 [[file:images/mesh_netbook.jpg]]
38 38
 #+END_CENTER
39 39
 
40
-"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 8GB in size.
40
+"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 16GB in size.
41 41
 
42 42
 #+begin_src bash
43 43
 sudo apt-get install xz-utils wget

+ 2
- 4
doc/EN/support.org View File

@@ -18,13 +18,11 @@
18 18
 
19 19
 * Contact details
20 20
 
21
-This site can also be accessed via a Tor browser at *http://pazyv7nkllp76hqr.onion*
21
+This site can also be accessed via a Tor browser at *http://7ec7btgr6m7c5r3h.onion*
22 22
 
23 23
 *Email:* bob@freedombone.net
24 24
 
25
-*PGP/GPG Key ID:* EA982E38
26
-
27
-*PGP/GPG Fingerprint:* D538 1159 CD7A 2F80 2F06 ABA0 0452 CC7C EA98 2E38
25
+*PGP/GPG Fingerprint:* 9ABB82C00ABF39F82680487DCC2536191FA7C33F
28 26
 
29 27
 *XMPP:* bob@freedombone.net with OMEMO or OTR
30 28
 

+ 63
- 6
src/freedombone-app-ghost View File

@@ -228,14 +228,21 @@ function backup_local_ghost {
228 228
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
229 229
     fi
230 230
 
231
+    suspend_site ${GHOST_DOMAIN_NAME}
232
+    systemctl stop ghost
233
+
231 234
     ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
232 235
     if [ -d $ghost_path ]; then
233
-        suspend_site ${GHOST_DOMAIN_NAME}
234
-        systemctl stop ghost
235 236
         backup_directory_to_usb $ghost_path ghostcontent
236
-        systemctl start ghost
237
-        restart_site
238 237
     fi
238
+
239
+    ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
240
+    if [ -d $ghost_path ]; then
241
+        backup_directory_to_usb $ghost_path ghostcurrent
242
+    fi
243
+
244
+    systemctl start ghost
245
+    restart_site
239 246
 }
240 247
 
241 248
 function restore_local_ghost {
@@ -254,12 +261,31 @@ function restore_local_ghost {
254 261
             if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
255 262
                 cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
256 263
             else
264
+                if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
265
+                    mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
266
+                fi
257 267
                 cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
258 268
             fi
259 269
             chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/content
260 270
             rm -rf $temp_restore_dir
261 271
         fi
262 272
 
273
+        temp_restore_dir=/root/tempghostcurrent
274
+        function_check restore_directory_from_usb
275
+        restore_directory_from_usb $temp_restore_dir ghostcurrent
276
+        if [ -d $temp_restore_dir ]; then
277
+            if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
278
+                cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
279
+            else
280
+                if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
281
+                    mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
282
+                fi
283
+                cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
284
+            fi
285
+            chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
286
+            rm -rf $temp_restore_dir
287
+        fi
288
+
263 289
         systemctl start ghost
264 290
         restart_site
265 291
     fi
@@ -271,15 +297,27 @@ function backup_remote_ghost {
271 297
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
272 298
     fi
273 299
 
300
+    suspend_site ${GHOST_DOMAIN_NAME}
301
+
274 302
     temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
275 303
     if [ -d $temp_backup_dir ]; then
276
-        suspend_site ${GHOST_DOMAIN_NAME}
277 304
         backup_directory_to_friend $temp_backup_dir ghostcontent
278
-        restart_site
279 305
     else
306
+        restart_site
280 307
         echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}"
281 308
         exit 2578
282 309
     fi
310
+
311
+    temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
312
+    if [ -d $temp_backup_dir ]; then
313
+        backup_directory_to_friend $temp_backup_dir ghostcurrent
314
+    else
315
+        restart_site
316
+        echo $"Ghost domain specified but not found in $temp_backup_dir"
317
+        exit 78353
318
+    fi
319
+
320
+    restart_site
283 321
 }
284 322
 
285 323
 function restore_remote_ghost {
@@ -298,12 +336,31 @@ function restore_remote_ghost {
298 336
         if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
299 337
             cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
300 338
         else
339
+            if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
340
+                mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
341
+            fi
301 342
             cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
302 343
         fi
303 344
         chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
304 345
         rm -rf $temp_restore_dir
305 346
     fi
306 347
 
348
+    temp_restore_dir=/root/tempghostcurrent
349
+    function_check restore_directory_from_friend
350
+    restore_directory_from_friend $temp_restore_dir ghostcurrent
351
+    if [ -d $temp_restore_dir ]; then
352
+        if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
353
+            cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
354
+        else
355
+            if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
356
+                mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
357
+            fi
358
+            cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
359
+        fi
360
+        chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
361
+        rm -rf $temp_restore_dir
362
+    fi
363
+
307 364
     systemctl start ghost
308 365
     restart_site
309 366
 }

+ 1
- 1
src/freedombone-app-koel View File

@@ -39,7 +39,7 @@ KOEL_CODE=
39 39
 KOEL_ONION_PORT=8118
40 40
 KOEL_PORT=9002
41 41
 KOEL_REPO="https://github.com/phanan/koel"
42
-KOEL_COMMIT='70464a'
42
+KOEL_COMMIT='8e9b021aa09f2b1460977bdd52fff14ea2bc1607'
43 43
 KOEL_ADMIN_PASSWORD=
44 44
 
45 45
 koel_variables=(ONION_ONLY

+ 20
- 0
src/freedombone-app-lychee View File

@@ -163,11 +163,22 @@ function restore_local_lychee {
163 163
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
164 164
     fi
165 165
     if [ $LYCHEE_DOMAIN_NAME ]; then
166
+        suspend_site ${LYCHEE_DOMAIN_NAME}
167
+
166 168
         function_check lychee_create_database
167 169
         lychee_create_database
168 170
 
169 171
         function_check restore_database
170 172
         restore_database lychee ${LYCHEE_DOMAIN_NAME}
173
+
174
+        if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
175
+            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
176
+            sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
177
+            MARIADB_PASSWORD=
178
+        fi
179
+
180
+        restart_site
181
+        chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
171 182
     fi
172 183
 }
173 184
 
@@ -195,12 +206,21 @@ function restore_remote_lychee {
195 206
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
196 207
     fi
197 208
 
209
+    suspend_site ${LYCHEE_DOMAIN_NAME}
210
+
198 211
     function_check restore_database_from_friend
199 212
 
200 213
     function_check lychee_create_database
201 214
     lychee_create_database
202 215
 
203 216
     restore_database_from_friend lychee ${LYCHEE_DOMAIN_NAME}
217
+
218
+    if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
219
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
220
+        sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
221
+        MARIADB_PASSWORD=
222
+    fi
223
+
204 224
     restart_site
205 225
     chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
206 226
 }

+ 21
- 5
src/freedombone-app-mumble View File

@@ -43,6 +43,7 @@ MUMBLE_DATABASE="mumble-server.sqlite"
43 43
 MUMBLE_CONFIG_FILE="mumble-server.ini"
44 44
 
45 45
 mumble_variables=(MY_USERNAME
46
+                  DEFAULT_DOMAIN_NAME
46 47
                   MUMBLE_PORT
47 48
                   ONION_ONLY
48 49
                   ADMIN_USERNAME)
@@ -84,6 +85,21 @@ function upgrade_mumble {
84 85
     if [ -d /etc/letsencrypt ]; then
85 86
         usermod -a -G ssl-cert mumble-server
86 87
     fi
88
+
89
+    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
90
+        if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
91
+            sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
92
+            sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
93
+            systemctl restart mumble
94
+        fi
95
+    else
96
+        if ! grep -q "${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/mumble-server.ini; then
97
+            usermod -a -G ssl-cert mumble-server
98
+            sed -i "s|sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
99
+            sed -i "s|sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
100
+            systemctl restart mumble
101
+        fi
102
+    fi
87 103
 }
88 104
 
89 105
 function backup_local_mumble {
@@ -242,7 +258,7 @@ function install_mumble {
242 258
         if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then
243 259
             mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
244 260
         fi
245
-        if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
261
+        if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
246 262
             if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
247 263
                 rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt
248 264
             fi
@@ -265,7 +281,7 @@ function install_mumble {
265 281
 
266 282
 
267 283
     # Make an ssl cert for the server
268
-    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
284
+    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
269 285
         if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
270 286
             ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
271 287
             function_check check_certificates
@@ -307,12 +323,12 @@ function install_mumble {
307 323
         echo 'allowping=False' >> /etc/mumble-server.ini
308 324
     fi
309 325
     sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
310
-    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
326
+    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
311 327
         sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
312 328
         sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
313 329
     else
314
-        sed -i "s|#sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini
315
-        sed -i "s|#sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini
330
+        sed -i "s|#sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
331
+        sed -i "s|#sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
316 332
     fi
317 333
     sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
318 334
     sed -i 's|users=100|users=10|g' /etc/mumble-server.ini

+ 98
- 1
src/freedombone-app-pleroma View File

@@ -58,6 +58,8 @@ PLEROMA_TITLE='Pleroma Server'
58 58
 
59 59
 # Number of months after which posts expire
60 60
 PLEROMA_EXPIRE_MONTHS=3
61
+pleroma_expire_posts_script=/usr/bin/pleroma-expire-posts
62
+blocking_script_file=/usr/bin/pleroma-blocking
61 63
 
62 64
 pleroma_variables=(ONION_ONLY
63 65
                    PLEROMA_DOMAIN_NAME
@@ -70,6 +72,81 @@ pleroma_variables=(ONION_ONLY
70 72
                    MY_EMAIL_ADDRESS
71 73
                    MY_USERNAME)
72 74
 
75
+function create_pleroma_blocklist {
76
+    echo '#!/bin/bash' > $blocking_script_file
77
+    echo "if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then" >> $blocking_script_file
78
+    echo '    exit 0' >> $blocking_script_file
79
+    echo 'fi' >> $blocking_script_file
80
+    echo 'cd /etc/postgresql' >> $blocking_script_file
81
+    echo 'while read blocked; do' >> $blocking_script_file
82
+    echo '    if [[ "$blocked" == *"."* || "$blocked" == *"@"* ]]; then' >> $blocking_script_file
83
+    echo '        if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file
84
+    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\"" >> $blocking_script_file
85
+    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM users WHERE nickname ilike '%\${blocked}%'\"" >> $blocking_script_file
86
+    echo '            if [[ "$blocked" != *"@"* ]]; then' >> $blocking_script_file
87
+    echo "                sudo -u postgres psql -d pleroma -c \"DELETE FROM websub_server_subscriptions WHERE callback like '%\${blocked}%'\"" >> $blocking_script_file
88
+    echo '            fi' >> $blocking_script_file
89
+    echo '        fi' >> $blocking_script_file
90
+    echo '    fi' >> $blocking_script_file
91
+    echo "done </root/${PROJECT_NAME}-firewall-domains.cfg" >> $blocking_script_file
92
+    chmod +x $blocking_script_file
93
+
94
+    if ! grep -q "$blocking_script_file" /etc/crontab; then
95
+        echo "*/2            * *   *   *   root $blocking_script_file > /dev/null" >> /etc/crontab
96
+    fi
97
+}
98
+
99
+function expire_pleroma_posts {
100
+    domain_name=$1
101
+    expire_months=$3
102
+
103
+    if [ ! $expire_months ]; then
104
+        expire_months=3
105
+    fi
106
+
107
+    expire_days=$((expire_months * 30))
108
+
109
+    # files are what take up most of the backup time, so don't keep them for very long
110
+    expire_days_files=7
111
+
112
+    # To prevent the database size from growing endlessly this script expires posts
113
+    # after a number of months
114
+    if [ ! -d /etc/pleroma ]; then
115
+        return
116
+    fi
117
+
118
+    echo '#!/bin/bash' > $pleroma_expire_posts_script
119
+    echo "plmonths=\"$PLEROMA_EXPIRE_MONTHS\"" >> $pleroma_expire_posts_script
120
+    echo 'if [ ${#plmonths} -eq 0 ]; then' >> $pleroma_expire_posts_script
121
+    echo '    exit 1' >> $pleroma_expire_posts_script
122
+    echo 'fi' >> $pleroma_expire_posts_script
123
+    echo 'if [[ "$plmonths" == "0" ]]; then' >> $pleroma_expire_posts_script
124
+    echo '    exit 2' >> $pleroma_expire_posts_script
125
+    echo 'fi' >> $pleroma_expire_posts_script
126
+    echo 'oldate=$(date +%Y-%m-%d --date="$plmonths months ago")' >> $pleroma_expire_posts_script
127
+    echo 'cd /etc/postgresql' >> $pleroma_expire_posts_script
128
+    echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
129
+    echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
130
+    chmod +x $pleroma_expire_posts_script
131
+
132
+    pleroma_expire_script=/etc/cron.daily/pleroma-expire
133
+    echo '#!/bin/bash' > $pleroma_expire_script
134
+    echo "find /etc/pleroma/uploads/* -mtime +${expire_days_files} -exec rm -rf {} +" >> $pleroma_expire_script
135
+    echo "$pleroma_expire_posts_script 2> /dev/null" >> $pleroma_expire_script
136
+    chmod +x $pleroma_expire_script
137
+
138
+    # remove any old cron job
139
+    if grep -q "pleroma-expire" /etc/crontab; then
140
+        sed -i "/pleroma-expire/d" /etc/crontab
141
+        rm /usr/bin/pleroma-expire
142
+    fi
143
+
144
+    # remove old expire script
145
+    if [ -f /etc/cron.weekly/clear-pleroma-database ]; then
146
+        rm /etc/cron.weekly/clear-pleroma-database
147
+    fi
148
+}
149
+
73 150
 function pleroma_recompile {
74 151
     # necessary after parameter changes
75 152
     chown -R pleroma:pleroma $PLEROMA_DIR
@@ -80,6 +157,7 @@ function pleroma_recompile {
80 157
     if [ -f /etc/systemd/system/pleroma.service ]; then
81 158
         systemctl restart pleroma
82 159
     fi
160
+
83 161
 }
84 162
 
85 163
 function logging_on_pleroma {
@@ -353,6 +431,7 @@ function pleroma_set_title {
353 431
 
354 432
 function pleroma_set_expire_months {
355 433
     PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
434
+    read_config_param "PLEROMA_DOMAIN_NAME"
356 435
     read_config_param "PLEROMA_EXPIRE_MONTHS"
357 436
 
358 437
     data=$(tempfile 2>/dev/null)
@@ -378,7 +457,8 @@ function pleroma_set_expire_months {
378 457
                 PLEROMA_EXPIRE_MONTHS=$new_expiry_months
379 458
                 write_config_param "PLEROMA_EXPIRE_MONTHS" "$PLEROMA_EXPIRE_MONTHS"
380 459
 
381
-                # TODO
460
+                expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
461
+                create_pleroma_blocklist
382 462
 
383 463
                 dialog --title $"Set Pleroma post expiry period" \
384 464
                        --msgbox $"Expiry period set to $PLEROMA_EXPIRE_MONTHS months" 6 60
@@ -499,6 +579,7 @@ function pleroma_add_emoji {
499 579
 }
500 580
 
501 581
 function configure_interactive_pleroma {
582
+    read_config_param PLEROMA_DOMAIN_NAME
502 583
     read_config_param PLEROMA_EXPIRE_MONTHS
503 584
     while true
504 585
     do
@@ -531,6 +612,16 @@ function configure_interactive_pleroma {
531 612
 }
532 613
 
533 614
 function upgrade_pleroma {
615
+    read_config_param PLEROMA_DOMAIN_NAME
616
+    read_config_param PLEROMA_EXPIRE_MONTHS
617
+
618
+    if [ ! -f $pleroma_expire_posts_script ]; then
619
+        expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
620
+    fi
621
+    if [ ! -f $blocking_script_file ]; then
622
+        create_pleroma_blocklist
623
+    fi
624
+
534 625
     CURR_PLEROMA_COMMIT=$(get_completion_param "pleroma commit")
535 626
     if [[ "$CURR_PLEROMA_COMMIT" == "$PLEROMA_COMMIT" ]]; then
536 627
         return
@@ -542,6 +633,9 @@ function upgrade_pleroma {
542 633
 
543 634
     sudo -u pleroma mix deps.get
544 635
     pleroma_recompile
636
+
637
+    expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
638
+    create_pleroma_blocklist
545 639
 }
546 640
 
547 641
 function backup_local_pleroma {
@@ -688,6 +782,7 @@ function remove_pleroma {
688 782
     remove_completion_param install_pleroma
689 783
     sed -i '/pleroma domain/d' $COMPLETION_FILE
690 784
     sed -i '/pleroma commit/d' $COMPLETION_FILE
785
+    sed -i "/$blocking_script_file/d" /etc/crontab
691 786
 
692 787
     function_check remove_ddns_domain
693 788
     remove_ddns_domain $PLEROMA_DOMAIN_NAME
@@ -900,6 +995,8 @@ function install_pleroma {
900 995
         fi
901 996
     fi
902 997
 
998
+    create_pleroma_blocklist
999
+
903 1000
     # daemon
904 1001
     echo '[Unit]' > /etc/systemd/system/pleroma.service
905 1002
     echo 'Description=Pleroma social network' >> /etc/systemd/system/pleroma.service

+ 21
- 13
src/freedombone-app-riot View File

@@ -65,6 +65,10 @@ function add_user_riot {
65 65
     echo '0'
66 66
 }
67 67
 
68
+function riot_remove_bad_links {
69
+    sed -i '/riot.im/d' /var/www/$RIOT_DOMAIN_NAME/htdocs/home.html
70
+}
71
+
68 72
 function install_interactive_riot {
69 73
     if [[ $ONION_ONLY != "no" ]]; then
70 74
         RIOT_DOMAIN_NAME='riot.local'
@@ -177,6 +181,7 @@ function upgrade_riot {
177 181
 
178 182
     riot_download
179 183
     sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" ${COMPLETION_FILE}
184
+    riot_remove_bad_links
180 185
 
181 186
     systemctl restart nginx
182 187
 }
@@ -246,23 +251,25 @@ function install_riot {
246 251
     riot_download
247 252
 
248 253
     cd /var/www/$RIOT_DOMAIN_NAME/htdocs
249
-    cp config.sample.json config.json
250 254
 
251 255
     if [[ $ONION_ONLY == 'no' ]]; then
252
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
253
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
254
-        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" config.json
255
-        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" config.json
256
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" config.json
257
-        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," config.json
256
+        riot_config_file="config.${RIOT_DOMAIN_NAME}.json"
257
+        cp config.sample.json $riot_config_file
258
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
259
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
260
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" $riot_config_file
261
+        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," $riot_config_file
258 262
     else
259
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
260
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
261
-        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" config.json
262
-        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" config.json
263
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" config.json
264
-        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," config.json
263
+        riot_config_file="config.${MATRIX_ONION_DOMAIN_NAME}.json"
264
+        cp config.sample.json $riot_config_file
265
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
266
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
267
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" $riot_config_file
268
+        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," $riot_config_file
265 269
     fi
270
+    sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" $riot_config_file
271
+    sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" $riot_config_file
272
+    sed -i 's|https://piwik.riot.im/||g' $riot_config_file
266 273
 
267 274
     RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})
268 275
 
@@ -340,6 +347,7 @@ function install_riot {
340 347
     function_check add_ddns_domain
341 348
     add_ddns_domain $RIOT_DOMAIN_NAME
342 349
 
350
+    riot_remove_bad_links
343 351
     chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs
344 352
 
345 353
     systemctl restart nginx

+ 22
- 20
src/freedombone-app-syncthing View File

@@ -13,7 +13,7 @@
13 13
 # License
14 14
 # =======
15 15
 #
16
-# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
16
+# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
17 17
 #
18 18
 # This program is free software: you can redistribute it and/or modify
19 19
 # it under the terms of the GNU Affero General Public License as published by
@@ -318,14 +318,6 @@ function restore_local_syncthing {
318 318
             mkdir -p $SYNCTHING_SHARED_DATA
319 319
         fi
320 320
         cp -r ${temp_restore_dir}shared/* $SYNCTHING_SHARED_DATA/
321
-
322
-        if [ ! "$?" = "0" ]; then
323
-            set_user_permissions
324
-            backup_unmount_drive
325
-            systemctl start syncthing
326
-            systemctl start cron
327
-            exit 37904
328
-        fi
329 321
         rm -rf ${temp_restore_dir}shared
330 322
     fi
331 323
 
@@ -341,7 +333,15 @@ function restore_local_syncthing {
341 333
                 if [ -d ${temp_restore_dir}/home/$USERNAME/Sync ]; then
342 334
                     cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/
343 335
                 else
344
-                    cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
336
+                    if [ ! -d /home/$USERNAME/Sync ]; then
337
+                        mkdir /home/$USERNAME/Sync
338
+                    fi
339
+                    if [ -d /root/Sync ]; then
340
+                        cp -r /root/Sync/* /home/$USERNAME/Sync/
341
+                        rm -rf /root/Sync
342
+                    else
343
+                        cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
344
+                    fi
345 345
                 fi
346 346
                 if [ ! "$?" = "0" ]; then
347 347
                     rm -rf ${temp_restore_dir}
@@ -425,7 +425,7 @@ function restore_remote_syncthing {
425 425
         if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
426 426
             mkdir -p $SYNCTHING_CONFIG_PATH
427 427
         fi
428
-        cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/
428
+        cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/
429 429
         if [ ! "$?" = "0" ]; then
430 430
             systemctl start syncthing
431 431
             systemctl start cron
@@ -439,17 +439,11 @@ function restore_remote_syncthing {
439 439
         temp_restore_dir=/root/tempsyncthingshared
440 440
         function_check restore_directory_from_friend
441 441
         restore_directory_from_friend $temp_restore_dir syncthingshared
442
-        #cp -r $temp_restore_dir/* /
443 442
         if [ ! -d $SYNCTHING_SHARED_DATA ]; then
444 443
             mkdir -p $SYNCTHING_SHARED_DATA
445 444
         fi
446
-        cp -r ${temp_restore_dir}shared/* $SYNCTHING_SHARED_DATA/
447
-        if [ ! "$?" = "0" ]; then
448
-            systemctl start syncthing
449
-            systemctl start cron
450
-            exit 37904
451
-        fi
452
-        rm -rf $temp_restore_dir
445
+        cp -r ${temp_restore_dir}/* $SYNCTHING_SHARED_DATA/
446
+        rm -rf ${temp_restore_dir}
453 447
     fi
454 448
 
455 449
     if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then
@@ -466,7 +460,15 @@ function restore_remote_syncthing {
466 460
                 if [ -d $temp_restore_dir/home/$USERNAME/Sync ]; then
467 461
                     cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/
468 462
                 else
469
-                    cp -r $temp_restore_dir/* /home/$USERNAME/Sync/
463
+                    if [ ! -d /home/$USERNAME/Sync ]; then
464
+                        mkdir /home/$USERNAME/Sync
465
+                    fi
466
+                    if [ -d /root/Sync ]; then
467
+                        cp -r /root/Sync/* /home/$USERNAME/Sync/
468
+                        rm -rf /root/Sync
469
+                    else
470
+                        cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
471
+                    fi
470 472
                 fi
471 473
                 if [ ! "$?" = "0" ]; then
472 474
                     rm -rf $temp_restore_dir

+ 38
- 0
src/freedombone-app-xmpp View File

@@ -407,6 +407,25 @@ function upgrade_xmpp {
407 407
     update_prosody_modules
408 408
     xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
409 409
 
410
+    if grep -q "/etc/ssl/certs/xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
411
+        cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam
412
+        chown prosody:prosody /etc/prosody/xmpp.dhparam
413
+        sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/prosody.cfg.lua
414
+        sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/conf.avail/xmpp.cfg.lua
415
+    fi
416
+
417
+    if grep -q "/etc/ssl/private/xmpp.key" /etc/prosody/prosody.cfg.lua; then
418
+        if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem ]; then
419
+            sed -i "s|/etc/ssl/private/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
420
+        fi
421
+    fi
422
+
423
+    if grep -q "/etc/ssl/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
424
+        if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
425
+            sed -i "s|/etc/ssl/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
426
+        fi
427
+    fi
428
+
410 429
     curr_prosody_filename=$(cat $COMPLETION_FILE | grep "prosody_filename" | awk -F ':' '{print $2}')
411 430
     if [[ "$curr_prosody_filename" != "$prosody_filename" ]]; then
412 431
         if [ -d ${INSTALL_DIR}/${prosody_filename} ]; then
@@ -1051,9 +1070,28 @@ function install_xmpp {
1051 1070
     chmod -R 700 /etc/prosody/conf.d
1052 1071
     usermod -a -G www-data prosody
1053 1072
 
1073
+    # Avoid STIG failures
1074
+    if [ -f /usr/lib/ssl/private/xmpp.key ]; then
1075
+        chown root:root /usr/lib/ssl/private/xmpp.key
1076
+    fi
1077
+    if [ -f /usr/lib/ssl/certs/xmpp.crt ]; then
1078
+        chown root:root /usr/lib/ssl/certs/xmpp.crt
1079
+    fi
1080
+    if [ -f /usr/lib/ssl/certs/xmpp.dhparam ]; then
1081
+        chown root:root /usr/lib/ssl/certs/xmpp.dhparam
1082
+    fi
1083
+
1054 1084
     if [ -d /etc/letsencrypt ]; then
1055 1085
         usermod -a -G ssl-cert prosody
1056 1086
     fi
1087
+
1088
+    if [ -f /etc/ssl/certs/xmpp.dhparam ]; then
1089
+        cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam
1090
+        chown prosody:prosody /etc/prosody/xmpp.dhparam
1091
+        sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/prosody.cfg.lua
1092
+        sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/conf.avail/xmpp.cfg.lua
1093
+    fi
1094
+
1057 1095
     apt-mark -q hold prosody
1058 1096
     systemctl restart prosody
1059 1097
 

+ 10
- 5
src/freedombone-controlpanel View File

@@ -1326,9 +1326,14 @@ function reset_tripwire {
1326 1326
         return
1327 1327
     fi
1328 1328
     if [ ! -f /etc/tripwire/${HOSTNAME}-local.key ]; then
1329
-        echo $'Error: missing local key'
1330
-        any_key
1331
-        return
1329
+        if [ -f /etc/tripwire/${PROJECT_NAME}-local.key ]; then
1330
+            mv /etc/tripwire/${PROJECT_NAME}-local.key /etc/tripwire/${HOSTNAME}-local.key
1331
+            mv /etc/tripwire/${PROJECT_NAME}-site.key /etc/tripwire/${HOSTNAME}-site.key
1332
+        else
1333
+            echo $'Error: missing local key'
1334
+            any_key
1335
+            return
1336
+        fi
1332 1337
     fi
1333 1338
     clear
1334 1339
     echo $'Turing off logging...'
@@ -1921,7 +1926,7 @@ function domain_blocking_add {
1921 1926
     trap "rm -f $data" 0 1 2 5 15
1922 1927
     dialog --title $"Block a domain or user" \
1923 1928
            --backtitle $"Freedombone Control Panel" \
1924
-           --inputbox $"Enter the domain name or GNU Social/postActiv nick@domain that you wish to block" 8 60 "" 2>$data
1929
+           --inputbox $"Enter the domain name or GNU Social/postActiv/Pleroma nick@domain that you wish to block" 8 60 "" 2>$data
1925 1930
     sel=$?
1926 1931
     case $sel in
1927 1932
         0)
@@ -1933,7 +1938,7 @@ function domain_blocking_add {
1933 1938
                         dialog --title $"Block a domain" \
1934 1939
                                --msgbox $"The domain $blocked_domain has been blocked" 6 40
1935 1940
                     else
1936
-                        dialog --title $"Block a GNU Social/postActiv nickname" \
1941
+                        dialog --title $"Block a GNU Social/postActiv/Pleroma nickname" \
1937 1942
                                --msgbox $"$blocked_domain has been blocked" 6 40
1938 1943
                     fi
1939 1944
                 fi

+ 1
- 1
src/freedombone-image View File

@@ -547,7 +547,7 @@ if [[ $VARIANT == 'meshclient' || $VARIANT == 'meshusb' ]]; then
547 547
     fi
548 548
 
549 549
     if [ ! $IMAGE_SIZE_SPECIFIED ]; then
550
-        IMAGE_SIZE=7.9G
550
+        IMAGE_SIZE=15.0G
551 551
     fi
552 552
 fi
553 553
 

+ 25
- 1
src/freedombone-restore-local View File

@@ -13,7 +13,7 @@
13 13
 # License
14 14
 # =======
15 15
 #
16
-# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
16
+# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
17 17
 #
18 18
 # This program is free software: you can redistribute it and/or modify
19 19
 # it under the terms of the GNU Affero General Public License as published by
@@ -464,6 +464,9 @@ function restore_gpg {
464 464
                 if [ -d $temp_restore_dir/home/$USERNAME/.gnupg ]; then
465 465
                     cp -r $temp_restore_dir/home/$USERNAME/.gnupg /home/$USERNAME/
466 466
                 else
467
+                    if [ ! -d /home/$USERNAME/.gnupg ]; then
468
+                        mkdir /home/$USERNAME/.gnupg
469
+                    fi
467 470
                     cp -r $temp_restore_dir/* /home/$USERNAME/.gnupg/
468 471
                 fi
469 472
                 if [ ! "$?" = "0" ]; then
@@ -543,6 +546,9 @@ function restore_spamassassin {
543 546
                     if [ -d $temp_restore_dir/home/$USERNAME ]; then
544 547
                         cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
545 548
                     else
549
+                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
550
+                        mkdir /home/$USERNAME/.spamassassin
551
+                    fi
546 552
                         cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
547 553
                     fi
548 554
                     if [ ! "$?" = "0" ]; then
@@ -611,6 +617,9 @@ function restore_user_ssh_keys {
611 617
                 if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
612 618
                     cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
613 619
                 else
620
+                    if [ ! -d /home/$USERNAME/.ssh ]; then
621
+                        mkdir /home/$USERNAME/.ssh
622
+                    fi
614 623
                     cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
615 624
                 fi
616 625
                 if [ ! "$?" = "0" ]; then
@@ -644,6 +653,9 @@ function restore_user_config {
644 653
                 if [ -d $temp_restore_dir/home/$USERNAME/.config ]; then
645 654
                     cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
646 655
                 else
656
+                    if [ ! -d /home/$USERNAME/.config ]; then
657
+                        mkdir /home/$USERNAME/.config
658
+                    fi
647 659
                     cp -r $temp_restore_dir/* /home/$USERNAME/.config/
648 660
                 fi
649 661
                 if [ ! "$?" = "0" ]; then
@@ -677,6 +689,9 @@ function restore_user_monkeysphere {
677 689
                 if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
678 690
                     cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
679 691
                 else
692
+                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
693
+                        mkdir /home/$USERNAME/.monkeysphere
694
+                    fi
680 695
                     cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere
681 696
                 fi
682 697
                 if [ ! "$?" = "0" ]; then
@@ -718,6 +733,9 @@ function restore_user_fin {
718 733
                 if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
719 734
                     cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
720 735
                 else
736
+                    if [ ! -d /home/$USERNAME/.fin ]; then
737
+                        mkdir /home/$USERNAME/.fin
738
+                    fi
721 739
                     cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
722 740
                 fi
723 741
                 if [ ! "$?" = "0" ]; then
@@ -751,6 +769,9 @@ function restore_user_local {
751 769
                 if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
752 770
                     cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
753 771
                 else
772
+                    if [ ! -d /home/$USERNAME/.local ]; then
773
+                        mkdir /home/$USERNAME/.local
774
+                    fi
754 775
                     cp -r $temp_restore_dir/* /home/$USERNAME/.local/
755 776
                 fi
756 777
                 if [ ! "$?" = "0" ]; then
@@ -837,6 +858,9 @@ function restore_personal_settings {
837 858
                     if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
838 859
                         mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
839 860
                     else
861
+                        if [ ! -d /home/$USERNAME/personal ]; then
862
+                            mkdir /home/$USERNAME/personal
863
+                        fi
840 864
                         cp -r $temp_restore_dir/* /home/$USERNAME/personal/
841 865
                     fi
842 866
                     if [ ! "$?" = "0" ]; then

+ 25
- 1
src/freedombone-restore-remote View File

@@ -13,7 +13,7 @@
13 13
 # License
14 14
 # =======
15 15
 #
16
-# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
16
+# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
17 17
 #
18 18
 # This program is free software: you can redistribute it and/or modify
19 19
 # it under the terms of the GNU Affero General Public License as published by
@@ -419,6 +419,9 @@ function restore_gpg {
419 419
                 if [ -d ${temp_restore_dir}/home/$USERNAME/.gnupg ]; then
420 420
                     cp -r ${temp_restore_dir}/home/$USERNAME/.gnupg /home/$USERNAME/
421 421
                 else
422
+                    if [ ! -d /home/$USERNAME/.gnupg ]; then
423
+                        mkdir /home/$USERNAME/.gnupg
424
+                    fi
422 425
                     cp -r ${temp_restore_dir}/* /home/$USERNAME/.gnupg/
423 426
                 fi
424 427
                 if [ ! "$?" = "0" ]; then
@@ -488,6 +491,9 @@ function restore_spamassassin {
488 491
                 if [ -d $temp_restore_dir/home/$USERNAME ]; then
489 492
                     cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
490 493
                 else
494
+                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
495
+                        mkdir /home/$USERNAME/.spamassassin
496
+                    fi
491 497
                     cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
492 498
                 fi
493 499
                 if [ ! "$?" = "0" ]; then
@@ -542,6 +548,9 @@ function restore_ssh_keys {
542 548
                 if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
543 549
                     cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
544 550
                 else
551
+                    if [ ! -d /home/$USERNAME/.ssh ]; then
552
+                        mkdir /home/$USERNAME/.ssh
553
+                    fi
545 554
                     cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
546 555
                 fi
547 556
                 if [ ! "$?" = "0" ]; then
@@ -573,6 +582,9 @@ function restore_user_config {
573 582
                 if [ -d $temp_restore_dir/home/$USERNAME ]; then
574 583
                     cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
575 584
                 else
585
+                    if [ ! -d /home/$USERNAME/.config ]; then
586
+                        mkdir /home/$USERNAME/.config
587
+                    fi
576 588
                     cp -r $temp_restore_dir/* /home/$USERNAME/.config/
577 589
                 fi
578 590
                 if [ ! "$?" = "0" ]; then
@@ -604,6 +616,9 @@ function restore_user_monkeysphere {
604 616
                 if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
605 617
                     cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
606 618
                 else
619
+                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
620
+                        mkdir /home/$USERNAME/.monkeysphere
621
+                    fi
607 622
                     cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere/
608 623
                 fi
609 624
                 if [ ! "$?" = "0" ]; then
@@ -643,6 +658,9 @@ function restore_user_fin {
643 658
                 if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
644 659
                     cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
645 660
                 else
661
+                    if [ ! -d /home/$USERNAME/.fin ]; then
662
+                        mkdir /home/$USERNAME/.fin
663
+                    fi
646 664
                     cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
647 665
                 fi
648 666
                 if [ ! "$?" = "0" ]; then
@@ -674,6 +692,9 @@ function restore_user_local {
674 692
                 if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
675 693
                     cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
676 694
                 else
695
+                    if [ ! -d /home/$USERNAME/.local ]; then
696
+                        mkdir /home/$USERNAME/.local
697
+                    fi
677 698
                     cp -r $temp_restore_dir/* /home/$USERNAME/.local/
678 699
                 fi
679 700
                 if [ ! "$?" = "0" ]; then
@@ -754,6 +775,9 @@ function restore_personal_settings {
754 775
                     fi
755 776
                     mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
756 777
                 else
778
+                    if [ ! -d /home/$USERNAME/personal ]; then
779
+                        mkdir /home/$USERNAME/personal
780
+                    fi
757 781
                     cp -r $temp_restore_dir/* /home/$USERNAME/personal/
758 782
                 fi
759 783
                 if [ ! "$?" = "0" ]; then

+ 3
- 0
src/freedombone-utils-firewall View File

@@ -547,6 +547,9 @@ function firewall_block_domain {
547 547
         if [ -f /usr/bin/postactiv-firewall ]; then
548 548
             /usr/bin/postactiv-firewall
549 549
         fi
550
+        if [ -f /usr/bin/pleroma-blocking ]; then
551
+            /usr/bin/pleroma-blocking
552
+        fi
550 553
     fi
551 554
 }
552 555
 

+ 4
- 4
src/freedombone-utils-mesh View File

@@ -107,12 +107,12 @@ function mesh_protocol_init {
107 107
     fi
108 108
 }
109 109
 
110
-function get_ipv4_wlan {
111
-    echo $(ip -o -f inet addr show dev "$IFACE" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
110
+function get_ipv6_wlan {
111
+    echo $(ifconfig ${IFACE} | grep inet6 | awk -F ' ' '{print $2}')
112 112
 }
113 113
 
114 114
 function mesh_hotspot_ip_address {
115
-    echo $(ip -o -f inet addr show dev "${BRIDGE}" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
115
+    echo $(ifconfig ${BRIDGE} | grep inet6 | awk -F ' ' '{print $2}')
116 116
 }
117 117
 
118 118
 function global_rate_limit {
@@ -368,7 +368,7 @@ function enable_mesh_scuttlebot {
368 368
     if [ -f /etc/scuttlebot/.ssb/config ]; then
369 369
         ethernet_connected=$(cat /sys/class/net/eth0/carrier)
370 370
         if [[ "$ethernet_connected" != "0" ]]; then
371
-            sed -i "s|\"host\": .*|\"host\": \"$(get_ipv4_wlan)\",|g" /etc/scuttlebot/.ssb/config
371
+            sed -i "s|\"host\": .*|\"host\": \"$(get_ipv6_wlan)\",|g" /etc/scuttlebot/.ssb/config
372 372
             systemctl restart scuttlebot
373 373
         else
374 374
             if [ ! -f /etc/nginx/sites-available/git_ssb ]; then

+ 2
- 2
src/freedombone-utils-ssh View File

@@ -59,8 +59,8 @@ function configure_ssh {
59 59
     if ! grep -q 'HostbasedAuthentication' /etc/ssh/sshd_config; then
60 60
         echo 'HostbasedAuthentication no' >> /etc/ssh/sshd_config
61 61
     fi
62
-    sed 's|#HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
63
-    sed 's|HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
62
+    sed -i 's|#HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
63
+    sed -i 's|HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
64 64
     sed -i 's|#PrintLastLog.*|PrintLastLog yes|g' /etc/ssh/sshd_config
65 65
     sed -i 's|PrintLastLog.*|PrintLastLog yes|g' /etc/ssh/sshd_config
66 66
     sed -i 's|#IgnoreRhosts.*|IgnoreRhosts yes|g' /etc/ssh/sshd_config

+ 45
- 40
src/freedombone-utils-web View File

@@ -756,81 +756,85 @@ function configure_firewall_for_web_access {
756 756
 function update_default_domain {
757 757
     echo $'Updating default domain'
758 758
     if [[ $ONION_ONLY == 'no' ]]; then
759
-        if [ -d /etc/prosody ]; then
760
-            if [ -f /etc/mumble-server.ini ]; then
761
-                if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
762
-                    if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
763
-                        sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
764
-                        sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
765
-                        systemctl restart mumble
766
-                    fi
767
-                else
768
-                    if ! grep -q "${DEFAULT_DOMAIN_NAME}.pem" /etc/mumble-server.ini; then
769
-                        usermod -a -G ssl-cert mumble-server
770
-                        sed -i "s|sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini
771
-                        sed -i "s|sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini
772
-                        systemctl restart mumble
773
-                    fi
759
+        if [ -f /etc/mumble-server.ini ]; then
760
+            if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
761
+                if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
762
+                    sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
763
+                    sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
764
+                    systemctl restart mumble
765
+                fi
766
+            else
767
+                if ! grep -q "${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/mumble-server.ini; then
768
+                    usermod -a -G ssl-cert mumble-server
769
+                    sed -i "s|sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
770
+                    sed -i "s|sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
771
+                    systemctl restart mumble
774 772
                 fi
775 773
             fi
774
+        fi
776 775
 
776
+        if [ -d /etc/prosody ]; then
777 777
             if [ ! -d /etc/prosody/certs ]; then
778 778
                 mkdir /etc/prosody/certs
779 779
             fi
780 780
             cp /etc/ssl/private/xmpp* /etc/prosody/certs
781 781
             cp /etc/ssl/certs/xmpp* /etc/prosody/certs
782
-            if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
782
+            if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
783 783
                 usermod -a -G ssl-cert prosody
784 784
                 if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
785
-                    sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
785
+                    sed -i "s|/etc/prosody/certs/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
786 786
                 fi
787 787
                 if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/conf.avail/xmpp.cfg.lua; then
788
-                    sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
788
+                    sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
789 789
                 fi
790 790
 
791 791
                 if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/prosody.cfg.lua; then
792
-                    sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
792
+                    sed -i "s|/etc/prosody/certs/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
793 793
                 fi
794 794
                 if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
795
-                    sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
795
+                    sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
796 796
                 fi
797
-            fi
798 797
 
799
-            if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
800
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
801
-            fi
798
+                if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
799
+                    sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
800
+                fi
802 801
 
803
-            if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/conf.avail/xmpp.cfg.lua; then
804
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
805
-            fi
802
+                if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/conf.avail/xmpp.cfg.lua; then
803
+                    sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
804
+                fi
806 805
 
807
-            if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/prosody.cfg.lua; then
808
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
809
-            fi
806
+                if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/prosody.cfg.lua; then
807
+                    sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
808
+                fi
810 809
 
811
-            if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/prosody.cfg.lua; then
812
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
810
+                if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/prosody.cfg.lua; then
811
+                    sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
812
+                fi
813 813
             fi
814 814
 
815 815
             chown -R prosody:default /etc/prosody
816 816
             chmod -R 700 /etc/prosody/certs/*
817 817
             chmod 600 /etc/prosody/prosody.cfg.lua
818
-            cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
818
+            if [ -d $INSTALL_DIR/prosody-modules ]; then
819
+                cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
820
+                cp -r $INSTALL_DIR/prosody-modules/* /usr/lib/prosody/modules/
821
+            fi
819 822
             chown -R prosody:prosody /var/lib/prosody/prosody-modules
823
+            chown -R prosody:prosody /usr/lib/prosody/modules
820 824
             systemctl reload prosody
821 825
         fi
822 826
 
823 827
         if [ -d /home/znc/.znc ]; then
824 828
             echo $'znc found'
825
-            if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
829
+            if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
826 830
                 pkill znc
827 831
                 cat /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key > /home/znc/.znc/znc.pem
828 832
                 chown znc:znc /home/znc/.znc/znc.pem
829 833
                 chmod 700 /home/znc/.znc/znc.pem
830 834
 
831
-                sed -i "s|CertFile =.*|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/ngircd/ngircd.conf
835
+                sed -i "s|CertFile =.*|CertFile = /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/ngircd/ngircd.conf
832 836
                 sed -i "s|DHFile =.*|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" /etc/ngircd/ngircd.conf
833
-                sed -i "s|KeyFile =.*|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" /etc/ngircd/ngircd.conf
837
+                sed -i "s|KeyFile =.*|KeyFile = /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem" /etc/ngircd/ngircd.conf
834 838
                 echo $'irc certificates updated'
835 839
 
836 840
                 systemctl restart ngircd
@@ -839,16 +843,17 @@ function update_default_domain {
839 843
         fi
840 844
 
841 845
         if [ ${#DEFAULT_DOMAIN_NAME} -gt 0 ]; then
842
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
846
+            if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
843 847
                 if [ -d /etc/dovecot ]; then
844
-                    if ! grep -q "ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then
845
-                        sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
846
-                        sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
848
+                    if ! grep -q "ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/dovecot/conf.d/10-ssl.conf; then
849
+                        sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
850
+                        sed -i "s|ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
847 851
                         systemctl restart dovecot
848 852
                     fi
849 853
                 fi
850 854
 
851 855
                 if [ -d /etc/exim4 ]; then
856
+                    # Unfortunately there doesn't appear to be any other way than copying certs here
852 857
                     cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/{fullchain,privkey}.pem /etc/exim4/
853 858
                     chown root:Debian-exim /etc/exim4/*.pem
854 859
                     chmod 640 /etc/exim4/*.pem

+ 15
- 14
website/EN/app_mumble.html View File

@@ -3,10 +3,10 @@
3 3
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4 4
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
5 5
 <head>
6
-<!-- 2016-12-10 Sat 15:19 -->
6
+<!-- 2018-01-21 Sun 11:01 -->
7 7
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
8 8
 <meta name="viewport" content="width=device-width, initial-scale=1" />
9
-<title></title>
9
+<title>&lrm;</title>
10 10
 <meta name="generator" content="Org mode" />
11 11
 <meta name="author" content="Bob Mottram" />
12 12
 <meta name="description" content="How to use Mumble"
@@ -71,6 +71,7 @@
71 71
   pre.src-fortran:before { content: 'Fortran'; }
72 72
   pre.src-gnuplot:before { content: 'gnuplot'; }
73 73
   pre.src-haskell:before { content: 'Haskell'; }
74
+  pre.src-hledger:before { content: 'hledger'; }
74 75
   pre.src-java:before { content: 'Java'; }
75 76
   pre.src-js:before { content: 'Javascript'; }
76 77
   pre.src-latex:before { content: 'LaTeX'; }
@@ -188,7 +189,7 @@
188 189
 @licstart  The following is the entire license notice for the
189 190
 JavaScript code in this tag.
190 191
 
191
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
192
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
192 193
 
193 194
 The JavaScript code in this tag is free software: you can
194 195
 redistribute it and/or modify it under the terms of the GNU
@@ -251,18 +252,18 @@ for the JavaScript code in this tag.
251 252
 Mumble is a well known VoIP system originally used for gaming, but which works just as well for any general conference calls or meetings.
252 253
 </p>
253 254
 
254
-<div id="outline-container-orgb69e7cf" class="outline-2">
255
-<h2 id="orgb69e7cf">Text chat</h2>
256
-<div class="outline-text-2" id="text-orgb69e7cf">
255
+<div id="outline-container-org208d455" class="outline-2">
256
+<h2 id="org208d455">Text chat</h2>
257
+<div class="outline-text-2" id="text-org208d455">
257 258
 <p>
258 259
 In addition to voice it is also possible to do text chat via mumble. The security of this is pretty good provided that you do it via Plumble and Orbot on mobile, but compared to other options such as XMPP/Conversations or Tox the security is not as good, since the mumble server currently doesn't support forward secrecy.
259 260
 </p>
260 261
 </div>
261 262
 </div>
262 263
 
263
-<div id="outline-container-orgd3559d7" class="outline-2">
264
-<h2 id="orgd3559d7">Using with Ubuntu</h2>
265
-<div class="outline-text-2" id="text-orgd3559d7">
264
+<div id="outline-container-orge57116e" class="outline-2">
265
+<h2 id="orge57116e">Using with Ubuntu</h2>
266
+<div class="outline-text-2" id="text-orge57116e">
266 267
 <p>
267 268
 First ensure that tor is installed. Within a terminal:
268 269
 </p>
@@ -298,9 +299,9 @@ Click on "add new" to add a new server and enter the <b>default domain name</b>
298 299
 </div>
299 300
 </div>
300 301
 
301
-<div id="outline-container-org0e1c0da" class="outline-2">
302
-<h2 id="org0e1c0da">Using with Android</h2>
303
-<div class="outline-text-2" id="text-org0e1c0da">
302
+<div id="outline-container-orgb9f0d9d" class="outline-2">
303
+<h2 id="orgb9f0d9d">Using with Android</h2>
304
+<div class="outline-text-2" id="text-orgb9f0d9d">
304 305
 <p>
305 306
 Install <a href="https://f-droid.org/">F-Droid</a>
306 307
 </p>
@@ -318,11 +319,11 @@ Press the plus button to add a Mumble server.
318 319
 </p>
319 320
 
320 321
 <p>
321
-Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the <b>About</b> screen of the <b>Administrator control panel</b>, your username (which can also be anything) and the mumble password which can be found in the <b>Passwords</b> section of the <b>Administrator control panel</b>.
322
+Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the <b>About</b> screen of the <b>Administrator control panel</b>, your username (which can also be anything) and the mumble password which can be found in the <b>Passwords</b> section of the <b>Administrator control panel</b>. Leave the port number unchanged.
322 323
 </p>
323 324
 
324 325
 <p>
325
-Open the settings. Select General, then Connect via Tor. This will provide better protection, making it more difficult for adversaries to know who is talking to who.
326
+Open the settings. Select <b>General</b>, then <b>Connect via Tor</b>. This will provide better protection, making it more difficult for adversaries to know who is talking to who. If connecting through Tor is unreliable and causes crashes then unselect <b>Connect via Tor</b> on the <b>General settings</b> and then just use your ordinary domain name.
326 327
 </p>
327 328
 
328 329
 <p>

+ 21
- 21
website/EN/fediverse.html View File

@@ -3,10 +3,10 @@
3 3
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4 4
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
5 5
 <head>
6
-<!-- 2017-06-27 Tue 13:17 -->
6
+<!-- 2018-01-21 Sun 11:13 -->
7 7
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
8 8
 <meta name="viewport" content="width=device-width, initial-scale=1" />
9
-<title></title>
9
+<title>&lrm;</title>
10 10
 <meta name="generator" content="Org mode" />
11 11
 <meta name="author" content="Bob Mottram" />
12 12
 <meta name="description" content="Homesteading the Fediverse"
@@ -252,54 +252,54 @@ for the JavaScript code in this tag.
252 252
 Some things you might want to know about the Fediverse:
253 253
 </p>
254 254
 
255
-<div id="outline-container-orgdcdb846" class="outline-2">
256
-<h2 id="orgdcdb846">Keep the number of users on each server small</h2>
257
-<div class="outline-text-2" id="text-orgdcdb846">
255
+<div id="outline-container-org7ef0ae3" class="outline-2">
256
+<h2 id="org7ef0ae3">Keep the number of users on each server small</h2>
257
+<div class="outline-text-2" id="text-org7ef0ae3">
258 258
 <p>
259 259
 The importance of this can't be overstated. Servers with lots of users always eventually have problems where the interests of the users are not the same as the interests of the server administrator. If you are the server administrator, or if there are only a small squad-size group of people on the server, then it's a lot easier to resolve differences and everyone's interests are likely to be similar.
260 260
 </p>
261 261
 </div>
262 262
 </div>
263 263
 
264
-<div id="outline-container-org51ce16d" class="outline-2">
265
-<h2 id="org51ce16d">Drama will happen</h2>
266
-<div class="outline-text-2" id="text-org51ce16d">
264
+<div id="outline-container-orgb78d10c" class="outline-2">
265
+<h2 id="orgb78d10c">Drama will happen</h2>
266
+<div class="outline-text-2" id="text-orgb78d10c">
267 267
 <p>
268 268
 It's inevitable in any social network, but fortunately your options for dealing with it are better than they are in the giant proprietary monoliths. In the proprietary world Google or Facebook don't give a damn about the fate of individual users. On a server with a small number of users if you're getting griefed then the administrator is likely to care and be able to do something about it.
269 269
 </p>
270 270
 </div>
271 271
 </div>
272 272
 
273
-<div id="outline-container-org449c739" class="outline-2">
274
-<h2 id="org449c739">Don't be afraid to block</h2>
275
-<div class="outline-text-2" id="text-org449c739">
273
+<div id="outline-container-orgac5dc10" class="outline-2">
274
+<h2 id="orgac5dc10">Don't be afraid to block</h2>
275
+<div class="outline-text-2" id="text-orgac5dc10">
276 276
 <p>
277 277
 Especially if other servers are publishing content which may not be legal in your jurisdiction then don't be afraid to use domain or user blocking from the <b>Administrator control panel</b>. The same applies if users on other servers are trying to harass you. Blocking creates politics and drama but <span class="underline">this is a feature not a bug</span>. It allows you to craft your own distinct community and user experience while also existing in the wider federation. It's hard to do this on sites like Twitter or Facebook. Try to keep blocking to a minimum though and avoid doing it for insubstantial reasons. If you have other users on your server then publish the blocked domains list somewhere they can see. That avoids disappointment and enables you to have a discussion about the validity of blocking decisions.
278 278
 </p>
279 279
 </div>
280 280
 </div>
281 281
 
282
-<div id="outline-container-org3692a0e" class="outline-2">
283
-<h2 id="org3692a0e">Network structure maps on to social structure</h2>
284
-<div class="outline-text-2" id="text-org3692a0e">
282
+<div id="outline-container-orgec4f5cf" class="outline-2">
283
+<h2 id="orgec4f5cf">Network structure maps on to social structure</h2>
284
+<div class="outline-text-2" id="text-orgec4f5cf">
285 285
 <p>
286 286
 Over time follows and blocking rules come to match the underlying social geography of affinity groups. Blocking will happen and users will move around or start new servers. Drama related to blocking will dissipate.
287 287
 </p>
288 288
 </div>
289 289
 </div>
290 290
 
291
-<div id="outline-container-org05184eb" class="outline-2">
292
-<h2 id="org05184eb">Keep your follows under the Dunbar number</h2>
293
-<div class="outline-text-2" id="text-org05184eb">
291
+<div id="outline-container-org07b0224" class="outline-2">
292
+<h2 id="org07b0224">Keep your follows under the Dunbar number</h2>
293
+<div class="outline-text-2" id="text-org07b0224">
294 294
 <p>
295 295
 Keep the number of other users you're following and who are also active to under a couple of hundred. Any more than that and you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will dissolve in a sea of entropy. There are no algorithmic timelines, and even if they're introduced then they create their own problems as an opaque form of censorship. <span class="underline">Real community happens at tribal scale</span>. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true.
296 296
 </p>
297 297
 </div>
298 298
 </div>
299 299
 
300
-<div id="outline-container-orgfbf8e98" class="outline-2">
301
-<h2 id="orgfbf8e98">Avoid big public servers</h2>
302
-<div class="outline-text-2" id="text-orgfbf8e98">
300
+<div id="outline-container-org07a661a" class="outline-2">
301
+<h2 id="org07a661a">Avoid big public servers</h2>
302
+<div class="outline-text-2" id="text-org07a661a">
303 303
 <p>
304 304
 It may seem like a good idea and it may seem like you're doing a service to the community by allowing random strangers to register, but servers with thousands of users only cause problems - social, administrative, financial and possibly also legal. The financial strain of running a powerful server with high reliability may be enough to encourage the administrator to begin pushing advertising onto the system, or sell user content, and then before you know it you have identical problems to Twitter. Instead try to encourage people to set up their own servers. Follow this principle and a lot of arguments and stress will be more easily avoided.
305 305
 </p>
@@ -308,7 +308,7 @@ It may seem like a good idea and it may seem like you're doing a service to the
308 308
 
309 309
 <div class="org-center">
310 310
 <p>
311
-This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
311
+This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
312 312
 </p>
313 313
 </div>
314 314
 </div>

+ 2
- 2
website/EN/homeserver.html View File

@@ -3,7 +3,7 @@
3 3
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4 4
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
5 5
 <head>
6
-<!-- 2017-12-28 Thu 21:15 -->
6
+<!-- 2018-01-21 Sun 11:15 -->
7 7
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
8 8
 <meta name="viewport" content="width=device-width, initial-scale=1" />
9 9
 <title>&lrm;</title>
@@ -478,7 +478,7 @@ Of course, this is just one way in which you can install the Freedombone system.
478 478
 
479 479
 <div class="org-center">
480 480
 <p>
481
-This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>
481
+This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>
482 482
 </p>
483 483
 </div>
484 484
 </div>

+ 2
- 2
website/EN/index.html View File

@@ -3,7 +3,7 @@
3 3
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4 4
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
5 5
 <head>
6
-<!-- 2017-12-20 Wed 13:53 -->
6
+<!-- 2018-01-21 Sun 11:15 -->
7 7
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
8 8
 <meta name="viewport" content="width=device-width, initial-scale=1" />
9 9
 <title>&lrm;</title>
@@ -299,7 +299,7 @@ Ready made disk images which can be copied onto USB or microSD drives are <a hre
299 299
 
300 300
 <div class="org-center">
301 301
 <p>
302
-This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
302
+This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
303 303
 </p>
304 304
 </div>
305 305
 </div>

+ 2
- 2
website/EN/mesh.html View File

@@ -3,7 +3,7 @@
3 3
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4 4
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
5 5
 <head>
6
-<!-- 2018-01-17 Wed 23:49 -->
6
+<!-- 2018-01-21 Sun 11:15 -->
7 7
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
8 8
 <meta name="viewport" content="width=device-width, initial-scale=1" />
9 9
 <title>&lrm;</title>
@@ -284,7 +284,7 @@ Like <a href="https://libremesh.org">LibreMesh</a>, this system uses a combinati
284 284
 
285 285
 <div class="org-center">
286 286
 <p>
287
-This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>
287
+This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>
288 288
 </p>
289 289
 </div>
290 290
 </div>

+ 20
- 20
website/EN/mesh_images.html View File

@@ -3,7 +3,7 @@
3 3
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4 4
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
5 5
 <head>
6
-<!-- 2017-12-29 Fri 23:16 -->
6
+<!-- 2018-01-18 Thu 18:15 -->
7 7
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
8 8
 <meta name="viewport" content="width=device-width, initial-scale=1" />
9 9
 <title>&lrm;</title>
@@ -246,13 +246,13 @@ for the JavaScript code in this tag.
246 246
 
247 247
 <center><h1>Mesh Network: Images</h1></center>
248 248
 
249
-<div id="outline-container-org92a36a4" class="outline-2">
250
-<h2 id="org92a36a4">Pre-built Disk Images</h2>
251
-<div class="outline-text-2" id="text-org92a36a4">
249
+<div id="outline-container-orgff89f51" class="outline-2">
250
+<h2 id="orgff89f51">Pre-built Disk Images</h2>
251
+<div class="outline-text-2" id="text-orgff89f51">
252 252
 </div>
253
-<div id="outline-container-orgf74ea4c" class="outline-3">
254
-<h3 id="orgf74ea4c">Writing many images quickly</h3>
255
-<div class="outline-text-3" id="text-orgf74ea4c">
253
+<div id="outline-container-orgd2bd6dc" class="outline-3">
254
+<h3 id="orgd2bd6dc">Writing many images quickly</h3>
255
+<div class="outline-text-3" id="text-orgd2bd6dc">
256 256
 <p>
257 257
 There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the <b>dd</b> command is used for writing to the target drive, but to write to multiple drives you can use a tool such as <a href="https://wiki.gnome.org/Apps/MultiWriter">GNOME MultiWriter</a>.
258 258
 </p>
@@ -280,9 +280,9 @@ The MultiWriter tool is also available within mesh client images, so that you ca
280 280
 </p>
281 281
 </div>
282 282
 </div>
283
-<div id="outline-container-orgdd8f201" class="outline-3">
284
-<h3 id="orgdd8f201">Client images</h3>
285
-<div class="outline-text-3" id="text-orgdd8f201">
283
+<div id="outline-container-orgaa45ffa" class="outline-3">
284
+<h3 id="orgaa45ffa">Client images</h3>
285
+<div class="outline-text-3" id="text-orgaa45ffa">
286 286
 <div class="org-center">
287 287
 
288 288
 <div class="figure">
@@ -292,7 +292,7 @@ The MultiWriter tool is also available within mesh client images, so that you ca
292 292
 </div>
293 293
 
294 294
 <p>
295
-"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 8GB in size.
295
+"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 16GB in size.
296 296
 </p>
297 297
 
298 298
 <div class="org-src-container">
@@ -331,16 +331,16 @@ sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-n
331 331
 </div>
332 332
 </div>
333 333
 
334
-<div id="outline-container-org231f975" class="outline-3">
335
-<h3 id="org231f975">Router images</h3>
336
-<div class="outline-text-3" id="text-org231f975">
334
+<div id="outline-container-org6ca93ec" class="outline-3">
335
+<h3 id="org6ca93ec">Router images</h3>
336
+<div class="outline-text-3" id="text-org6ca93ec">
337 337
 <p>
338 338
 Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do.
339 339
 </p>
340 340
 </div>
341
-<div id="outline-container-orgbe92b46" class="outline-4">
342
-<h4 id="orgbe92b46">Beaglebone Black</h4>
343
-<div class="outline-text-4" id="text-orgbe92b46">
341
+<div id="outline-container-org69b5cfa" class="outline-4">
342
+<h4 id="org69b5cfa">Beaglebone Black</h4>
343
+<div class="outline-text-4" id="text-org69b5cfa">
344 344
 <div class="org-center">
345 345
 
346 346
 <div class="figure">
@@ -377,9 +377,9 @@ There is still a software freedom issue with the Beaglebone Black, but it doesn'
377 377
 </div>
378 378
 </div>
379 379
 
380
-<div id="outline-container-orgd948176" class="outline-2">
381
-<h2 id="orgd948176">Building Disk Images</h2>
382
-<div class="outline-text-2" id="text-orgd948176">
380
+<div id="outline-container-org6b309a0" class="outline-2">
381
+<h2 id="org6b309a0">Building Disk Images</h2>
382
+<div class="outline-text-2" id="text-org6b309a0">
383 383
 <p>
384 384
 It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
385 385
 </p>

+ 31
- 35
website/EN/support.html View File

@@ -3,10 +3,10 @@
3 3
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4 4
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
5 5
 <head>
6
-<!-- 2017-06-27 Tue 13:16 -->
6
+<!-- 2018-01-21 Sun 11:14 -->
7 7
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
8 8
 <meta name="viewport" content="width=device-width, initial-scale=1" />
9
-<title></title>
9
+<title>&lrm;</title>
10 10
 <meta name="generator" content="Org mode" />
11 11
 <meta name="author" content="Bob Mottram" />
12 12
 <meta name="description" content="Turn the Beaglebone Black into a personal communications server"
@@ -248,11 +248,11 @@ for the JavaScript code in this tag.
248 248
 <h1>Support</h1>
249 249
 </center>
250 250
 
251
-<div id="outline-container-orgb1a7204" class="outline-2">
252
-<h2 id="orgb1a7204">Contact details</h2>
253
-<div class="outline-text-2" id="text-orgb1a7204">
251
+<div id="outline-container-org3dddbf5" class="outline-2">
252
+<h2 id="org3dddbf5">Contact details</h2>
253
+<div class="outline-text-2" id="text-org3dddbf5">
254 254
 <p>
255
-This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a></b>
255
+This site can also be accessed via a Tor browser at <b><a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a></b>
256 256
 </p>
257 257
 
258 258
 <p>
@@ -260,11 +260,7 @@ This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkl
260 260
 </p>
261 261
 
262 262
 <p>
263
-<b>PGP/GPG Key ID:</b> EA982E38
264
-</p>
265
-
266
-<p>
267
-<b>PGP/GPG Fingerprint:</b> D538 1159 CD7A 2F80 2F06 ABA0 0452 CC7C EA98 2E38
263
+<b>PGP/GPG Fingerprint:</b> 9ABB82C00ABF39F82680487DCC2536191FA7C33F
268 264
 </p>
269 265
 
270 266
 <p>
@@ -277,22 +273,22 @@ This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkl
277 273
 </div>
278 274
 </div>
279 275
 
280
-<div id="outline-container-orga7a8570" class="outline-2">
281
-<h2 id="orga7a8570">Things which would be nice to have</h2>
282
-<div class="outline-text-2" id="text-orga7a8570">
276
+<div id="outline-container-org654de23" class="outline-2">
277
+<h2 id="org654de23">Things which would be nice to have</h2>
278
+<div class="outline-text-2" id="text-org654de23">
283 279
 </div>
284
-<div id="outline-container-orgce3bc4d" class="outline-3">
285
-<h3 id="orgce3bc4d">Ideas</h3>
286
-<div class="outline-text-3" id="text-orgce3bc4d">
280
+<div id="outline-container-org9171145" class="outline-3">
281
+<h3 id="org9171145">Ideas</h3>
282
+<div class="outline-text-3" id="text-org9171145">
287 283
 <p>
288 284
 Know of some fabulous web system which could run on Freedombone, but currently doesn't? Contact the above, and be prepared to make a compelling argument for why it should be included.
289 285
 </p>
290 286
 </div>
291 287
 </div>
292 288
 
293
-<div id="outline-container-org1104d91" class="outline-3">
294
-<h3 id="org1104d91">Money</h3>
295
-<div class="outline-text-3" id="text-org1104d91">
289
+<div id="outline-container-org71c7a97" class="outline-3">
290
+<h3 id="org71c7a97">Money</h3>
291
+<div class="outline-text-3" id="text-org71c7a97">
296 292
 <p>
297 293
 At the present time this project is not seeking any funding. There is no crowdfunding campaign and no slick marketing video. Those aren't ruled out as future possibilities, but for now they're just not needed.
298 294
 </p>
@@ -303,27 +299,27 @@ If you find this project useful then you may wish to consider donating to <a hre
303 299
 </div>
304 300
 </div>
305 301
 
306
-<div id="outline-container-orge4c8d46" class="outline-3">
307
-<h3 id="orge4c8d46">Testing and reporting bugs</h3>
308
-<div class="outline-text-3" id="text-orge4c8d46">
302
+<div id="outline-container-org012655b" class="outline-3">
303
+<h3 id="org012655b">Testing and reporting bugs</h3>
304
+<div class="outline-text-3" id="text-org012655b">
309 305
 <p>
310 306
 Testing of the install on different hardware. Also pentesting on test installations to find vulnerabilities.
311 307
 </p>
312 308
 </div>
313 309
 </div>
314 310
 
315
-<div id="outline-container-org3ea4978" class="outline-3">
316
-<h3 id="org3ea4978">Web design and artwork</h3>
317
-<div class="outline-text-3" id="text-org3ea4978">
311
+<div id="outline-container-org2ec5168" class="outline-3">
312
+<h3 id="org2ec5168">Web design and artwork</h3>
313
+<div class="outline-text-3" id="text-org2ec5168">
318 314
 <p>
319 315
 A better design for this website would be nice to have. Photos, icons or other artwork are all welcome. I've always liked the cartoon artwork of the <a href="https://www.mediagoblin.org/">Mediagoblin</a> project, and attractive graphics can help to get people initially interested.
320 316
 </p>
321 317
 </div>
322 318
 </div>
323 319
 
324
-<div id="outline-container-orgac92852" class="outline-3">
325
-<h3 id="orgac92852">More education and promotion</h3>
326
-<div class="outline-text-3" id="text-orgac92852">
320
+<div id="outline-container-org76b8351" class="outline-3">
321
+<h3 id="org76b8351">More education and promotion</h3>
322
+<div class="outline-text-3" id="text-org76b8351">
327 323
 <div class="org-center">
328 324
 
329 325
 <div class="figure">
@@ -341,18 +337,18 @@ Raising awareness beyond the near zero current level, overcoming fear and parano
341 337
 </div>
342 338
 </div>
343 339
 
344
-<div id="outline-container-orgf1745de" class="outline-3">
345
-<h3 id="orgf1745de">Translations</h3>
346
-<div class="outline-text-3" id="text-orgf1745de">
340
+<div id="outline-container-org5332549" class="outline-3">
341
+<h3 id="org5332549">Translations</h3>
342
+<div class="outline-text-3" id="text-org5332549">
347 343
 <p>
348 344
 To add translations modify the json files within the <b>locale</b> subdirectory. Then make a pull request on the <a href="https://github.com/bashrc/freedombone">Github site</a>.
349 345
 </p>
350 346
 </div>
351 347
 </div>
352 348
 
353
-<div id="outline-container-org6cc7753" class="outline-3">
354
-<h3 id="org6cc7753">Packaging</h3>
355
-<div class="outline-text-3" id="text-org6cc7753">
349
+<div id="outline-container-orgd4e3504" class="outline-3">
350
+<h3 id="orgd4e3504">Packaging</h3>
351
+<div class="outline-text-3" id="text-orgd4e3504">
356 352
 <p>
357 353
 Helping to package GNU Social and Hubzilla for Debian would be beneficial.
358 354
 </p>