Merge branch 'stretch' of https://github.com/bashrc/freedombone

Makefile

 	cp img/backgrounds/${APP}_*.png ${DESTDIR}${PREFIX}/share
 	cp img/avatars/* ${DESTDIR}/usr/share/${APP}/avatars
 	cp src/* ${DESTDIR}${PREFIX}/bin
-	cp src/${APP}-controlpanel ${DESTDIR}${PREFIX}/bin/control
+#	cp src/${APP}-controlpanel ${DESTDIR}${PREFIX}/bin/control
 	cp src/${APP}-mesh-batman ${DESTDIR}${PREFIX}/bin/batman
 	cp src/${APP}-backup-local ${DESTDIR}${PREFIX}/bin/backup
 	cp src/${APP}-backup-local ${DESTDIR}${PREFIX}/bin/backup2friends
 	chown -R root: /usr/share/${APP}
 	chmod -R +r /usr/share/${APP}
 #	bash -c "./translate install"
+	/usr/local/bin/${APP}-prepare-scripts
 uninstall:
 	rm -f ${PREFIX}/share/${APP}_*.png
 	rm -f ${PREFIX}/share/man/man1/backup.1.gz
 	rm -f ${PREFIX}/bin/restorefromfriend
 	rm -f ${PREFIX}/bin/batman
 	rm -rf /etc/${APP}
+	rm -f ${PREFIX}/bin/control
+	rm -f ${PREFIX}/bin/controluser
+	rm -f ${PREFIX}/bin/addremove
 	bash -c "./translate uninstall"
 clean:
 	rm -f \#* \.#* debian/*.substvars debian/*.log src/*~

doc/EN/app_radicale.org

-#+TITLE:
-#+AUTHOR: Bob Mottram
-#+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombone, radicale
-#+DESCRIPTION: How to use Radicale
-#+OPTIONS: ^:nil toc:nil
-#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
-
-#+BEGIN_CENTER
-[[file:images/logo.png]]
-#+END_CENTER
-
-#+BEGIN_EXPORT html
-<center>
-<h1>Radicale</h1>
-</center>
-#+END_EXPORT
-
-Radicale is a calendar server which allows your to synchronise your calendar across all your devices. Support for CalDAV within various client systems can be quite patchy/flaky though, so use it with caution.
-
-* Installation
-Log into your system with:
-
-#+begin_src bash
-ssh myusername@mydomain -p 2222
-#+end_src
-
-Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password.
-
-Select *Add/Remove Apps* then *radicale*. If you don't already have an SSL/TLS certificate for your main domain then go to the security settings and create a new Let's Encrypt cert for it. That will ensure that your calendar events have some minimal level of protection from passive surveillance.
-
-* Setting up on Android
-Via F-droid install *DAVdroid*.
-
-There seems to be a problem with Let's Encrypt certificates with this app, but it's possible to get around it. Open DAVdroid and select the side *menu* followed by *Settings*. Enable *Distrust system certificates* and press *Reset untrusted certificates*.
-
-Exit from settings and press the *plus button* to add an account. Select *Login with URL and user name*. The URL should be https://yourmaindomainname/radicale/. Remember to include the trailing slash on the URL. If you installed Freedombone from a disk image then enter your username and the password which was shown at the start of installation. If not then the password for Radicale will be within *Passwords* section of the *Administrator control panel*.
-
-You will be prompted to approve the Let's Encrypt cerificate for your domain name, and once that's done then you should see your account as a large yellow box. Press on that and ensure that *Addresses* and *calendar* are selected.
-
-Now go to your calendar app and press the plus icon to add an event. You should notice that the calendar account selected is your username on the Freedombone system.

doc/EN/app_scuttlebot.org

-#+TITLE:
-#+AUTHOR: Bob Mottram
-#+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombone, scuttlebot
-#+DESCRIPTION: How to use Scuttlebot
-#+OPTIONS: ^:nil toc:nil
-#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
-
-#+BEGIN_CENTER
-[[file:images/logo.png]]
-#+END_CENTER
-
-#+BEGIN_EXPORT html
-<center>
-<h1>Scuttlebot</h1>
-</center>
-#+END_EXPORT
-
-This is a type of /followbot/ for the [[https://www.scuttlebutt.nz][Secure Scuttlebutt]] peer-to-peer messaging system. It's purpose is to follow your friends and keep a log of their messages so that if you are offline for a while when you return you can sync with this system to get all of the missed messages. This avoid the problem common in messaging systems of /everyone needing to be online all of the time/.
-
-The Secure Scuttlebutt system has message encryption, but no protection of the metadata. It lives only on the clearnet. So this system is more about ensuring that messages get correctly delivered and appear in the right chronological order in unreliable situations where network availability may be intermittent, rather than defending against surveillance adversaries.
-
-* Installation
-Log into your system with:
-
-#+begin_src bash
-ssh myusername@mydomain -p 2222
-#+end_src
-
-Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password.
-
-Select *Add/Remove Apps*. If Vim is selected then you might want to unselect and uninstall it first, then select *scuttlebot*.
-
-Install your favourite Scuttlebutt client onto your laptop, then select *Join Pub*. ssh into your Freedombone system and go to the *Administrator control panel* then select *App settings* followed by *scuttlebot*. You can then create an invite and paste it into your client.

doc/EN/apps.org

 A shell based XMPP client which you can run on the Freedombone server via ssh.
 
 [[./app_profanity.html][How to use it]]
-* Radicale
-Calendar system compatible with CalDAV and CardDAV. Synch your calendar events easily and securely across all your devices.
-
-[[./app_radicale.html][How to use it]]
 * Riot Web
 A browser based user interface for the Matrix federated communications system, including WebRTC audio and video chat.
 
 [[./app_riot.html][How to use it]]
-* Scuttlebot
-A pub service to help synchronize your messages.
-
-
-[[./app_scuttlebot.html][How to use it]]
 * SearX
 A metasearch engine for customised and private web searches.
 

doc/EN/beaglebone.org

 sudo apt-get install git
 git clone https://github.com/bashrc/freedombone
 cd freedombone
+git checkout stretch
 sudo make install
 freedombone-image --setup debian
 #+end_src
 sudo pacman -S git
 git clone https://github.com/bashrc/freedombone
 cd freedombone
+git checkout stretch
 sudo make install
 freedombone-image --setup parabola
 #+end_src

doc/EN/debianinstall.org

 
 Although the image builder supports a variety of architectures there may still be some which aren't supported. These especially include systems which have a proprietary boot blob, such as the Raspberry Pi boards.
 
-It's still possible to install the system onto these unsupported devices if you need to. First you'll need to ensure that you have *Debian Jessie* installed and can get ssh access to the system. Then either via ssh, or directly on the target device in the case of an old laptop or netbook:
+It's still possible to install the system onto these unsupported devices if you need to. First you'll need to ensure that you have *Debian Stretch* installed and can get ssh access to the system. Then either via ssh, or directly on the target device in the case of an old laptop or netbook:
 
 #+BEGIN_SRC bash
 su
 apt-get -qy install build-essential git dialog
 git clone https://github.com/bashrc/freedombone
 cd freedombone
+git checkout stretch
 make install
 freedombone makeconfig
 #+END_SRC

doc/EN/devguide.org

                      MYAPPNAME_ONION_PORT
                      MYAPPNAME_DB_PASSWORD)
 
+function logging_on_myappname {
+    echo -n ''
+    # Commands to turn on logging go here
+}
+
+function logging_off_myappname {
+    echo -n ''
+    # Commands to turn off logging go here
+}
+
 function change_password_myappname {
     PASSWORD_USERNAME="$1"
     PASSWORD_NEW="$2"

doc/EN/faq.org

 | [[Why does my email keep getting rejected as spam by Gmail/etc?]]                             |
 | [[Tor is censored/blocked in my area. What can I do?]]                                        |
 | [[I want to block a particular domain from getting its content into my social network sites]] |
+| [[The mesh system doesn't boot from USB drive]]                                               |
 
 #+END_CENTER
 
 #+end_src
 
 Select /Administrator controls/ then /Domain blocking/.
+
+* The mesh system doesn't boot from USB drive
+If the system doesn't boot and reports an error which includes */dev/mapper/loop0p1* then reboot with *Ctrl-Alt-Del* and when you see the grub menu press *e* and manually change */dev/mapper/loop0p1* to */dev/sdb1*, then press *Ctrl-x*. If that doesn't work then reboot and try */dev/sdc1* instead.
+
+After the system has booted successfully the problem should resolve itself on subsequent reboots.

doc/EN/fediverse.org

 
 
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://2tp3f6vtvhkqpuc6.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
+This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
 #+END_CENTER

doc/EN/homeserver.org

 sudo apt-get install git
 git clone https://github.com/bashrc/freedombone
 cd freedombone
+git checkout stretch
 sudo make install
 freedombone-image --setup debian
 freedombone-image -t i386 --onion yes
 sudo pacman -S git
 git clone https://github.com/bashrc/freedombone
 cd freedombone
+git checkout stretch
 sudo make install
 freedombone-image --setup parabola
 freedombone-image -t i386 --onion yes
 #+end_src
 
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://2tp3f6vtvhkqpuc6.onion
+This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
 #+END_CENTER

doc/EN/index.org

 -- Lucas Nussbaum
 #+end_quote
 
-#+BEGIN_CENTER
-[[file:images/beaglebone_logo.jpg]]
-#+END_CENTER
+
+#+BEGIN_EXPORT html
+<center>
+<h1><a href="./release3.html">New version 3 (Stretch)</a></h1>
+</center>
+#+END_EXPORT
 
 So you want to run your own internet services? Email, chat, VoIP, web sites, file synchronisation, wikis, blogs, social networks, media hosting, backups. Freedombone enables you to do all of that in a self-hosted way, where you keep control of your data and it resides in your own home.
 
 
 Or you can install [[./debianinstall.html][onto an existing Debian system]].
 
-Want to make a community mesh network which doesn't depend upon the internet?
-
-[[./mesh.html][You can do that too]].
+Want to make a community mesh network which doesn't depend upon the internet? The [[./mesh.html][Freedombone Mesh]] is a wireless solution for autonomous communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
 
 After installation it's possible that you might want some advice on how to run your system and set up apps to work nicely with it.
 
 Ready made disk images which can be copied onto USB or microSD drives are [[./downloads][available here]] and also [[http://www.postactiv.com/freedombone/2.00/index.html][mirrored here]].
 
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://2tp3f6vtvhkqpuc6.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
+This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
 #+END_CENTER

doc/EN/installation.org

 sudo apt-get install git build-essential dialog
 git clone https://github.com/bashrc/freedombone
 cd freedombone
+git checkout stretch
 sudo make install
 #+END_SRC
 
 Before installing Freedombone you will need a few things.
 
   * Have some domains, or subdomains, registered with a dynamic DNS service. For the full install you may need two "official" purchased domains or be using a subdomain provider which is supported by Let's Encrypt.
-  * System with a new installation of Debian Jessie or a downloaded/prepared disk image
+  * System with a new installation of Debian Stretch or a downloaded/prepared disk image
   * Ethernet connection between the system and your internet router
   * That it is possible to forward ports from the internet router to the system, typically via firewall settings
   * Have ssh access to the system, typically via fbone@freedombone.local on port 2222
 There are three install options: Laptop/Desktop/Netbook, SBC and Virtual Machine.
 
 ** On a Laptop, Netbook or Desktop machine
-If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Jessie onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:
+If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Stretch onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:
 
 #+BEGIN_SRC bash
 su
 apt-get -y install git dialog build-essential
 git clone https://github.com/bashrc/freedombone
 cd freedombone
+git checkout stretch
 make install
 freedombone menuconfig
 #+END_SRC
 sudo apt-get install git dialog haveged build-essential
 git clone https://github.com/bashrc/freedombone
 cd freedombone
+git checkout stretch
 sudo make install
 freedombone-client
 #+END_SRC

doc/EN/mesh.org

 | [[What the system can do]] | - | [[Disk Images]] | - | [[Building Disk Images]] | - | [[How to use it]] |
 |------------------------+---+-------------+---+----------------------+---+---------------|
 
+The Freedombone Mesh is a wireless solution for autonomous communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
+
 Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small business internal office communications, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies. The down side is that you can't access any internet content. The upside is that you can securely communicate with anyone on the local mesh. No ISPs. No payments or subscriptions beyond the cost of obtaining the hardware. Systems need to be within wifi range of each other for the mesh to be created. It can be an ultra-convenient way to do purely local communications.
 
 * What the system can do
 This system should be quite scalable. Both qTox and IPFS are based upon distributed hash tables (DHT) so that each peer does not need to store the full index of data for the entire network. Caching or pinning of IPFS data and its content addressability means that if a file or blog becomes popular then performance should improve as the number of downloads increases, which is the opposite of the client/server paradigm.
 
 * Disk Images
+** Writing many images quickly
+There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the *dd* command is used for writing to the target drive, but to write to multiple drives you can use a tool such as [[https://wiki.gnome.org/Apps/MultiWriter][GNOME MultiWriter]].
+
+For example on Arch/Parabola:
+
+#+begin_src bash
+sudo pacman -S gnome-multi-writer
+#+end_src
+
+Or on Debian based systems:
+
+#+begin_src bash
+sudo apt-get install gnome-multi-writer
+#+end_src
 ** Client images
 
 #+BEGIN_CENTER
 
 #+begin_src bash
 sudo apt-get install xz-utils wget
-wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-2.00_all-i386.img.xz
-wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-2.00_all-i386.img.xz.sig
-gpg --verify freedombone-meshclient-2.00_all-i386.img.xz.sig
-sha256sum freedombone-meshclient-2.00_all-i386.img.xz
-403cf1cc2bc5272e5921d3ebefc351540928141bc65641b6d16f2262a933cb4e
-unxz freedombone-meshclient-2.00_all-i386.img.xz
-sudo dd bs=1M if=freedombone-meshclient-2.00_all-i386.img of=/dev/sdX conv=fdatasync
+wget https://freedombone.net/downloads/v3/freedombone-meshclient-3_all-i386.img.xz
+wget https://freedombone.net/downloads/v3/freedombone-meshclient-3_all-i386.img.xz.sig
+gpg --verify freedombone-meshclient-3_all-i386.img.xz.sig
+sha256sum freedombone-meshclient-3_all-i386.img.xz
+74f9eaad479f84d3bf9cb002067074d35a97028145e781c5746c74577f777ee5
+unxz freedombone-meshclient-3_all-i386.img.xz
+sudo dd bs=1M if=freedombone-meshclient-3_all-i386.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 To get a number of systems onto the mesh repeat the /dd/ command to create however many bootable USB drives you need.
 
 #+begin_src bash
 sudo apt-get install xz-utils wget
-wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-insecure-2.00_all-i386.img.xz
-wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-insecure-2.00_all-i386.img.xz.sig
-gpg --verify freedombone-meshclient-insecure-2.00_all-i386.img.xz.sig
-sha256sum freedombone-meshclient-insecure-2.00_all-i386.img.xz
-7cda1a52acad7d18156ea238d7eb550479a5f882ac45c8cf9b9e56077fb26be9
-unxz freedombone-meshclient-insecure-2.00_all-i386.img.xz
-sudo dd bs=1M if=freedombone-meshclient-insecure-2.00_all-i386.img of=/dev/sdX conv=fdatasync
+wget https://freedombone.net/downloads/v3/freedombone-meshclient-insecure-3_all-i386.img.xz
+wget https://freedombone.net/downloads/v3/freedombone-meshclient-insecure-3_all-i386.img.xz.sig
+gpg --verify freedombone-meshclient-insecure-3_all-i386.img.xz.sig
+sha256sum freedombone-meshclient-insecure-3_all-i386.img.xz
+f1c5df24a4bfca47bd5c41dfd2568925e63a1abf83aecf0250480b4b8edc071d
+unxz freedombone-meshclient-insecure-3_all-i386.img.xz
+sudo dd bs=1M if=freedombone-meshclient-insecure-3_all-i386.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 ** Router images
 
 #+begin_src bash
 sudo apt-get install xz-utils wget
-wget https://freedombone.net/downloads/v2.00/freedombone-mesh-2.00_beaglebone-armhf.img.xz
-wget https://freedombone.net/downloads/v2.00/freedombone-mesh-2.00_beaglebone-armhf.img.xz.sig
-gpg --verify freedombone-mesh-2.00_beaglebone-armhf.img.xz.sig
-sha256sum freedombone-mesh-2.00_beaglebone-armhf.img.xz
-daf8c82f111ae8714cffc52633156554c23d5feafabbe85cb15925e0373a3ff4
-unxz freedombone-mesh-2.00_beaglebone-armhf.img.xz
-sudo dd bs=1M if=freedombone-mesh-2.00_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
+wget https://freedombone.net/downloads/v3/freedombone-mesh-3_beaglebone-armhf.img.xz
+wget https://freedombone.net/downloads/v3/freedombone-mesh-3_beaglebone-armhf.img.xz.sig
+gpg --verify freedombone-mesh-3_beaglebone-armhf.img.xz.sig
+sha256sum freedombone-mesh-3_beaglebone-armhf.img.xz
+ab783ea807da1144bd076f7b43e54b5f4376ecf1ea1f86f56ac76c3469325802
+unxz freedombone-mesh-3_beaglebone-armhf.img.xz
+sudo dd bs=1M if=freedombone-mesh-3_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 If you have a few Beaglebone Blacks to use as routers then repeat the /dd/ command to create however many microSD cards you need.
 * Building Disk Images
 It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
 
-First you will need to create an image. On a Debian based system (tested on Debian Jessie and Trisquel 7):
+First you will need to create an image. On a Debian based system (tested on Debian Stretch):
 
 #+begin_src bash
-sudo apt-get -y install build-essential libc6-dev-i386 wget \
-    gcc-multilib g++-multilib git python-docutils mktorrent \
-    vmdebootstrap xz-utils dosfstools btrfs-tools extlinux \
-    python-distro-info mbr qemu-user-static binfmt-support \
-    u-boot-tools qemu
-wget https://freedombone.net/downloads/freedombone-mesh-13-09-2016.tar.gz
-wget https://freedombone.net/downloads/freedombone-mesh-13-09-2016.tar.gz.sig
-gpg --verify freedombone-mesh-13-09-2016.tar.gz.sig
-sha256sum freedombone-mesh-13-09-2016.tar.gz
-3e279f8ed762afb682bec6bd463830087354dd2f24020f3b0de51143585ab0ed
-tar -xzvf freedombone-mesh-13-09-2016.tar.gz
+sudo apt-get -y install git wget build-essential
+wget https://freedombone.net/downloads/v3/freedombone-3.tar.gz
+wget https://freedombone.net/downloads/freedombone-3.tar.gz.sig
+gpg --verify freedombone-3.tar.gz.sig
+sha256sum freedombone-3.tar.gz
+b99853322871efd298a9efd78d22323e0e7424a5cdb5097b4cc55ef45a220ebb
+tar -xzvf freedombone-3.tar.gz
 cd freedombone
+git checkout stretch
 sudo make install
+freedombone-image --setup debian
 freedombone-image -t i386 -v meshclient
 #+end_src
 
 
 After a minute or two if you are within wifi range and there is at least one other user on the network then you should see additional icons appear on the desktop, such as /Other Users/ and /Chat/.
 
+** Boot trouble
+If the system doesn't boot and reports an error which includes */dev/mapper/loop0p1* then reboot with *Ctrl-Alt-Del* and when you see the grub menu press *e* and manually change */dev/mapper/loop0p1* to */dev/sdb1*, then press *Ctrl-x*. If that doesn't work then reboot and try */dev/sdc1* instead.
+
+After the system has booted successfully the problem should resolve itself on subsequent reboots.
 ** Set the Date
 On the ordinary internet the date and time of your system would be set automatically via NTP. But this is not the internet and so you will need to manually ensure that your date and time settings are correct. You might need to periodically do this if your clock drifts. It's not essential that the time on your system be highly accurate, but if it drifts too far or goes back to epoch then things could become a little confusing in regard to the order of blog posts.
 
 
 
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://2tp3f6vtvhkqpuc6.onion
+This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
 #+END_CENTER

doc/EN/release3.org

+#+TITLE:
+#+AUTHOR: Bob Mottram
+#+EMAIL: bob@freedombone.net
+#+KEYWORDS: freedombone
+#+DESCRIPTION: Version 3
+#+OPTIONS: ^:nil toc:nil
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
+
+#+BEGIN_CENTER
+[[file:images/release3.jpg]]
+#+END_CENTER
+
+#+BEGIN_EXPORT html
+<center>
+<h2>Building an internet run by the users, for the users</h2>
+</center>
+#+END_EXPORT
+
+The internet may still be mostly in the clutches of a few giant megacorporations and dubious governments with sketchy agendas, but it doesn't have to remain that way. With the third version of the Freedombone system there is now more scope than before to take back your privacy, have ownership of personal data and run your own online communities without undesirable intermediaries.
+
+Freedombone version 3 is based on Debian 9 (Stretch). It was released in July 2017 and includes:
+
+ * Faster initial setup
+ * More [[./apps.html][installable apps]], including CryptPad, Koel, NextCloud, PostActiv, Friendica and Matrix/RiotWeb
+ * Automated [[https://github.com/hardenedlinux/STIG-4-Debian][security tests]]
+ * Improved XMPP configuration for support of the [[https://conversations.im][Conversations]] app features
+ * Improved blocking controls for a better federated network experience
+ * Uses [[https://en.wikipedia.org/wiki/EdDSA][elliptic curve]] based GPG keys for better performance on low power single board computers
+ * Pre-downloaded repos distributed within images for faster and more autonomous app installs
+
+* Installation
+
+The simplest way to install is from a pre-made disk image. Images can be [[https://freedombone.net/downloads/v3][downloaded here]]. You will need to have previously obtained a domain name and have a dynamic DNS account somewhere.
+
+Copy the image to a microSD card or USB thumb drive, replacing sdX with the identifier of the USB thumb drive. Don't include any numbers (so for example use sdc instead of sdc1).
+
+#+BEGIN_SRC bash
+unxz downloadedimagefile.img.xz
+dd bs=1M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
+#+END_SRC
+
+And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.
+
+Plug the microSD or USB drive into the target hardware which you want to use as a server and power on. If you're using an old laptop or netbook as the server then you will need to set the BIOS to boot from USB.
+
+As the system boots for the first time the login is:
+
+#+BEGIN_SRC bash
+username: fbone
+password: freedombone
+#+END_SRC
+
+If you're installing from a microSD card on a single board computer without a screen and keyboard attached then you can ssh into it with:
+
+#+BEGIN_SRC bash
+ssh fbone@freedombone.local -p 2222
+#+END_SRC
+
+Using the initial password "freedombone". If you have trouble accessing the server then make sure you have Avahi installed and [[https://en.wikipedia.org/wiki/Multicast_DNS][mDNS]] enabled.
+
+You will then be shown a new randomly generated password. It's very important that you write this down somewhere or transfer it to a password manager before going further, because you'll need this to log in later.
+
+More detailed installation instructions are linked from [[./index.html][the main site]].
+
+* Upgrading from a previous install
+
+To upgrade from the Debian Jessie version first create a master keydrive. Go to the *Administrator control panel* and select *Backup and restore* then *Backup GPG key to USB (master keydrive)*. Insert a LUKS encrypted USB drive. When that is done Create a full backup by selecting *Backup data to USB drive* and using another LUKS encrypted USB drive.
+
+Follow the installation infstructions for the new Freedombone version, as described in the previous section. When the new system starts installing it will ask if you want to restore your GPG keys. Select *yes* and plug in your master keydrive.
+
+When the initial setup is complete go to the *Administrator control panel* and select *Backup and restore* then *Restore data from USB drive* followed by *all*. Insert the backup USB drive which you made previously. This will restore the base system, including any emails.
+
+You can now go to *Add/Remove apps* on the *Administrator control panel* and add the apps you want. Once they're installed you can recover their content and settings from *Backup and Restore*.

doc/EN/support.org

 
 * Contact details
 
-This site can also be accessed via a Tor browser at *http://2tp3f6vtvhkqpuc6.onion*
+This site can also be accessed via a Tor browser at *http://pazyv7nkllp76hqr.onion*
 
 *Email:* bob@freedombone.net
 

image_build/debootstrap/scripts/stretch

 keyring /usr/share/keyrings/debian-archive-keyring.gpg
 
 if doing_variant fakechroot; then
-	test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started"
+    test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started"
 fi
 
 case $ARCH in
-	alpha|ia64) LIBC="libc6.1" ;;
-	kfreebsd-*) LIBC="libc0.1" ;;
-	hurd-*)     LIBC="libc0.3" ;;
-	*)          LIBC="libc6" ;;
+    alpha|ia64) LIBC="libc6.1" ;;
+    kfreebsd-*) LIBC="libc0.1" ;;
+    hurd-*)     LIBC="libc0.3" ;;
+    *)          LIBC="libc6" ;;
 esac
 
 work_out_debs () {
-	required="$(get_debs Priority: required)"
-
-	if doing_variant - || doing_variant fakechroot; then
-		#required="$required $(get_debs Priority: important)"
-		#  ^^ should be getting debconf here somehow maybe
-		base="$(get_debs Priority: important)"
-	elif doing_variant buildd || doing_variant scratchbox; then
-		base="apt build-essential"
-	elif doing_variant minbase; then
-		base="apt"
-	fi
-
-	if doing_variant fakechroot; then
-		# ldd.fake needs binutils
-		required="$required binutils"
-	fi
-
-	case $MIRRORS in
-	    https://*)
-		base="$base apt-transport-https ca-certificates"
-		;;
-	esac
+    required="$(get_debs Priority: required)"
+
+    if doing_variant - || doing_variant fakechroot; then
+        #required="$required $(get_debs Priority: important)"
+        #  ^^ should be getting debconf here somehow maybe
+        base="$(get_debs Priority: important)"
+    elif doing_variant buildd || doing_variant scratchbox; then
+        base="apt build-essential"
+    elif doing_variant minbase; then
+        base="apt"
+    fi
+
+    if doing_variant fakechroot; then
+        # ldd.fake needs binutils
+        required="$required binutils"
+    fi
+
+    case $MIRRORS in
+        https://*)
+        base="$base apt-transport-https ca-certificates"
+        ;;
+    esac
 }
 
 first_stage_install () {
-	case "$CODENAME" in
-		etch|etch-m68k|jessie|lenny|squeeze|wheezy) ;;
-		*) setup_merged_usr ;;
-	esac
+    case "$CODENAME" in
+        etch|etch-m68k|stretch|jessie|lenny|squeeze|wheezy) ;;
+        *) setup_merged_usr ;;
+    esac
 
-	extract $required
+    extract $required
 
-	mkdir -p "$TARGET/var/lib/dpkg"
-	: >"$TARGET/var/lib/dpkg/status"
-	: >"$TARGET/var/lib/dpkg/available"
+    mkdir -p "$TARGET/var/lib/dpkg"
+    : >"$TARGET/var/lib/dpkg/status"
+    : >"$TARGET/var/lib/dpkg/available"
 
-	setup_etc
-	if [ ! -e "$TARGET/etc/fstab" ]; then
-		echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab"
-		chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab"
-	fi
+    setup_etc
+    if [ ! -e "$TARGET/etc/fstab" ]; then
+        echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab"
+        chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab"
+    fi
 
-	setup_devices
+    setup_devices
 }
 
 second_stage_install () {
-	setup_dynamic_devices
+    setup_dynamic_devices
 
-	x_feign_install () {
-		local pkg="$1"
-		local deb="$(debfor $pkg)"
-		local ver="$(in_target dpkg-deb -f "$deb" Version)"
+    x_feign_install () {
+        local pkg="$1"
+        local deb="$(debfor $pkg)"
+        local ver="$(in_target dpkg-deb -f "$deb" Version)"
 
-		mkdir -p "$TARGET/var/lib/dpkg/info"
+        mkdir -p "$TARGET/var/lib/dpkg/info"
 
-		echo \
+        echo \
 "Package: $pkg
 Version: $ver
 Maintainer: unknown
 Status: install ok installed" >> "$TARGET/var/lib/dpkg/status"
 
-		touch "$TARGET/var/lib/dpkg/info/${pkg}.list"
-	}
+        touch "$TARGET/var/lib/dpkg/info/${pkg}.list"
+    }
 
-	x_feign_install dpkg
+    x_feign_install dpkg
 
-	x_core_install () {
-		smallyes '' | in_target dpkg --force-depends --install $(debfor "$@")
-	}
+    x_core_install () {
+        smallyes '' | in_target dpkg --force-depends --install $(debfor "$@")
+    }
 
-	p () {
-		baseprog="$(($baseprog + ${1:-1}))"
-	}
+    p () {
+        baseprog="$(($baseprog + ${1:-1}))"
+    }
 
-	if doing_variant fakechroot; then
-		setup_proc_fakechroot
-	elif doing_variant scratchbox; then
-		true
-	else
-		setup_proc
-		in_target /sbin/ldconfig
-	fi
+    if doing_variant fakechroot; then
+        setup_proc_fakechroot
+    elif doing_variant scratchbox; then
+        true
+    else
+        setup_proc
+        in_target /sbin/ldconfig
+    fi
 
-	DEBIAN_FRONTEND=noninteractive
-	DEBCONF_NONINTERACTIVE_SEEN=true
-	export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN
+    DEBIAN_FRONTEND=noninteractive
+    DEBCONF_NONINTERACTIVE_SEEN=true
+    export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN
 
-	baseprog=0
-	bases=7
+    baseprog=0
+    bases=7
 
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #1
-	info INSTCORE "Installing core packages..."
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #1
+    info INSTCORE "Installing core packages..."
 
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #2
-	ln -sf mawk "$TARGET/usr/bin/awk"
-	x_core_install base-passwd
-	x_core_install base-files
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #3
-	x_core_install dpkg
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #2
+    ln -sf mawk "$TARGET/usr/bin/awk"
+    x_core_install base-passwd
+    x_core_install base-files
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #3
+    x_core_install dpkg
 
-	if [ ! -e "$TARGET/etc/localtime" ]; then
-		ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime"
-	fi
+    if [ ! -e "$TARGET/etc/localtime" ]; then
+        ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime"
+    fi
 
-	if doing_variant fakechroot; then
-		install_fakechroot_tools
-	fi
+    if doing_variant fakechroot; then
+        install_fakechroot_tools
+    fi
 
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #4
-	x_core_install $LIBC
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #4
+    x_core_install $LIBC
 
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #5
-	x_core_install perl-base
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #5
+    x_core_install perl-base
 
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #6
-	rm "$TARGET/usr/bin/awk"
-	x_core_install mawk
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #6
+    rm "$TARGET/usr/bin/awk"
+    x_core_install mawk
 
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #7
-	if doing_variant -; then
-		x_core_install debconf
-	fi
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #7
+    if doing_variant -; then
+        x_core_install debconf
+    fi
 
-	baseprog=0
-	bases=$(set -- $required; echo $#)
+    baseprog=0
+    bases=$(set -- $required; echo $#)
 
-	info UNPACKREQ "Unpacking required packages..."
+    info UNPACKREQ "Unpacking required packages..."
 
-	exec 7>&1
+    exec 7>&1
 
-	smallyes '' |
-		(repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages.  This will be attempted up to five times." "" \
-		dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) |
-		dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING
+    smallyes '' |
+        (repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages.  This will be attempted up to five times." "" \
+        dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) |
+        dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING
 
-	info CONFREQ "Configuring required packages..."
+    info CONFREQ "Configuring required packages..."
 
-	echo \
+    echo \
 "#!/bin/sh
 exit 101" > "$TARGET/usr/sbin/policy-rc.d"
-	chmod 755 "$TARGET/usr/sbin/policy-rc.d"
+    chmod 755 "$TARGET/usr/sbin/policy-rc.d"
 
-	mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
-	echo \
+    mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
+    echo \
 "#!/bin/sh
 echo
 echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon"
-	chmod 755 "$TARGET/sbin/start-stop-daemon"
-
-	setup_dselect_method apt
-
-	smallyes '' |
-		(in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \
-		dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) |
-		dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING
-
-	baseprog=0
-	bases="$(set -- $base; echo $#)"
-
-	info UNPACKBASE "Unpacking the base system..."
-
-	setup_available $required $base
-	done_predeps=
-	while predep=$(get_next_predep); do
-		# We have to resolve dependencies of pre-dependencies manually because
-		# dpkg --predep-package doesn't handle this.
-		predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps")
-		# XXX: progress is tricky due to how dpkg_progress works
-		# -- cjwatson 2009-07-29
-		p; smallyes '' |
-		in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep)
-		base=$(without "$base" "$predep")
-		done_predeps="$done_predeps $predep"
-	done
-
-	smallyes '' |
-		(repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages.  This will be re-attempted up to five times." "" \
-		dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) |
-		dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING
-
-	info CONFBASE "Configuring the base system..."
-
-	smallyes '' |
-		(repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages.  This will be re-attempted up to five times." "" \
-		dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) |
-		dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING
-
-	mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon"
-	rm -f "$TARGET/usr/sbin/policy-rc.d"
-
-	progress $bases $bases CONFBASE "Configuring base system"
-	info BASESUCCESS "Base system installed successfully."
+    chmod 755 "$TARGET/sbin/start-stop-daemon"
+
+    setup_dselect_method apt
+
+    smallyes '' |
+        (in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \
+        dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) |
+        dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING
+
+    baseprog=0
+    bases="$(set -- $base; echo $#)"
+
+    info UNPACKBASE "Unpacking the base system..."
+
+    setup_available $required $base
+    done_predeps=
+    while predep=$(get_next_predep); do
+        # We have to resolve dependencies of pre-dependencies manually because
+        # dpkg --predep-package doesn't handle this.
+        predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps")
+        # XXX: progress is tricky due to how dpkg_progress works
+        # -- cjwatson 2009-07-29
+        p; smallyes '' |
+        in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep)
+        base=$(without "$base" "$predep")
+        done_predeps="$done_predeps $predep"
+    done
+
+    smallyes '' |
+        (repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages.  This will be re-attempted up to five times." "" \
+        dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) |
+        dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING
+
+    info CONFBASE "Configuring the base system..."
+
+    smallyes '' |
+        (repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages.  This will be re-attempted up to five times." "" \
+        dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) |
+        dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING
+
+    mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon"
+    rm -f "$TARGET/usr/sbin/policy-rc.d"
+
+    progress $bases $bases CONFBASE "Configuring base system"
+    info BASESUCCESS "Base system installed successfully."
 }

src/freedombone

 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
     ONION_ONLY="yes"
 fi
 
+if [[ $command_options == "menuconfig-gnusocial" ]]; then
+    MINIMAL_INSTALL="yes"
+    ONION_ONLY="no"
+    SOCIALINSTANCE='gnusocial'
+fi
+
+if [[ $command_options == "menuconfig-postactiv" ]]; then
+    MINIMAL_INSTALL="yes"
+    ONION_ONLY="no"
+    SOCIALINSTANCE='postactiv'
+fi
+
 if [ ! $CONFIGURATION_FILE ]; then
     CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
 fi

src/freedombone-addcert

 INSTALL_DIR=/root/build
 LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
 MY_EMAIL_ADDRESS=
-FRIENDS_MIRRORS_SERVER=
-FRIENDS_MIRRORS_PASSWORD=
-FRIENDS_MIRRORS_SSH_PORT=
-MY_MIRRORS_PASSWORD=
 
 function show_help {
     echo ''
     fi
 
     if [ ! -f /usr/bin/certbot ]; then
-        apt-get -yq install certbot -t jessie-backports
+        apt-get -yq install certbot
+        groupadd ssl-cert
         if [ ! -f /usr/bin/certbot ]; then
             echo $'LetsEncrypt certbot failed to install'
             exit 762830
 
     openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
             -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
-            -newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \
+            -newkey rsa:2048 -keyout /etc/ssl/private/${CERTFILE}.key \
             -out /etc/ssl/certs/${CERTFILE}.crt
     chmod 400 /etc/ssl/private/${CERTFILE}.key
     chmod 640 /etc/ssl/certs/${CERTFILE}.crt
     fi
 }
 
-read_repo_servers
 create_cert
 generate_dh_params
 restart_web_server

src/freedombone-addremove

     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
-
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
 
+# Start including files
+
+source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+
 UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
 for f in $UTILS_FILES
 do
   source $f
 done
 
+# End including files
+
 function mark_unselected_apps_as_removed {
     # Initially mark the apps not chosen on first install as being removed
     # otherwise they may be automatically installed on the next update

src/freedombone-adduser

 chmod 600 /home/$ADD_USERNAME/.gnupg/*
 
 # Generate a GPG key
-echo 'Key-Type: 1' > /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Key-Length: 4096' >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Subkey-Type: 1' >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Subkey-Length: 4096' >> /home/$ADD_USERNAME/gpg-genkey.conf
+echo 'Key-Type: eddsa' > /home/$ADD_USERNAME/gpg-genkey.conf
+echo 'Key-Curve: Ed25519' >> /home/$ADD_USERNAME/gpg-genkey.conf
+echo 'Subkey-Type: eddsa' >> /home/$ADD_USERNAME/gpg-genkey.conf
 echo "Name-Real:  $ADD_USERNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
 echo "Name-Email: $ADD_USERNAME@$HOSTNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
 echo 'Expire-Date: 0' >> /home/$ADD_USERNAME/gpg-genkey.conf
+echo "Passphrase: $NEW_USER_PASSWORD" >> /home/$ADD_USERNAME/gpg-genkey.conf
 chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/gpg-genkey.conf
-su -c "gpg --batch --gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME
+su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME
+chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg
 shred -zu /home/$ADD_USERNAME/gpg-genkey.conf
 MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
 MY_GPG_PUBLIC_KEY=/home/$ADD_USERNAME/public_key.gpg
-su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME
+su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME
 
 if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
     echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
     userdel -r $ADD_USERNAME
     exit 7
 fi
+gpg_agent_setup $ADD_USERNAME
 
 # add a monkeysphere subkey
 #echo $'Adding monkeysphere subkey'
 #echo $'Adding monkeysphere subkey to ssh-agent'
 #su -c "monkeysphere s" - $ADD_USERNAME
 # add authorized GPG email address
-mkdir /home/$ADD_USERNAME/.monkeysphere
-chmod 755 /home/$ADD_USERNAME/.monkeysphere
-echo "$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>" > /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
-chmod 644 /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
-chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.monkeysphere
-echo $'Updating monkeysphere users'
-monkeysphere-authentication update-users
+#mkdir /home/$ADD_USERNAME/.monkeysphere
+#chmod 755 /home/$ADD_USERNAME/.monkeysphere
+#echo "$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>" > /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
+#chmod 644 /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
+#chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.monkeysphere
+#echo $'Updating monkeysphere users'
+#monkeysphere-authentication update-users
 
 if [ -f /home/$ADD_USERNAME/.muttrc ]; then
     # encrypt outgoing mail to the "sent" folder
     if ! grep -q "pgp_encrypt_only_command" /home/$ADD_USERNAME/.muttrc; then
         echo '' >> /home/$ADD_USERNAME/.muttrc
         echo $'# Encrypt items in the Sent folder' >> /home/$ADD_USERNAME/.muttrc
-        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
+        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
     else
-        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
     fi
 
     if ! grep -q "pgp_encrypt_sign_command" /home/$ADD_USERNAME/.muttrc; then
-        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
+        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
     else
-        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
     fi
 fi
 
 done
 
 if [ -f /etc/nginx/.htpasswd ]; then
-    if ! grep "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then
+    if ! grep -q "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then
         echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $ADD_USERNAME
     fi
 fi
 
 # add user menu on ssh login
-if ! grep -q 'control' /home/$ADD_USERNAME/.bashrc; then
-    echo 'control' >> /home/$ADD_USERNAME/.bashrc
+if ! grep -q 'controluser' /home/$ADD_USERNAME/.bashrc; then
+    echo 'controluser' >> /home/$ADD_USERNAME/.bashrc
 fi
 
 ${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD"

src/freedombone-app-batman

 batman_variables=(MY_USERNAME
                   BATMAN_CELLID)
 
+function logging_on_batman {
+    echo -n ''
+}
+
+function logging_off_batman {
+    echo -n ''
+}
+
 function install_interactive_batman {
     echo -n ''
     APP_INSTALLED=1

src/freedombone-app-cryptpad

 
 cryptpad_variables=(ONION_ONLY)
 
+function logging_on_cryptpad {
+    echo -n ''
+}
+
+function logging_off_cryptpad {
+    echo -n ''
+}
+
 function remove_user_cryptpad {
     remove_username="$1"
 }
     if [ -f /etc/systemd/system/cryptpad.service ]; then
         rm /etc/systemd/system/cryptpad.service
     fi
+    systemctl daemon-reload
 
     function_check remove_nodejs
     remove_nodejs cryptpad
         rm -rf $CRYPTPAD_DIR
     fi
 
-    function_check git_clone
-    git_clone $CRYPTPAD_REPO $CRYPTPAD_DIR
+    if [ -d /repos/cryptpad ]; then
+        mkdir $CRYPTPAD_DIR
+        cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR
+        cd $CRYPTPAD_DIR
+        git pull
+    else
+        function_check git_clone
+        git_clone $CRYPTPAD_REPO $CRYPTPAD_DIR
+    fi
+
     if [ ! -d $CRYPTPAD_DIR ]; then
         echo $'Unable to clone cryptpad repo'
         exit 783251
 
     npm install
     npm install -g bower@1.8.0
+    chown -R cryptpad:cryptpad $CRYPTPAD_DIR
     su -c 'bower install' - cryptpad
     cp config.example.js config.js
     if [ ! -f config.js ]; then
     fi
     chown -R cryptpad:cryptpad $CRYPTPAD_DIR
 
+    # install again
+    cd $CRYPTPAD_DIR
+    su -c 'bower install' - cryptpad
+
     systemctl restart nginx
 
     APP_INSTALLED=1

src/freedombone-app-dlna

                 INSTALLED_WITHIN_DOCKER
                 MY_USERNAME)
 
+function logging_on_dlna {
+    echo -n ''
+}
+
+function logging_off_dlna {
+    echo -n ''
+}
+
 function configure_interactive_dlna {
     while true
     do

src/freedombone-app-dokuwiki

 SHOW_ON_ABOUT=1
 
 DOKUWIKI_DOMAIN_NAME=
-DOKUWIKI_ADMIN_PASSWORD=
-DOKUWIKI_TITLE="${PROJECT_NAME} Dokuwiki"
 DOKUWIKI_CODE=
 DOKUWIKI_ONION_PORT=8089
+DOKUWIKI_ADMIN_PASSWORD=
+DOKUWIKI_TITLE="${PROJECT_NAME} Dokuwiki"
+
+DOKUWIKI_REPO="https://github.com/splitbrain/dokuwiki"
+DOKUWIKI_COMMIT='be15c01c0b982cf1a75b5af031bf077143c63f39'
 
 dokuwiki_variables=(ONION_ONLY
                     MY_USERNAME
                     DOKUWIKI_CODE
                     DDNS_PROVIDER)
 
+function logging_on_dokuwiki {
+    echo -n ''
+}
+
+function logging_off_dokuwiki {
+    echo -n ''
+}
+
 function install_interactive_dokuwiki {
     if [[ $ONION_ONLY != "no" ]]; then
         DOKUWIKI_TITLE=$'My Dokuwiki'
     curr_username="$1"
     new_user_password="$2"
 
-    if grep "$curr_username:" /var/lib/dokuwiki/acl/users.auth.php; then
+    DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
+    if grep -q "$curr_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
         HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
-        existing_user=$(cat /var/lib/dokuwiki/acl/users.auth.php | grep "$curr_username:" | hean -n 1)
+        existing_user=$(cat /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php | grep "$curr_username:" | hean -n 1)
         if [[ "$existing_user" == *":admin,"* ]]; then
-            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/lib/dokuwiki/acl/users.auth.php
+            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
         else
-            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/lib/dokuwiki/acl/users.auth.php
+            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
         fi
-        chmod 640 /var/lib/dokuwiki/acl/users.auth.php
+        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
+        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
+        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
         ${PROJECT_NAME}-pass -u $curr_username -a dokuwiki -p "$new_user_password"
     fi
 }
     new_username="$1"
     new_user_password="$2"
 
+    DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
     HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
-    echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/lib/dokuwiki/acl/users.auth.php
-    chmod 640 /var/lib/dokuwiki/acl/users.auth.php
+    echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+    cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
+    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
     ${PROJECT_NAME}-pass -u "$new_username" -a dokuwiki -p "$new_user_password"
 }
 
 function remove_user_dokuwiki {
     remove_username="$1"
 
-    if grep "$remove_username:" /var/lib/dokuwiki/acl/users.auth.php; then
-        sed -i "/$remove_username:/d" /var/lib/dokuwiki/acl/users.auth.php
+    read_config_param "DOKUWIKI_DOMAIN_NAME"
+    if grep -q "$remove_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
+        sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+        sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
         ${PROJECT_NAME}-pass -u "$remove_username" --rmapp dokuwiki
     fi
 }
 }
 
 function upgrade_dokuwiki {
-    echo -n ''
+    function_check set_repo_commit
+    set_repo_commit /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO
 }
 
 function backup_local_dokuwiki {
-    source_directory=/var/lib/dokuwiki
+    DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
+
+    function_check backup_directory_to_usb
+
+    # backup the data
+    source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
     if [ -d $source_directory ]; then
-        dest_directory=dokuwiki
-        function_check backup_directory_to_usb
+        dest_directory=dokuwikidat
+        backup_directory_to_usb $source_directory $dest_directory
+    fi
+
+    # backup the users
+    source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl
+    if [ -d $source_directory ]; then
+        dest_directory=dokuwikiacl
+        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
         backup_directory_to_usb $source_directory $dest_directory
-        backup_directory_to_usb /etc/dokuwiki dokuwiki2
     fi
 }
 
-function restore_local_dokuwiki {
+function restore_local_dokuwiki_legacy {
     if [ -d /var/lib/dokuwiki ]; then
-        echo $"Restoring Dokuwiki installation"
+        echo $"Restoring Legacy Dokuwiki installation"
         function_check get_completion_param
         DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
+
         temp_restore_dir=/root/tempdokuwiki
         function_check restore_directory_from_usb
         if [ -d ${USB_MOUNT}/backup/dokuwiki ]; then
         else
             restore_directory_from_usb ${temp_restore_dir} wiki
         fi
-        cp -r ${temp_restore_dir}/var/lib/dokuwiki/* /var/lib/dokuwiki/
+
+        # restore the data
+        cp -r ${temp_restore_dir}/var/lib/dokuwiki/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
         if [ ! "$?" = "0" ]; then
             function_check restore_directory_from_usb
             set_user_permissions
             function_check backup_unmount_drive
             backup_unmount_drive
-            exit 868
+            rm -rf ${temp_restore_dir}
+            exit 73562
         fi
-        if [ -d ${USB_MOUNT}/backup/wiki2 ]; then
-            restore_directory_from_usb ${temp_restore_dir}2 wiki2
-        else
-            restore_directory_from_usb ${temp_restore_dir}2 dokuwiki2
-        fi
-        cp -r ${temp_restore_dir}2/etc/dokuwiki/* /etc/dokuwiki/
+
+        # restore the users
+        cp -r ${temp_restore_dir}/var/lib/dokuwiki/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl
+        cp -r ${temp_restore_dir}/var/lib/dokuwiki/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf
         if [ ! "$?" = "0" ]; then
-            function_check set_user_permissions
+            function_check restore_directory_from_usb
             set_user_permissions
             function_check backup_unmount_drive
             backup_unmount_drive
-            exit 869
+            rm -rf ${temp_restore_dir}
+            exit 23985
         fi
         rm -rf ${temp_restore_dir}
-        rm -rf ${temp_restore_dir}2
-        #rm -rf /var/lib/dokuwiki/data/cache/*
-        #rm -rf /var/lib/dokuwiki/data/meta/*
-        chmod -R 755 /var/lib/dokuwiki/data
-        chown -R www-data:www-data /var/lib/dokuwiki/data
-        chown -R www-data:www-data /var/lib/dokuwiki/*
-        # Ensure that the bundled SSL cert is being used
-        if [ -f /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.bundle.crt ]; then
-            sed -i "s|${DOKUWIKI_DOMAIN_NAME}.crt|${DOKUWIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${DOKUWIKI_DOMAIN_NAME}
-        fi
-        if [ -d /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME} ]; then
-            ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${DOKUWIKI_DOMAIN_NAME}.key
-            ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.pem
-        fi
-        echo $"Restore of Dokuwiki complete"
+
+        chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
+        chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
+        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
+        chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+        echo $"Restore of Legacy Dokuwiki complete"
     fi
 }
 
+function restore_local_dokuwiki {
+    if [ -d ${USB_MOUNT}/backup/dokuwiki ]; then
+        restore_local_dokuwiki_legacy
+        return
+    fi
+
+    echo $"Restoring Dokuwiki installation"
+    function_check get_completion_param
+    DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
+
+    # restore the data
+    temp_restore_dir=/root/tempdokuwikidat
+    function_check restore_directory_from_usb
+    restore_directory_from_usb ${temp_restore_dir} dokuwikidat
+    cp -r ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
+    if [ ! "$?" = "0" ]; then
+        function_check restore_directory_from_usb
+        set_user_permissions
+        function_check backup_unmount_drive
+        backup_unmount_drive
+        rm -rf ${temp_restore_dir}
+        exit 683352
+    fi
+    rm -rf ${temp_restore_dir}
+
+    # restore the users
+    temp_restore_dir=/root/tempdokuwikiacl
+    function_check restore_directory_from_usb
+    restore_directory_from_usb ${temp_restore_dir} dokuwikiacl
+    cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
+    cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/
+    if [ ! "$?" = "0" ]; then
+        function_check restore_directory_from_usb
+        set_user_permissions
+        function_check backup_unmount_drive
+        backup_unmount_drive
+        rm -rf ${temp_restore_dir}
+        exit 456495
+    fi
+    rm -rf ${temp_restore_dir}
+
+    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
+    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
+    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
+    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+    echo $"Restore of Dokuwiki complete"
+}
+
 function backup_remote_dokuwiki {
-    if [ -d /etc/dokuwiki ]; then
+    DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
+    if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then
         echo $"Backing up dokuwiki"
-        backup_directory_to_friend /var/lib/dokuwiki dokuwiki
-        backup_directory_to_friend /etc/dokuwiki dokuwiki2
+        backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data dokuwikidat
+        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
+        backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl dokuwikiacl
     fi
 }
 
 function restore_remote_dokuwiki {
-    if [ -d $SERVER_DIRECTORY/backup/dokuwiki ]; then
-        function_check get_completion_param
-        DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
-        echo $"Restoring Dokuwiki installation $DOKUWIKI_DOMAIN_NAME"
-        function_check restore_directory_from_friend
-        restore_directory_from_friend /root/tempdokuwiki dokuwiki
-        cp -r /root/tempdokuwiki/var/lib/dokuwiki/* /var/lib/dokuwiki/
+    DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
+    function_check get_completion_param
+    function_check restore_directory_from_friend
+
+    if [ -d $SERVER_DIRECTORY/backup/dokuwikidat ]; then
+        echo $"Restoring Dokuwiki data for $DOKUWIKI_DOMAIN_NAME"
+        restore_directory_from_friend /root/tempdokuwikidat dokuwikidat
+        cp -r /root/tempdokuwikidat/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/
         if [ ! "$?" = "0" ]; then
-            exit 868
+            exit 92634
         fi
-        restore_directory_from_friend /root/tempdokuwiki2 dokuwiki2
-        cp -r /root/tempdokuwiki2/etc/dokuwiki/* /etc/dokuwiki/
+        rm -rf /root/tempdokuwikidat
+
+        echo $"Restore of Dokuwiki data complete"
+    fi
+
+    if [ -d $SERVER_DIRECTORY/backup/dokuwikiacl ]; then
+        echo $"Restoring Dokuwiki users for $DOKUWIKI_DOMAIN_NAME"
+        restore_directory_from_friend /root/tempdokuwikiacl dokuwikiacl
+        cp -r /root/tempdokuwikidat/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
         if [ ! "$?" = "0" ]; then
-            exit 869
-        fi
-        rm -rf /root/tempdokuwiki
-        rm -rf /root/tempdokuwiki2
-        #rm -rf /var/lib/dokuwiki/data/cache/*
-        #rm -rf /var/lib/dokuwiki/data/meta/*
-        chmod -R 755 /var/lib/dokuwiki/data
-        chown -R www-data:www-data /var/lib/dokuwiki/data
-        chown -R www-data:www-data /var/lib/dokuwiki/*
-        # Ensure that the bundled SSL cert is being used
-        if [ -f /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.bundle.crt ]; then
-            sed -i "s|${DOKUWIKI_DOMAIN_NAME}.crt|${DOKUWIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${DOKUWIKI_DOMAIN_NAME}
+            exit 735287
         fi
-        if [ -d /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME} ]; then
-            ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${DOKUWIKI_DOMAIN_NAME}.key
-            ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.pem
-        fi
-        echo $"Restore of Dokuwiki complete"
+        rm -rf /root/tempdokuwikiacl
+
+        echo $"Restore of Dokuwiki users complete"
     fi
+
+    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
+    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data
+    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib
+    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
 }
 
 function remove_dokuwiki {
     if [ -f /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME ]; then
         rm /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     fi
-    apt-get -yq remove --purge dokuwiki
     if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
         rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME
     fi
     if [ ! $DOKUWIKI_DOMAIN_NAME ]; then
         return
     fi
-    apt-get -yq install dokuwiki
-    apt-get -yq remove --purge apache*
-    if [ -d /etc/apache2 ]; then
-        rm -rf /etc/apache2
-        echo $'Removed Apache installation after Dokuwiki install'
-    fi
+
+    apt-get -yq install php-common php-cli php-curl php-gd php-mcrypt git
+    apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
+    apt-get -yq install php-memcached memcached
 
     if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
         mkdir /var/www/$DOKUWIKI_DOMAIN_NAME
     fi
-    if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then
-        rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-    fi
-
-    ln -s /usr/share/dokuwiki /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-
-    if [ ! -d /var/lib/dokuwiki/custom ]; then
-        mkdir /var/lib/dokuwiki/custom
-    fi
-    cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
-    if [ ! -f /etc/dokuwiki/local.php ]; then
-        ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
-    fi
-
-    chown www-data /var/lib/dokuwiki/custom
-    chown www-data /var/lib/dokuwiki/custom/local.php
-    chown -R www-data /etc/dokuwiki
-    chown -R www-data /usr/share/dokuwiki/lib/
-    chmod 600 /var/lib/dokuwiki/custom/local.php
-    chmod -R 755 /usr/share/dokuwiki/lib
 
-    sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
-    sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
+    if [ ! -f /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php ]; then
+        cd /var/www/$DOKUWIKI_DOMAIN_NAME
 
-    sed -i "s|Debian Dokuwiki|$DOKUWIKI_TITLE|g" /etc/dokuwiki/local.php
-    sed -i "s|Debian DokuWiki|$DOKUWIKI_TITLE|g" /etc/dokuwiki/local.php
+        if [ -d /repos/dokuwiki ]; then
+            mkdir /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+            cp -r -p /repos/dokuwiki/. /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+            cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+            git pull
+        else
+            function_check git_clone
+            git_clone $DOKUWIKI_REPO /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+        fi
 
-    # set the admin user
-    sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
+        cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+        git checkout $DOKUWIKI_COMMIT -b $DOKUWIKI_COMMIT
+        set_completion_param "dokuwiki commit" "$DOKUWIKI_COMMIT"
 
-    # disallow registration of new users
-    if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
-        echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
-    fi
-    if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
-        echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
     fi
 
-    if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
-        echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
-    fi
-    if ! grep -q "authtype" /etc/dokuwiki/local.php; then
-        echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
+    apt-get -yq remove --purge apache2-bin*
+    if [ -d /etc/apache2 ]; then
+        rm -rf /etc/apache2
+        echo $'Removed Apache installation after Dokuwiki install'
     fi
 
+    echo '<?php' > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
+    echo "\$conf['title'] = '${DOKUWIKI_TITLE}';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
+    echo "\$conf['lang'] = 'en';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
+    echo "\$conf['license'] = 'cc-by-sa';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
+    echo "\$conf['useacl'] = 1;" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
+    echo "\$conf['superuser'] = '@admin';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
+    echo "\$conf['disableactions'] = 'register';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
+    ln -s /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php
+
+    chmod 600 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
+    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
+    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
+
     if [ -f $IMAGE_PASSWORD_FILE ]; then
         DOKUWIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
     else
         fi
     fi
     HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
-    echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
-    chmod 640 /var/lib/dokuwiki/acl/users.auth.php
+    echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+    cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
+    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
 
-    if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
-        echo 'ogv     video/ogg' >> /etc/dokuwiki/mime.conf
+    if ! grep -q "video/ogg" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
+        echo 'ogv     video/ogg' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
     fi
-    if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
-        echo 'mp4     video/mp4' >> /etc/dokuwiki/mime.conf
+    if ! grep -q "video/mp4" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
+        echo 'mp4     video/mp4' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
     fi
-    if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
-        echo 'webm    video/webm' >> /etc/dokuwiki/mime.conf
+    if ! grep -q "video/webm" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
+        echo 'webm    video/webm' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
     fi
 
     DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT})
         echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
 
     nginx_ensite $DOKUWIKI_DOMAIN_NAME
 
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
     systemctl restart nginx
 
     function_check add_ddns_domain

src/freedombone-app-emacs

 emacs_variables=(USB_MOUNT
                  MY_USERNAME)
 
+function logging_on_emacs {
+    echo -n ''
+}
+
+function logging_off_emacs {
+    echo -n ''
+}
+
 function reconfigure_emacs {
     echo -n ''
 }
 }
 
 function remove_emacs {
-    apt-get -yq remove --purge emacs24
+    apt-get -yq remove --purge emacs
     update-alternatives --set editor /usr/bin/nano
     sed -i '/install_emacs/d' $COMPLETION_FILE
 
 }
 
 function install_emacs {
-    apt-get -yq install emacs24
-    update-alternatives --set editor /usr/bin/emacs24
+    apt-get -yq install emacs
+    update-alternatives --set editor /usr/bin/emacs
 
     # A minimal emacs configuration
     #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs

src/freedombone-app-etherpad

 # License
 # =======
 #
-# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
                     DDNS_PROVIDER
                     MY_USERNAME)
 
+function logging_on_etherpad {
+    echo -n ''
+}
+
+function logging_off_etherpad {
+    echo -n ''
+}
+
 function etherpad_password_hash {
     echo $(python -c "from passlib.hash import bcrypt;print(bcrypt.encrypt(\"$1\", rounds=10))")
 }
 
     read_config_param ETHERPAD_DOMAIN_NAME
 
-    if grep "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
+    if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
         user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
         if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
             sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
 }
 
 function upgrade_etherpad {
+    CURR_ETHERPAD_COMMIT=$(get_completion_param "etherpad commit")
+    if [[ "$CURR_ETHERPAD_COMMIT" == "$ETHERPAD_COMMIT" ]]; then
+        return
+    fi
+
     read_config_param "ETHERPAD_DOMAIN_NAME"
 
     function_check set_repo_commit
         if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
             chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
         fi
+
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
+        MARIADB_PASSWORD=
     fi
 }
 
         if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
             chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
         fi
+
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
+        MARIADB_PASSWORD=
     fi
 }
 
         systemctl disable etherpad
         rm /etc/systemd/system/etherpad.service
     fi
+    systemctl daemon-reload
     nginx_dissite $ETHERPAD_DOMAIN_NAME
     remove_certs $ETHERPAD_DOMAIN_NAME
     if [ -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then
     remove_completion_param install_etherpad
     sed -i '/etherpad/d' $COMPLETION_FILE
     remove_backup_database_local etherpad
-    deluser --remove-all-files etherpad
     remove_nodejs etherpad
 
+    groupdel -f etherpad
+    userdel -r etherpad
+
     function_check remove_ddns_domain
     remove_ddns_domain $ETHERPAD_DOMAIN_NAME
 }
         exit 7359
     fi
 
+    check_ram_availability 2000
+
     if [ -f $IMAGE_PASSWORD_FILE ]; then
         ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
     else
         mkdir /var/www/$ETHERPAD_DOMAIN_NAME
     fi
     if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
-        function_check git_clone
-        git_clone $ETHERPAD_REPO /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+
+        if [ -d /repos/etherpad ]; then
+            mkdir /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+            cp -r -p /repos/etherpad/. /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+            cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+            git pull
+        else
+            function_check git_clone
+            git_clone $ETHERPAD_REPO /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+        fi
+
         if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
             echo $'Unable to clone etherpad repo'
             exit 56382
 
     set_completion_param "etherpad domain" "$ETHERPAD_DOMAIN_NAME"
 
+    systemctl restart mariadb
     systemctl enable etherpad
     systemctl daemon-reload
     systemctl start etherpad

src/freedombone-app-friendica

                      FRIENDICA_REPO
                      FRIENDICA_ADDONS_REPO)
 
+function logging_on_friendica {
+    echo -n ''
+}
+
+function logging_off_friendica {
+    echo -n ''
+}
+
 function remove_user_friendica {
     remove_username="$1"
     ${PROJECT_NAME}-pass -u $remove_username --rmapp friendica
 }
 
 function upgrade_friendica {
+    CURR_FRIENDICA_COMMIT=$(get_completion_param "friendica commit")
+    if [[ "$CURR_FRIENDICA_COMMIT" == "$FRIENDICA_COMMIT" ]]; then
+        return
+    fi
+
     FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
 
     function_check set_repo_commit
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
+
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
+        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
+        MARIADB_PASSWORD=
     fi
 }
 
     if [ -d /root/tempfriendica ]; then
         rm -rf /root/tempfriendica
     fi
+
+    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+    FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
+    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
+    MARIADB_PASSWORD=
 }
 
 function remove_friendica {
     function_check repair_databases_script
     repair_databases_script
 
-    apt-get -yq install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
-    apt-get -yq install php5-dev imagemagick php5-imagick
-    apt-get -yq install php5-memcached
+    apt-get -yq install php-common php-cli php-curl php-gd php-mysql php-mcrypt git
+    apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
+    apt-get -yq install php-memcached
 
     if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then
         mkdir /var/www/$FRIENDICA_DOMAIN_NAME
 
     if [ ! -f $FRIENDICA_PATH/index.php ]; then
         cd $INSTALL_DIR
-        function_check git_clone
-        git_clone $FRIENDICA_REPO friendica
+
+        if [ -d /repos/friendica ]; then
+            mkdir friendica
+            cp -r -p /repos/friendica/. friendica
+            cd friendica
+            git pull
+        else
+            function_check git_clone
+            git_clone $FRIENDICA_REPO friendica
+        fi
+
         git checkout $FRIENDICA_COMMIT -b $FRIENDICA_COMMIT
         set_completion_param "friendica commit" "$FRIENDICA_COMMIT"
 
         echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
     chown www-data:www-data $FRIENDICA_PATH/.htconfig.php
     chmod 755 $FRIENDICA_PATH/.htconfig.php
 
-    systemctl restart php5-fpm
+    systemctl restart mariadb
+    systemctl restart php7.0-fpm
     systemctl restart nginx
     systemctl restart cron
 

src/freedombone-app-ghost

 #                    Freedom in the Cloud
 #
 # Ghost blog
+# Only works with nodejs version ^6.9.0
 #
 # License
 # =======
 GHOST_CODE=
 GHOST_ONION_PORT=8104
 GHOST_PORT=2368
-GHOST_VERSION='0.11.8'
-GHOST_HASH='244faad0b16eb1b90c8095f1e536db65299a3a2d85a20af76342be3707522b38'
+GHOST_VERSION='0.11.10'
+GHOST_HASH='cccdf02d46112f1671739696f2b1888a90a5c3bdf2fae45e8e81d538a8e0f487'
 GHOST_DOWNLOAD_URL="https://github.com/TryGhost/Ghost/releases/download/${GHOST_VERSION}/Ghost-${GHOST_VERSION}.zip"
 
 ghost_variables=(GHOST_DOMAIN_NAME
                  DDNS_PROVIDER
                  MY_USERNAME)
 
+function logging_on_ghost {
+    echo -n ''
+}
+
+function logging_off_ghost {
+    echo -n ''
+}
+
 function ghost_replace_jquery {
     sed -i "s|code.jquery.com/jquery-${previous_jquery_version}.min.js|$GHOST_DOMAIN_NAME/jquery-${jquery_version}.js|g" content/themes/casper/default.hbs
     sed -i "s|code.jquery.com/jquery-${previous_jquery_version}.min.js|$GHOST_DOMAIN_NAME/jquery-${jquery_version}.js|g" core/server/data/migration/fixtures/004/01-move-jquery-with-alert.js
     GHOST_PATH=/var/www/$GHOST_DOMAIN_NAME/htdocs
 
     cd $GHOST_PATH
-    if [ ! -f ghost-${GHOST_VERSION}.zip ]; then
+    if [ ! -f Ghost-${GHOST_VERSION}.zip ]; then
         wget ${GHOST_DOWNLOAD_URL}
     fi
     if [ ! -f Ghost-${GHOST_VERSION}.zip ]; then
         function_check restore_database
         restore_database ghost ${GHOST_DOMAIN_NAME}
 
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        ghost_config=/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
+        sed -i "s|password :.*|password : '${MARIADB_PASSWORD}',|g" $ghost_config
+        MARIADB_PASSWORD=
+
+        # install any missing packages
+        if [ ! -d /var/www/${GHOST_DOMAIN_NAME}/htdocs/node_modules/intl ]; then
+            cd /var/www/${GHOST_DOMAIN_NAME}/htdocs
+            npm install passport-http-bearer@1.0.1
+            npm install amperize@0.3.4
+            npm install bcryptjs@2.4.3
+            npm install knex@0.12.9
+            npm install bookshelf@0.10.2
+            npm install cookie-session@1.2.0
+            npm install ghost-gql@0.0.6
+            npm install intl@1.2.5
+            npm install sanitize-html@1.14.1
+            npm install showdown-ghost@0.3.6
+            npm install superagent@3.5.2
+            npm install mysql@2.1.1
+        fi
+
         systemctl start ghost
         restart_site
     fi
     ghost_create_database
 
     restore_database_from_friend ghost ${GHOST_DOMAIN_NAME}
+
+    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+    ghost_config=/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
+    sed -i "s|password :.*|password : '${MARIADB_PASSWORD}',|g" $ghost_config
+    MARIADB_PASSWORD=
+
+    # install any missing packages
+    if [ ! -d /var/www/${GHOST_DOMAIN_NAME}/htdocs/node_modules/intl ]; then
+        cd /var/www/${GHOST_DOMAIN_NAME}/htdocs
+        npm install passport-http-bearer@1.0.1
+        npm install amperize@0.3.4
+        npm install bcryptjs@2.4.3
+        npm install knex@0.12.9
+        npm install bookshelf@0.10.2
+        npm install cookie-session@1.2.0
+        npm install ghost-gql@0.0.6
+        npm install intl@1.2.5
+        npm install sanitize-html@1.14.1
+        npm install showdown-ghost@0.3.6
+        npm install superagent@3.5.2
+        npm install mysql@2.1.1
+    fi
+
     systemctl start ghost
     restart_site
     chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs/
     systemctl stop ghost
     systemctl disable ghost
     rm /etc/systemd/system/ghost.service
+    systemctl daemon-reload
 
     function_check remove_nodejs
     remove_nodejs ghost
     read_config_param "GHOST_DOMAIN_NAME"
     nginx_dissite $GHOST_DOMAIN_NAME
     remove_certs ${GHOST_DOMAIN_NAME}
-    deluser --remove-all-files ghost
     if [ -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME ]; then
         rm -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME
     fi
     sed -i '/Ghost/d' $COMPLETION_FILE
     sed -i '/ghost/d' $COMPLETION_FILE
 
+    groupdel -f ghost
+    userdel -r ghost
+
     function_check remove_ddns_domain
     remove_ddns_domain $GHOST_DOMAIN_NAME
 }
 function ghost_create_config {
     ghost_config=/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
 
+    function_check get_mariadb_password
+    get_mariadb_password
+
     echo "var path = require('path')," > $ghost_config
     echo '    config;' >> $ghost_config
     echo '' >> $ghost_config
         mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs
     fi
     cd /var/www/$GHOST_DOMAIN_NAME/htdocs
-    wget ${GHOST_DOWNLOAD_URL}
+    if [ ! -f Ghost-${GHOST_VERSION}.zip ]; then
+        wget ${GHOST_DOWNLOAD_URL}
+    fi
     if [ ! -f Ghost-${GHOST_VERSION}.zip ]; then
         echo $'Unable to download ghost'
         rm -rf /var/www/$GHOST_DOMAIN_NAME
     install_nodejs ghost
 
     sed -i "/sqlite/d" /var/www/${GHOST_DOMAIN_NAME}/htdocs/package.json
+
+    cd /var/www/$GHOST_DOMAIN_NAME/htdocs
+    npm install -g jison@0.4.13 --save
+    npm install moment-timezone@0.5.13
+    npm install express@4.15.3
+    npm install lodash@4.17.4
+    npm install uuid@3.0.1
+    npm install bluebird@3.5.0
+    npm install chalk@1.1.3
+    npm install intl-messageformat@1.3.0
+    npm install validator@7.0.0
+    npm install express-hbs@1.0.4
+    npm install glob@7.1.2
+    npm install unidecode@0.1.8
+    npm install csv-parser@1.11.0
+    npm install archiver@1.3.0
+    npm install fs-extra@3.0.1
+    npm install extract-zip-fork@1.5.1
+    npm install moment@2.18.1
+    npm install nodemailer@4.0.1
+    npm install html-to-text@3.3.0
+    npm install gscan@1.1.0
+    npm install body-parser@1.17.2
+    npm install compression@1.6.2
+    npm install morgan@1.8.2
+    npm install semver@5.3.0
+    npm install path-match@1.2.4
+    npm install downsize@0.0.8
+    npm install rss@1.2.2
+    npm install cheerio@1.0.0-rc.1
+    npm install passport@0.3.2
+    npm install xml@1.0.1
+    npm install multer@1.3.0
+    npm install oauth2orize@1.8.0
+    npm install connect-slashes@1.3.1
+    npm install cors@2.8.3
+    npm install netjet@1.1.3
+    npm install jsonpath@0.2.11
+    npm install image-size@0.5.4
+    npm install passport-oauth2-client-password@0.1.2
+    npm install passport-http-bearer@1.0.1
+    npm install amperize@0.3.4
+    npm install bcryptjs@2.4.3
+    npm install knex@0.12.9
+    npm install bookshelf@0.10.2
+    npm install cookie-session@1.2.0
+    npm install ghost-gql@0.0.6
+    npm install intl@1.2.5
+    npm install sanitize-html@1.14.1
+    npm install showdown-ghost@0.3.6
+    npm install superagent@3.5.2
+    npm install mysql@2.1.1
+    npm install mariasql@0.2.6
+
     npm install --production
 
     function_check install_mariadb
     ghost_create_config
 
     adduser --system --home=/var/www/${GHOST_DOMAIN_NAME}/htdocs/ --group ghost
-    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs/
+    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
 
     echo '[Unit]' > /etc/systemd/system/ghost.service
     echo 'Description=Ghost Blog' >> /etc/systemd/system/ghost.service
 
     if [[ $ONION_ONLY != 'no' ]]; then
         sed -i "s|url: .*|url: 'http://${GHOST_ONION_HOSTNAME}',|g" /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
+        systemctl restart mariadb
         systemctl restart ghost
     fi
 
     nginx_ensite $GHOST_DOMAIN_NAME
 
     systemctl restart nginx
+    systemctl restart mariadb
 
     ${PROJECT_NAME}-pass -u $MY_USERNAME -a ghost -p "$GHOST_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
     add_ddns_domain $GHOST_DOMAIN_NAME
 
+    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
     set_completion_param "ghost domain" "$GHOST_DOMAIN_NAME"
     if ! grep -q "ghost version:" ${COMPLETION_FILE}; then
         echo "ghost version:${GHOST_VERSION}" >> ${COMPLETION_FILE}

src/freedombone-app-gnusocial

 GNUSOCIAL_CODE=
 GNUSOCIAL_ONION_PORT=8087
 GNUSOCIAL_REPO="https://git.gnu.io/gnu/gnu-social.git"
-GNUSOCIAL_COMMIT='1517deeeb621a0256106d0108855e8827713e2cc'
+GNUSOCIAL_COMMIT='05a9c11c476b384e5ef3f3cc83b66406fcf7a378'
 GNUSOCIAL_ADMIN_PASSWORD=
 
 GNUSOCIAL_BACKGROUND_IMAGE_URL=
-GNUSOCIAL_MARKDOWN_REPO="https://git.gnu.io/chimo/markdown.git"
-GNUSOCIAL_MARKDOWN_COMMIT='03c53942f94b3376f0946e6e1fe566cc21ccf232'
-
-# Sharings plugin for gnusocial
-SHARINGS_REPO="http://git.lasindias.club/bashrc/Sharings"
-SHARINGS_COMMIT='d5c6c7f855d9afff9086c09ea706f38c859bc0d4'
-SHARINGS_THEME_REPO="http://git.lasindias.club/manuel/SharingsTheme"
-SHARINGS_THEME_COMMIT='7106c7ef03'
 
 GNUSOCIAL_TITLE='Pleroma FE'
 
                      GNUSOCIAL_WELCOME_MESSAGE
                      GNUSOCIAL_BACKGROUND_IMAGE_URL
                      DDNS_PROVIDER
-                     GNUSOCIAL_MARKDOWN_REPO
-                     GNUSOCIAL_MARKDOWN_COMMIT
-                     SHARINGS_REPO
-                     SHARINGS_COMMIT
-                     SHARINGS_THEME_REPO
-                     SHARINGS_THEME_COMMIT
                      GNUSOCIAL_TITLE
                      GNUSOCIAL_EXPIRE_MONTHS
                      MY_USERNAME)
 
+function logging_on_gnusocial {
+    echo -n ''
+}
+
+function logging_off_gnusocial {
+    echo -n ''
+}
+
 function gnusocial_fix_endless_reloads {
     # This fixes a bug introduced with commit 5f7032dfee1fd202c14e76a9f8b37af35d584901
     # and which causes OrFox to endlessly reload the page
         trap "rm -f $data" 0 1 2 5 15
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"GNU Social" \
-               --radiolist $"Choose an operation:" 17 70 8 \
+               --radiolist $"Choose an operation:" 16 70 7 \
                1 $"Set a background image" off \
                2 $"Set the title" off \
                3 $"Set post expiry period (currently $GNUSOCIAL_EXPIRE_MONTHS months)" off \
                4 $"Select Qvitter user interface" off \
                5 $"Select Pleroma user interface" off \
                6 $"Select Classic user interface" off \
-               7 $"Select Armadillo user interface" off \
-               8 $"Exit" on 2> $data
+               7 $"Exit" on 2> $data
         sel=$?
         case $sel in
             1) return;;
             4) gnusocial_use_qvitter gnusocial;;
             5) gnusocial_use_pleroma gnusocial;;
             6) gnusocial_use_classic gnusocial;;
-            7) gnusocial_use_armadillo gnusocial;;
-            8) break;;
+            7) break;;
         esac
     done
 }
 
 function upgrade_gnusocial {
+    CURR_GNUSOCIAL_COMMIT=$(get_completion_param "gnusocial commit")
+    if [[ "$CURR_GNUSOCIAL_COMMIT" == "$GNUSOCIAL_COMMIT" ]]; then
+        return
+    fi
+
     if grep -q "gnusocial domain" $COMPLETION_FILE; then
         GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
     fi
     gnusocial_block_domain_script gnusocial $GNUSOCIAL_DOMAIN_NAME
 
     gnusocial_hourly_script gnusocial $GNUSOCIAL_DOMAIN_NAME
-    upgrade_pleroma "$GNUSOCIAL_DOMAIN_NAME" "gnusocial" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
+    if [ -d $INSTALL_DIR/pleroma ]; then
+        upgrade_pleroma "$GNUSOCIAL_DOMAIN_NAME" "gnusocial" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
+    fi
     install_gnusocial_default_background "gnusocial" "$GNUSOCIAL_DOMAIN_NAME"
     chown -R www-data:www-data /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
 }
         GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
     fi
 
-    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
-        dest_directory=gnusocial
-        function_check suspend_site
-        suspend_site ${GNUSOCIAL_DOMAIN_NAME}
+    # don't backup more data than we need to
+    gnusocial-expire
+
+    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/backup
+    if [ ! -d $source_directory ]; then
+        mkdir $source_directory
+    fi
+    cp -p /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php $source_directory
+    if [ -d /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static ]; then
+        cp -rp /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static $source_directory
+    fi
+
+    function_check suspend_site
+    suspend_site ${GNUSOCIAL_DOMAIN_NAME}
 
-        function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+    function_check backup_directory_to_usb
+    dest_directory=gnusocialconfig
+    backup_directory_to_usb $source_directory $dest_directory
 
-        function_check backup_database_to_usb
-        backup_database_to_usb gnusocial
+    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/file
+    dest_directory=gnusocialfile
+    backup_directory_to_usb $source_directory $dest_directory
 
-        function_check restart_site
-        restart_site
-    fi
+    function_check backup_database_to_usb
+    backup_database_to_usb gnusocial
+
+    function_check restart_site
+    restart_site
 }
 
 function restore_local_gnusocial {
         gnusocial_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
         # stop the daemons
         cd $gnusocial_dir
-        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
+        scripts/stopdaemons.sh
 
         function_check gnusocial_create_database
         gnusocial_create_database
 
-        restore_database gnusocial ${GNUSOCIAL_DOMAIN_NAME}
+        restore_database gnusocial
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        # start the daemons
-        cd $gnusocial_dir
-        su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
+        function_check restore_directory_from_usb
+        restore_directory_from_usb $temp_restore_dir gnusocialconfig
+        if [ -d $temp_restore_dir ]; then
+            cp $temp_restore_dir$gnusocial_dir/backup/config.php $gnusocial_dir/
+            chown www-data:www-data $gnusocial_dir/config.php
+            cp -rp $temp_restore_dir$gnusocial_dir/static $gnusocial_dir/
+            chown -R www-data:www-data $gnusocial_dir/static
+            rm -rf $temp_restore_dir
+        fi
+
+        restore_directory_from_usb $temp_restore_dir gnusocialfile
+        if [ -d $temp_restore_dir ]; then
+            cp -rp $temp_restore_dir$gnusocial_dir/file $gnusocial_dir/
+            chown -R www-data:www-data $gnusocial_dir/file
+            rm -rf $temp_restore_dir
+        fi
+
+        gnusocial_update_after_restore gnusocial ${GNUSOCIAL_DOMAIN_NAME}
+
         echo $"Restore of gnusocial complete"
     fi
 }
 
 function backup_remote_gnusocial {
+    GNUSOCIAL_DOMAIN_NAME='gnusocial'
     if grep -q "gnusocial domain" $COMPLETION_FILE; then
         GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
-        temp_backup_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
-            function_check suspend_site
-            suspend_site ${GNUSOCIAL_DOMAIN_NAME}
+    fi
 
-            function_check backup_database_to_friend
-            backup_database_to_friend gnusocial
+    # don't backup more data than we need to
+    gnusocial-expire
 
-            echo $"Backing up GNU social installation"
+    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/backup
+    if [ ! -d $source_directory ]; then
+        mkdir $source_directory
+    fi
+    cp -p /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php $source_directory
+    if [ -d /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static ]; then
+        cp -rp /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static $source_directory
+    fi
 
-            function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir gnusocial
+    function_check suspend_site
+    suspend_site ${GNUSOCIAL_DOMAIN_NAME}
 
-            function_check restart_site
-            restart_site
-        else
-            echo $"gnusocial domain specified but not found in ${temp_backup_dir}"
-        fi
-    fi
+    function_check backup_directory_to_friend
+    dest_directory=gnusocialconfig
+    backup_directory_to_friend $source_directory $dest_directory
+
+    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/file
+    dest_directory=gnusocialfile
+    backup_directory_to_friend $source_directory $dest_directory
+
+    function_check backup_database_to_friend
+    backup_database_to_friend gnusocial
+
+    function_check restart_site
+    restart_site
 }
 
 function restore_remote_gnusocial {
-    if grep -q "gnusocial domain" $COMPLETION_FILE; then
+    if ! grep -q "gnusocial domain" $COMPLETION_FILE; then
+        return
+    fi
+    GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
+    if [ $GNUSOCIAL_DOMAIN_NAME ]; then
         echo $"Restoring gnusocial"
-        GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
-
+        temp_restore_dir=/root/tempgnusocial
+        gnusocial_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
         # stop the daemons
-        cd /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
-        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
+        cd $gnusocial_dir
+        scripts/stopdaemons.sh
 
         function_check gnusocial_create_database
         gnusocial_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend gnusocial ${GNUSOCIAL_DOMAIN_NAME}
-        if [ -d /root/tempgnusocial ]; then
-            rm -rf /root/tempgnusocial
+        restore_database_from_friend gnusocial
+        if [ -d $temp_restore_dir ]; then
+            rm -rf $temp_restore_dir
         fi
 
-        # start the daemons
-        cd /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
-        su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
+        function_check restore_directory_from_friend
+        restore_directory_from_friend $temp_restore_dir gnusocialconfig
+        if [ -d $temp_restore_dir ]; then
+            cp $temp_restore_dir$gnusocial_dir/backup/config.php $gnusocial_dir/
+            chown www-data:www-data $gnusocial_dir/config.php
+            cp -rp $temp_restore_dir$gnusocial_dir/static $gnusocial_dir/
+            chown -R www-data:www-data $gnusocial_dir/static
+            rm -rf $temp_restore_dir
+        fi
+
+        restore_directory_from_friend $temp_restore_dir gnusocialfile
+        if [ -d $temp_restore_dir ]; then
+            cp -rp $temp_restore_dir$gnusocial_dir/file $gnusocial_dir/
+            chown -R www-data:www-data $gnusocial_dir/file
+            rm -rf $temp_restore_dir
+        fi
+
+        gnusocial_update_after_restore gnusocial ${GNUSOCIAL_DOMAIN_NAME}
+
         echo $"Restore of gnusocial complete"
     fi
 }
         rm /etc/cron.hourly/gnusocial-daemons
     fi
     if [ -f /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh ]; then
-        cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts
-        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
+        cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
+        scripts/stopdaemons.sh
     fi
     kill_pid=$(ps aux | grep /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/queuedaemon.php | awk -F ' ' '{print $2}' | head -n 1)
     kill -9 $kill_pid
     function_check repair_databases_script
     repair_databases_script
 
-    apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
-    apt-get -yq install php5-memcached php5-intl exiftool
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
+    apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
 
     if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME ]; then
         mkdir /var/www/$GNUSOCIAL_DOMAIN_NAME
     fi
     if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs ]; then
-        function_check git_clone
-        git_clone $GNUSOCIAL_REPO /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
+
+        if [ -d /repos/gnusocial ]; then
+            mkdir /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
+            cp -r -p /repos/gnusocial/. /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
+            cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
+            git pull
+        else
+            function_check git_clone
+            git_clone $GNUSOCIAL_REPO /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
+        fi
+
         if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs ]; then
             echo $'Unable to clone gnusocial repo'
             exit 87525
     function_check add_ddns_domain
     add_ddns_domain $GNUSOCIAL_DOMAIN_NAME
 
+    GNUSOCIAL_ONION_HOSTNAME=$(add_onion_service gnusocial 80 ${GNUSOCIAL_ONION_PORT})
+
     gnusocial_nginx_site=/etc/nginx/sites-available/$GNUSOCIAL_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
         echo '  # PHP' >> $gnusocial_nginx_site
         echo '  location ~ \.php {' >> $gnusocial_nginx_site
         echo '    include snippets/fastcgi-php.conf;' >> $gnusocial_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $gnusocial_nginx_site
+        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $gnusocial_nginx_site
+        echo '    fastcgi_read_timeout 30;' >> $gnusocial_nginx_site
         echo '  }' >> $gnusocial_nginx_site
         echo '' >> $gnusocial_nginx_site
         echo '  # Location' >> $gnusocial_nginx_site
     fi
     echo 'server {' >> $gnusocial_nginx_site
     echo "    listen 127.0.0.1:$GNUSOCIAL_ONION_PORT default_server;" >> $gnusocial_nginx_site
-    echo "    server_name $GNUSOCIAL_DOMAIN_NAME;" >> $gnusocial_nginx_site
+    echo "    server_name $GNUSOCIAL_ONION_HOSTNAME;" >> $gnusocial_nginx_site
     echo '' >> $gnusocial_nginx_site
     function_check nginx_compress
     nginx_compress $GNUSOCIAL_DOMAIN_NAME
     echo '  # PHP' >> $gnusocial_nginx_site
     echo '  location ~ \.php {' >> $gnusocial_nginx_site
     echo '    include snippets/fastcgi-php.conf;' >> $gnusocial_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $gnusocial_nginx_site
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $gnusocial_nginx_site
+    echo '    fastcgi_read_timeout 30;' >> $gnusocial_nginx_site
     echo '  }' >> $gnusocial_nginx_site
     echo '' >> $gnusocial_nginx_site
     echo '  # Location' >> $gnusocial_nginx_site
         gnusocial_ssl='never'
     fi
 
-    GNUSOCIAL_ONION_HOSTNAME=$(add_onion_service gnusocial 80 ${GNUSOCIAL_ONION_PORT})
-
     GNUSOCIAL_SERVER=${GNUSOCIAL_DOMAIN_NAME}
     if [[ $ONION_ONLY != 'no' ]]; then
         GNUSOCIAL_SERVER=${GNUSOCIAL_ONION_HOSTNAME}
     # This improves performance
     sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $gnusocial_config_file
 
-    systemctl restart php5-fpm
+    systemctl restart mariadb
+    systemctl restart php7.0-fpm
     systemctl restart nginx
 
     ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$GNUSOCIAL_DOMAIN_NAME" -g gnusocial --public no
     install_completed gnusocial_main
 }
 
-function install_gnusocial_plugin_sharings {
-    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins ]; then
-        echo $'No local/plugins directory found for the gnusocial'
-        exit 72945
-    fi
-
-    apt-get -yq install liblocale-msgfmt-perl gettext
-
-    # update to the next commit
-    function_check set_repo_commit
-    set_repo_commit /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins "gnusocial sharings plugin commit" "$SHARINGS_COMMIT" $SHARINGS_REPO
-
-    if [[ $(app_is_installed gnusocial_plugin_sharings) == "1" ]]; then
-        return
-    fi
-
-    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins
-    function_check git_clone
-    git_clone $SHARINGS_REPO Sharings
-    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings ]; then
-        echo $'Unable to clone gnusocial sharings plugin'
-        exit 36738
-    fi
-
-    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings
-    git stash
-    git checkout master
-    git branch -D $SHARINGS_COMMIT
-    git checkout $SHARINGS_COMMIT -b $SHARINGS_COMMIT
-
-    # enable the plugin
-    if ! grep -q "addPlugin('Sharings');" /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php; then
-        echo "addPlugin('Sharings');" >> /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php
-    fi
-
-    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-    php scripts/checkschema.php
-    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings
-    php scripts/seedsharings.php
-    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-    php scripts/upgrade.php
-    php scripts/checkschema.php
-
-    # Languages
-    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings/locale/en/LC_MESSAGES
-    msgfmt -o Sharings.mo Sharings.po
-    if [ ! -f Sharings.po ]; then
-        echo $'English translations for gnusocial sharings plugin were not created'
-        exit 84352
-    fi
-    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings/locale/en_GB/LC_MESSAGES
-    msgfmt -o Sharings.mo Sharings.po
-    if [ ! -f Sharings.po ]; then
-        echo $'English (GB) translations for gnusocial sharings plugin were not created'
-        exit 84352
-    fi
-    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings/locale/en_US/LC_MESSAGES
-    msgfmt -o Sharings.mo Sharings.po
-    if [ ! -f Sharings.po ]; then
-        echo $'English (US) translations for gnusocial sharings plugin were not created'
-        exit 84352
-    fi
-
-    # Looks like this update function isn't supported by the current php version
-    sed -i 's|ActivityVerb::UPDATE, ||g' /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings/SharingsPlugin.php
-
-    chown -R www-data:www-data /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-
-    set_completion_param gnusocial "sharings plugin commit" "$SHARINGS_COMMIT"
-    install_completed gnusocial_plugin_sharings
-}
-
-function install_gnusocial_plugin_sharings_theme {
-    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins ]; then
-        echo $'No local/plugins directory found for the gnusocial'
-        exit 74458
-    fi
-
-    # update to the next commit
-    function_check set_repo_commit
-    set_repo_commit /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins "gnusocial sharings theme plugin commit" "$SHARINGS_THEME_COMMIT" $SHARINGS_THEME_REPO
-
-    if [[ $(app_is_installed gnusocial_plugin_sharings_theme) == "1" ]]; then
-        return
-    fi
-
-    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins
-    function_check git_clone
-    git_clone $SHARINGS_THEME_REPO SharingsTheme
-    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/SharingsTheme ]; then
-        echo $'Unable to clone gnusocial sharings plugin theme'
-        exit 639253
-    fi
-
-    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/SharingsTheme
-    git stash
-    git checkout master
-    git branch -D $SHARINGS_THEME_COMMIT
-    git checkout $SHARINGS_THEME_COMMIT -b $SHARINGS_THEME_COMMIT
-
-    # enable the plugin
-    if ! grep -q "addPlugin('SharingsTheme');" /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php; then
-        echo "addPlugin('SharingsTheme');" >> /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php
-    fi
-
-    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-    php scripts/checkschema.php
-
-    chown -R www-data:www-data /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-
-    set_completion_param "gnusocial sharings plugin theme commit" "$SHARINGS_THEME_COMMIT"
-    install_completed gnusocial_plugin_sharings_theme
-}
-
-function install_gnusocial_markdown {
-    GNUSOCIAL_PATH=/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-
-    # update to the next commit
-    function_check set_repo_commit
-    set_repo_commit $GNUSOCIAL_PATH/local/plugins/Markdown "gnusocial Markdown commit" "$GNUSOCIAL_MARKDOWN_COMMIT" $GNUSOCIAL_MARKDOWN_REPO
-
-    if [[ $(app_is_installed gnusocial_markdown) == "1" ]]; then
-        return
-    fi
-
-    if [ -d $GNUSOCIAL_PATH/local/plugins/Markdown ]; then
-        rm -rf $GNUSOCIAL_PATH/local/plugins/Markdown
-    fi
-
-    if [ ! -d $GNUSOCIAL_PATH/local/plugins ]; then
-        mkdir -p $GNUSOCIAL_PATH/local/plugins
-    fi
-
-    cd $GNUSOCIAL_PATH/local/plugins
-    function_check git_clone
-    git_clone $GNUSOCIAL_MARKDOWN_REPO Markdown
-    cd $GNUSOCIAL_PATH/local/plugins/Markdown
-    git checkout $GNUSOCIAL_MARKDOWN_COMMIT -b $GNUSOCIAL_MARKDOWN_COMMIT
-
-    gnusocial_config_file=$GNUSOCIAL_PATH/config.php
-    if ! grep -q "addPlugin('Markdown'" $gnusocial_config_file; then
-        echo "" >> $gnusocial_config_file
-        echo "// Markdown settings" >> $gnusocial_config_file
-        echo "addPlugin('Markdown');" >> $gnusocial_config_file
-    fi
-
-    set_completion_param "gnusocial markdown commit" "$GNUSOCIAL_MARKDOWN_COMMIT"
-
-    chown -R www-data:www-data $GNUSOCIAL_PATH
-
-    install_completed gnusocial_markdown
-}
-
 function install_gnusocial {
     if [ ! $ONION_ONLY ]; then
         ONION_ONLY='no'
     install_gnusocial_main
     expire_gnusocial_posts "$GNUSOCIAL_DOMAIN_NAME" "gnusocial" "$GNUSOCIAL_EXPIRE_MONTHS"
     install_qvitter "$GNUSOCIAL_DOMAIN_NAME" "gnusocial"
-    install_gnusocial_markdown
-    #install_gnusocial_plugin_sharings
-    #install_gnusocial_plugin_sharings_theme
+    install_gnusocial_markdown "$GNUSOCIAL_DOMAIN_NAME" "gnusocial"
+    install_gnusocial_plugin_sharings "$GNUSOCIAL_DOMAIN_NAME" "gnusocial"
+    install_gnusocial_plugin_sharings_theme "$GNUSOCIAL_DOMAIN_NAME" "gnusocial"
 
     # Currently Pleroma won't install on ARM systems
     # because it uses node-sass which doesn't support ARM
 
     systemctl restart nginx
 
+    # Set qvitter to be the default UI. It's probably the most stable.
+    # And doesn't forget logins
+    gnusocial_use_qvitter gnusocial
+
+    if [ $GNUSOCIAL_BACKGROUND_IMAGE_URL ]; then
+        pleroma_set_background_image_from_url "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
+    fi
+
     APP_INSTALLED=1
 }
 

src/freedombone-app-gogs

 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
                 DDNS_PROVIDER
                 ARCHITECTURE)
 
+function logging_on_gogs {
+    echo -n ''
+}
+
+function logging_off_gogs {
+    echo -n ''
+}
+
 function change_password_gogs {
     curr_username="$1"
     new_user_password="$2"
         ARCHITECTURE=$(uname -m)
         if [[ ${ARCHITECTURE} == "arm"* ]]; then
             CURR_ARCH=armv5
+            echo $"Using $CURR_ARCH"
         fi
         if [[ ${ARCHITECTURE} == "amd"* || ${ARCHITECTURE} == "x86_64" ]]; then
             CURR_ARCH=amd64
+            echo $"Using $CURR_ARCH"
         fi
         if [[ ${ARCHITECTURE} == *"386" || ${ARCHITECTURE} == *"686" ]]; then
             CURR_ARCH=386
+            echo $"Using $CURR_ARCH"
         fi
     fi
 
     rm $INSTALL_DIR/gogs_config.ini
 
     sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" ${COMPLETION_FILE}
+    systemctl restart mariadb
     systemctl restart gogs
 }
 
             rm -rf ${temp_restore_dir}ssh
             chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
         fi
+
+        GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
+        GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
+        MARIADB_PASSWORD=
     fi
 }
 
             chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
             echo $"Restore of Gogs complete"
         fi
+
+        GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
+        GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
+        MARIADB_PASSWORD=
     fi
 }
 
     fi
     systemctl stop gogs
     systemctl disable gogs
+
     nginx_dissite ${GIT_DOMAIN_NAME}
     remove_certs ${GIT_DOMAIN_NAME}
     if [ -d /var/www/${GIT_DOMAIN_NAME} ]; then
     function_check drop_database
     drop_database gogs
     rm /etc/systemd/system/gogs.service
+    systemctl daemon-reload
     rm -rf /home/${GOGS_USERNAME}/*
     remove_onion_service gogs ${GIT_ONION_PORT} 9418
     remove_completion_param "install_gogs"
     sed -i '/gogs /d' $COMPLETION_FILE
     remove_backup_database_local gogs
 
+    groupdel -f gogs
+    userdel -r gogs
+
     function_check remove_ddns_domain
     remove_ddns_domain $GIT_DOMAIN_NAME
 }
 
     adduser --disabled-login --gecos 'Gogs' $GOGS_USERNAME
 
+    if [ ! -d /home/$GOGS_USERNAME ]; then
+        echo $"/home/$GOGS_USERNAME directory not created"
+        exit 783528
+    fi
+
+    groupadd gogs
+
     gogs_parameters
 
     if [ ! -d ${INSTALL_DIR} ]; then
 
     GIT_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_gogs/hostname)
 
-    systemctl restart php5-fpm
+    systemctl restart mariadb
+    systemctl restart php7.0-fpm
     systemctl restart nginx
 
     set_completion_param "gogs domain" "$GIT_DOMAIN_NAME"

src/freedombone-app-htmly

                  DDNS_PROVIDER
                  MY_USERNAME)
 
+function logging_on_htmly {
+    echo -n ''
+}
+
+function logging_off_htmly {
+    echo -n ''
+}
+
 function set_avatar_from_url {
     AVATAR="$1"
 
 }
 
 function upgrade_htmly {
+    CURR_HTMLY_COMMIT=$(get_completion_param "htmly commit")
+    if [[ "$CURR_HTMLY_COMMIT" == "$HTMLY_COMMIT" ]]; then
+        return
+    fi
+
     read_config_param "HTMLY_DOMAIN_NAME"
 
     function_check set_repo_commit
     echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     fi
 
     cd /var/www/$HTMLY_DOMAIN_NAME
-    git_clone $HTMLY_REPO htdocs
+
+    if [ -d /repos/htmly ]; then
+        mkdir htdocs
+        cp -r -p /repos/htmly/. htdocs
+        cd htdocs
+        git pull
+    else
+        git_clone $HTMLY_REPO htdocs
+    fi
+
     cd htdocs
     git checkout $HTMLY_COMMIT -b $HTMLY_COMMIT
     set_completion_param "htmly commit" "$HTMLY_COMMIT"
     fi
 
     # for the avatar changing command
-    apt-get -yq install imagemagick
+    apt-get -yq install imagemagick libfcgi0ldbl
 
     function_check install_htmly_from_repo
     install_htmly_from_repo
     function_check nginx_ensite
     nginx_ensite $HTMLY_DOMAIN_NAME
 
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
     systemctl restart nginx
 
     ${PROJECT_NAME}-pass -u $MY_USERNAME -a htmly -p "$HTMLY_ADMIN_PASSWORD"

src/freedombone-app-hubzilla

 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
                     HUBZILLA_REPO
                     HUBZILLA_ADDONS_REPO)
 
+function logging_on_hubzilla {
+    echo -n ''
+}
+
+function logging_off_hubzilla {
+    echo -n ''
+}
+
 function remove_user_hubzilla {
     remove_username="$1"
     ${PROJECT_NAME}-pass -u $remove_username --rmapp hubzilla
 }
 
 function upgrade_hubzilla {
+    CURR_HUBZILLA_COMMIT=$(get_completion_param "hubzilla commit")
+    if [[ "$CURR_HUBZILLA_COMMIT" == "$HUBZILLA_COMMIT" ]]; then
+        return
+    fi
+
     HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
 
     function_check set_repo_commit
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
+
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
+        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
+        MARIADB_PASSWORD=
     fi
 }
 
     if [ -d /root/temphubzilla ]; then
         rm -rf /root/temphubzilla
     fi
+
+    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+    HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
+    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
+    MARIADB_PASSWORD=
 }
 
 function remove_hubzilla {
     fi
 
     if [[ $ONION_ONLY != "no" ]]; then
-        return
+        echo $"Hubzilla won't work on an onion address"
+        exit 529925
     fi
 
     HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
     function_check repair_databases_script
     repair_databases_script
 
-    apt-get -yq install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
-    apt-get -yq install php5-dev imagemagick php5-imagick
-    apt-get -yq install php5-memcached
+    apt-get -yq install php-common php-cli php-curl php-gd php-mysql php-mcrypt git
+    apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
+    apt-get -yq install php-memcached memcached
 
     if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
         mkdir /var/www/$HUBZILLA_DOMAIN_NAME
 
     if [ ! -f $HUBZILLA_PATH/index.php ]; then
         cd $INSTALL_DIR
-        function_check git_clone
-        git_clone $HUBZILLA_REPO hubzilla
+
+        if [ -d /repos/hubzilla ]; then
+            mkdir hubzilla
+            cp -r -p /repos/hubzilla/. hubzilla
+            cd hubzilla
+            git pull
+        else
+            function_check git_clone
+            git_clone $HUBZILLA_REPO hubzilla
+        fi
+
         git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
         set_completion_param "hubzilla commit" "$HUBZILLA_COMMIT"
 
         rm -rf $HUBZILLA_PATH
         mv hubzilla $HUBZILLA_PATH
 
-        git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
+        if [ -d /repos/hubzilla-addons ]; then
+            mkdir $HUBZILLA_PATH/addon
+            cp -r -p /repos/hubzilla-addons/. $HUBZILLA_PATH/addon
+            cd $HUBZILLA_PATH/addon
+            git pull
+        else
+            git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
+        fi
+
         cd $HUBZILLA_PATH/addon
         git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
         set_completion_param "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT"
 
         # some extra themes
-        git_clone $HUBZILLA_THEMES_REPO $HUBZILLA_PATH/redmatrix-themes1
-        cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
+        #git_clone $HUBZILLA_THEMES_REPO $HUBZILLA_PATH/redmatrix-themes1
+        #cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
 
         chown -R www-data:www-data $HUBZILLA_PATH
     fi
         echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
     chown www-data:www-data $HUBZILLA_PATH/.htconfig.php
     chmod 755 $HUBZILLA_PATH/.htconfig.php
 
-    systemctl restart php5-fpm
+    systemctl restart mariadb
+    systemctl restart php7.0-fpm
     systemctl restart nginx
     systemctl restart cron
 

src/freedombone-app-ipfs

                 IPFS_KEY_LENGTH
                 IPFS_PORT)
 
+function logging_on_ipfs {
+    echo -n ''
+}
+
+function logging_off_ipfs {
+    echo -n ''
+}
+
 function install_interactive_ipfs {
     echo -n ''
     APP_INSTALLED=1
 }
 
 function upgrade_ipfs_go {
+    CURR_IPFS_COMMIT=$(get_completion_param "ipfs commit")
+    if [[ "$CURR_IPFS_COMMIT" == "$IPFS_COMMIT" ]]; then
+        return
+    fi
+
     if [[ $(app_is_installed ipfs_go) == "0" ]]; then
         return
     fi
     systemctl disable ipfs
     systemctl daemon-reload
     rm /etc/systemd/system/ipfs.service
+    systemctl daemon-reload
     rm -rf $GOPATH/src/github.com/ipfs
     firewall_remove $IPFS_PORT tcp
     remove_completion_param install_ipfs
         return
     fi
 
-    chroot ${rootdir} apt-get -yq install nodejs
-    chroot ${rootdir} apt-get -yq install npm curl
+    chroot ${rootdir} apt-get -yq install nodejs curl
     chroot ${rootdir} apt-get -yq install libpam0g-dev fuse
 
     if [ ! -f ${rootdir}/usr/bin/nodejs ]; then
         ARCHITECTURE=$(uname -m)
         if [[ $ARCHITECTURE == "arm"* ]]; then
             IPFS_ARCH=arm
+            echo $"Using $IPFS_ARCH"
         fi
         if [[ $ARCHITECTURE == "amd"* || $ARCHITECTURE == "x86_64" ]]; then
             IPFS_ARCH=amd64
+            echo $"Using $IPFS_ARCH"
         fi
         if [[ $ARCHITECTURE == *"386" || $ARCHITECTURE == *"686" ]]; then
             IPFS_ARCH=386
+            echo $"Using $IPFS_ARCH"
         fi
     fi
 
     if [ ! -d /home/git ]; then
         # add a gogs user account
         adduser --disabled-login --gecos 'Gogs' git
+        if [ ! -d /home/git ]; then
+            echo $"/home/git directory not created"
+            exit 735272
+        fi
 
         # install Go
         if ! grep -q "export GOPATH=" ~/.bashrc; then
     fi
 
     # initialise
-    su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME
+    su -c "$IPFS_PATH/ipfs init -b 2048" - $MY_USERNAME
     if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
         echo "IPFS could not be initialised for user $MY_USERNAME"
         exit 7358

src/freedombone-app-irc

                IRC_BUFFER_LENGTH
                ONION_ONLY)
 
+function logging_on_irc {
+    echo -n ''
+}
+
+function logging_off_irc {
+    echo -n ''
+}
+
 function irc_get_global_password {
     echo $(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}')
 }
     else
         sed -i 's|;SSLConnect.*|SSLConnect = no|g'
         # comment out the second Ports entry
-        if ! grep ";Ports =" /etc/ngircd/ngircd.conf; then
+        if ! grep -q ";Ports =" /etc/ngircd/ngircd.conf; then
             sed -i '0,/Ports =/! s/Ports =/;Ports =/' /etc/ngircd/ngircd.conf
         fi
     fi
         return
     fi
 
-    apt-get -yq -t jessie-backports install znc
+    apt-get -yq install znc
 
     adduser --disabled-login --gecos 'znc' znc
+    if [ ! -d /home/znc ]; then
+        echo $"/home/znc directory not created"
+        exit 7354262
+    fi
 
     mkdir -p /home/znc/.znc/configs
     mkdir -p /home/znc/.znc/users

src/freedombone-app-jitsi

                  DEFAULT_DOMAIN_NAME
                  MY_USERNAME)
 
+function logging_on_jitsi {
+    echo -n ''
+}
+
+function logging_off_jitsi {
+    echo -n ''
+}
+
 function jitsi_disable_google_spyware {
     # Presumably they included Google Analytics for benign reasons, but it's
     # an obvious security problem. This should disable it.
     sed -i "s|Google Analytics|Google Spyware deactivated|g" /usr/share/jitsi-meet/analytics.js
     sed -i "s|www.google-analytics.com|${JITSI_DOMAIN_NAME}|g" /usr/share/jitsi-meet/analytics.js
-    if ! grep '//ga(' /usr/share/jitsi-meet/analytics.js; then
+    if ! grep -q '//ga(' /usr/share/jitsi-meet/analytics.js; then
         sed -i 's|ga(|//ga(|g' /usr/share/jitsi-meet/analytics.js
     fi
-    if ! grep '//action +' /usr/share/jitsi-meet/analytics.js; then
+    if ! grep -q '//action +' /usr/share/jitsi-meet/analytics.js; then
         sed -i 's|action +|//action +|g' /usr/share/jitsi-meet/analytics.js
     fi
 
     sed -i "s|Google Analytics|Google Spyware deactivated|g" /usr/share/jitsi-meet/libs/analytics.js
     sed -i "s|www.google-analytics.com|${JITSI_DOMAIN_NAME}|g" /usr/share/jitsi-meet/libs/analytics.js
-    if ! grep '//ga(' /usr/share/jitsi-meet/libs/analytics.js; then
+    if ! grep -q '//ga(' /usr/share/jitsi-meet/libs/analytics.js; then
         sed -i 's|ga(|//ga(|g' /usr/share/jitsi-meet/libs/analytics.js
     fi
-    if ! grep '//action +' /usr/share/jitsi-meet/libs/analytics.js; then
+    if ! grep -q '//action +' /usr/share/jitsi-meet/libs/analytics.js; then
         sed -i 's|action +|//action +|g' /usr/share/jitsi-meet/libs/analytics.js
     fi
 }
         remove_nodejs jitsi
         exit 638352
     fi
-    if ! grep "jitsi" /etc/apt/sources.list; then
+    if ! grep -q "jitsi" /etc/apt/sources.list; then
         echo "deb http://download.jitsi.org/nightly/deb ${jitsi_deb_repo}/" >> /etc/apt/sources.list
     fi
     wget -qO - https://download.jitsi.org/nightly/deb/${jitsi_deb_repo}/archive.key | apt-key add -

src/freedombone-app-koel

 KOEL_ONION_PORT=8118
 KOEL_PORT=9002
 KOEL_REPO="https://github.com/phanan/koel"
-KOEL_COMMIT='70464a8977b1058f3bd0a4ec77877fe7894d8d84'
+KOEL_COMMIT='70464a'
 KOEL_ADMIN_PASSWORD=
 
 koel_variables=(ONION_ONLY
                 MY_EMAIL_ADDRESS
                 MY_USERNAME)
 
+function logging_on_koel {
+    echo -n ''
+}
+
+function logging_off_koel {
+    echo -n ''
+}
+
 function koel_remove_gravatar {
     cd /var/www/${KOEL_DOMAIN_NAME}/htdocs
     sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" node_modules/browser-sync-ui/public/js/app.js.map
 
     source_directory=/var/www/${KOEL_DOMAIN_NAME}/htdocs
     if [ -d $source_directory ]; then
-        systemctl stop koal
+        systemctl stop koel
 
         dest_directory=koel
         function_check suspend_site
         function_check restart_site
         restart_site
 
-        systemctl start koal
+        systemctl start koel
     fi
 }
 
     KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
     if [ $KOEL_DOMAIN_NAME ]; then
         echo $"Restoring koel"
-        systemctl stop koal
+        systemctl stop koel
 
         temp_restore_dir=/root/tempkoel
         koel_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
-        systemctl start koal
+
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+        sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
+        MARIADB_PASSWORD=
+
+        systemctl start koel
     fi
 }
 
         KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
         temp_backup_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
         if [ -d $temp_backup_dir ]; then
-            systemctl stop koal
+            systemctl stop koel
 
             function_check suspend_site
             suspend_site ${KOEL_DOMAIN_NAME}
             function_check restart_site
             restart_site
 
-            systemctl start koal
+            systemctl start koel
         else
             echo $"koel domain specified but not found in ${temp_backup_dir}"
         fi
     if grep -q "koel domain" $COMPLETION_FILE; then
         echo $"Restoring koel"
 
-        systemctl stop koal
+        systemctl stop koel
 
         KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
 
             rm -rf /root/tempkoel
         fi
 
-        systemctl start koal
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+        sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
+        MARIADB_PASSWORD=
+
+        systemctl start koel
 
         echo $"Restore of koel complete"
     fi
     if [ -f /etc/systemd/system/koel.service ]; then
         rm /etc/systemd/system/koel.service
     fi
+    systemctl daemon-reload
 
     function_check remove_nodejs
     remove_nodejs koel
     function_check repair_databases_script
     repair_databases_script
 
-    apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
-    apt-get -yq install php5-memcached php5-intl exiftool
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl php-zip
+    apt-get -yq install php-memcached php-intl exiftool libfcgi0ldbl
+    apt-get -yq install ffmpeg
 
     if [ ! -d /var/www/$KOEL_DOMAIN_NAME ]; then
         mkdir /var/www/$KOEL_DOMAIN_NAME
     fi
     if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
-        function_check git_clone
-        git_clone $KOEL_REPO /var/www/$KOEL_DOMAIN_NAME/htdocs
+
+        if [ -d /repos/koel ]; then
+            mkdir /var/www/$KOEL_DOMAIN_NAME/htdocs
+            cp -r -p /repos/koel/. /var/www/$KOEL_DOMAIN_NAME/htdocs
+            cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+            git pull
+        else
+            function_check git_clone
+            git_clone $KOEL_REPO /var/www/$KOEL_DOMAIN_NAME/htdocs
+        fi
+
         if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
             echo $'Unable to clone koel repo'
             exit 365735
         echo '  # PHP' >> $koel_nginx_site
         echo '  location ~ \.php {' >> $koel_nginx_site
         echo '    include snippets/fastcgi-php.conf;' >> $koel_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $koel_nginx_site
+        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
+        echo '    fastcgi_read_timeout 30;' >> $koel_nginx_site
         echo '  }' >> $koel_nginx_site
         echo '' >> $koel_nginx_site
         echo '  # Location' >> $koel_nginx_site
     echo '  # PHP' >> $koel_nginx_site
     echo '  location ~ \.php {' >> $koel_nginx_site
     echo '    include snippets/fastcgi-php.conf;' >> $koel_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $koel_nginx_site
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
+    echo '    fastcgi_read_timeout 30;' >> $koel_nginx_site
     echo '  }' >> $koel_nginx_site
     echo '' >> $koel_nginx_site
     echo '  # Location' >> $koel_nginx_site
         KOEL_SERVER=${KOEL_ONION_HOSTNAME}
     fi
 
-    systemctl restart php5-fpm
+    systemctl restart mariadb
+    systemctl restart php7.0-fpm
     systemctl restart nginx
 
     ${PROJECT_NAME}-pass -u $MY_USERNAME -a koel -p "$KOEL_ADMIN_PASSWORD"
             cat /home/$MY_USERNAME/freedombone/image_build/composer_install | php
         fi
     fi
-    npm install
+    npm install -g yarn
     php composer.phar install
+    if [ ! "$?" = "0" ]; then
+        echo $'Unable to run composer install'
+        exit 7252198
+    fi
+    npm install
 
     function_check get_mariadb_password
     get_mariadb_password
     sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
     sed -i 's/MAIL_HOST=.*/MAIL_HOST=localhost/g' .env
     sed -i 's/MAIL_PORT=.*/MAIL_PORT=25/g' .env
+    sed -i 's|FFMPEG_PATH=.*|FFMPEG_PATH=/usr/bin/ffmpeg|g' .env
 
     php artisan koel:init
+    if [ ! "$?" = "0" ]; then
+        echo $"Can't install koel:init"
+        exit 78362
+    fi
     koel_remove_gravatar
     chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs
 
     fi
     chown -R www-data:www-data /music
 
+    systemctl restart mariadb
     systemctl restart nginx
 
     APP_INSTALLED=1

src/freedombone-app-librevault

                       LIBREVAULT_REPO
                       LIBREVAULT_PORT)
 
+function logging_on_librevault {
+    echo -n ''
+}
+
+function logging_off_librevault {
+    echo -n ''
+}
+
 function install_interactive_librevault {
     echo -n ''
     APP_INSTALLED=1
 }
 
 function upgrade_librevault {
+    CURR_LIBREVAULT_COMMIT=$(get_completion_param "librevault commit")
+    if [[ "$CURR_LIBREVAULT_COMMIT" == "$LIBREVAULT_COMMIT" ]]; then
+        return
+    fi
+
     function_check set_repo_commit
 
     if [ -d $INSTALL_DIR/protobuf ]; then
     fi
 
     if [ -d $INSTALL_DIR/librevault/build ]; then
-        if ! grep -q "Librevault commit:$LIBREVAULT_COMMIT" $COMPLETION_FILE; then
-            set_repo_commit $INSTALL_DIR/librevault "Librevault commit" "$LIBREVAULT_COMMIT" $LIBREVAULT_REPO
+        if ! grep -q "librevault commit:$LIBREVAULT_COMMIT" $COMPLETION_FILE; then
+            set_repo_commit $INSTALL_DIR/librevault "librevault commit" "$LIBREVAULT_COMMIT" $LIBREVAULT_REPO
             cd $INSTALL_DIR/librevault
             git submodule update --init --recursive
             cd $INSTALL_DIR/librevault/build
     systemctl stop librevault
     systemctl disable librevault
     rm /etc/systemd/system/librevault.service
+    systemctl daemon-reload
     remove_completion_param install_librevault
     remove_completion_param configure_firewall_for_librevault
 }
     chroot "$rootdir" apt-get -yq install autoconf automake libtool curl make unzip
 
     # A workaround which allows c++14 to be installed
-    sed -i 's|jessie|stretch|g' $rootdir/etc/apt/sources.list
-    sed -i 's|stretch-backports|jessie-backports|g' $rootdir/etc/apt/sources.list
-    chroot "$rootdir" apt-get update
     chroot "$rootdir" apt-get -yq install g++ gcc-6 g++-6 libboost-all-dev libssl-dev
     chroot "$rootdir" apt-get -yq install protobuf-compiler libprotobuf-dev
     chroot "$rootdir" apt-get -yq install qtbase5-dev libqt5svg5-dev libqt5websockets5-dev
     chroot "$rootdir" apt-get -yq install libsqlite3-dev qttools5-dev qttools5-dev-tools libnatpmp-dev
-    sed -i 's|stretch|jessie|g' $rootdir/etc/apt/sources.list
-    chroot "$rootdir" apt-get update
 
     if [ ! -d $rootdir$INSTALL_DIR ]; then
         mkdir -p $rootdir$INSTALL_DIR
     apt-get -yq install autoconf automake libtool curl make unzip
 
     # A workaround which allows c++14 to be installed
-    sed -i 's|jessie|stretch|g' /etc/apt/sources.list
-    sed -i 's|stretch-backports|jessie-backports|g' /etc/apt/sources.list
-    apt-get update
     apt-get -yq install protobuf-compiler libprotobuf-dev
     apt-get -yq install g++ gcc-6 g++-6 libboost-all-dev libssl-dev
     apt-get -yq install qtbase5-dev libqt5svg5-dev libqt5websockets5-dev
     apt-get -yq install libsqlite3-dev qttools5-dev qttools5-dev-tools libnatpmp-dev
     apt-get -yq install gcc-6 g++-6 libboost-all-dev
-    sed -i 's|stretch|jessie|g' /etc/apt/sources.list
-    apt-get update
 
     if [ ! -d $INSTALL_DIR ]; then
         mkdir -p $INSTALL_DIR
 
     set_completion_param "Protobuf commit" "$PROTOBUF_COMMIT"
 
-    git_clone $LIBREVAULT_REPO $INSTALL_DIR/librevault
+    if [ -d /repos/librevault ]; then
+        mkdir $INSTALL_DIR/librevault
+        cp -r -p /repos/librevault/. $INSTALL_DIR/librevault
+        cd $INSTALL_DIR/librevault
+        git pull
+    else
+        git_clone $LIBREVAULT_REPO $INSTALL_DIR/librevault
+    fi
+
     cd $INSTALL_DIR/librevault
     git checkout $LIBREVAULT_COMMIT -b $LIBREVAULT_COMMIT
     git submodule update --init --recursive
     cmake --build .
     make install
 
-    set_completion_param "Librevault commit" "$LIBREVAULT_COMMIT"
+    set_completion_param "librevault commit" "$LIBREVAULT_COMMIT"
 
     LIBREVAULT_DAEMON=/etc/systemd/system/librevault-daemon.service
     echo '[Unit]' > $LIBREVAULT_DAEMON

src/freedombone-app-lychee

 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
                   DDNS_PROVIDER
                   MY_USERNAME)
 
+function logging_on_lychee {
+    echo -n ''
+}
+
+function logging_off_lychee {
+    echo -n ''
+}
 
 function lychee_create_database {
     if [ -f ${IMAGE_PASSWORD_FILE} ]; then
 }
 
 function upgrade_lychee {
+    CURR_LYCHEE_COMMIT=$(get_completion_param "lychee commit")
+    if [[ "$CURR_LYCHEE_COMMIT" == "$LYCHEE_COMMIT" ]]; then
+        return
+    fi
+
     read_config_param "LYCHEE_DOMAIN_NAME"
 
     function_check set_repo_commit
     echo '        try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     fi
 
     cd /var/www/$LYCHEE_DOMAIN_NAME
-    git_clone $LYCHEE_REPO htdocs
+
+    if [ -d /repos/lychee ]; then
+        mkdir htdocs
+        cp -r -p /repos/lychee/. htdocs
+        cd htdocs
+        git pull
+    else
+        git_clone $LYCHEE_REPO htdocs
+    fi
+
     cd htdocs
     git checkout $LYCHEE_COMMIT -b $LYCHEE_COMMIT
     set_completion_param "lychee commit" "$LYCHEE_COMMIT"
     fi
 
     # for the avatar changing command
-    apt-get -yq install imagemagick exif zip php5-mcrypt mcrypt
+    apt-get -yq install imagemagick exif zip php-mcrypt mcrypt libfcgi0ldbl
 
     function_check install_lychee_from_repo
     install_lychee_from_repo
     function_check lychee_create_database
     lychee_create_database
 
-    systemctl restart php5-fpm
+    systemctl restart mariadb
+    systemctl restart php7.0-fpm
     systemctl restart nginx
 
     ${PROJECT_NAME}-pass -u $MY_USERNAME -a lychee -p "$LYCHEE_ADMIN_PASSWORD"

src/freedombone-app-mailpile

                     DDNS_PROVIDER
                     MY_USERNAME)
 
+function logging_on_mailpile {
+    echo -n ''
+}
+
+function logging_off_mailpile {
+    echo -n ''
+}
+
 function remove_user_mailpile {
     remove_username="$1"
     ${PROJECT_NAME}-pass -u $remove_username --rmapp mailpile
 function upgrade_mailpile {
     read_config_param "MAILPILE_DOMAIN_NAME"
 
-    upgrade_mp=
     CURR_COMMIT=$MAILPILE_COMMIT
     if grep -q "mailpile commit" $COMPLETION_FILE; then
         CURR_COMMIT=$(get_completion_param "mailpile commit")
     fi
-    if [[ "$CURR_COMMIT" != "$MAILPILE_COMMIT" ]]; then
-        upgrade_mp=1
+    if [[ "$CURR_COMMIT" == "$MAILPILE_COMMIT" ]]; then
+        return
     fi
 
     function_check set_repo_commit
     set_repo_commit /var/www/$MAILPILE_DOMAIN_NAME/mail "mailpile commit" "$MAILPILE_COMMIT" $MAILPILE_REPO
 
-    if [ $upgrade_mp ]; then
-        cd /var/www/$MAILPILE_DOMAIN_NAME/mail
-        pip install -r requirements.txt
+    cd /var/www/$MAILPILE_DOMAIN_NAME/mail
+    pip install -r requirements.txt
 
-        chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail
-    fi
+    chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail
 }
 
 function backup_local_mailpile {
     systemctl stop mailpile
     systemctl disable mailpile
     rm /etc/systemd/system/mailpile.service
+    systemctl daemon-reload
 
     read_config_param "MAILPILE_DOMAIN_NAME"
     nginx_dissite $MAILPILE_DOMAIN_NAME
     fi
     function_check remove_ddns_domain
     remove_ddns_domain $MAILPILE_DOMAIN_NAME
-    deluser --remove-all-files mailpile
+
+    groupdel -f mailpile
+    userdel -r mailpile
 
     remove_config_param MAILPILE_DOMAIN_NAME
     remove_config_param MAILPILE_CODE
     if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail ]; then
         rm -rf /var/www/$MAILPILE_DOMAIN_NAME/mail
     fi
-    git_clone $MAILPILE_REPO mail
+
+    if [ -d /repos/mailpile ]; then
+        mkdir mail
+        cp -r -p /repos/mailpile/. mail
+        cd mail
+        git pull
+    else
+        git_clone $MAILPILE_REPO mail
+    fi
+
     cd mail
     git checkout $MAILPILE_COMMIT -b $MAILPILE_COMMIT
     set_completion_param "mailpile commit" "$MAILPILE_COMMIT"
     chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
     chmod +x /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
 
+    pip install jinja2==2.9.6
+    pip install pgpdump==1.5
+
     systemctl enable mailpile
     systemctl daemon-reload
     systemctl start mailpile

src/freedombone-app-matrix

                   MATRIX_DOMAIN_NAME
                   MATRIX_CODE)
 
+function logging_on_matrix {
+    if [ -f /var/lib/matrix/homeserver.yaml ]; then
+        sed -i 's|log_file:.*|log_file: /etc/matrix/homeserver.log|g' /var/lib/matrix/homeserver.yaml
+        if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
+            sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
+        fi
+    fi
+}
+
+function logging_off_matrix {
+    if [ -f /var/lib/matrix/homeserver.yaml ]; then
+        sed -i 's|log_file:.*|log_file: /dev/null|g' /var/lib/matrix/homeserver.yaml
+        if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
+            sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
+        fi
+        if [ -f /etc/matrix/homeserver.log ]; then
+            $REMOVE_FILES_COMMAND /etc/matrix/homeserver.log
+        fi
+        if [ -f /etc/matrix/homeserver.log.1 ]; then
+            $REMOVE_FILES_COMMAND /etc/matrix/homeserver.log.1
+        fi
+    fi
+}
+
 function matrix_nginx {
     matrix_nginx_site=/etc/nginx/sites-available/$MATRIX_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
     if [ ! -d /etc/matrix ]; then
        return
     fi
+
+    CURR_MATRIX_COMMIT=$(get_completion_param "matrix commit")
+    if [[ "$CURR_MATRIX_COMMIT" == "$MATRIX_COMMIT" ]]; then
+        return
+    fi
+
     systemctl stop turn
     systemctl stop matrix
 
     if [ -f /etc/systemd/system/matrix.service ]; then
         rm /etc/systemd/system/matrix.service
     fi
+    systemctl daemon-reload
     apt-get -y remove --purge coturn
     cd /etc/matrix
     pip uninstall .
     rm -rf $MATRIX_DATA_DIR
     rm -rf /etc/matrix
-    deluser matrix
-    delgroup matrix
+
+    groupdel -f matrix
+    userdel -r matrix
+
     remove_onion_service matrix ${MATRIX_ONION_PORT}
     remove_onion_service matrix ${MATRIX_FEDERATION_ONION_PORT}
 
 
 function install_home_server {
     if [ ! -d /etc/matrix ]; then
-        function_check git_clone
-        git_clone $MATRIX_REPO /etc/matrix
+
+        if [ -d /repos/matrix ]; then
+            mkdir /etc/matrix
+            cp -r -p /repos/matrix/. /etc/matrix
+            cd /etc/matrix
+            git pull
+        else
+            function_check git_clone
+            git_clone $MATRIX_REPO /etc/matrix
+        fi
+
         if [ ! -d /etc/matrix ]; then
             echo $'Unable to clone matrix repo'
             exit 6724683
     sleep 5
 
     if [ ! -f $MATRIX_DATA_DIR/homeserver.db ]; then
-        echo $'No matrix home server database was created'
-        exit 23782
+        # On low power systems more sleeping may be needed
+        sleep 10
+
+        if [ ! -f $MATRIX_DATA_DIR/homeserver.db ]; then
+            echo $'No matrix home server database was created'
+            exit 23782
+        fi
     fi
     chmod -R 700 $MATRIX_DATA_DIR/homeserver.db
 
     MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
     echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> /etc/tor/torrc
-    systemctl reload tor
+    systemctl restart tor
 
     if [ ! ${MATRIX_PASSWORD} ]; then
         if [ -f ${IMAGE_PASSWORD_FILE} ]; then
 }
 
 function install_matrix {
+    if [[ $ONION_ONLY != 'no' ]]; then
+        return
+    fi
+
+    check_ram_availability 1500
+
     if [ ! -d $INSTALL_DIR ]; then
         mkdir -p $INSTALL_DIR
     fi
             libjpeg62-turbo-dev libldap-2.4-2 \
             libldap2-dev libsasl2-dev \
             libsqlite3-dev libssl-dev \
-            libssl1.0.0 libtool libxml2 \
+            libssl1.1 libtool libxml2 \
             libxml2-dev libxslt1-dev libxslt1.1 \
             make python python-dev \
             python-pip python-psycopg2 \

src/freedombone-app-mediagoblin

 # License
 # =======
 #
-# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
                        DEFAULT_DOMAIN_NAME
                        DDNS_PROVIDER)
 
+function logging_on_mediagoblin {
+    echo -n ''
+}
+
+function logging_off_mediagoblin {
+    echo -n ''
+}
+
 function mediagoblin_fix_email {
     # This is a crude hack and there may be a better solution
     # The cause of verification problems might be that the mediagoblin user
         echo $'Unable to fix email sending'
         exit 792532
     fi
-    if ! grep 'import os' $mgfile; then
+    if ! grep -q 'import os' $mgfile; then
         sed -i '/import sys/a import os' $mgfile
     fi
     sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile
     systemctl stop mediagoblin
     systemctl disable mediagoblin
     rm /etc/systemd/system/mediagoblin.service
+    systemctl daemon-reload
 
     function_check remove_onion_service
     remove_onion_service mediagoblin ${MEDIAGOBLIN_ONION_PORT}
     sed -i '/mediagoblin/d' $COMPLETION_FILE
 
     remove_nodejs mediagoblin
-    deluser mediagoblin
-    delgroup mediagoblin
+
+    groupdel -f mediagoblin
+    userdel -r mediagoblin
 
     function_check remove_ddns_domain
     remove_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
     chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR
     chown -hR mediagoblin:www-data /var/lib/mediagoblin
     chmod -R g+wx /var/lib/mediagoblin
-    su -c "cd $MEDIAGOBLIN_BASE_DIR && git clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_BASE_DIR/mediagoblin" - mediagoblin
+
+    if [ -d /repos/mediagoblin ]; then
+        mkdir -p $MEDIAGOBLIN_BASE_DIR/mediagoblin
+        cp -r -p /repos/mediagoblin/. $MEDIAGOBLIN_BASE_DIR/mediagoblin
+        cd $MEDIAGOBLIN_BASE_DIR/mediagoblin
+        git pull
+        chown -R mediagoblin:mediagoblin $MEDIAGOBLIN_BASE_DIR/mediagoblin
+    else
+        su -c "cd $MEDIAGOBLIN_BASE_DIR && git clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_BASE_DIR/mediagoblin" - mediagoblin
+    fi
+
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && git checkout $MEDIAGOBLIN_COMMIT -b $MEDIAGOBLIN_COMMIT" - mediagoblin
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && git submodule sync" - mediagoblin
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && git submodule update --force --init --recursive" - mediagoblin
         echo '        include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
         echo '        fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
         echo '        fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
         echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
         echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
     else
     echo '        include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
     echo '        fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
     echo '        fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
     echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
 
 
     sed -i 's|allow_reporting.*|allow_reporting = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
 
-    if ! grep '[[[skip_transcode]]]' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini; then
+    if ! grep -q '[[[skip_transcode]]]' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini; then
         echo '[[[skip_transcode]]]' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
         echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
         echo 'container_formats = Matroska, Ogg, ISO MP4/M4A' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
 
     nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
 
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
     systemctl restart nginx
 
     function_check add_ddns_domain

src/freedombone-app-movim

                  DDNS_PROVIDER
                  MY_USERNAME)
 
+function logging_on_movim {
+    echo -n ''
+}
+
+function logging_off_movim {
+    echo -n ''
+}
+
 function remove_user_movim {
     remove_username="$1"
 
 }
 
 function upgrade_movim {
+    CURR_MOVIM_COMMIT=$(get_completion_param "movim commit")
+    if [[ "$CURR_MOVIM_COMMIT" == "$MOVIM_COMMIT" ]]; then
+        return
+    fi
+
     if grep -q "movim domain" $COMPLETION_FILE; then
         MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
     fi
             rm -rf $temp_restore_dir
         fi
 
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+        sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
+        MARIADB_PASSWORD=
+
         echo $"Restore of movim complete"
     fi
 }
         if [ -d /root/tempmovim ]; then
             rm -rf /root/tempmovim
         fi
+
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+        sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
+        MARIADB_PASSWORD=
+
         echo $"Restore of movim complete"
     fi
 }
     systemctl stop movim
     systemctl disable movim
     rm /etc/systemd/system/movim.service
+    systemctl daemon-reload
 
     read_config_param "MY_USERNAME"
     echo "Removing $MOVIM_DOMAIN_NAME"
     function_check repair_databases_script
     repair_databases_script
 
-    apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
-    apt-get -yq install php5-memcached php5-intl exiftool php5-imagick
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
+    apt-get -yq install php-memcached php-intl exiftool php-imagick libfcgi0ldbl
 
     if [ ! -d /var/www/$MOVIM_DOMAIN_NAME ]; then
         mkdir /var/www/$MOVIM_DOMAIN_NAME
     fi
     if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
-        function_check git_clone
-        git_clone $MOVIM_REPO /var/www/$MOVIM_DOMAIN_NAME/htdocs
+
+        if [ -d /repos/movim ]; then
+            mkdir /var/www/$MOVIM_DOMAIN_NAME/htdocs
+            cp -r -p /repos/movim/. /var/www/$MOVIM_DOMAIN_NAME/htdocs
+            cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
+            git pull
+        else
+            function_check git_clone
+            git_clone $MOVIM_REPO /var/www/$MOVIM_DOMAIN_NAME/htdocs
+        fi
+
         if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
             echo $'Unable to clone movim repo'
             exit 76285
         echo '  # PHP' >> $movim_nginx_site
         echo '  location ~ \.php {' >> $movim_nginx_site
         echo '    include snippets/fastcgi-php.conf;' >> $movim_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $movim_nginx_site
+        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
+        echo '    fastcgi_read_timeout 30;' >> $movim_nginx_site
         echo '  }' >> $movim_nginx_site
         echo '' >> $movim_nginx_site
         echo '  # Location' >> $movim_nginx_site
     echo '  # PHP' >> $movim_nginx_site
     echo '  location ~ \.php {' >> $movim_nginx_site
     echo '    include snippets/fastcgi-php.conf;' >> $movim_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $movim_nginx_site
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
+    echo '    fastcgi_read_timeout 30;' >> $movim_nginx_site
     echo '  }' >> $movim_nginx_site
     echo '' >> $movim_nginx_site
     echo '  # Location' >> $movim_nginx_site
 
     set_completion_param "movim domain" "$MOVIM_DOMAIN_NAME"
 
+    systemctl restart mariadb
     systemctl start movim
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
     systemctl restart nginx
     APP_INSTALLED=1
 }

src/freedombone-app-mumble

                   ONION_ONLY
                   ADMIN_USERNAME)
 
+function logging_on_mumble {
+    if [ -f /etc/mumble-server.ini ]; then
+        sed -i 's|logfile=.*|logfile=/var/log/mumble-server.log|g' /etc/mumble-server.ini
+    fi
+}
+
+function logging_off_mumble {
+    if [ -f /etc/mumble-server.ini ]; then
+        sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
+        if [ -d /var/log/mumble-server ]; then
+            $REMOVE_FILES_COMMAND /var/log/mumble-server/*
+            rm -rf /var/log/mumble-server
+        fi
+    fi
+}
+
 function install_interactive_mumble {
     echo -n ''
     APP_INSTALLED=1

src/freedombone-app-nextcloud

 NEXTCLOUD_DOMAIN_NAME=
 NEXTCLOUD_CODE=
 NEXTCLOUD_ONION_PORT=8112
-NEXTCLOUD_DOWNLOAD_URL='https://download.nextcloud.com/server/releases/nextcloud-'
-NEXTCLOUD_VERSION='11.0.3'
 NEXTCLOUD_REPO="https://github.com/nextcloud/server"
-# Stable 11 branch
-NEXTCLOUD_COMMIT='4fe02f6e3a812551661a3a7a7ceb4e1f3791cbd3'
+# Stable 12 branch
+NEXTCLOUD_COMMIT='5e22b330963d01feb636b24e7b1027b50b46e3c2'
 NEXTCLOUD_ADMIN_PASSWORD=
 
 nextcloud_variables=(ONION_ONLY
                      DDNS_PROVIDER
                      MY_USERNAME)
 
+function logging_on_nextcloud {
+    echo -n ''
+}
+
+function logging_off_nextcloud {
+    echo -n ''
+}
+
 function remove_user_nextcloud {
     remove_username="$1"
 
 }
 
 function upgrade_nextcloud {
+    CURR_NEXTCLOUD_COMMIT=$(get_completion_param "nextcloud commit")
+    if [[ "$CURR_NEXTCLOUD_COMMIT" == "$NEXTCLOUD_COMMIT" ]]; then
+        chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+        chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/data
+        cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+        sudo -u www-data ./occ maintenance:repair
+        sudo -u www-data ./occ files:cleanup
+        sudo -u www-data ./occ files:scan --all
+        sudo -u www-data ./occ maintenance:mode --off
+        return
+    fi
+
     if grep -q "nextcloud domain" $COMPLETION_FILE; then
         NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
     fi
     function_check remove_nodejs
     remove_nodejs pleroma-nextcloud
 
-    sed -i 's|env[PATH]|;env[PATH]|g' /etc/php5/fpm/pool.d/www.conf
+    sed -i 's|env[PATH]|;env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf
 
     read_config_param "NEXTCLOUD_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     function_check remove_ddns_domain
     remove_ddns_domain $NEXTCLOUD_DOMAIN_NAME
     systemctl restart nginx
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
 }
 
 function install_nextcloud_main {
     function_check repair_databases_script
     repair_databases_script
 
-    apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
-    apt-get -yq install php5-memcached php5-intl memcached php5-memcached
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
+    apt-get -yq install php-intl memcached php-memcached libfcgi0ldbl
+    apt-get -yq install php-zip
 
     # Ensure PATH is available to php
-    if [ ! -f /etc/php5/fpm/pool.d/www.conf ]; then
+    if [ ! -f /etc/php/7.0/fpm/pool.d/www.conf ]; then
        echo $'No php www configuration file found'
        exit 628757
     fi
-    sed -i 's|;env[PATH]|env[PATH]|g' /etc/php5/fpm/pool.d/www.conf
+    sed -i 's|;env[PATH]|env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf
 
     if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then
         mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME
     fi
     if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
-        function_check git_clone
-        git_clone $NEXTCLOUD_REPO /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+
+        if [ -d /repos/nextcloud ]; then
+            mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+            cp -r -p /repos/nextcloud/. /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+            cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+            git pull
+        else
+            function_check git_clone
+            git_clone $NEXTCLOUD_REPO /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+        fi
+
         if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
             echo $'Unable to clone nextcloud repo'
             exit 87525
         echo '  # PHP' >> $nextcloud_nginx_site
         echo '  location ~ \.php {' >> $nextcloud_nginx_site
         echo '    include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $nextcloud_nginx_site
+        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
+        echo '    fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
         echo '  }' >> $nextcloud_nginx_site
         echo '' >> $nextcloud_nginx_site
         echo '  # Location' >> $nextcloud_nginx_site
     echo '  # PHP' >> $nextcloud_nginx_site
     echo '  location ~ \.php {' >> $nextcloud_nginx_site
     echo '    include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $nextcloud_nginx_site
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
+    echo '    fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
     echo '  }' >> $nextcloud_nginx_site
     echo '' >> $nextcloud_nginx_site
     echo '  # Location' >> $nextcloud_nginx_site
         NEXTCLOUD_SERVER=${NEXTCLOUD_ONION_HOSTNAME}
     fi
 
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
     systemctl restart nginx
 
     ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no
     ${PROJECT_NAME}-pass -u $MY_USERNAME -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD"
 
     cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
-    chown -R www-data:www-data config
-    chown -R www-data:www-data data
+    if [ -d config ]; then
+        chown -R www-data:www-data config
+    fi
+    if [ -d data ]; then
+        chown -R www-data:www-data data
+    fi
+
     chmod +x occ
     ./occ maintenance:install --database-name nextcloud --admin-user ${MY_USERNAME} --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}"
+    if [ ! -d data ]; then
+        echo $'Nextcloud data directory was not found. This probably means that the installation failed.'
+        echo ''
+        echo $'Install command was:'
+        echo "./occ maintenance:install --database-name nextcloud --admin-user ${MY_USERNAME} --admin-pass \"${NEXTCLOUD_ADMIN_PASSWORD}\" --database mysql --database-user root --database-pass \"${MARIADB_PASSWORD}\""
+        exit 83522
+    fi
+    chown -R www-data:www-data config
+    chown -R www-data:www-data data
     ./occ check
     ./occ status
     ./occ app:list
     ./occ app:enable encryption
     ./occ config:system:set appstoreenabled --value=false
-    ./occ config:system:set trusted_domains 1 --value=$NEXTCLOUD_DOMAIN_NAME
     chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
     chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
     chmod 0644 .htaccess
     chmod 0750 data
     chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
+    sudo -u www-data ./occ config:system:set trusted_domains 1 --value=$NEXTCLOUD_DOMAIN_NAME
+    sudo -u www-data ./occ config:system:set trusted_domains 2 --value=$NEXTCLOUD_ONION_HOSTNAME
     sudo -u www-data ./occ files:cleanup
     sudo -u www-data ./occ files:scan --all
     sudo -u www-data ./occ maintenance:repair
     sudo -u www-data ./occ maintenance:mode --off
 
+    systemctl restart mariadb
+
     # move the data directory
     mv /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
     sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php

src/freedombone-app-pelican

                    PELICAN_DOMAIN_NAME
                    PELICAN_BLOG_CODE)
 
+function logging_on_pelican {
+    echo -n ''
+}
+
+function logging_off_pelican {
+    echo -n ''
+}
 
 function install_pelican_website {
     if [[ $ONION_ONLY != 'no' ]]; then
     function_check remove_onion_service
     remove_onion_service pelican ${PELICAN_ONION_PORT}
     remove_app pelican
-    systemctl reload tor
+    systemctl restart tor
 }
 
 function create_pelican_conf {

src/freedombone-app-pihole

                   PIHOLE_DNS1
                   PIHOLE_DNS2)
 
+function logging_on_pihole {
+    echo -n ''
+}
+
+function logging_off_pihole {
+    echo -n ''
+}
+
 function pihole_copy_files {
     if [ ! -d /etc/.pihole ]; then
         mkdir /etc/.pihole
 }
 
 function upgrade_pihole {
+    CURR_PIHOLE_COMMIT=$(get_completion_param "pihole commit")
+    if [[ "$CURR_PIHOLE_COMMIT" == "$PIHOLE_COMMIT" ]]; then
+        return
+    fi
+
     function_check set_repo_commit
     set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
 
 function install_pihole {
     apt-get -yq install dnsmasq curl
     adduser --disabled-login --gecos 'pi-hole' pihole
+    if [ ! -d /home/pihole ]; then
+        echo $"/home/pihole directory not created"
+        exit 538929
+    fi
+
     chmod 600 /etc/shadow
     chmod 600 /etc/gshadow
     usermod -a -G www-data pihole
 
     if [ ! -d $INSTALL_DIR/pihole ]; then
         cd $INSTALL_DIR
-        git_clone $PIHOLE_REPO pihole
+
+        if [ -d /repos/pihole ]; then
+            mkdir pihole
+            cp -r -p /repos/pihole/. pihole
+            cd pihole
+            git pull
+        else
+            git_clone $PIHOLE_REPO pihole
+        fi
+
         if [ ! -d $INSTALL_DIR/pihole ]; then
             exit 523925
         fi

src/freedombone-app-postactiv

 POSTACTIV_CODE=
 POSTACTIV_ONION_PORT=8100
 POSTACTIV_REPO="https://git.postactiv.com/postActiv/postActiv.git"
-POSTACTIV_COMMIT='65fcc4eb440380f2373d428e8dde23fcc73c9f08'
+POSTACTIV_COMMIT='0531c469b44aab6a71230778ab4492eca889bb2c'
 POSTACTIV_ADMIN_PASSWORD=
 
 POSTACTIV_BACKGROUND_IMAGE_URL=
                      POSTACTIV_EXPIRE_MONTHS
                      POSTACTIV_TITLE)
 
+function logging_on_postactiv {
+    echo -n ''
+}
+
+function logging_off_postactiv {
+    echo -n ''
+}
+
 function postactiv_customise_logo {
     domain_name=$1
 
         trap "rm -f $data" 0 1 2 5 15
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"PostActiv" \
-               --radiolist $"Choose an operation:" 17 70 8 \
+               --radiolist $"Choose an operation:" 16 70 7 \
                1 $"Set a background image" off \
                2 $"Set the title" off \
                3 $"Set post expiry period (currently $POSTACTIV_EXPIRE_MONTHS months)" off \
                4 $"Select Qvitter user interface" off \
                5 $"Select Pleroma user interface" off \
                6 $"Select Classic user interface" off \
-               7 $"Select Armadillo user interface" off \
-               8 $"Exit" on 2> $data
+               7 $"Exit" on 2> $data
         sel=$?
         case $sel in
             1) return;;
             4) gnusocial_use_qvitter postactiv;;
             5) gnusocial_use_pleroma postactiv;;
             6) gnusocial_use_classic postactiv;;
-            7) gnusocial_use_armadillo postactiv;;
-            8) break;;
+            7) break;;
         esac
     done
 }
     postactiv_customise_logo
     install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME"
     chown -R www-data:www-data /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
+    systemctl restart mariadb
 }
 
 
         POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
     fi
 
-    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
-        dest_directory=postactiv
-        function_check suspend_site
-        suspend_site ${POSTACTIV_DOMAIN_NAME}
+    # don't backup more data than we need to
+    postactiv-expire
 
-        function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
+    if [ ! -d $source_directory ]; then
+        mkdir $source_directory
+    fi
+    cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory
+    if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then
+        cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory
+    fi
 
-        function_check backup_database_to_usb
-        backup_database_to_usb postactiv
+    function_check suspend_site
+    suspend_site ${POSTACTIV_DOMAIN_NAME}
 
-        function_check restart_site
-        restart_site
-    fi
+    function_check backup_directory_to_usb
+    dest_directory=postactivconfig
+    backup_directory_to_usb $source_directory $dest_directory
+
+    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
+    dest_directory=postactivfile
+    backup_directory_to_usb $source_directory $dest_directory
+
+    function_check backup_database_to_usb
+    backup_database_to_usb postactiv
+
+    function_check restart_site
+    restart_site
 }
 
 function restore_local_postactiv {
     fi
     POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
     if [ $POSTACTIV_DOMAIN_NAME ]; then
+        echo $"Restoring postactiv"
         temp_restore_dir=/root/temppostactiv
         postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
         # stop the daemons
         cd $postactiv_dir
-        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
+        scripts/stopdaemons.sh
 
         function_check postactiv_create_database
         postactiv_create_database
 
-        restore_database postactiv ${POSTACTIV_DOMAIN_NAME}
+        restore_database postactiv
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        # start the daemons
-        cd $postactiv_dir
-        su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
+        function_check restore_directory_from_usb
+        restore_directory_from_usb $temp_restore_dir postactivconfig
+        if [ -d $temp_restore_dir ]; then
+            cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/
+            chown www-data:www-data $postactiv_dir/config.php
+            cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/
+            chown -R www-data:www-data $postactiv_dir/static
+            rm -rf $temp_restore_dir
+        fi
+
+        restore_directory_from_usb $temp_restore_dir postactivfile
+        if [ -d $temp_restore_dir ]; then
+            cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/
+            chown -R www-data:www-data $postactiv_dir/file
+            rm -rf $temp_restore_dir
+        fi
+
+        gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME}
+
+        echo $"Restore of postactiv complete"
     fi
 }
 
 function backup_remote_postactiv {
+    POSTACTIV_DOMAIN_NAME='postactiv'
     if grep -q "postactiv domain" $COMPLETION_FILE; then
         POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-        temp_backup_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
-            function_check suspend_site
-            suspend_site ${POSTACTIV_DOMAIN_NAME}
-
-            function_check backup_database_to_friend
-            backup_database_to_friend postactiv
+    fi
 
-            function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir postactiv
+    # don't backup more data than we need to
+    postactiv-expire
 
-            function_check restart_site
-            restart_site
-        else
-            echo $"postactiv domain specified but not found in ${temp_backup_dir}"
-        fi
+    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
+    if [ ! -d $source_directory ]; then
+        mkdir $source_directory
     fi
+    cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory
+    if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then
+        cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory
+    fi
+
+    function_check suspend_site
+    suspend_site ${POSTACTIV_DOMAIN_NAME}
+
+    function_check backup_directory_to_friend
+    dest_directory=postactivconfig
+    backup_directory_to_friend $source_directory $dest_directory
+
+    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
+    dest_directory=postactivfile
+    backup_directory_to_friend $source_directory $dest_directory
+
+    function_check backup_database_to_friend
+    backup_database_to_friend postactiv
+
+    function_check restart_site
+    restart_site
 }
 
 function restore_remote_postactiv {
-    if grep -q "postactiv domain" $COMPLETION_FILE; then
-        POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-
+    if ! grep -q "postactiv domain" $COMPLETION_FILE; then
+        return
+    fi
+    POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
+    if [ $POSTACTIV_DOMAIN_NAME ]; then
+        echo $"Restoring postactiv"
+        temp_restore_dir=/root/temppostactiv
+        postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
         # stop the daemons
-        cd /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
-        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
+        cd $postactiv_dir
+        scripts/stopdaemons.sh
 
         function_check postactiv_create_database
         postactiv_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend postactiv ${POSTACTIV_DOMAIN_NAME}
-        if [ -d /root/temppostactiv ]; then
-            rm -rf /root/temppostactiv
+        restore_database_from_friend postactiv
+        if [ -d $temp_restore_dir ]; then
+            rm -rf $temp_restore_dir
+        fi
+
+        function_check restore_directory_from_friend
+        restore_directory_from_friend $temp_restore_dir postactivconfig
+        if [ -d $temp_restore_dir ]; then
+            cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/
+            chown www-data:www-data $postactiv_dir/config.php
+            cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/
+            chown -R www-data:www-data $postactiv_dir/static
+            rm -rf $temp_restore_dir
+        fi
+
+        restore_directory_from_friend $temp_restore_dir postactivfile
+        if [ -d $temp_restore_dir ]; then
+            cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/
+            chown -R www-data:www-data $postactiv_dir/file
+            rm -rf $temp_restore_dir
         fi
 
-        # start the daemons
-        cd /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
-        su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
+        gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME}
+
+        echo $"Restore of postactiv complete"
     fi
 }
 
         rm /etc/cron.hourly/postactiv-daemons
     fi
     if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh ]; then
-        cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts
-        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
+        cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+        scripts/stopdaemons.sh
     fi
     kill_pid=$(ps aux | grep /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php | awk -F ' ' '{print $2}' | head -n 1)
     kill -9 $kill_pid
     function_check repair_databases_script
     repair_databases_script
 
-    apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
-    apt-get -yq install php5-memcached php5-intl exiftool
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
+    apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
 
     if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then
         mkdir /var/www/$POSTACTIV_DOMAIN_NAME
     fi
     if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then
-        function_check git_clone
-        git_clone $POSTACTIV_REPO /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+
+        if [ -d /repos/postactiv ]; then
+            mkdir /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+            cp -r -p /repos/postactiv/. /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+            cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+            git pull
+        else
+            function_check git_clone
+            git_clone $POSTACTIV_REPO /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+        fi
+
         if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then
             echo $'Unable to clone postactiv repo'
             exit 87525
     function_check add_ddns_domain
     add_ddns_domain $POSTACTIV_DOMAIN_NAME
 
+    POSTACTIV_ONION_HOSTNAME=$(add_onion_service postactiv 80 ${POSTACTIV_ONION_PORT})
+
     postactiv_nginx_site=/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
         echo '  # PHP' >> $postactiv_nginx_site
         echo '  location ~ \.php {' >> $postactiv_nginx_site
         echo '    include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $postactiv_nginx_site
+        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site
+        echo '    fastcgi_read_timeout 30;' >> $postactiv_nginx_site
         echo '  }' >> $postactiv_nginx_site
         echo '' >> $postactiv_nginx_site
         echo '  # Location' >> $postactiv_nginx_site
     fi
     echo 'server {' >> $postactiv_nginx_site
     echo "    listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;" >> $postactiv_nginx_site
-    echo "    server_name $POSTACTIV_DOMAIN_NAME;" >> $postactiv_nginx_site
+    echo "    server_name $POSTACTIV_ONION_HOSTNAME;" >> $postactiv_nginx_site
     echo '' >> $postactiv_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $POSTACTIV_DOMAIN_NAME
     echo '  # PHP' >> $postactiv_nginx_site
     echo '  location ~ \.php {' >> $postactiv_nginx_site
     echo '    include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $postactiv_nginx_site
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site
+    echo '    fastcgi_read_timeout 30;' >> $postactiv_nginx_site
     echo '  }' >> $postactiv_nginx_site
     echo '' >> $postactiv_nginx_site
     echo '  # Location' >> $postactiv_nginx_site
         postactiv_ssl='never'
     fi
 
-    POSTACTIV_ONION_HOSTNAME=$(add_onion_service postactiv 80 ${POSTACTIV_ONION_PORT})
-
     POSTACTIV_SERVER=${POSTACTIV_DOMAIN_NAME}
     if [[ $ONION_ONLY != 'no' ]]; then
         POSTACTIV_SERVER=${POSTACTIV_ONION_HOSTNAME}
         rm /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php
     fi
 
-    systemctl restart php5-fpm
+    systemctl restart mariadb
+    systemctl restart php7.0-fpm
     systemctl restart nginx
 
     ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
 
     install_postactiv_main
     install_qvitter "$POSTACTIV_DOMAIN_NAME" "postactiv"
-
-    #function_check install_nodejs
-    #install_nodejs pleroma-postactiv
-
-    install_armadillo_front_end "postactiv" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL"
+    install_gnusocial_markdown "$POSTACTIV_DOMAIN_NAME" "postactiv"
+    install_gnusocial_plugin_sharings "$POSTACTIV_DOMAIN_NAME" "postactiv"
+    install_gnusocial_plugin_sharings_theme "$POSTACTIV_DOMAIN_NAME" "postactiv"
 
     # Currently Pleroma won't install on ARM systems
     # because it uses node-sass which doesn't support ARM
 
     systemctl restart nginx
 
+    # Set qvitter to be the default UI. It's probably the most stable.
+    # And doesn't forget logins
+    gnusocial_use_qvitter postactiv
+
+    if [ $POSTACTIV_BACKGROUND_IMAGE_URL ]; then
+        pleroma_set_background_image_from_url "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
+    fi
+
     APP_INSTALLED=1
 }
 

src/freedombone-app-profanity

                 DEFAULT_DOMAIN_NAME
                 XMPP_DOMAIN_CODE)
 
+function logging_on_profanity {
+    echo -n ''
+}
+
+function logging_off_profanity {
+    echo -n ''
+}
+
 function remove_user_profanity {
     remove_username="$1"
 }
     apt-get -yq install libotr5-dev libgpgme11-dev python-dev libreadline-dev
 
     # dependency for profanity not available in debian
-    git_clone $LIBMESODE_REPO $INSTALL_DIR/libmesode
+    if [ -d /repos/libmesode ]; then
+        mkdir $INSTALL_DIR/libmesode
+        cp -r -p /repos/libmesode/. $INSTALL_DIR/libmesode
+        cd $INSTALL_DIR/libmesode
+        git pull
+    else
+        git_clone $LIBMESODE_REPO $INSTALL_DIR/libmesode
+    fi
+
     cd $INSTALL_DIR/libmesode
     git checkout $LIBMESODE_COMMIT -b $LIBMESODE_COMMIT
     ./bootstrap.sh
     cp /usr/local/lib/libmesode* /usr/lib
 
     # build profanity
-    git_clone $PROFANITY_REPO $INSTALL_DIR/profanity
+    if [ -d /repos/profanity ]; then
+        mkdir $INSTALL_DIR/profanity
+        cp -r -p /repos/profanity/. $INSTALL_DIR/profanity
+        cd $INSTALL_DIR/profanity
+        git pull
+    else
+        git_clone $PROFANITY_REPO $INSTALL_DIR/profanity
+    fi
+
     cd $INSTALL_DIR/profanity
     git checkout $PROFANITY_COMMIT -b $PROFANITY_COMMIT
     ./bootstrap.sh
 
     # install the omemo plugin
     apt-get -yq install python-pip python-setuptools clang libffi-dev libssl-dev python-dev
-    git_clone $PROFANITY_OMEMO_PLUGIN_REPO $INSTALL_DIR/profanity-omemo-plugin
+
+    if [ -d /repos/profanity-omemo ]; then
+        mkdir $INSTALL_DIR/profanity-omemo-plugin
+        cp -r -p /repos/profanity-omemo/. $INSTALL_DIR/profanity-omemo-plugin
+        cd $INSTALL_DIR/profanity-omemo-plugin
+        git pull
+    else
+        git_clone $PROFANITY_OMEMO_PLUGIN_REPO $INSTALL_DIR/profanity-omemo-plugin
+    fi
+
     cd $INSTALL_DIR/profanity-omemo-plugin
     git checkout $PROFANITY_OMEMO_PLUGIN_COMMIT -b $PROFANITY_OMEMO_PLUGIN_COMMIT
     if [ ! -f $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py ]; then

src/freedombone-app-radicale

 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-VARIANTS='full full-vim'
+VARIANTS=''
 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
                     RADICALE_PASSWORD
                     DEFAULT_DOMAIN_NAME)
 
+function logging_on_radicale {
+    echo -n ''
+}
+
+function logging_off_radicale {
+    echo -n ''
+}
+
 function remove_user_radicale {
     remove_username="$1"
 
     if [ -f /etc/systemd/system/radicale.service ]; then
         rm /etc/systemd/system/radicale.service
     fi
+    systemctl daemon-reload
     if [ -f /etc/nginx/sites-available/radicale ]; then
         rm /etc/nginx/sites-available/radicale
     fi
     fi
 
     firewall_remove ${RADICALE_PORT} tcp
-    deluser radicale
+
+    groupdel -f radicale
+    userdel -r radicale
 
     function_check remove_onion_service
     remove_onion_service radicale ${RADICALE_ONION_PORT}
 
     useradd -c "Radicale system account" -d /var/www/radicale -m -r -g radicale radicale
     usermod -a -G www-data radicale
+    groupadd radicale
 
     # create directories
     if [ ! -d /var/log/radicale ]; then

src/freedombone-app-riot

                 RIOT_DOMAIN_NAME
                 MATRIX_DOMAIN_NAME
                 SYSTEM_TYPE
+                ONION_ONLY
                 DDNS_PROVIDER)
 
+function logging_on_riot {
+    echo -n ''
+}
+
+function logging_off_riot {
+    echo -n ''
+}
+
 function remove_user_riot {
     echo -n ''
 }
 }
 
 function install_riot {
+    if [[ $ONION_ONLY != 'no' ]]; then
+        return
+    fi
+
     # check that matrix has been installed
     if [ ! $MATRIX_DOMAIN_NAME ]; then
         exit 687292
         exit 827334
     fi
 
+    function_check get_completion_param
+    MATRIX_ONION_DOMAIN_NAME=$(get_completion_param "matrix onion domain")
+
     apt-get -yq install wget
 
     if [ ! -d /var/www/$RIOT_DOMAIN_NAME/htdocs ]; then
     cd /var/www/$RIOT_DOMAIN_NAME/htdocs
     cp config.sample.json config.json
 
-    sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
-    sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
-    sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"https://${MATRIX_DOMAIN_NAME}/\",|g" config.json
-    sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"https://${MATRIX_DOMAIN_NAME}/api\",|g" config.json
-    sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" config.json
-    sed -i "/\"servers\":/a \"matrix.freedombone.net\"," config.json
+    if [[ $ONION_ONLY == 'no' ]]; then
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
+        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"https://${MATRIX_DOMAIN_NAME}/\",|g" config.json
+        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"https://${MATRIX_DOMAIN_NAME}/api\",|g" config.json
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" config.json
+        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," config.json
+    else
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
+        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/\",|g" config.json
+        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/api\",|g" config.json
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" config.json
+        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," config.json
+    fi
 
     RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})
 

src/freedombone-app-rss

 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
                USB_MOUNT
                MY_USERNAME)
 
+function logging_on_rss {
+    echo -n ''
+}
+
+function logging_off_rss {
+    echo -n ''
+}
+
+function remove_user_rss {
+    remove_username="$1"
+}
+
+function add_user_rss {
+    new_username="$1"
+    new_user_password="$2"
+    echo '0'
+}
+
 function install_interactive_rss {
     echo -n ''
     APP_INSTALLED=1
 }
 
 function upgrade_rss {
+    CURR_RSS_READER_COMMIT=$(get_completion_param "rss reader commit")
+    if [[ "$CURR_RSS_READER_COMMIT" == "$RSS_READER_COMMIT" ]]; then
+        return
+    fi
+
     RSS_MOBILE_READER_PATH=/etc/share/ttrss-mobile
 
     if [[ $(app_is_installed rss) == "1" ]]; then
             rm -rf $temp_restore_dir
         fi
     fi
+
+    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+    sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
+    MARIADB_PASSWORD=
 }
 
 function backup_remote_rss {
         if [ -d /root/tempttrss ]; then
             rm -rf /root/tempttrss
         fi
+
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
+        MARIADB_PASSWORD=
+
         echo $"Restore of ttrss complete"
     fi
 }
 
     nginx_dissite $RSS_READER_DOMAIN_NAME
     function_check remove_onion_service
-    remove_onion_service rss ${RSS_READER_ONION_PORT} ${RSS_MOBILE_READER_ONION_PORT}
+    remove_onion_service mobilerss ${RSS_MOBILE_READER_ONION_PORT}
+    remove_onion_service rss ${RSS_READER_ONION_PORT}
     if [ -f /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME ]; then
         rm /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     fi
     remove_completion_param install_rss
     sed -i '/RSS /d' $COMPLETION_FILE
     sed -i '/rss /d' $COMPLETION_FILE
+    sed -i '/rss_/d' $COMPLETION_FILE
     remove_backup_database_local ttrss
 }
 
     function_check remove_onion_service
     remove_onion_service rss ${RSS_READER_ONION_PORT} ${RSS_MOBILE_READER_ONION_PORT}
 
-    apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git
-    apt-get -yq install curl php-xml-parser php5-mcrypt
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git
+    apt-get -yq install curl php-mcrypt libfcgi0ldbl
+
+    remove_onion_service mobilerss ${RSS_MOBILE_READER_ONION_PORT}
+    remove_onion_service rss ${RSS_READER_ONION_PORT}
 
     if [ ! -d /etc/share ]; then
         mkdir /etc/share
     fi
     cd /etc/share
-    function_check git_clone
-    git_clone $RSS_READER_REPO tt-rss
+
+    if [ -d /repos/rss ]; then
+        mkdir tt-rss
+        cp -r -p /repos/rss/. tt-rss
+        cd tt-rss
+        git pull
+    else
+        function_check git_clone
+        git_clone $RSS_READER_REPO tt-rss
+    fi
+
     if [ ! -d $RSS_READER_PATH ]; then
         echo $'Could not clone RSS reader repo'
         exit 52925
     rss_create_database
 
     RSS_READER_ONION_HOSTNAME=$(add_onion_service rss 80 ${RSS_READER_ONION_PORT})
-    RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service rss_mobile 80 ${RSS_MOBILE_READER_ONION_PORT})
+
+    sleep 2
+
+    RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service mobilerss 80 ${RSS_MOBILE_READER_ONION_PORT})
+
+    set_completion_param "rss_mobile onion domain" "$RSS_MOBILE_READER_ONION_HOSTNAME"
 
     echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo "  listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '  set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
     echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
         # generate a config file
         RSS_FEED_CRYPT_KEY="$(create_password 24)"
         echo '<?php' > $RSS_READER_PATH/config.php
-        echo "  define ('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
+        echo "  define('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
         echo "  define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php
         echo "  define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php
         echo "  define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php
     configure_php
 
     nginx_ensite $RSS_READER_DOMAIN_NAME
-    systemctl restart php5-fpm
+    systemctl restart mariadb
+    systemctl restart php7.0-fpm
     systemctl restart nginx
 
     # daemon to update feeds
     echo '[Unit]' > /etc/systemd/system/ttrss.service
     echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service
-    echo 'After=network.target mysql.service' >> /etc/systemd/system/ttrss.service
+    echo 'After=network.target mariadb.service' >> /etc/systemd/system/ttrss.service
     echo 'After=tor.service' >> /etc/systemd/system/ttrss.service
     echo '' >> /etc/systemd/system/ttrss.service
     echo '[Service]' >> /etc/systemd/system/ttrss.service
     fi
 
     cd /etc/share
-    function_check git_clone
-    git_clone $RSS_MOBILE_READER_REPO ttrss-mobile
+
+    if [ -d /repos/rss-mobile ]; then
+        mkdir ttrss-mobile
+        cp -r -p /repos/rss-mobile/. ttrss-mobile
+        cd ttrss-mobile
+        git pull
+    else
+        function_check git_clone
+        git_clone $RSS_MOBILE_READER_REPO ttrss-mobile
+    fi
+
     if [ ! -d $RSS_MOBILE_READER_PATH ]; then
         echo $'Could not clone RSS mobile reader repo'
         exit 24816

src/freedombone-app-scuttlebot

 #
 # scuttlebot pub application
 # https://scuttlebot.io
+# Problem: on occasion uses 100% of the CPU, severely impacting other services
 #
 # License
 # =======
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-VARIANTS='full full-vim chat'
+VARIANTS=''
 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=0
                       DEFAULT_DOMAIN_NAME
                       SYSTEM_TYPE)
 
+function logging_on_scuttlebot {
+    echo -n ''
+}
+
+function logging_off_scuttlebot {
+    echo -n ''
+}
+
 function scuttlebot_create_invite {
     invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g')
 
     systemctl stop scuttlebot
     systemctl disable scuttlebot
     rm /etc/systemd/system/scuttlebot.service
+    systemctl daemon-reload
 
     userdel -r scuttlebot
 

src/freedombone-app-searx

 SHOW_ICANN_ADDRESS_ON_ABOUT=0
 
 SEARX_REPO="https://github.com/asciimoo/searx"
-SEARX_COMMIT='259735f30901ae884f8234f1f138c28a9e59713a'
+SEARX_COMMIT='80460be8f69cea5f15c9d5ddbb63e4e48fde2dd0'
 SEARX_PATH=/etc
 SEARX_ONION_PORT=8094
 SEARX_ONION_HOSTNAME=
                  SEARX_BACKGROUND_IMAGE_URL
                  SYSTEM_TYPE)
 
+function logging_on_searx {
+    echo -n ''
+}
+
+function logging_off_searx {
+    echo -n ''
+}
+
 function searx_set_default_background {
     if [ -f ~/freedombone/img/backgrounds/searx.jpg ]; then
         cp ~/freedombone/img/backgrounds/searx.jpg /etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg
 }
 
 function upgrade_searx {
+    CURR_SEARX_COMMIT=$(get_completion_param "searx commit")
+    if [[ "$CURR_SEARX_COMMIT" == "$SEARX_COMMIT" ]]; then
+        return
+    fi
+
     settings_file=${SEARX_PATH}/searx/searx/settings.yml
     background_image=/etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg
 
     systemctl stop searx
     systemctl disable searx
     rm /etc/systemd/system/searx.service
+    systemctl daemon-reload
+
     function_check remove_onion_service
     remove_onion_service searx ${SEARX_ONION_PORT}
     userdel -r searx
         exit 62429
     fi
 
-    apt-get -yq install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils
-    apt-get -yq install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi imagemagick
+    apt-get -yq install python-pip libyaml-dev python-werkzeug python-babel python-lxml
+    apt-get -yq install git build-essential libxslt-dev python-dev python-virtualenv zlib1g-dev uwsgi uwsgi-plugin-python imagemagick
+    apt-get -yq install apache2-utils
+
+    apt-get -yq remove --purge apache2-bin*
+    if [ -d /etc/apache2 ]; then
+        rm -rf /etc/apache2
+        echo $'Removed Apache installation'
+    fi
 
     pip install --upgrade pip
 
         exit 63738
     fi
 
+    pip install requests --upgrade
+    if [ ! "$?" = "0" ]; then
+        echo $'Failed to install requests'
+        exit 357282
+    fi
+
+    pip install pygments --upgrade
+    if [ ! "$?" = "0" ]; then
+        echo $'Failed to install pygments'
+        exit 357282
+    fi
+
     if [ ! -d $SEARX_PATH ]; then
         mkdir -p $SEARX_PATH
     fi
 
     # clone the repo
     cd $SEARX_PATH
-    function_check git_clone
-    git_clone $SEARX_REPO searx
+
+    if [ -d /repos/searx ]; then
+        mkdir searx
+        cp -r -p /repos/searx/. searx
+        cd searx
+        git pull
+    else
+        function_check git_clone
+        git_clone $SEARX_REPO searx
+    fi
+
     git checkout $SEARX_COMMIT -b $SEARX_COMMIT
     set_completion_param "searx commit" "$SEARX_COMMIT"
 
     echo '}' >> /etc/nginx/sites-available/searx
 
     # replace the secret key
-    if ! grep "searx key" $COMPLETION_FILE; then
+    if ! grep -q "searx key" $COMPLETION_FILE; then
         SEARX_SECRET_KEY="$(create_password 30)"
         set_completion_param "searx key" "${SEARX_SECRET_KEY}"
     fi
     nginx_ensite searx
 
     # restart the web server
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
     systemctl restart nginx
 
     # start the daemon

src/freedombone-app-sip

                TURN_TLS_PORT
                TURN_NONCE)
 
+function logging_on_sip {
+    echo -n ''
+}
+
+function logging_off_sip {
+    echo -n ''
+}
+
 function remove_user_sip {
     remove_username="$1"
     ${PROJECT_NAME}-rmsipuser ${remove_username}
             exit 3679
         fi
         rm -rf $temp_restore_dir
-        service sipwitch restart
+        systemctl restart sipwitch
         echo $"Restore of SIP settings complete"
     fi
 }
         return
     fi
 
-    service sipwitch stop
+    systemctl stop sipwitch
 
     # remove the original sipwitch daemon if it exists
     if [ -f /etc/init.d/sipwitch ]; then

src/freedombone-app-syncthing

 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
                      SYNCTHING_SHARED_DATA
                      USB_MOUNT)
 
+function logging_on_syncthing {
+    echo -n ''
+}
+
+function logging_off_syncthing {
+    echo -n ''
+}
+
 function syncthing_create_ids_file {
     if [ ! -f ~/.syncthing-server-id ]; then
         return
     firewall_remove ${SYNCTHING_PORT}
     systemctl stop syncthing
     systemctl disable syncthing
-    apt-get -yq remove --purge syncthing
     rm /etc/systemd/system/syncthing.service
+    systemctl daemon-reload
+    apt-get -yq remove --purge syncthing
     sed -i "/${PROJECT_NAME}-syncthing/d" /etc/crontab
     remove_completion_param install_syncthing
     remove_completion_param configure_firewall_for_syncthing
     mark_completed $FUNCNAME
 }
 
-function install_syncthing {
-    apt-get -yq install curl
+function install_syncthing_repo {
+    if [ -f /etc/apt/sources.list.d/syncthing.list ]; then
+        return
+    fi
 
+    apt-get -yq install curl
     curl -s https://syncthing.net/release-key.txt | apt-key add -
     echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list
     apt-get update
+}
+
+function install_syncthing {
+    install_syncthing_repo
     apt-get -yq install syncthing
 
     # This probably does need to run as root so that it can access the Sync directories

src/freedombone-app-tahoelafs

 SHOW_ON_ABOUT=1
 SHOW_ICANN_ADDRESS_ON_ABOUT=0
 
-TAHOELAFS_REPO="https://github.com/tahoe-lafs/tahoe-lafs"
-TAHOELAFS_COMMIT='bb782b0331a60de438136a593bba18338d8d866b'
-
 TAHOELAFS_PORT=50213
 TAHOELAFS_STORAGE_PORT=50214
 TAHOELAFS_ONION_PORT=8096
 TAHOELAFS_STORAGE_ONION_PORT=8097
 
-TAHOE_COMMAND="cd /home/tahoelafs/tahoelafs && venv/bin/tahoe"
-tahoelafs_storage_file=/home/tahoelafs/client/private/servers.yaml
+TAHOE_DIR=/home/tahoelafs
+TAHOE_COMMAND='/usr/bin/tahoe'
+tahoelafs_storage_file=$TAHOE_DIR/client/private/servers.yaml
 
 TAHOELAFS_SHARES_NEEDED=3
 TAHOELAFS_SHARES_HAPPY=7
 
 tahoelafs_variables=(ONION_ONLY
                      MY_USERNAME
-                     TAHOELAFS_REPO
                      TAHOELAFS_PORT
                      TAHOELAFS_SHARES_NEEDED
                      TAHOELAFS_SHARES_HAPPY
                      TAHOELAFS_SHARES_TOTAL)
 
+function logging_on_tahoelafs {
+    echo -n ''
+}
+
+function logging_off_tahoelafs {
+    echo -n ''
+}
+
 function add_user_tahoelafs {
     if [[ $(app_is_installed tahoelafs) == "0" ]]; then
         echo '0'
     new_username="$1"
     new_user_password="$2"
     ${PROJECT_NAME}-pass -u $new_username -a tahoelafs -p "$new_user_password"
-    if grep "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then
+    if grep -q "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then
         sed -i '/${new_username}:/d' /etc/nginx/.htpasswd-tahoelafs
     fi
     echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${new_username}
 function remove_user_tahoelafs {
     remove_username="$1"
     ${PROJECT_NAME}-pass -u $remove_username --rmapp tahoelafs
-    if grep "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then
+    if grep -q "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then
         sed -i '/${remove_username}:/d' /etc/nginx/.htpasswd-tahoelafs
     fi
 }
     change_username="$1"
     change_password="$2"
     ${PROJECT_NAME}-pass -u $change_username -a tahoelafs -p "$change_password"
-    if grep "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then
+    if grep -q "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then
         sed -i '/tahoe-${change_username}:/d' /etc/nginx/.htpasswd-tahoelafs
     fi
     echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${change_username}
         TAHOELAFS_SHARES_TOTAL=${tl_total}
     fi
 
-    sed -i "s|shares.needed.*|shares.needed = ${TAHOELAFS_SHARES_NEEDED}|g" /home/tahoelafs/tahoelafs/client/tahoe.cfg
-    sed -i "s|shares.happy.*|shares.happy = ${TAHOELAFS_SHARES_HAPPY}|g" /home/tahoelafs/tahoelafs/client/tahoe.cfg
-    sed -i "s|shares.total.*|shares.total = ${TAHOELAFS_SHARES_TOTAL}|g" /home/tahoelafs/tahoelafs/client/tahoe.cfg
+    sed -i "s|shares.needed.*|shares.needed = ${TAHOELAFS_SHARES_NEEDED}|g" $TAHOE_DIR/tahoelafs/client/tahoe.cfg
+    sed -i "s|shares.happy.*|shares.happy = ${TAHOELAFS_SHARES_HAPPY}|g" $TAHOE_DIR/tahoelafs/client/tahoe.cfg
+    sed -i "s|shares.total.*|shares.total = ${TAHOELAFS_SHARES_TOTAL}|g" $TAHOE_DIR/tahoelafs/client/tahoe.cfg
 
-    sed -i "s|shares.needed.*|shares.needed = ${TAHOELAFS_SHARES_NEEDED}|g" /home/tahoelafs/tahoelafs/storage/tahoe.cfg
-    sed -i "s|shares.happy.*|shares.happy = ${TAHOELAFS_SHARES_HAPPY}|g" /home/tahoelafs/tahoelafs/storage/tahoe.cfg
-    sed -i "s|shares.total.*|shares.total = ${TAHOELAFS_SHARES_TOTAL}|g" /home/tahoelafs/tahoelafs/storage/tahoe.cfg
+    sed -i "s|shares.needed.*|shares.needed = ${TAHOELAFS_SHARES_NEEDED}|g" $TAHOE_DIR/tahoelafs/storage/tahoe.cfg
+    sed -i "s|shares.happy.*|shares.happy = ${TAHOELAFS_SHARES_HAPPY}|g" $TAHOE_DIR/tahoelafs/storage/tahoe.cfg
+    sed -i "s|shares.total.*|shares.total = ${TAHOELAFS_SHARES_TOTAL}|g" $TAHOE_DIR/tahoelafs/storage/tahoe.cfg
 
     systemctl restart tahoelafs-storage
     systemctl restart tahoelafs-client
     echo '[connections]' >> $config_file
     echo 'tcp = tor' >> $config_file
 
-    chown -R tahoelafs:debian-tor /home/tahoelafs
+    chown -R tahoelafs:debian-tor $TAHOE_DIR
 }
 
 function install_interactive_tahoelafs {
 }
 
 function upgrade_tahoelafs {
-    if [ ! -d /home/tahoelafs/tahoelafs ]; then
-        return
-    fi
-    systemctl stop tahoelafs
-    function_check set_repo_commit
-    set_repo_commit /home/tahoelafs/tahoelafs "tahoelafs commit" "$TAHOELAFS_COMMIT" $TAHOELAFS_REPO
-    cd /home/tahoelafs/tahoelafs
-    git submodule update --init --recursive
-    virtualenv venv
-    venv/bin/pip install --editable .
-    chown -R tahoelafs:debian-tor /home/tahoelafs
-    systemctl start tahoelafs
+    echo -n ''
 }
 
 function backup_local_tahoelafs {
-    source_directory=/home/tahoelafs
+    source_directory=$TAHOE_DIR
     if [ ! -d $source_directory ]; then
         return
     fi
     systemctl stop tahoelafs-client
     temp_restore_dir=/root/temptahoelafs
     restore_directory_from_usb $temp_restore_dir tahoelafs
-    mv /home/tahoelafs /home/tahoelafs-old
-    cp -r $temp_restore_dir/home/tahoelafs /home/tahoelafs
+    mv $TAHOE_DIR ${TAHOE_DIR}-old
+    cp -r $temp_restore_dir$TAHOE_DIR $TAHOE_DIR
     if [ ! "$?" = "0" ]; then
-        mv /home/tahoelafs-old /home/tahoelafs
+        mv ${TAHOE_DIR}-old $TAHOE_DIR
         exit 246833
     fi
-    rm -rf /home/tahoelafs-old
-    chown -R tahoelafs:debian-tor /home/tahoelafs
+    rm -rf ${TAHOE_DIR}-old
+    chown -R tahoelafs:debian-tor $TAHOE_DIR
     systemctl start tahoelafs-client
     systemctl start tahoelafs-storage
     echo $"Restore complete"
 }
 
 function backup_remote_tahoelafs {
-    source_directory=/home/tahoelafs
+    source_directory=$TAHOE_DIR
     if [ ! -d $source_directory ]; then
         return
     fi
     systemctl stop tahoelafs-client
     temp_restore_dir=/root/temptahoelafs
     restore_directory_from_friend $temp_restore_dir tahoelafs
-    mv /home/tahoelafs /home/tahoelafs-old
-    cp -r $temp_restore_dir/home/tahoelafs /home/tahoelafs
+    mv $TAHOE_DIR ${TAHOE_DIR}-old
+    cp -r $temp_restore_dir$TAHOE_DIR $TAHOE_DIR
     if [ ! "$?" = "0" ]; then
-        mv /home/tahoelafs-old /home/tahoelafs
+        mv ${TAHOE_DIR}old $TAHOE_DIR
         exit 623925
     fi
-    rm -rf /home/tahoelafs-old
-    chown -R tahoelafs:debian-tor /home/tahoelafs
+    rm -rf ${$TAHOE_DIR}-old
+    chown -R tahoelafs:debian-tor $TAHOE_DIR
     systemctl start tahoelafs-client
     systemctl start tahoelafs-storage
     echo $"Restore complete"
     systemctl stop tahoelafs-storage
     systemctl disable tahoelafs-storage
     rm /etc/systemd/system/tahoelafs-storage.service
+    systemctl daemon-reload
 
     systemctl stop tahoelafs-client
     systemctl disable tahoelafs-client
     rm /etc/systemd/system/tahoelafs-client.service
+    systemctl daemon-reload
+
+    pip uninstall tahoe-lafs[tor]
+    apt-get -yq remove tahoe-lafs
 
     if [ -d /var/lib/tahoelafs ]; then
         rm -rf /var/lib/tahoelafs
     remove_onion_service tahoelafs ${TAHOELAFS_ONION_PORT}
     remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} $(get_tahoelafs_nick)
     sed -i '/HidServAuth /d' /etc/tor/torrc
-    deluser tahoelafs
-    if [ -d /home/tahoelafs ]; then
-        rm -rf /home/tahoelafs
+
+    groupdel -f tahoelafs
+    userdel -r tahoelafs
+
+    if [ -d $TAHOE_DIR ]; then
+        rm -rf $TAHOE_DIR
     fi
     remove_app tahoelafs
     if [ -f /etc/nginx/.htpasswd-tahoelafs ]; then
         shred -zu /etc/nginx/.htpasswd-tahoelafs
     fi
-    remove_completion_param "tahoelafs commit"
-    systemctl reload tor
-}
-
-function install_tahoelafs_to_directory {
-    tahoe_dir=$1
-
-    git_clone $TAHOELAFS_REPO $tahoe_dir
-    cd $tahoe_dir
-    git checkout $TAHOELAFS_COMMIT -b $TAHOELAFS_COMMIT
-    git submodule update --init --recursive
-    virtualenv venv --distribute
-    venv/bin/pip uninstall --yes setuptools
-    venv/bin/pip install setuptools==11.3
-    venv/bin/pip install six==1.10.0 packaging==16.8 attrs==16.3.0 appdirs==1.4.2 pycrypto==2.1.0 cffi==1.9.1
-    venv/bin/pip install cryptography==1.7.2 markerlib==0.6.0 distribute==0.7.3
-    venv/bin/pip install txtorcon==0.18.0
-    venv/bin/pip install --editable .
+    onion_update
 }
 
 function create_tahoelafs_stealth_node {
 }
 
 function get_tahoelafs_furl {
-    furl=$(cat /home/tahoelafs/storage/private/storage.furl)
+    furl=$(cat $TAHOE_DIR/storage/private/storage.furl)
     furl_1=$(echo "${furl}" | awk -F ' ' '{print $1}')
     furl_2=$(echo "${furl}" | awk -F ':' '{print $5}')
     echo "${furl_1}:${furl_2}"
 }
 
 function get_tahoelafs_public_key {
-    echo "$(cat /home/tahoelafs/storage/node.pubkey | grep 'v0-' | sed 's|pub-||g')"
+    echo "$(cat $TAHOE_DIR/storage/node.pubkey | grep 'v0-' | sed 's|pub-||g')"
 }
 
 function add_tahoelafs_server {
     echo 'Type=simple' >> $TAHOELAFS_DAEMON_FILE
     echo "User=tahoelafs" >> $TAHOELAFS_DAEMON_FILE
     echo "Group=debian-tor" >> $TAHOELAFS_DAEMON_FILE
-    echo "WorkingDirectory=/home/tahoelafs/tahoelafs" >> $TAHOELAFS_DAEMON_FILE
-    echo "ExecStart=/home/tahoelafs/tahoelafs/venv/bin/tahoe run /home/tahoelafs/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
-    echo "ExecStop=/home/tahoelafs/tahoelafs/venv/bin/tahoe stop /home/tahoelafs/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
+    echo "WorkingDirectory=${TAHOE_DIR}" >> $TAHOELAFS_DAEMON_FILE
+    echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
+    echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
     echo 'Restart=on-failure' >> $TAHOELAFS_DAEMON_FILE
     echo 'RestartSec=10' >> $TAHOELAFS_DAEMON_FILE
-    echo "Environment=\"USER=tahoelafs\" \"HOME=/home/tahoelafs\"" >> $TAHOELAFS_DAEMON_FILE
+    echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"" >> $TAHOELAFS_DAEMON_FILE
     echo '' >> $TAHOELAFS_DAEMON_FILE
     echo '[Install]' >> $TAHOELAFS_DAEMON_FILE
     echo 'WantedBy=multi-user.target' >> $TAHOELAFS_DAEMON_FILE
     if [ ! -f /etc/nginx/.htpasswd-tahoelafs ]; then
         touch /etc/nginx/.htpasswd-tahoelafs
     fi
-    if grep "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then
+    if grep -q "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then
         sed -i '/${MY_USERNAME}:/d' /etc/nginx/.htpasswd-tahoelafs
     fi
     echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${MY_USERNAME}
     fi
 
     apt-get -yq install build-essential python-pip python-dev libffi-dev libssl-dev
-    apt-get -yq install libcrypto++-dev python-pycryptopp python-cffi python-virtualenv
+    apt-get -yq install libcrypto++-dev python-pycryptopp python-cffi
+    apt-get -yq install python-virtualenv apache2-utils
 
-    # create a user
-    if [ ! -d /home/tahoelafs ]; then
-        # add a gogs user account
-        adduser --disabled-login --gecos 'tahoe-lafs' tahoelafs
-        adduser tahoelafs debian-tor
+    if [ -d $TAHOE_DIR ]; then
+        groupdel -f tahoelafs
+        userdel -r tahoelafs
+        rm -rf $TAHOE_DIR
     fi
 
-    if [ -d /home/tahoelafs/Maildir ]; then
-        rm -rf /home/tahoelafs/Maildir
+    # create a user
+    adduser --disabled-login --gecos 'tahoe-lafs' tahoelafs
+
+    if [ ! -d $TAHOE_DIR ]; then
+        echo $"$TAHOE_DIR directory was not created"
+        exit 879335
     fi
 
-    install_tahoelafs_to_directory /home/tahoelafs/tahoelafs
+    adduser tahoelafs debian-tor
+    groupadd tahoelafs
+
+    apt-get -yq install tahoe-lafs
+    pip install tahoe-lafs[tor]
+
+    if [ -d $TAHOE_DIR/Maildir ]; then
+        rm -rf $TAHOE_DIR/Maildir
+    fi
 
     # remove files we don't need
-    rm -rf /home/tahoelafs/.mutt
-    rm /home/tahoelafs/.emacs-mutt
-    rm /home/tahoelafs/.muttrc
-    rm /home/tahoelafs/.mutt-alias
-    rm /home/tahoelafs/.procmailrc
+    rm -rf $TAHOE_DIR/.mutt
+    rm $TAHOE_DIR/.emacs-mutt
+    rm $TAHOE_DIR/.muttrc
+    rm $TAHOE_DIR/.mutt-alias
+    rm $TAHOE_DIR/.procmailrc
 
     # set permissions
-    chown -R tahoelafs:debian-tor /home/tahoelafs
+    chown -R tahoelafs:debian-tor $TAHOE_DIR
 
     node_nick=$(get_tahoelafs_nick)
     client_nick=${MY_USERNAME}-client
     # create an onion address for client node
     TAHOELAFS_ONION_HOSTNAME=$(add_onion_service tahoelafs 80 ${TAHOELAFS_ONION_PORT})
 
-    create_tahoelafs_stealth_node /home/tahoelafs/storage /home/tahoelafs/client ${node_nick} ${client_nick}
+    create_tahoelafs_stealth_node $TAHOE_DIR/storage $TAHOE_DIR/client ${node_nick} ${client_nick}
 
     # start the storage node
-    su -c '/home/tahoelafs/tahoelafs/venv/bin/python2 /home/tahoelafs/tahoelafs/venv/bin/tahoe start /home/tahoelafs/storage' - tahoelafs
+    su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/storage" - tahoelafs
     create_tahoelafs_daemon "storage"
 
     # start the client
-    su -c '/home/tahoelafs/tahoelafs/venv/bin/python2 /home/tahoelafs/tahoelafs/venv/bin/tahoe start /home/tahoelafs/client' - tahoelafs
+    su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/client" - tahoelafs
     add_tahoelafs_server "$(get_tahoelafs_storage_hostname)" "$(get_tahoelafs_public_key)" "${node_nick}" "$(get_tahoelafs_furl)"
     if ! grep -q "HidServAuth $(get_tahoelafs_storage_hostname)" /etc/tor/torrc; then
         echo $'Unable to create tahoelafs server'
     fi
     create_tahoelafs_daemon "client"
 
-    set_completion_param "tahoelafs commit" "$TAHOELAFS_COMMIT"
     set_completion_param "tahoelafs onion domain" "$TAHOELAFS_ONION_HOSTNAME"
 
     create_tahoelafs_web
-    systemctl restart tor
+    onion_update
     APP_INSTALLED=1
 }
 

src/freedombone-app-tox

 
 TOX_PORT=33445
 TOXCORE_REPO="https://github.com/bashrc/toxcore"
-TOXCORE_COMMIT='d3fa9f82bda3a8746917502c525237427ba17d45'
+TOXCORE_COMMIT='532629d486e3361c7d8d95b38293cc7d61dc4ee5'
 TOXID_REPO="https://github.com/bashrc/toxid"
 TOX_BOOTSTRAP_ID_FILE=/var/lib/tox-bootstrapd/pubkey.txt
 # These are some default nodes, but you can replace them with trusted nodes
                TOX_PORT
                TOX_NODES)
 
+function logging_on_tox {
+    echo -n ''
+}
+
+function logging_off_tox {
+    echo -n ''
+}
+
 function remove_user_tox {
     remove_username="$1"
 
         mkdir -p ${rootdir}$INSTALL_DIR
     fi
 
-    chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu52 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng12-0 libqrencode3 libsm6 libsodium13 libsqlite3-0 libssl1.0.0 libstdc++6 libtiff5 libudev1 libvpx1 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp5 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev
-    chroot "${rootdir}" apt-get -yq install build-essential qt5-qmake qt5-default qttools5-dev-tools libqt5opengl5-dev libqt5svg5-dev libopenal-dev libxss-dev qrencode libqrencode-dev libglib2.0-dev libgdk-pixbuf2.0-dev libgtk2.0-dev libsqlcipher-dev libopus-dev libvpx-dev libavformat-dev libavdevice-dev libswscale-dev libavutil-dev libavcodec-dev libavcodec56 libavcodec57 libavfilter-dev libavfilter6
+    chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu57 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng16-16 libqrencode3 libsm6 libsodium18 libsqlite3-0 libssl1.1 libstdc++6 libtiff5 libudev1 libvpx4 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp6 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev
+    chroot "${rootdir}" apt-get -yq install build-essential qt5-qmake qt5-default qttools5-dev-tools libqt5opengl5-dev libqt5svg5-dev libopenal-dev libxss-dev qrencode libqrencode-dev libglib2.0-dev libgdk-pixbuf2.0-dev libgtk2.0-dev libsqlcipher-dev libopus-dev libvpx-dev libavformat-dev libavdevice-dev libswscale-dev libavutil-dev libavcodec-dev libavcodec57 libavfilter-dev libavfilter6
 
-    mesh_install_ffmpeg
+    # ffmpeg
+    chroot "${rootdir}" apt-get -yq install build-essential
+    chroot "${rootdir}" apt-get -yq install ffmpeg libmp3lame-dev libvorbis-dev libtheora-dev
+    chroot "${rootdir}" apt-get -yq install libspeex-dev yasm pkg-config libopenjp2-7-dev
+    chroot "${rootdir}" apt-get -yq install libx264-dev mjpegtools libmjpegtools-dev libav-tools
+
+    if [ -d /repos/qtox ]; then
+        mkdir ${rootdir}$INSTALL_DIR/qtox
+        cp -r -p /repos/qtox/. ${rootdir}$INSTALL_DIR/qtox
+        cd ${rootdir}$INSTALL_DIR/qtox
+        git pull
+    else
+        git clone $QTOX_REPO ${rootdir}$INSTALL_DIR/qtox
+    fi
 
-    git clone $QTOX_REPO ${rootdir}$INSTALL_DIR/qtox
     if [ ! -d ${rootdir}$INSTALL_DIR/qtox ]; then
         exit 72428
     fi
 
     # install a command to obtain the Tox ID
     cd $INSTALL_DIR
-    function_check git_clone
-    git_clone $TOXID_REPO $INSTALL_DIR/toxid
+
+    if [ -d /repos/toxid ]; then
+        mkdir $INSTALL_DIR/toxid
+        cp -r -p /repos/toxid/. $INSTALL_DIR/toxid
+        cd $INSTALL_DIR/toxid
+        git pull
+    else
+        function_check git_clone
+        git_clone $TOXID_REPO $INSTALL_DIR/toxid
+    fi
+
     if [ ! -d $INSTALL_DIR/toxid ]; then
         exit 63921
     fi
     if [ $rootdir ]; then
         chroot ${rootdir} apt-get -yq install build-essential libtool autotools-dev
         chroot ${rootdir} apt-get -yq install automake checkinstall check git yasm
-        chroot ${rootdir} apt-get -yq install libsodium13 libsodium-dev libcap2-bin
+        chroot ${rootdir} apt-get -yq install libsodium18 libsodium-dev libcap2-bin
         chroot ${rootdir} apt-get -yq install libconfig9 libconfig-dev autoconf
         chroot ${rootdir} apt-get -yq install libopus-dev libvpx-dev
     else
         apt-get -yq install build-essential libtool autotools-dev
         apt-get -yq install automake checkinstall check git yasm
-        apt-get -yq install libsodium13 libsodium-dev libcap2-bin
+        apt-get -yq install libsodium18 libsodium-dev libcap2-bin
         apt-get -yq install libconfig9 libconfig-dev autoconf
         apt-get -yq install libopus-dev libvpx-dev
     fi
         mkdir -p ${rootdir}${INSTALL_DIR}
     fi
     if [ ! -d ${rootdir}${INSTALL_DIR}/toxcore ]; then
-        git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore
-        if [ ! "$?" = "0" ]; then
-            exit 429252
+        if [ -d /repos/toxcore ]; then
+            mkdir ${rootdir}${INSTALL_DIR}/toxcore
+            cp -r -p /repos/toxcore/. ${rootdir}${INSTALL_DIR}/toxcore
+            cd ${rootdir}${INSTALL_DIR}/toxcore
+            git pull
+        else
+            git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore
+            if [ ! "$?" = "0" ]; then
+                exit 429252
+            fi
         fi
     fi
     cd ${rootdir}$INSTALL_DIR/toxcore
         mkdir -p ${rootdir}${INSTALL_DIR}
     fi
 
-    git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid
+    if [ -d /repos/toxid ]; then
+        mkdir ${rootdir}${INSTALL_DIR}/toxid
+        cp -r -p /repos/toxid/. ${rootdir}${INSTALL_DIR}/toxid
+        cd ${rootdir}${INSTALL_DIR}/toxid
+        git pull
+    else
+        git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid
+    fi
+
     if [ ! -d ${rootdir}${INSTALL_DIR}/toxid ]; then
         echo $'Unable to clone toxid repo'
         exit 768352
     TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
     echo '#!/bin/bash' > $TEMP_SCRIPT
     echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
-    echo "git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
+    echo 'if [ -d /repos/toxic ]; then' >> $TEMP_SCRIPT
+    echo "    mkdir $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
+    echo "    cp -r -p /repos/toxic/. $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
+    echo "    cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
+    echo '    git pull' >> $TEMP_SCRIPT
+    echo 'else' >> $TEMP_SCRIPT
+    echo "    git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
+    echo 'fi' >> $TEMP_SCRIPT
     echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
     echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT
     echo 'make' >> $TEMP_SCRIPT
         /root/$TEMP_SCRIPT_NAME
     fi
     if [ ! "$?" = "0" ]; then
+        cat -n /root/fbtmp728353.sh
         duration=$SECONDS
         echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
         echo $'Unable to make tox client'
 }
 
 function enable_tox_repo {
-    echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
+    echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
 
 
     cat >> $rootdir/root/gettoxkey.sh <<EOF
 #!/bin/bash
-wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key -O- > /root/tox.key
+wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key -O- > /root/tox.key
 apt-key add /root/tox.key
 rm /root/tox.key
 EOF

src/freedombone-app-turtl

                  MY_EMAIL_ADDRESS
                  MY_USERNAME)
 
+function logging_on_turtl {
+    echo -n ''
+}
+
+function logging_off_turtl {
+    echo -n ''
+}
+
 function change_password_turtl {
     change_username="$1"
     new_user_password="$2"
 }
 
 function turtl_disable_registrations {
-    if grep "$TURTL_SIGNUP_STRING" $turtl_users_file; then
+    if grep -q "$TURTL_SIGNUP_STRING" $turtl_users_file; then
         if [ -f $turtl_users_file ]; then
             cp $turtl_users_file $TURTL_BASE_DIR/.users.lisp
             sed -i '/(route (:post "\/users") (req res)/,/(send-json res user))))/{//!d}' $turtl_users_file
 }
 
 function turtl_enable_registrations {
-    if ! grep "$TURTL_SIGNUP_STRING" $turtl_users_file; then
+    if ! grep -q "$TURTL_SIGNUP_STRING" $turtl_users_file; then
         if [ -f $TURTL_BASE_DIR/.users.lisp ]; then
             cp $TURTL_BASE_DIR/.users.lisp $turtl_users_file
             rm $TURTL_BASE_DIR/.users.lisp
 }
 
 function upgrade_turtl {
+    CURR_TURTL_COMMIT=$(get_completion_param "turtl commit")
+    if [[ "$CURR_TURTL_COMMIT" == "$TURTL_COMMIT" ]]; then
+        return
+    fi
+
     read_config_param "TURTL_DOMAIN_NAME"
 
     function_check set_repo_commit
     systemctl stop turtl
     systemctl disable turtl
     rm /etc/systemd/system/turtl.service
+    systemctl daemon-reload
+
     remove_rethinkdb
     remove_app turtl
     remove_completion_param install_turtl
     sed -i '/turtl/d' $COMPLETION_FILE
-    deluser turtl
     nginx_dissite $TURTL_DOMAIN_NAME
     if [ -f /etc/nginx/sites-available/$TURTL_DOMAIN_NAME ]; then
         rm /etc/nginx/sites-available/$TURTL_DOMAIN_NAME
     rm -rf /etc/rethinkdb
     rm -rf /var/lib/rethinkdb
     rm -rf $TURTL_BASE_DIR
+
+    groupdel -f turtl
+    userdel -r turtl
 }
 
 
     # start the turtl server
     systemctl restart rethinkdb
 
+    if [ ! -f $TURTL_BASE_DIR/quicklisp/setup.lisp ]; then
+        echo $"$TURTL_BASE_DIR/quicklisp/setup.lisp was not found"
+        exit 6238234
+    fi
+
     echo '[Unit]' > /etc/systemd/system/turtl.service
     echo 'Description=Note taking service' >> /etc/systemd/system/turtl.service
     echo 'Documentation=http://turtl.it' >> /etc/systemd/system/turtl.service
         if [[ "$check_architecture" != *"arm"* ]]; then
             echo "ExecStart=$TURTL_BASE_DIR/ccl/lx86cl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
         else
-            echo "ExecStart=$TURTL_BASE_DIR/ccl/larmcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
+            echo "ExecStart=$TURTL_BASE_DIR/ccl/armcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
         fi
     fi
     echo '' >> /etc/systemd/system/turtl.service
         wget https://beta.quicklisp.org/quicklisp.lisp
     fi
 
+    if [ -d $TURTL_BASE_DIR ]; then
+        chown -R turtl:turtl $TURTL_BASE_DIR
+    fi
     adduser --disabled-login --home=$TURTL_BASE_DIR --gecos 'turtl' turtl
+    if [ ! -d $TURTL_BASE_DIR ]; then
+        echo $"$TURTL_BASE_DIR directory not created"
+        exit 263493
+    fi
+
+    groupadd turtl
     chown -R turtl:turtl $TURTL_BASE_DIR
 
     if [[ "$check_architecture" != *"arm"* ]]; then
 
     # install turtl API
     cd $TURTL_BASE_DIR/
-    git clone $TURTL_REPO $TURTL_BASE_DIR/api
+
+    if [ -d /repos/turtl ]; then
+        mkdir $TURTL_BASE_DIR/api
+        cp -r -p /repos/turtl/. $TURTL_BASE_DIR/api
+        cd $TURTL_BASE_DIR/api
+        git pull
+    else
+        git clone $TURTL_REPO $TURTL_BASE_DIR/api
+    fi
+
     cd $TURTL_BASE_DIR/api
     git checkout $TURTL_COMMIT -b $TURTL_COMMIT
     set_completion_param "turtl commit" "$TURTL_COMMIT"

src/freedombone-app-vim

 vim_variables=(MY_USERNAME
                VIM_MUTT_EDITOR)
 
+function logging_on_vim {
+    echo -n ''
+}
+
+function logging_off_vim {
+    echo -n ''
+}
+
 function reconfigure_vim {
     echo -n ''
 }

src/freedombone-app-vpn

 
 vpn_variables=()
 
+function logging_on_vpn {
+    echo -n ''
+}
+
+function logging_off_vpn {
+    echo -n ''
+}
+
 function install_interactive_vpn {
     echo -n ''
     APP_INSTALLED=1

src/freedombone-app-xmpp

 prosody_modules_filename='prosody-modules-20170514.tar.gz'
 prosody_modules_hash='ef404c203317cc0de6da7aaec4f21765a57f630adfbf082cf2dd92b881c15f86'
 
-LIBMESODE_REPO="https://github.com/boothj5/libmesode"
-LIBMESODE_COMMIT='e3db0e9bfba61b2d82193874343a94a88f910800'
-
-PROFANITY_REPO="https://github.com/boothj5/profanity"
-PROFANITY_COMMIT='2fafaec8a7dc9bc01ee894d83214590598b32914'
-
-PROFANITY_OMEMO_PLUGIN_REPO="https://github.com/ReneVolution/profanity-omemo-plugin"
-PROFANITY_OMEMO_PLUGIN_COMMIT='3ec8ec173656bed9761b740b086123e07c749548'
-
 xmpp_variables=(ONION_ONLY
                 INSTALLED_WITHIN_DOCKER
                 XMPP_CIPHERS
                 DEFAULT_DOMAIN_NAME
                 XMPP_DOMAIN_CODE)
 
+function logging_on_xmpp {
+    if [ -d /etc/prosody ]; then
+        if [ ! -d /var/log/prosody ]; then
+            mkdir /var/log/prosody
+            chown root:adm /var/log/prosody
+        fi
+        sed -i 's|info = "/dev/null";|info = "/var/log/prosody/prosody.log";|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|error = "/dev/null";|error = "/var/log/prosody/prosody.err";|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|levels = { "error" }; to = "/dev/null";|levels = { "error" }; to = "syslog";|g' /etc/prosody/prosody.cfg.lua
+    fi
+}
+
+function logging_off_xmpp {
+    if [ -d /etc/prosody ]; then
+        sed -i 's|info = "/var/log/prosody/prosody.log";|info = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|error = "/var/log/prosody/prosody.err";|error = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|levels = { "error" }; to = "syslog";|levels = { "error" }; to = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
+        $REMOVE_FILES_COMMAND /var/log/prosody/*
+        rm -rf /var/log/prosody
+    fi
+}
+
 function xmpp_add_onion_address {
     domain_name="$1"
     onion_address="$2"
     fi
 
     # change to using pep rather than profile modules
-    if grep '"pep"' /etc/prosody/prosody.cfg.lua; then
+    if grep -q '"pep"' /etc/prosody/prosody.cfg.lua; then
         # This strange dance seems to fix occasional breakage of PEP
         # Is there a better solution?
         sed -i 's|"pep"|"profile"|g' /etc/prosody/prosody.cfg.lua
         sed -i 's|"profile"|"pep"|g' /etc/prosody/prosody.cfg.lua
         systemctl restart prosody
     fi
-    if ! grep '"vcard"' /etc/prosody/prosody.cfg.lua; then
+    if ! grep -q '"vcard"' /etc/prosody/prosody.cfg.lua; then
         systemctl stop prosody
         sed -i '/"pep"/a "vcard";' /etc/prosody/prosody.cfg.lua
         systemctl start prosody
         set_completion_param "prosody_filename" "${prosody_filename}"
     fi
 
+    cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
+    chown -R prosody:prosody /var/lib/prosody/prosody-modules
+
     systemctl restart prosody
 }
 
             exit 725
         fi
         rm -rf $temp_restore_dir
-        service prosody restart
+        systemctl restart prosody
         chown -R prosody:prosody /var/lib/prosody/*
         echo $"Restore of xmpp settings complete"
     fi
             exit 725
         fi
         rm -rf $temp_restore_dir
-        service prosody restart
+        systemctl restart prosody
         chown -R prosody:prosody /var/lib/prosody/*
         echo $"Restore of xmpp settings complete"
     fi

src/freedombone-app-zeronet

                    ZERONET_DEFAULT_FORUM_TAGLINE
                    ZERONET_DEFAULT_MAIL_TAGLINE)
 
+function logging_on_zeronet {
+    echo -n ''
+}
+
+function logging_off_zeronet {
+    echo -n ''
+}
+
 function install_interactive_zeronet {
     echo -n ''
     APP_INSTALLED=1
     chroot "$rootdir" pip install msgpack-python --upgrade
 
     chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet
-    git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
+
+    if [ -d /repos/zeronet ]; then
+        mkdir $rootdir$MESH_INSTALL_DIR/zeronet
+        cp -r -p /repos/zeronet/. $rootdir$MESH_INSTALL_DIR/zeronet
+        cd $rootdir$MESH_INSTALL_DIR/zeronet
+        git pull
+    else
+        git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
+    fi
+
     if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then
         echo 'WARNING: Unable to clone zeronet'
         return

src/freedombone-backup-local

     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
+function please_wait {
+        local str width height length
+
+        width=$(tput cols)
+        height=$(tput lines)
+        str="Standby to backup to USB"
+        length=${#str}
+        clear
+        tput cup $((height / 2)) $(((width / 2) - (length / 2)))
+        echo "$str"
+        tput cup $((height * 3 / 5)) $(((width / 2)))
+        echo -n ''
+}
+
+please_wait
+
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 
 # include utils which allow function_check and drive mount
   source $f
 done
 
+clear
+
 USB_DRIVE=/dev/sdb1
 USB_MOUNT=/mnt/usb
 
     fi
 }
 
+function backup_blocklist {
+    if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
+        return
+    fi
+    echo $"Backing up ${PROJECT_NAME} blocklist"
+    temp_backup_dir=/root/tempbackupblocklist
+    if [ ! -d $temp_backup_dir ]; then
+        mkdir -p $temp_backup_dir
+    fi
+    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
+        cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
+    fi
+    backup_directory_to_usb $temp_backup_dir blocklist
+    rm -rf $temp_backup_dir
+}
+
 function backup_configfiles {
     echo $"Backing up ${PROJECT_NAME} configuration files"
     temp_backup_dir=/root/tempbackupconfig
         cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd
     fi
     backup_directory_to_usb $temp_backup_dir configfiles
+    rm -rf $temp_backup_dir
 }
 
 function backup_admin_readme {
         if [ ! -d $temp_backup_dir ]; then
             mkdir $temp_backup_dir
         fi
+        keep_database_running
         mysqldump --lock-tables --password="$DATABASE_PASSWORD" mysql user > $temp_backup_dir/mysql.sql
         if [ ! -s $temp_backup_dir/mysql.sql ]; then
             echo $"Unable to backup mysql settings"
 backup_directories
 backup_apps local
 backup_configfiles
+backup_blocklist
 backup_admin_readme
 backup_mariadb
 backup_extra_directories local

src/freedombone-backup-remote

     fi
     SUSPENDED_SITE="$1"
     nginx_dissite $SUSPENDED_SITE
-    service nginx reload
+    systemctl reload nginx
 }
 
 function restart_site {
         return
     fi
     nginx_ensite $SUSPENDED_SITE
-    service nginx reload
+    systemctl reload nginx
     SUSPENDED_SITE=
 }
 
+function backup_blocklist {
+    if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
+        return
+    fi
+    echo $"Backing up ${PROJECT_NAME} blocklist"
+    temp_backup_dir=/root/tempbackupblocklist
+    if [ ! -d $temp_backup_dir ]; then
+        mkdir -p $temp_backup_dir
+    fi
+    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
+        cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
+    fi
+    backup_directory_to_friend $temp_backup_dir blocklist
+    rm -rf $temp_backup_dir
+}
+
 function backup_configfiles {
     echo $"Backing up ${PROJECT_NAME} configuration files"
     temp_backup_dir=/root/tempbackupconfig
         if [ ! -d $temp_backup_dir ]; then
             mkdir $temp_backup_dir
         fi
+        keep_database_running
         mysqldump --password=$DATABASE_PASSWORD mysql user > $temp_backup_dir/mysql.sql
         if [ ! -s $temp_backup_dir/mysql.sql ]; then
             echo $"Unable to backup MariaDB settings"
 
 backup_configfiles
 if [[ $TEST_MODE == "no" ]]; then
+    backup_blocklist
     backup_users
     backup_letsencrypt
     backup_passwordstore

src/freedombone-base-email

 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # whether to encrypt all incoming email with your public key
 GPG_ENCRYPT_STORED_EMAIL="yes"
 
-# gets set to yes if gpg keys are imported from usb
-GPG_KEYS_IMPORTED="no"
-
 # optionally you can provide your exported GPG key pair here
 # Note that the private key file will be deleted after use
 # If these are unspecified then a new GPG key will be created
         return
     fi
 
-    echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/' >> /etc/tor/torrc
-    echo 'HiddenServicePort 25 127.0.0.1:25' >> /etc/tor/torrc
-    echo 'HiddenServicePort 587 127.0.0.1:587' >> /etc/tor/torrc
-    echo 'HiddenServicePort 465 127.0.0.1:465' >> /etc/tor/torrc
+    if ! grep -q "hidden_service_email" /etc/tor/torrc; then
+        echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/' >> /etc/tor/torrc
+        echo 'HiddenServicePort 25 127.0.0.1:25' >> /etc/tor/torrc
+        echo 'HiddenServicePort 587 127.0.0.1:587' >> /etc/tor/torrc
+        echo 'HiddenServicePort 465 127.0.0.1:465' >> /etc/tor/torrc
+    fi
 
     function_check onion_update
     onion_update
     function_check wait_for_onion_service
     wait_for_onion_service email
 
-    if [[ $(onion_service_exists email) == "0" ]]; then
+    if [ ! -f /var/lib/tor/hidden_service_email/hostname ]; then
         echo $"email onion site hostname not found"
+        systemctl restart tor
         exit 782352
     fi
 
     if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then
         echo '' >> /home/$MY_USERNAME/.muttrc
         echo $'# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc
-        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
+        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
     else
-        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
     fi
 
     if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then
-        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
+        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
     else
-        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
     fi
 
     mark_completed $FUNCNAME
     if [[ $(is_completed $FUNCNAME) == "1" ]]; then
         return
     fi
-    apt-get -yq install mutt-patched lynx abook urlview
+    apt-get -yq install lynx abook urlview mutt
 
     if [ ! -f /etc/Muttrc ]; then
         echo $"ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE"
     echo '# set up the sidebar' >> /etc/Muttrc
     echo 'set sidebar_width=22' >> /etc/Muttrc
     echo 'set sidebar_visible=yes' >> /etc/Muttrc
-    echo "set sidebar_delim='|'" >> /etc/Muttrc
-    echo 'set sidebar_sort=yes' >> /etc/Muttrc
     echo '' >> /etc/Muttrc
     echo 'set rfc2047_parameters' >> /etc/Muttrc
     echo '' >> /etc/Muttrc
     if [ ! -d /etc/exim4 ]; then
         return
     fi
-    # This installation doesn't work, results in ruby errors
-    # There is currently no schleuder package for Debian jessie
     if [[ $(is_completed $FUNCNAME) == "1" ]]; then
         return
     fi
 function split_gpg_key_into_fragments {
     # split the gpg key into fragments if social key management is enabled
     if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
+
+        if [ $IMAGE_PASSWORD_FILE ]; then
+            if [ -f $IMAGE_PASSWORD_FILE ]; then
+                ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME" --passwordfile $IMAGE_PASSWORD_FILE
+                return
+            fi
+        fi
+
         echo 'Splitting GPG key. You may need to enter your passphrase.'
         ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME"
         if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
     echo '#!/bin/bash' > /usr/bin/filterspam
     echo 'for d in /home/*/ ; do' >> /usr/bin/filterspam
     echo '    USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterspam
-    echo '    if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterspam
+    echo '    if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterspam
     echo '        MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam
     echo '        if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam
     echo '           exit' >> /usr/bin/filterspam
     echo '#!/bin/bash' > /usr/bin/filterham
     echo 'for d in /home/*/ ; do' >> /usr/bin/filterham
     echo '    USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterham
-    echo '    if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterham
+    echo '    if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterham
     echo '        MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham
     echo '        if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham
     echo '            exit' >> /usr/bin/filterham
         return
     fi
 
-    dpkg -P dovecot-imapd
-    dpkg -P dovecot-core
     apt-get -yq install dovecot-imapd
 
     if [ ! -d /etc/dovecot ]; then
         exit 48
     fi
 
-    if [[ $ONION_ONLY == 'no' ]]; then
-        # obtain a cert for the default domain
-        if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
-            echo $'Obtaining certificate for the main domain'
-            create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
-        fi
-    fi
-
-    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
-        if [[ "$(cert_exists dovecot)" == "0" ]]; then
-            ${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH
-            check_certificates dovecot
-        fi
+    if [[ "$(cert_exists dovecot)" == "0" ]]; then
+        ${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH
+        check_certificates dovecot
     fi
 
     chmod 600 /etc/shadow
     fi
     sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
     sed -i 's|ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
-    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
-        sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
-        sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
-    else
-        sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/dovecot/conf.d/10-ssl.conf
-        sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/dovecot/conf.d/10-ssl.conf
-    fi
-    sed -i "s|#ssl_key =.*|ssl_key = </etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/dovecot/conf.d/10-ssl.conf
-    sed -i "s|ssl_key =.*|ssl_key = </etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/dovecot/conf.d/10-ssl.conf
-    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "1" ]]; then
-        sed -i "s|#ssl_dh_parameters_length.*|ssl_dh_parameters_length = ${DH_KEYLENGTH}|g" /etc/dovecot/conf.d/10-ssl.conf
-    fi
+    sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g" /etc/dovecot/conf.d/10-ssl.conf
+    sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g" /etc/dovecot/conf.d/10-ssl.conf
+    sed -i "s|#ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g" /etc/dovecot/conf.d/10-ssl.conf
+    sed -i "s|ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g" /etc/dovecot/conf.d/10-ssl.conf
+    sed -i "s|#ssl_dh_parameters_length.*|ssl_dh_parameters_length = ${DH_KEYLENGTH}|g" /etc/dovecot/conf.d/10-ssl.conf
     sed -i 's/#ssl_prefer_server_ciphers.*/ssl_prefer_server_ciphers = yes/g' /etc/dovecot/conf.d/10-ssl.conf
     sed -i "s|#ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
     sed -i "s|ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
     fi
 
     # Separate logging, otherwise syslog is used
-    if ! grep "# logging" /etc/dovecot/dovecot.conf; then
+    if ! grep -q "# logging" /etc/dovecot/dovecot.conf; then
         echo '' >> /etc/dovecot/dovecot.conf
         echo '# logging' >> /etc/dovecot/dovecot.conf
         echo 'log_path = /var/log/dovecot.log' >> /etc/dovecot/dovecot.conf
     echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
     echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
     echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf
-    echo 'default_bits = 4096' >> /etc/ssl/dovecot-ca.cnf
+    echo 'default_bits = 2048' >> /etc/ssl/dovecot-ca.cnf
     echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf
     echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf
     echo '' >> /etc/ssl/dovecot-ca.cnf
 }
 
 function create_gpg_subkey {
+    # Note: currently not used
     if [ ! -d /etc/exim4 ]; then
         return
     fi
     KEYGRIP=$(gpg --fingerprint --fingerprint $MY_EMAIL_ADDRESS | grep fingerprint | tail -1 | cut -d= -f2 | sed -e 's/ //g')
 
     # Generate a GPG subkey
-    # Here a 2048bit length is used to be compatible with yubikey
-    echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
-    echo "Key-Grip: $KEYGRIP" > /home/$MY_USERNAME/gpg-genkey.conf
-    echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
-    echo 'Subkey-Length: 2048' >> /home/$MY_USERNAME/gpg-genkey.conf
+    echo 'Key-Type: eddsa' > /home/$MY_USERNAME/gpg-genkey.conf
+    echo 'Key-Curve: Ed25519' >> /home/$MY_USERNAME/gpg-genkey.conf
+    echo "Key-Grip: $KEYGRIP" >> /home/$MY_USERNAME/gpg-genkey.conf
+    echo 'Subkey-Type: eddsa' >> /home/$MY_USERNAME/gpg-genkey.conf
     echo "subkey-Usage: $GPG_KEY_USAGE" > /home/$MY_USERNAME/gpg-genkey.conf
     echo "Name-Real:  $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
     echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
     echo "Name-Comment: $GPG_KEY_USAGE" >> /home/$MY_USERNAME/gpg-genkey.conf
     echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
+    echo "Passphrase: $PROJECT_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
     chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
-    su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+    su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
+
     shred -zu /home/$MY_USERNAME/gpg-genkey.conf
-    MY_GPG_SUBKEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
+
+    MY_GPG_SUBKEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
 
     mark_completed $FUNCNAME
 }
     gpg_dir=/home/$MY_USERNAME/.gnupg
 
     # if gpg keys directory was previously imported from usb
-    if [[ $GPG_KEYS_IMPORTED == "yes" && -d $gpg_dir ]]; then
+    if [ -d $gpg_dir ]; then
+        echo $'GPG directory exists'
+    else
+        echo $"GPG directory $gpg_dir was not found"
+    fi
+    if [ -d $gpg_dir ]; then
         echo $'GPG keys were imported'
         sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
             echo $"GPG public key file $MY_GPG_PUBLIC_KEY was not found"
             exit 2483
         fi
+
         if [ ! -f $MY_GPG_PRIVATE_KEY ]; then
             echo $"GPG private key file $MY_GPG_PRIVATE_KEY was not found"
             exit 5383
         fi
-        su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME
-        su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
+
+        gpg_import_public_key $MY_USERNAME $MY_GPG_PUBLIC_KEY
+        gpg_import_private_key $MY_USERNAME $MY_GPG_PRIVATE_KEY
+
         KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
         if [[ $KEY_EXISTS == "no" ]]; then
             echo $"The GPG key for $MY_EMAIL_ADDRESS could not be imported"
         fi
     else
         # Generate a GPG key
-        echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
-        echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
-        echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
-        echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
-        echo "Name-Real:  $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
-        echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
-        echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
-        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
-        echo $'Generating a new GPG key'
-        su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
-        KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
-        if [[ $KEY_EXISTS == "no" ]]; then
-            echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
-            exit 6362
+        if [ -f $IMAGE_PASSWORD_FILE ]; then
+            gpg_create_key $MY_USERNAME $(printf `cat $IMAGE_PASSWORD_FILE`)
+        else
+            gpg_create_key $MY_USERNAME $PROJECT_NAME
         fi
-        shred -zu /home/$MY_USERNAME/gpg-genkey.conf
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
-        if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
-            echo $'GPG public key ID could not be obtained'
-        fi
         MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
-        su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
-
-        if grep -q "install_email" $COMPLETION_FILE; then
-            if ! grep -q $"Change your GPG password" /home/$MY_USERNAME/README; then
-                echo '' >> /home/$MY_USERNAME/README
-                echo '' >> /home/$MY_USERNAME/README
-                echo $'# Change your GPG password' >> /home/$MY_USERNAME/README
-                echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
-                echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
-                echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
-                echo $'You can change the it with:' >> /home/$MY_USERNAME/README
-                echo '' >> /home/$MY_USERNAME/README
-                echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
-                echo '  passwd' >> /home/$MY_USERNAME/README
-                echo '  save' >> /home/$MY_USERNAME/README
-                echo '  quit' >> /home/$MY_USERNAME/README
-            fi
-            if ! grep -q $"Publish your GPG public key" /home/$MY_USERNAME/README; then
-                echo '' >> /home/$MY_USERNAME/README
-                echo '' >> /home/$MY_USERNAME/README
-                echo $'# Publish your GPG public key' >> /home/$MY_USERNAME/README
-                echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
-                echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
-                echo '' >> /home/$MY_USERNAME/README
-                echo "  gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
-            fi
-            chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-            chmod 600 /home/$MY_USERNAME/README
-        fi
+        gpg_export_public_key $MY_USERNAME $MY_GPG_PUBLIC_KEY_ID $MY_GPG_PUBLIC_KEY
+    fi
+
+    if [ ! -d /root/.gnupg ]; then
+        cp -r /home/$MY_USERNAME/.gnupg /root/
+        chmod 700 /root/.gnupg
+        chmod 600 /root/.gnupg/*
     fi
+    gpg_agent_setup root
+    gpg_agent_setup $MY_USERNAME
 
     mark_completed $FUNCNAME
 }

src/freedombone-client

         ssh-keygen -t ed25519 -o -a 100
     fi
     if [ ! -f /home/$CURR_USER/.ssh/id_rsa ]; then
-        ssh-keygen -t rsa -b 4096 -o -a 100
+        ssh-keygen -t rsa -b 2048 -o -a 100
     fi
 
     ssh_remove_small_moduli

src/freedombone-config

 # License
 # =======
 #
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 DEFAULT_LANGUAGE='en_GB.UTF-8'
 ONION_ONLY="no"
 SELECTED_USERNAME=
-
-# Mirrors settings
-FRIENDS_MIRRORS_SERVER=
-FRIENDS_MIRRORS_SSH_PORT=2222
-FRIENDS_MIRRORS_PASSWORD=
-MY_MIRRORS_PASSWORD=
+SOCIALINSTANCE=
 
 VALID_CODE=
 
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
+function please_wait {
+        local str width height length
+
+        width=$(tput cols)
+        height=$(tput lines)
+        str=$"Please wait"
+        length=${#str}
+        clear
+        tput cup $((height / 2)) $(((width / 2) - (length / 2)))
+        echo "$str"
+        tput cup $((height * 3 / 5)) $(((width / 2)))
+        echo -n ''
+}
+
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 
 UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
     echo $'Creates an inventory of remote backup locations'
     echo ''
     echo ''
-    echo $'  -h --help             Show help'
-    echo $'  -f --filename         Configuration file (usually freedombone.cfg)'
-    echo $'  -m --min              Minimum password length (characters)'
-    echo $'  -w --www              Freedombone web site'
-    echo $'  -b --bm               Freedombone support Bitmessage address'
-    echo $'  -o --onion [yes|no]   Whether to only create .onion sites'
-    echo $'     --minimal [yes|no] For minimalistic "consumer grade" installs'
+    echo $'  -h --help                         Show help'
+    echo $'  -f --filename                     Configuration file (usually freedombone.cfg)'
+    echo $'  -m --min                          Minimum password length (characters)'
+    echo $'  -w --www                          Freedombone web site'
+    echo $'  -b --bm                           Freedombone support Bitmessage address'
+    echo $'  -o --onion [yes|no]               Whether to only create .onion sites'
+    echo $'     --minimal [yes|no]             For minimalistic "consumer grade" installs'
+    echo $'     --social [gnusocial|postactiv] Create gnusocial/postactiv instance'
     echo ''
     exit 0
 }
     save_configuration_values
 }
 
+function choose_social_instance_domain_name {
+    DEFAULT_DOMAIN_DETAILS_COMPLETE=
+    while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
+    do
+        data=$(tempfile 2>/dev/null)
+        trap "rm -f $data" 0 1 2 5 15
+        if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            dialog --backtitle $"Freedombone Configuration" \
+                   --title $"Instance domain" \
+                   --form $"\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \
+                   $"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
+                   $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
+                   2> $data
+            sel=$?
+            case $sel in
+                1) exit 1;;
+                255) exit 1;;
+            esac
+            DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
+            DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
+            if [ $DEFAULT_DOMAIN_NAME ]; then
+                validate_freedns_code "$DEFAULT_DOMAIN_CODE"
+                if [ ! $VALID_CODE ]; then
+                    DEFAULT_DOMAIN_NAME=
+                fi
+            fi
+        else
+            dialog --backtitle $"Freedombone Configuration" \
+                   --inputbox $"Enter your instance domain name:" 10 45 \
+                   "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+            sel=$?
+            case $sel in
+                0) DEFAULT_DOMAIN_NAME=$(cat $data);;
+                1) exit 1;;
+                255) exit 1;;
+            esac
+        fi
+        if [ $DEFAULT_DOMAIN_NAME ]; then
+            TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
+            validate_domain_name
+            if [[ $TEST_DOMAIN_NAME != $DEFAULT_DOMAIN_NAME ]]; then
+                DEFAULT_DOMAIN_NAME=
+                dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
+            else
+                DEFAULT_DOMAIN_DETAILS_COMPLETE="yes"
+            fi
+        fi
+    done
+    save_configuration_values
+}
+
 function choose_default_domain_name {
+    if [ $SOCIALINSTANCE ]; then
+        choose_social_instance_domain_name
+        return
+    fi
+
     if [[ $ONION_ONLY != "no" ]]; then
-        DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local"
+        DEFAULT_DOMAIN_NAME="${LOCAL_NAME}.local"
     else
         DEFAULT_DOMAIN_DETAILS_COMPLETE=
         while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
                            if [ ${#possible_username} -gt 1 ]; then
                                if [[ $possible_username != $GENERIC_IMAGE_USERNAME ]]; then
                                    MY_USERNAME=$(cat $data)
+                                   please_wait
+                                   echo ''
+                                   echo $'Creating user account'
                                    chmod 600 /etc/shadow
                                    chmod 600 /etc/gshadow
                                    useradd -m -s /bin/bash $MY_USERNAME
         exit 6437
     fi
     save_configuration_values
+    please_wait
+    echo ''
 }
 
 function choose_full_name {
         esac
     done
     save_configuration_values
+    please_wait
+    echo ''
 }
 
 function choose_system_variant {
             shift
             FREEDOMBONE_WEBSITE="$1"
             ;;
+        --social)
+            shift
+            if [[ "$1" == 'gnusocial' || "$1" == 'postactiv' ]]; then
+                SOCIALINSTANCE="$1"
+            fi
+            ;;
         --minimal)
             shift
             MINIMAL_INSTALL="$1"
     shift
 done
 
-function set_main_repo {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
-    dialog --backtitle $"Freedombone Control Panel" \
-           --title $"Main Repository (Mirrors)" \
-           --form $"If you don't know what this means then just select Ok.\n\nIf you don't wish to use the default repositories they can be obtained from mirrored repos on another ${PROJECT_NAME} system.\n\nThe repositories are for applications which are not yet packaged for Debian." 18 65 4 \
-           $"URL:" 1 1 "$FRIENDS_MIRRORS_SERVER" 1 18 40 18 \
-           $"SSH Port:" 2 1 "$FRIENDS_MIRRORS_SSH_PORT" 2 18 10 10000 \
-           $"Password:" 3 1 "$FRIENDS_MIRRORS_PASSWORD" 3 18 40 10000 \
-           2> $data
-    sel=$?
-    case $sel in
-        1) return;;
-        255) return;;
-    esac
-    new_mirrors_url=$(cat $data | sed -n 1p)
-    new_mirrors_ssh_port=$(cat $data | sed -n 2p)
-    new_mirrors_password=$(cat $data | sed -n 3p)
-
-    if [ ${#new_mirrors_url} -lt 2 ]; then
-        return
-    fi
-    if [ ${#new_mirrors_ssh_port} -lt 1 ]; then
-        return
-    fi
-    if [ ${#new_mirrors_password} -lt 10 ]; then
-        dialog --title $"Main Repository" \
-               --msgbox $'Mirrors password was too short. Should be at least 10 characters.' 6 40
-        return
-    fi
-
-    if [[ $new_mirrors_url == *"."* ]]; then
-        FRIENDS_MIRRORS_SERVER=$new_mirrors_url
-        FRIENDS_MIRRORS_SSH_PORT=$new_mirrors_ssh_port
-        FRIENDS_MIRRORS_PASSWORD=$new_mirrors_password
-
-        dialog --title $"Main Repository" \
-               --msgbox $"Main repository set to $FRIENDS_MIRRORS_SERVER" 6 60
-    fi
-    save_configuration_values
-}
-
 function interactive_select_language {
     data=$(tempfile 2>/dev/null)
     trap "rm -f $data" 0 1 2 5 15
     esac
     save_configuration_values
 
+    please_wait
+    echo ''
+    echo 'Setting locale'
+
     locale-gen "${DEFAULT_LANGUAGE}"
     update-locale LANG=${DEFAULT_LANGUAGE}
     update-locale LANGUAGE=${DEFAULT_LANGUAGE}
     update-locale LC_MESSAGES=${DEFAULT_LANGUAGE}
     update-locale LC_ALL=${DEFAULT_LANGUAGE}
     update-locale LC_CTYPE=${DEFAULT_LANGUAGE}
+    please_wait
+    echo ''
 }
 
 function select_user {
 
     users_array=($(ls /home))
 
-    delete=(mirrors git)
+    delete=(git)
     for del in ${delete[@]}
     do
         users_array=(${users_array[@]/$del})
 
     interactive_select_language
 
-    if [[ $ONION_ONLY == "no" ]]; then
-        INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+    if [ $SOCIALINSTANCE ]; then
+        INITIAL_MESSAGE=$"Welcome to your Freedombone $SOCIALINSTANCE instance.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit ${FREEDOMBONE_WEBSITE}/socialinstance.html."
     else
-        INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nWeb sites created will only be viewable within a Tor browser.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+        if [[ $ONION_ONLY == "no" ]]; then
+            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+        else
+            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nWeb sites created will only be viewable within a Tor browser.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+        fi
     fi
 
     dialog --title $"Freedombone" --msgbox "$INITIAL_MESSAGE" 15 50
 
     #choose_system_variant
-    set_main_repo
     choose_username
     choose_full_name
     choose_social_key_management
     choose_email_address
     interactive_key_recovery
 
+    if [[ "$SOCIALINSTANCE" == 'gnusocial' ]]; then
+        GNUSOCIAL_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
+        GNUSOCIAL_CODE=$DEFAULT_DOMAIN_CODE
+        write_config_param "GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_DOMAIN_NAME"
+        write_config_param "GNUSOCIAL_CODE" "$GNUSOCIAL_CODE"
+        write_config_param "SOCIALINSTANCE" "$SOCIALINSTANCE"
+        install_gnusocial
+    fi
+
+    if [[ "$SOCIALINSTANCE" == 'postactiv' ]]; then
+        POSTACTIV_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
+        POSTACTIV_CODE=$DEFAULT_DOMAIN_CODE
+        write_config_param "POSTACTIV_DOMAIN_NAME" "$POSTACTIV_DOMAIN_NAME"
+        write_config_param "POSTACTIV_CODE" "$POSTACTIV_CODE"
+        write_config_param "SOCIALINSTANCE" "$SOCIALINSTANCE"
+        install_postactiv
+    fi
+
     # delete the temporary configuration file
     if [ -f temp.cfg ]; then
         shred -zu temp.cfg

src/freedombone-controlpanel

 export TEXTDOMAIN=${PROJECT_NAME}-controlpanel
 export TEXTDOMAINDIR="/usr/share/locale"
 
+if [[ $USER != 'root' ]]; then
+    # show the user version of the control panel
+    #${PROJECT_NAME}-controlpanel-user
+    controluser
+    exit 0
+fi
+
+function please_wait {
+        local str width height length
+
+        width=$(tput cols)
+        height=$(tput lines)
+        str=$"Please wait"
+        length=${#str}
+        clear
+        tput cup $((height / 2)) $(((width / 2) - (length / 2)))
+        echo "$str"
+        tput cup $((height * 3 / 5)) $(((width / 2)))
+        echo -n ''
+}
+
+please_wait
+
+# Start including files
+
+source /usr/local/bin/${PROJECT_NAME}-vars
+
 UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
 for f in $UTILS_FILES
 do
     source $f
 done
 
+# End including files
+
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 SELECTED_USERNAME=
 SIP_CONFIGURATION_FILE=/etc/sipwitch.conf
 read_config_param SMTP_PROXY_PASSWORD
 read_config_param USB_DRIVE
 read_config_param MY_USERNAME
+read_config_param ONION_ONLY
 if [[ $USB_DRIVE == *"dev"* ]]; then
     USB_DRIVE=$(echo ${USB_DRIVE} | awk -F '/' '{print $3}' | sed 's|1||g' | sed 's|2||g')
 fi
 
-# Mirrors settings
-FRIENDS_MIRRORS_SERVER=
-FRIENDS_MIRRORS_SSH_PORT=2222
-FRIENDS_MIRRORS_PASSWORD=
-MY_MIRRORS_PASSWORD=
-
 function any_key {
     echo ' '
     read -n1 -r -p $"Press any key to continue..." key
 
     users_array=($(ls /home))
 
-    delete=(mirrors git)
+    delete=(git)
     for del in ${delete[@]}
     do
         users_array=(${users_array[@]/$del})
             name+=("$a")
         fi
     done
+    i=$((i+1))
+    W+=($i "mariadb")
+    name+=("mariadb")
 
     selected_app_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select App" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3)
 
         fi
     fi
 
+    if [[ "${SELECTED_APP}" == 'mariadb' ]]; then
+        CURR_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        dialog --title $"MariaDB database password" \
+               --msgbox "\n            ${CURR_PASSWORD}" 7 40
+        return
+    fi
+
     data=$(tempfile 2>/dev/null)
     trap "rm -f $data" 0 1 2 5 15
     dialog --title "$titlestr" \
     any_key
 }
 
-function set_main_repo {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
-    dialog --backtitle $"Freedombone Control Panel" \
-           --title $"Main Repository (Mirrors)" \
-           --form $"If you do not wish to use the default repositories they can be obtained from mirrors on another ${PROJECT_NAME} server." 14 60 3 \
-           $"URL:" 1 1 "$FRIENDS_MIRRORS_SERVER" 1 14 40 15 \
-           $"SSH Port:" 2 1 "$FRIENDS_MIRRORS_SSH_PORT" 2 14 40 10000 \
-           $"Password:" 3 1 "$FRIENDS_MIRRORS_PASSWORD" 3 14 40 10000 \
-           2> $data
-    sel=$?
-    case $sel in
-        1) return;;
-        255) return;;
-    esac
-    new_mirrors_url=$(cat $data | sed -n 1p)
-    new_mirrors_ssh_port=$(cat $data | sed -n 2p)
-    new_mirrors_password=$(cat $data | sed -n 3p)
-
-    if [ ${#new_mirrors_url} -lt 2 ]; then
-        return
-    fi
-    if [ ${#new_mirrors_ssh_port} -lt 1 ]; then
-        return
-    fi
-    if [ ${#new_mirrors_password} -lt 10 ]; then
-        dialog --title $"Main Repository" \
-               --msgbox $'Mirrors password was too short. Should be at least 10 characters.' 6 40
-        return
-    fi
-
-    if [[ $new_mirrors_url == *"."* ]]; then
-        FRIENDS_MIRRORS_SERVER=$new_mirrors_url
-        FRIENDS_MIRRORS_SSH_PORT=$new_mirrors_ssh_port
-        FRIENDS_MIRRORS_PASSWORD=$new_mirrors_password
-
-        write_config_param "FRIENDS_MIRRORS_SERVER" "$FRIENDS_MIRRORS_SERVER"
-        write_config_param "FRIENDS_MIRRORS_SSH_PORT" "$FRIENDS_MIRRORS_SSH_PORT"
-        write_config_param "FRIENDS_MIRRORS_PASSWORD" "$FRIENDS_MIRRORS_PASSWORD"
-
-        # re-read the repos
-        read_repo_servers
-
-        dialog --title $"Main Repository" \
-               --msgbox $"Main repository set to $FRIENDS_MIRRORS_SERVER" 6 60
-    fi
-}
-
 function add_user {
     data=$(tempfile 2>/dev/null)
     trap "rm -f $data" 0 1 2 5 15
             if grep -q "SHOW_ICANN_ADDRESS_ON_ABOUT=0" /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}; then
                 icann_address='-'
             fi
+            if [[ $ONION_ONLY != 'no' ]]; then
+                if [[ ${icann_address} != ${LOCAL_NAME}.local ]]; then
+                    icann_address='-'
+                fi
+            fi
             onion_address=$(get_app_onion_address "$app_name")
             if [ ${#onion_address} -eq 0 ]; then
                 onion_address="-"
     echo ''
 }
 
-function show_mirrors_password {
-    if [ ! /home/mirrors ]; then
-        return
-    fi
-    read_config_param "MY_MIRRORS_PASSWORD"
-    echo 'Local Mirrors'
-    echo '============='
-    echo ''
-    echo -n "URL:      "
-    echo "$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')    SSH Port: $SSH_PORT"
-    echo "Password: $MY_MIRRORS_PASSWORD"
-    echo ''
-}
-
 function show_tahoelafs {
     if [ ! -f /home/tahoelafs/storage/private/storage.furl ]; then
         return
 }
 
 function show_about {
-    clear
-    echo ''
-    echo $'  Detecting installed apps...'
     detect_apps
     get_apps_installed_names
 
     clear
+    echo "==== ${PROJECT_NAME} version ${VERSION} ($DEBIAN_VERSION) ===="
+    echo ''
     show_ip_addresses
     show_tor_bridges
     show_ssh_public_key
     show_domains
     show_tahoelafs
-    show_mirrors_password
     show_users
     any_key
 }
 
     users_array=($(ls /home))
 
-    delete=(mirrors git)
+    delete=(git)
     for del in ${delete[@]}
     do
         users_array=(${users_array[@]/$del})
     dialog --title $"USB Master Keydrive" \
            --msgbox $"Plug in a LUKS encrypted USB drive" 6 40
     clear
-    ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME --master 'yes'
+    detect_usb_drive
+    ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME --master 'yes' -d $USB_DRIVE
     any_key
 }
 
     dialog --title $"USB Fragment Keydrive" \
            --msgbox $"Plug in a LUKS encrypted USB drive" 6 40
     clear
-    ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME
+    detect_usb_drive
+    ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME -d $USB_DRIVE
     any_key
 }
 
     fi
 
     utils_installed=(configfiles
+                     blocklist
                      mariadb
                      letsencrypt
                      passwords
             $restore_command
             retcode="$?"
             if [[ "$retcode" != "0" ]]; then
+                any_key
                 if [[ "$1" == "local" ]]; then
                     dialog --title $"Restore all apps from USB" \
                            --msgbox $"Restore failed with code $retcode" 6 60
         $restore_command "${app_name}"
         retcode="$?"
         if [[ "$retcode" != "0" ]]; then
+            any_key
             dialog --title $"Restore apps from USB" \
                    --msgbox $"Restore of ${app_name} failed with code $retcode" 6 60
             return
         1) return;;
         255) return;;
     esac
-    shutdown now
+    systemctl poweroff
 }
 
 function restart_system {
         1) return;;
         255) return;;
     esac
-    reboot
+    systemctl reboot -i
 }
 
 function change_system_name {
         echo $'Changing to a dynamic IP address.'
         echo ''
         echo $"System is rebooting. You may need to close this terminal and log in from a new one."
-        reboot
+        systemctl reboot -i
     fi
 }
 
 
     NEW_STATIC_IP=
     NEW_STATIC_GATEWAY=
-    if grep -q 'iface eth0 inet static' /etc/network/interfaces; then
-        STATIC_IP=$(cat /etc/network/interfaces | grep "address " | head -n 1 | awk -F ' ' '{print $2}')
-        STATIC_GATEWAY=$(cat /etc/network/interfaces | grep "gateway " | head -n 1 | awk -F ' ' '{print $2}')
+    if [ -f /etc/network/interfaces.d/static ]; then
+        STATIC_IP=$(cat /etc/network/interfaces.d/static | grep "address " | head -n 1 | awk -F ' ' '{print $2}')
+        STATIC_GATEWAY=$(cat /etc/network/interfaces.d/static | grep "gateway " | head -n 1 | awk -F ' ' '{print $2}')
     fi
 
     # get the IP for the box
     esac
 
     if [[ "$NEW_STATIC_GATEWAY" == *"."* && "$NEW_STATIC_IP" == *"."* ]]; then
-        ip_addresses_have_changed=
-        if ! grep -q "address ${NEW_STATIC_IP}" /etc/network/interfaces; then
-            ip_addresses_have_changed=1
-        fi
-        if ! grep -q "gateway ${NEW_STATIC_GATEWAY}" /etc/network/interfaces; then
-            ip_addresses_have_changed=1
+        ip_addresses_have_changed=1
+        if [ -f /etc/network/interfaces.d/static ]; then
+            ip_addresses_have_changed=
+            if ! grep -q "address ${NEW_STATIC_IP}" /etc/network/interfaces.d/static; then
+                ip_addresses_have_changed=1
+            fi
+            if ! grep -q "gateway ${NEW_STATIC_GATEWAY}" /etc/network/interfaces.d/static; then
+                ip_addresses_have_changed=1
+            fi
         fi
         if [ $ip_addresses_have_changed ]; then
             write_config_param "NETWORK_IS_STATIC" "1"
                 esac
             fi
 
+            echo '# This file describes the network interfaces available on your system' > /etc/network/interfaces
+            echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces
+            echo 'source /etc/network/interfaces.d/*' >> /etc/network/interfaces
+
             if [ ! $static_wifi_address ]; then
                 # wired network
                 remove_wifi_startup_script
-                echo '# This file describes the network interfaces available on your system' > /etc/network/interfaces
-                echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces
-                echo '' >> /etc/network/interfaces
-                echo '# The loopback network interface' >> /etc/network/interfaces
-                echo 'auto lo' >> /etc/network/interfaces
-                echo 'iface lo inet loopback' >> /etc/network/interfaces
-                echo '' >> /etc/network/interfaces
-                echo '# The primary network interface' >> /etc/network/interfaces
-                echo 'auto eth0' >> /etc/network/interfaces
-                echo 'iface eth0 inet static' >> /etc/network/interfaces
-                echo "    address ${NEW_STATIC_IP}" >> /etc/network/interfaces
-                echo '    netmask 255.255.255.0' >> /etc/network/interfaces
-                echo "    gateway ${NEW_STATIC_GATEWAY}" >> /etc/network/interfaces
-                echo "    dns-nameservers 213.73.91.35 85.214.20.141" >> /etc/network/interfaces
-                echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces
-                echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces
-                echo '' >> /etc/network/interfaces
-                echo '# The secondary network interface' >> /etc/network/interfaces
-                echo '#auto eth1' >> /etc/network/interfaces
-                echo '#iface eth1 inet dhcp' >> /etc/network/interfaces
-                echo '' >> /etc/network/interfaces
-                echo '# WiFi Example' >> /etc/network/interfaces
-                echo "#auto $WIFI_INTERFACE" >> /etc/network/interfaces
-                echo "#iface $WIFI_INTERFACE inet dhcp" >> /etc/network/interfaces
-                echo '#    wpa-ssid "essid"' >> /etc/network/interfaces
-                echo '#    wpa-psk  "password"' >> /etc/network/interfaces
-                echo '' >> /etc/network/interfaces
-                echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces
-                echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces
-                echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces
-                echo '#iface usb0 inet static' >> /etc/network/interfaces
-                echo '#    address 192.168.7.2' >> /etc/network/interfaces
-                echo '#    netmask 255.255.255.0' >> /etc/network/interfaces
-                echo '#    network 192.168.7.0' >> /etc/network/interfaces
-                echo '#    gateway 192.168.7.1' >> /etc/network/interfaces
+
+                echo 'auto eth0' > /etc/network/interfaces.d/static
+                echo 'iface eth0 inet static' >> /etc/network/interfaces.d/static
+                echo "    address ${NEW_STATIC_IP}" >> /etc/network/interfaces.d/static
+                echo '    netmask 255.255.255.0' >> /etc/network/interfaces.d/static
+                echo "    gateway ${NEW_STATIC_GATEWAY}" >> /etc/network/interfaces.d/static
             else
                 # wifi network
                 wifi_settings
                    --yesno $"\nFor the change to take effect your system will now need to reboot. Do this now?" 8 60
             sel=$?
             case $sel in
-                0) reboot;;
+                0) systemctl reboot -i;;
             esac
         fi
     fi
         WIFI_PASSPHRASE=$TEMP_WIFI_PASSPHRASE
 
         ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $WIFI_HOTSPOT $WIFI_EXTRA
+        if [ ! "$?" = "0" ]; then
+            echo $"Can't enable wifi hotspot"
+            any_key
+        fi
     else
         WIFI_HOTSPOT=$TEMP_WIFI_HOTSPOT
         WIFI_SSID=$TEMP_WIFI_SSID
 
     # change muttrc
     if [ $SMTP_PROXY_ENABLE != $'no' ]; then
-        if ! grep "set smtp_url" $MUTTRC_FILE; then
+        if ! grep -q "set smtp_url" $MUTTRC_FILE; then
             echo "set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"" >> $MUTTRC_FILE
         else
             sed -i "s|set smtp_url=.*|set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"|g" $MUTTRC_FILE
         fi
         sed -i 's|#set smtp_url|set smtp_url|g' $MUTTRC_FILE
     else
-        if grep "set smtp_url" $MUTTRC_FILE; then
+        if grep -q "set smtp_url" $MUTTRC_FILE; then
             sed -i 's|set smtp_url|#set smtp_url|g' $MUTTRC_FILE
         fi
     fi
     esac
 }
 
+function ip_blocking_add {
+    data=$(tempfile 2>/dev/null)
+    trap "rm -f $data" 0 1 2 5 15
+    dialog --title $"Block an IP address" \
+           --backtitle $"Freedombone Control Panel" \
+           --inputbox $"Enter the IP address that you wish to block" 8 60 "" 2>$data
+    sel=$?
+    case $sel in
+        0)
+            blocked_ip=$(<$data)
+            if [ ${#blocked_ip} -gt 2 ]; then
+                if [[ "${blocked_ip}" == *'.'* ]]; then
+                    firewall_block_ip $blocked_ip
+                    if [[ "${blocked_ip}" != *'@'* ]]; then
+                        dialog --title $"Block an IP address" \
+                               --msgbox $"The IP address $blocked_ip has been blocked" 6 40
+                    fi
+                fi
+            fi
+            ;;
+    esac
+}
+
 function domain_blocking_remove {
     data=$(tempfile 2>/dev/null)
     trap "rm -f $data" 0 1 2 5 15
     esac
 }
 
+function ip_blocking_remove {
+    data=$(tempfile 2>/dev/null)
+    trap "rm -f $data" 0 1 2 5 15
+    dialog --title $"Unblock an IP address" \
+           --backtitle $"Freedombone Control Panel" \
+           --inputbox $"Enter the IP address that you wish to unblock" 8 60 "" 2>$data
+    sel=$?
+    case $sel in
+        0)
+            unblocked_ip=$(<$data)
+            if [ ${#unblocked_ip} -gt 2 ]; then
+                if [[ "${unblocked_ip}" == *'.'* ]]; then
+                    firewall_unblock_ip $unblocked_ip
+                    if [[ "${unblocked_ip}" != *'@'* ]]; then
+                        dialog --title $"Unblock an IP address" \
+                               --msgbox $"The IP address $unblocked_ip has been unblocked" 6 40
+                    fi
+                fi
+            fi
+            ;;
+    esac
+}
+
 function domain_blocking_show {
     if [ -f $FIREWALL_DOMAINS ]; then
         clear
         trap "rm -f $data" 0 1 2 5 15
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Domain or User Blocking" \
-               --radiolist $"Choose an operation:" 12 60 4 \
+               --radiolist $"Choose an operation:" 14 60 6 \
                1 $"Block a domain or user" off \
                2 $"Unblock a domain or user" off \
-               3 $"Show blocked domains and users" off \
-               4 $"Back to main menu" on 2> $data
+               3 $"Block an IP address" off \
+               4 $"Unblock an IP address" off \
+               5 $"Show blocked domains and users" off \
+               6 $"Back to main menu" on 2> $data
         sel=$?
         case $sel in
             1) break;;
         case $(cat $data) in
             1) domain_blocking_add;;
             2) domain_blocking_remove;;
-            3) domain_blocking_show;;
-            4) break;;
+            3) ip_blocking_add;;
+            4) ip_blocking_remove;;
+            5) domain_blocking_show;;
+            6) break;;
         esac
     done
 }
         if [ -f /etc/hostapd/hostapd.conf ]; then
             status_str=$'Hotspot ON'
         else
-            if grep -q "# wifi enabled" /etc/network/interfaces; then
+            if [ -f /etc/network/interfaces.d/wifi ]; then
                 status_str=$'Wifi ON'
             fi
         fi
         trap "rm -f $data" 0 1 2 5 15
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Control Panel" \
-               --radiolist $"Choose an operation:" 29 70 21 \
+               --radiolist $"Choose an operation:" 28 70 20 \
                1 $"About this system" off \
                2 $"Passwords" off \
                3 $"Backup and Restore" off \
                11 $"Email Menu" off \
                12 $"Domain or User Blocking" off \
                13 $"Security Settings" off \
-               14 $"Set the main repository (repo mirrors)" off \
-               15 $"Change the name of this system" off \
-               16 $"Set a static local IP address" off \
-               17 $"Wifi menu" off \
-               18 $"Check for updates" off \
-               19 $"Power off the system" off \
-               20 $"Restart the system" off \
-               21 $"Exit" on 2> $data
+               14 $"Change the name of this system" off \
+               15 $"Set a static local IP address" off \
+               16 $"Wifi menu" off \
+               17 $"Check for updates" off \
+               18 $"Power off the system" off \
+               19 $"Restart the system" off \
+               20 $"Exit" on 2> $data
         sel=$?
         case $sel in
             1) exit 1;;
             255) exit 1;;
         esac
+        please_wait
         case $(cat $data) in
             1) show_about;;
             2) view_or_change_passwords;;
             4) show_firewall;;
             5) reset_tripwire;;
             6) menu_app_settings;;
-            7) ${PROJECT_NAME}-addremove
+            7) /usr/local/bin/addremove
                if [ ! "$?" = "0" ]; then
                    any_key
                fi
             11) menu_email;;
             12) domain_blocking;;
             13) security_settings;;
-            14) set_main_repo;;
-            15) change_system_name;;
-            16) set_static_IP;;
-            17) menu_wifi;;
-            18) check_for_updates;;
-            19) shut_down_system;;
-            20) restart_system;;
-            21) break;;
+            14) change_system_name;;
+            15) set_static_IP;;
+            16) menu_wifi;;
+            17) check_for_updates;;
+            18) shut_down_system;;
+            19) restart_system;;
+            20) break;;
         esac
     done
 }
 
-if [[ $USER != 'root' ]]; then
-    # show the user version of the control panel
-    ${PROJECT_NAME}-controlpanel-user
-    exit 0
-fi
-
 if [ ! -f $COMPLETION_FILE ]; then
     echo $'This command should only be run on an installed Freedombone system'
     exit 1
 fi
 
 ADMIN_USER=$(get_completion_param "Admin user")
-read_repo_servers
 menu_top_level
 clear
 cat /etc/motd

src/freedombone-controlpanel-user

 export TEXTDOMAINDIR="/usr/share/locale"
 
 MY_EMAIL_ADDRESS=$USER@$HOSTNAME
-GPG_ID=$(gpg --fingerprint $MY_EMAIL_ADDRESS | grep -i "pub" | head -n 1 | awk -F '/' '{print $2}' | awk -F ' ' '{print $1}')
-GPG_BACKUP_ID=$(gpg --fingerprint "(backup key)" | grep -i "pub" | head -n 1 | awk -F '/' '{print $2}' | awk -F ' ' '{print $1}')
+GPG_ID=$(gpg --list-keys $MY_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
+GPG_BACKUP_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
+
+# Start including files
 
 UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
 for f in $UTILS_FILES
   source $f
 done
 
+# End including files
+
 function any_key {
     echo ' '
     read -n1 -r -p $"Press any key to continue..." key
 }
 
 function show_gpg_key {
-    GPG_FINGERPRINT=$(gpg --fingerprint $MY_EMAIL_ADDRESS | grep -i "key fingerprint" | head -n 1 | awk -F '= ' '{print $2}')
-    GPG_DATE=$(gpg --fingerprint $MY_EMAIL_ADDRESS | grep -i "pub" | head -n 1 | awk -F '/' '{print $2}' | awk -F ' ' '{print $2}')
+    GPG_FINGERPRINT=$(gpg --fingerprint $MY_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
+    GPG_DATE=$(gpg --fingerprint $MY_EMAIL_ADDRESS | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
     dialog --title $"My PGP/GPG Key" \
            --backtitle $"Freedombone User Control Panel" \
            --msgbox $"Email Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE" 12 70
         fi
         sed -i 's|#set smtp_url|set smtp_url|g' $MUTTRC_FILE
     else
-        if grep "set smtp_url" $MUTTRC_FILE; then
+        if grep -q "set smtp_url" $MUTTRC_FILE; then
             sed -i 's|set smtp_url|#set smtp_url|g' $MUTTRC_FILE
         fi
     fi
         clear
         exit 0
     fi
-    sudo ${PROJECT_NAME}-controlpanel
+    sudo /usr/local/bin/control
 }
 
 function sign_keys {

src/freedombone-freedns

 # License
 # =======
 #
-# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 export TEXTDOMAIN=${PROJECT_NAME}-freedns
 export TEXTDOMAINDIR="/usr/share/locale"
 
+VERBOSE=
 CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
-FREEDNS_WGET='wget -q --read-timeout=0.0 --waitretry=5 --tries=4 https://freedns.afraid.org/dynamic/update.php?'
+FREEDNS_WGET='wget --read-timeout=0.0 --waitretry=5 --tries=4 https://freedns.afraid.org/dynamic/update.php?'
+
+if [[ "$1" == "--verbose" || "$1" == "-v" ]]; then
+    VERBOSE=1
+fi
 
 if [ ! -f $CONFIGURATION_FILE ]; then
     exit 0
 }
 
 detected_codes=()
-codelines=($(grep "_CODE=" $CONFIGURATION_FILE | uniq))
-for line in "${codelines[@]}"
-do
+codelines=$(grep "_CODE=" $CONFIGURATION_FILE | uniq)
+while read -r line; do
     code=$(echo "$line" | awk -F '=' '{print $2}')
     item_in_array "$code" "${detected_codes[@]}"
     if [[ $? != 0 ]]; then
         detected_codes+=("$code")
     fi
-done
+done <<< "$codelines"
 
 if [ ! -d $HOME/.freedns-update ]; then
     mkdir $HOME/.freedns-update
 cd $HOME/.freedns-update
 for code in "${detected_codes[@]}"
 do
-    $FREEDNS_WGET${code}
+    if [ $VERBOSE ]; then
+        echo $"command: $FREEDNS_WGET${code}="
+        $FREEDNS_WGET${code}=
+    else
+        if [ -f /tmp/freedns ]; then
+            rm /tmp/freedns
+        fi
+        $FREEDNS_WGET${code}= >> /tmp/freedns 2>&1
+    fi
 done
 
+if [ -f /tmp/freedns ]; then
+    rm /tmp/freedns
+fi
+
 exit 0

src/freedombone-image

 # An optional freedombone configuration file
 CONFIG_FILENAME=
 
-DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local"
+DEFAULT_DOMAIN_NAME="${LOCAL_NAME}.local"
 
 # Minimum number of characters in a password
 MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
 # a new identity at every shutdown/boot
 AMNESIC='no'
 
+# Is this a dedicated gnusocial or postactiv instance?
+SOCIALINSTANCE=
+
 # Versions used for Arch/Parabola setup
 MBR_VERSION='1.1.11'
 
             shift
             PROJECT_REPO="$1"
             ;;
+        --social|--instance)
+            shift
+            SOCIALINSTANCE="$1"
+            ;;
         -m|--mirror)
             shift
             MIRROR="$1"
             image_setup "$1"
             exit 0
             ;;
+        --local|--localname)
+            shift
+            LOCAL_NAME="$1"
+            ;;
         *)
             # unknown option
             ;;
     IMAGE_NAME="${IMAGE_NAME}-amnesic"
 fi
 
+if [[ "$SOCIALINSTANCE" == "gnusocial" || "$SOCIALINSTANCE" == "postactiv" ]]; then
+    IMAGE_NAME="${IMAGE_NAME}-${SOCIALINSTANCE}"
+fi
+
 cd $TEMPBUILD_DIR
 make $IMAGE_TYPE \
      MYUSERNAME="$USERNAME" \
      VARIANT="$VARIANT" \
      MINIMUM_PASSWORD_LENGTH="$MINIMUM_PASSWORD_LENGTH" \
      INSECURE="$INSECURE" \
-     AMNESIC="$AMNESIC"
+     AMNESIC="$AMNESIC" \
+     SOCIALINSTANCE="$SOCIALINSTANCE" \
+     LOCAL_NAME="$LOCAL_NAME"
 
 if [ ! "$?" = "0" ]; then
     echo $'Build failed'

src/freedombone-image-customise

 set -x
 
 PROJECT_NAME='freedombone'
+LOCAL_NAME=${PROJECT_NAME}
 INSTALL_DIR=/root/build
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 
 # a new identity at every shutdown/boot
 AMNESIC='no'
 
+# Whether this is a dedicated gnusocial or postactiv instance
+SOCIALINSTANCE=
+
 # defines the initial keyboard layout
 KEYBOARD_MAP='gb'
 
 }
 
 configure_networking() {
+    chroot "$rootdir" apt-get -yq install resolvconf
+
     if [[ "$MACHINE" == "beaglebonewifi" ]]; then
         # Allow networking over USB in order to configure the
         # wifi login settings
-        echo 'auto lo' > $rootdir/etc/network/interfaces
-        echo 'iface lo inet loopback' >> $rootdir/etc/network/interfaces
-        echo '' >> $rootdir/etc/network/interfaces
-        echo 'iface usb0 inet static' >> $rootdir/etc/network/interfaces
-        echo '    address 192.168.7.2' >> $rootdir/etc/network/interfaces
-        echo '    netmask 255.255.255.252' >> $rootdir/etc/network/interfaces
-        echo '    network 192.168.7.0' >> $rootdir/etc/network/interfaces
-        echo '    gateway 192.168.7.1' >> $rootdir/etc/network/interfaces
+
+        echo '# This file describes the network interfaces available on your system' > $rootdir/etc/network/interfaces
+        echo '# and how to activate them. For more information, see interfaces(5).' >> $rootdir/etc/network/interfaces
+        echo 'source /etc/network/interfaces.d/*' >> $rootdir/etc/network/interfaces
+
+        echo 'iface usb0 inet static' >> $rootdir/etc/network/interfaces.d/usb
+        echo '    address 192.168.7.2' >> $rootdir/etc/network/interfaces.d/usb
+        echo '    netmask 255.255.255.252' >> $rootdir/etc/network/interfaces.d/usb
+        echo '    network 192.168.7.0' >> $rootdir/etc/network/interfaces.d/usb
+        echo '    gateway 192.168.7.1' >> $rootdir/etc/network/interfaces.d/usb
         return
     fi
 
     fi
 
     if [[ $GENERIC_IMAGE == "no" ]]; then
-        echo "# This file describes the network interfaces available on your system
-# and how to activate them. For more information, see interfaces(5).
-
-# The loopback network interface
-auto lo
-iface lo inet loopback
+        echo '# This file describes the network interfaces available on your system' > $rootdir/etc/network/interfaces
+        echo '# and how to activate them. For more information, see interfaces(5).' >> $rootdir/etc/network/interfaces
+        echo 'source /etc/network/interfaces.d/*' >> $rootdir/etc/network/interfaces
 
-# The primary network interface
-auto eth0
+        echo "auto eth0
 iface eth0 inet static
     address $BOX_IP_ADDRESS
     netmask 255.255.255.0
-    gateway $ROUTER_IP_ADDRESS
-    dns-nameservers $NAMESERVER1 $NAMESERVER2
-        # Example to keep MAC address between reboots
-        #hwaddress ether B5:A2:BE:3F:1A:FE
-
-        # The secondary network interface
-        #auto eth1
-        #iface eth1 inet dhcp
-
-        # WiFi Example
-        #auto wlan0
-        #iface wlan0 inet dhcp
-        #    wpa-ssid \"essid\"
-        #    wpa-psk  \"password\"
-
-        # Ethernet/RNDIS gadget (g_ether)
-        # ... or on host side, usbnet and random hwaddr
-        # Note on some boards, usb0 is automaticly setup with an init script
-        #iface usb0 inet static
-        #    address 192.168.7.2
-        #    netmask 255.255.255.0
-        #    network 192.168.7.0
-        #    gateway 192.168.7.1" > $rootdir/etc/network/interfaces
+    gateway $ROUTER_IP_ADDRESS" > $rootdir/etc/network/interfaces.d/static
 
         hexarray=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )
         a=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
         c=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
         d=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
         e=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
-        sed -i "s|#hwaddress ether.*|hwaddress ether de:$a:$b:$c:$d:$e|g" \
-            $rootdir/etc/network/interfaces
+        echo "hwaddress ether de:$a:$b:$c:$d:$e" > $rootdir/etc/network/interfaces.d/macaddress
     fi
 
-    sed -i "s/nameserver.*/nameserver $NAMESERVER1/g" $rootdir/etc/resolv.conf
-    sed -i "/nameserver $NAMESERVER1/a\nameserver $NAMESERVER2" $rootdir/etc/resolv.conf
+    # configure DNS
+    resolvconf=$rootdir/etc/resolvconf/resolv.conf.d/head
+    echo 'domain localdomain' > $resolvconf
+    echo 'search localdomain' >> $resolvconf
+    echo "nameserver $NAMESERVER1" >> $resolvconf
+    echo "nameserver $NAMESERVER2" >> $resolvconf
+    echo "nameserver $NAMESERVER3" >> $resolvconf
+    echo "nameserver $NAMESERVER4" >> $resolvconf
+    echo "nameserver $NAMESERVER5" >> $resolvconf
+    echo "nameserver $NAMESERVER6" >> $resolvconf
+    chroot "$rootdir" resolvconf -u
 
     if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
         # change the motd to show further install instructions
 }
 
 configure_ssh() {
-    if [[ $VARIANT == "mesh" || $VARIANT == "meshclient" || $VARIANT == "meshusb" ]]; then
+    if [[ $VARIANT == "mesh"* ]]; then
         return
     fi
 
     sed -i "s/Port .*/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config
+    sed -i "s/#Port ${SSH_PORT}/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config
 
     if [[ "$SSH_PUBKEY" != "no" ]]; then
         if [ ! -d $rootdir/home/$MY_USERNAME/.ssh ]; then
         echo "$SSH_PUBKEY" > $rootdir/home/$MY_USERNAME/.ssh/authorized_keys
         chroot $rootdir /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
         sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
+        sed -i 's|#PasswordAuthentication no|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
         echo $"Using ssh public key:"
         echo $SSH_PUBKEY
         echo $'Password ssh authentication turned off'
     fi
 
     # Don't install any configuration. This will be a base system
-    if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
+    if [[ $VARIANT != "mesh"* ]]; then
         CONFIG_FILENAME=
     else
         touch $rootdir/root/.initial_mesh_setup
     echo "    cd /root/${PROJECT_NAME}" >> $rootdir/root/.bashrc
     echo "    git stash" >> $rootdir/root/.bashrc
     echo "    git pull" >> $rootdir/root/.bashrc
-    echo "    git checkout jessie" >> $rootdir/root/.bashrc
+    echo "    git checkout stretch" >> $rootdir/root/.bashrc
     echo "    make install" >> $rootdir/root/.bashrc
 
-    if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then
-        if [[ $ONION_ONLY == "no" ]]; then
-            if [[ $MINIMAL_INSTALL == "no" ]]; then
-                echo "    ${PROJECT_NAME} menuconfig-full" >> $rootdir/root/.bashrc
+    if [[ $VARIANT != "mesh"* && $VARIANT != "usb" ]]; then
+        if [[ "$SOCIALINSTANCE" == "gnusocial" ]]; then
+            echo "    ${PROJECT_NAME} menuconfig-gnusocial" >> $rootdir/root/.bashrc
+        else
+            if [[ "$SOCIALINSTANCE" == "postactiv" ]]; then
+                echo "    ${PROJECT_NAME} menuconfig-postactiv" >> $rootdir/root/.bashrc
             else
-                echo "    ${PROJECT_NAME} menuconfig" >> $rootdir/root/.bashrc
+                if [[ $ONION_ONLY == "no" ]]; then
+                    if [[ $MINIMAL_INSTALL == "no" ]]; then
+                        echo "    ${PROJECT_NAME} menuconfig-full" >> $rootdir/root/.bashrc
+                    else
+                        echo "    ${PROJECT_NAME} menuconfig" >> $rootdir/root/.bashrc
+                    fi
+                else
+                    echo "    ${PROJECT_NAME} menuconfig-onion" >> $rootdir/root/.bashrc
+                fi
             fi
-        else
-            echo "    ${PROJECT_NAME} menuconfig-onion" >> $rootdir/root/.bashrc
         fi
     else
         echo "    echo ''" >> $rootdir/root/.bashrc
     fi
     echo '    if [ "$?" = "0" ]; then' >> $rootdir/root/.bashrc
     echo "        if [ -f ~/${PROJECT_NAME}-completed.txt ]; then" >> $rootdir/root/.bashrc
+    echo "            # Check that the initial setup really did complete" >> $rootdir/root/.bashrc
+    echo "            if grep -q 'tripwire' ~/${PROJECT_NAME}-completed.txt; then" >> $rootdir/root/.bashrc
     # Remove the initial setup files
-    echo '            rm /root/.initial_setup' >> $rootdir/root/.bashrc
-    echo '            rm /home/fbone/.initial_setup' >> $rootdir/root/.bashrc
-    echo "            touch /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
-    echo '            shred -zu ~/login.txt' >> $rootdir/root/.bashrc
-    if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then
-        echo '            SSH_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_ssh/hostname)' >> $rootdir/root/.bashrc
-
-        echo '            if [ ${#SSH_ONION_HOSTNAME} -lt 2 ]; then' >> $rootdir/root/.bashrc
-        echo '                exit 62392' >> $rootdir/root/.bashrc
-        echo '            fi' >> $rootdir/root/.bashrc
-    fi
-    echo "            if [ -f /root/${PROJECT_NAME}-wifi.cfg ]; then" >> $rootdir/root/.bashrc
-    echo "                echo '[Unit]' > /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'Description=WifiStartup (Start wifi networking)' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'After=syslog.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'After=network.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'After=remote-fs.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo '[Service]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'Type=simple' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'User=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'Group=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'WorkingDirectory=/root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'ExecStart=/usr/local/bin/freedombone-wifi --wait 5 2> /dev/null' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo '[Install]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                systemctl enable wifistart" >> $rootdir/root/.bashrc
-    echo "                systemctl daemon-reload" >> $rootdir/root/.bashrc
+    echo '                rm /root/.initial_setup' >> $rootdir/root/.bashrc
+    echo '                rm /home/fbone/.initial_setup' >> $rootdir/root/.bashrc
+    echo "                touch /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
+    echo '                shred -zu ~/login.txt' >> $rootdir/root/.bashrc
+    if [[ $VARIANT != "mesh"* && $VARIANT != "usb" ]]; then
+        echo '                SSH_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_ssh/hostname)' >> $rootdir/root/.bashrc
+
+        echo '                if [ ${#SSH_ONION_HOSTNAME} -lt 2 ]; then' >> $rootdir/root/.bashrc
+        echo '                    exit 62392' >> $rootdir/root/.bashrc
+        echo '                fi' >> $rootdir/root/.bashrc
+    fi
+    echo "                if [ -f /root/${PROJECT_NAME}-wifi.cfg ]; then" >> $rootdir/root/.bashrc
+    echo "                    echo '[Unit]' > /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'Description=WifiStartup (Start wifi networking)' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'After=syslog.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'After=network.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'After=remote-fs.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo '[Service]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'Type=simple' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'User=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'Group=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'WorkingDirectory=/root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'ExecStart=/usr/local/bin/freedombone-wifi --wait 5 2> /dev/null' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo '[Install]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    systemctl enable wifistart" >> $rootdir/root/.bashrc
+    echo "                    systemctl daemon-reload" >> $rootdir/root/.bashrc
+    echo '                fi' >> $rootdir/root/.bashrc
+    echo '                systemctl reboot -i' >> $rootdir/root/.bashrc
     echo '            fi' >> $rootdir/root/.bashrc
-    echo '            reboot' >> $rootdir/root/.bashrc
     echo '        fi' >> $rootdir/root/.bashrc
     echo '    else' >> $rootdir/root/.bashrc
     echo '        key=' >> $rootdir/root/.bashrc
 WIFI_SSID='mesh'
 
 # To avoid confusions these are obtained from the main project file
-TOXID_REPO=
-TOX_PORT=
-TOXCORE_REPO=
-TOXIC_REPO=
-TOXCORE_COMMIT=
-TOXIC_COMMIT=
+#TOXID_REPO=
+#TOX_PORT=
+#TOXCORE_REPO=
+#TOXIC_REPO=
+#TOXCORE_COMMIT=
+#TOXIC_COMMIT=
 # These are some default nodes, but you can replace them with trusted nodes
 # as you prefer. See https://wiki.tox.im/Nodes
-TOX_NODES=
+#TOX_NODES=
 #TOX_NODES=(
 #  '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US'
 #  '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE'
 INSTALLING_MESH=
 
 initialise_mesh() {
-    if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
+    if [[ $VARIANT != "mesh"* ]]; then
         return
     fi
     if [[ $DEBIAN_INSTALL_ONLY != "no" ]]; then
 
         # install proprietary wifi drivers
         # see https://wiki.debian.org/iwlwifi
-        chroot "$rootdir" apt-get -yq install firmware-iwlwifi firmware-b43-installer firmware-brcm80211
+        chroot "$rootdir" apt-get -yq install firmware-iwlwifi firmware-b43-installer firmware-brcm80211 firmware-realtek
     fi
 
     INSTALLING_MESH=1
 
+    chroot "$rootdir" apt-get -yq install apt-transport-https
+
     configure_firewall
     install_avahi
     install_batman
     chroot "$rootdir" apt-get -yq install libtheora-bin libvorbis-dev v4l-utils
 
     # a sane editor
-    chroot "$rootdir" apt-get -yq install emacs24
+    chroot "$rootdir" apt-get -yq install emacs
 
     # for wifi monitoring
     chroot "$rootdir" apt-get -yq install horst
 
     # for sound level control
-    chroot "$rootdir" apt-get -yq install alsa-utils
+    chroot "$rootdir" apt-get -yq install alsa-utils pavucontrol
 
     # to play various media types
     chroot "$rootdir" apt-get -yq install vlc
 
     if [[ $VARIANT == "usb" ]]; then
         # tor
-        chroot "$rootdir" apt-get -y install tor
+        chroot "$rootdir" apt-get -yq install tor
 
         # xmpp client
         chroot "$rootdir" echo "deb ftp://ftp.gajim.org/debian unstable main" > /etc/apt/sources.list.d/gajim.list
         mkdir -p $rootdir/root/build
     fi
     chroot "$rootdir" apt-get -yq install build-essential curl libgnutls28-dev automake1.11 libconfuse-dev
-    git clone $INADYN_REPO $rootdir/root/build/inadyn
+
+    if [ -d /repos/inadyn ]; then
+        mkdir $rootdir/root/build/inadyn
+        cp -r -p /repos/inadyn/. $rootdir/root/build/inadyn
+        cd $rootdir/root/build/inadyn
+        git pull
+    else
+        git clone $INADYN_REPO $rootdir/root/build/inadyn
+    fi
+
     if [ ! -d $rootdir/root/build/inadyn ]; then
         echo 'Failed to clone inadyn'
         exit 728252
     if [ $INSTALLING_MESH ]; then
         return
     fi
-    chroot "$rootdir" apt-get -yq install nfs-kernel-server
+    chroot "$rootdir" apt-get -yq install apt-transport-https
+    chroot "$rootdir" apt-get -yq remove --purge apache2-bin*
+    chroot "$rootdir" apt-get -yq dist-upgrade
+    chroot "$rootdir" apt-get -yq install ca-certificates
+    chroot "$rootdir" apt-get -yq install apt-utils
 
     if [[ $ARCHITECTURE == 'amd64' ]]; then
-        chroot "$rootdir" apt-get -yq install linux-image-amd64 -t jessie-backports
+        chroot "$rootdir" apt-get -yq install linux-image-amd64
     fi
 
     if [[ $ARCHITECTURE == 'qemu'* || $ARCHITECTURE == 'amd64' || $ARCHITECTURE == 'x86_64' || $ARCHITECTURE == 'i686' || $ARCHITECTURE == 'i386' ]]; then
-        chroot "$rootdir" apt-get -yq install grub2
+        chroot "$rootdir" apt-get -yq install grub2 lvm2 initramfs-tools
     fi
 
     chroot "$rootdir" apt-get -yq install locales locales-all debconf
     rm $rootdir/root/sysctl.conf
 
     # all the packages
-    chroot "$rootdir" apt-get -yq install apt-transport-https
-    chroot "$rootdir" apt-get -yq remove --purge apache*
-    chroot "$rootdir" apt-get -yq dist-upgrade
-    chroot "$rootdir" apt-get -yq install ca-certificates
-    chroot "$rootdir" apt-get -yq install apt-utils
     chroot "$rootdir" apt-get -yq install cryptsetup libgfshare-bin obnam sshpass wget avahi-daemon
     chroot "$rootdir" apt-get -yq install avahi-utils avahi-discover connect-proxy openssh-server
     chroot "$rootdir" apt-get -yq install sudo git dialog build-essential avahi-daemon avahi-utils
 
     # Tor and ssh over tor
     chroot "$rootdir" apt-get -yq install tor connect-proxy
+    chroot "$rootdir" connect-proxy
     sed -i 's|#Log notice file.*|Log notice file /dev/null|g' $rootdir/etc/tor/torrc
     sed -i 's|Log notice file.*|Log notice file /dev/null|g' $rootdir/etc/tor/torrc
+    sed -i "s|#AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_DAY_GB GBytes|g" $rootdir/etc/tor/torrc
+    sed -i "s|AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_DAY_GB GBytes|g" $rootdir/etc/tor/torrc
     if ! grep -q 'Host *.onion' $rootdir/root/.ssh/config; then
         if [ ! -d $rootdir/root/.ssh ]; then
             mkdir $rootdir/root/.ssh
     chroot "$rootdir" cd /root/build/tomb && make install
     echo "tomb commit:$TOMB_COMMIT" >> $rootdir/root/freedombone-completed.txt
 
-    if ! grep '* hard maxsyslogins' $rootdir/etc/security/limits.conf; then
+    if ! grep -q '* hard maxsyslogins' $rootdir/etc/security/limits.conf; then
         echo '* hard maxsyslogins 10' >> $rootdir/etc/security/limits.conf
     else
         sed -i 's|hard maxsyslogins.*|hard maxsyslogins 10|g' $rootdir/etc/security/limits.conf
     fi
 
     # Max logins for each user
-    if ! grep '* hard maxlogins' $rootdir/etc/security/limits.conf; then
+    if ! grep -q '* hard maxlogins' $rootdir/etc/security/limits.conf; then
         echo '* hard maxlogins 2' >> $rootdir/etc/security/limits.conf
     else
         sed -i 's|hard maxlogins.*|hard maxlogins 2|g' $rootdir/etc/security/limits.conf
     chroot "$rootdir" apt-get -yq remove postfix
     chroot "$rootdir" apt-get -yq install exim4 exim4-daemon-heavy sasl2-bin swaks libnet-ssleay-perl procmail
     chroot "$rootdir" apt-get -yq install spamassassin
-    #chroot "$rootdir" apt-get -yq install dovecot-core dovecot-imapd
-
-    # TODO generate certs for exim and dovecot if needed on first boot
+    chroot "$rootdir" apt-get -yq install dovecot-imapd
 
     #backup
     chroot "$rootdir" apt-get -yq install obnam gnupg
     echo "gpgit commit:$GPGIT_COMMIT" >> $rootdir/root/freedombone-completed.txt
 
     # email client
-    chroot "$rootdir" apt-get -yq install mutt-patched lynx abook urlview
+    chroot "$rootdir" apt-get -yq install lynx abook urlview mutt
 
     git clone $CLEANUP_MAILDIR_REPO $rootdir/root/build/cleanup-maildir
     cd $rootdir/root/build/cleanup-maildir
 
     # web server
     chroot "$rootdir" apt-get -yq remove --purge apache2
-    chroot "$rootdir" apt-get -yq install nginx php5-fpm
+    chroot "$rootdir" apt-get -yq install nginx php-fpm
     git clone $NGINX_ENSITE_REPO $rootdir/root/build/nginx_ensite
     cd $rootdir/root/build/nginx_ensite
     git checkout $NGINX_ENSITE_COMMIT -b $NGINX_ENSITE_COMMIT
     fi
     chroot "$rootdir" apt-get -yq install tripwire
 
-    # mirroring
-    # cmake
+    # filesystem optimisations
+    #sed -i 's|btrfs subvol=@|btrfs defaults,subvol=@,compress=lzo,ssd|g' $rootdir/etc/fstab
 }
 
 function image_install_nodejs {
-    if [ $INSTALLING_MESH ]; then
+    mesh_install_nodejs
+    #echo 'install_nodejs' >> ${rootdir}/root/${PROJECT_NAME}-completed.txt
+}
+
+function image_preinstall_repos {
+    if [[ $VARIANT == "mesh"* ]]; then
         return
     fi
 
-    chroot "$rootdir" apt-get -yq install nodejs
-    chroot "$rootdir" apt-get -yq install npm curl
+    if [ ! -d $rootdir/repos ]; then
+        mkdir $rootdir/repos
+    fi
+
+    git clone $CMAKE_REPO $rootdir/repos/cmake
+    git clone $INADYN_REPO $rootdir/repos/inadyn
+    git clone $TOMB_REPO $rootdir/repos/tomb
 
-    if [ ! -f $rootdir/usr/bin/nodejs ]; then
-        echo $'nodejs was not installed'
-        exit 63962
+    if [[ $SOCIALINSTANCE == "gnusocial" ]]; then
+        git clone $GNUSOCIAL_REPO $rootdir/repos/gnusocial
+        git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
+        git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
+        git clone $PLEROMA_REPO $rootdir/repos/pleroma
+        return
     fi
-}
 
+    if [[ $SOCIALINSTANCE == "postactiv" ]]; then
+        git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
+        git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
+        git clone $PLEROMA_REPO $rootdir/repos/pleroma
+        git clone $POSTACTIV_REPO $rootdir/repos/postactiv
+        return
+    fi
+
+    git clone $CRYPTPAD_REPO $rootdir/repos/cryptpad
+    git clone $DOKUWIKI_REPO $rootdir/repos/dokuwiki
+    git clone $ETHERPAD_REPO $rootdir/repos/etherpad
+    git clone $FRIENDICA_REPO $rootdir/repos/friendica
+    git clone $GNUSOCIAL_REPO $rootdir/repos/gnusocial
+    git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
+    git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
+    git clone $PLEROMA_REPO $rootdir/repos/pleroma
+    git clone $POSTACTIV_REPO $rootdir/repos/postactiv
+    git clone $SHARINGS_REPO $rootdir/repos/sharings
+    git clone $HTMLY_REPO $rootdir/repos/htmly
+    git clone $HUBZILLA_REPO $rootdir/repos/hubzilla
+    git clone $HUBZILLA_ADDONS_REPO $rootdir/repos/hubzilla-addons
+    git clone $KOEL_REPO $rootdir/repos/koel
+    #git clone $LIBREVAULT_REPO $rootdir/repos/librevault
+    git clone $LYCHEE_REPO $rootdir/repos/lychee
+    git clone $MAILPILE_REPO $rootdir/repos/mailpile
+    git clone $MATRIX_REPO $rootdir/repos/matrix
+    git clone $MEDIAGOBLIN_REPO $rootdir/repos/mediagoblin
+    #git clone $MOVIM_REPO $rootdir/repos/movim
+    git clone $NEXTCLOUD_REPO $rootdir/repos/nextcloud
+    git clone $PIHOLE_REPO $rootdir/repos/pihole
+    git clone $PROFANITY_REPO $rootdir/repos/profanity
+    git clone $LIBMESODE_REPO $rootdir/repos/libmesode
+    git clone $PROFANITY_OMEMO_PLUGIN_REPO $rootdir/repos/profanity-omemo
+    git clone $RSS_READER_REPO $rootdir/repos/rss
+    git clone $RSS_MOBILE_READER_REPO $rootdir/repos/rss-mobile
+    git clone $SEARX_REPO $rootdir/repos/searx
+    git clone $TOXCORE_REPO $rootdir/repos/toxcore
+    git clone $TOXID_REPO $rootdir/repos/toxid
+    git clone $TOXIC_REPO $rootdir/repos/toxic
+    git clone $TURTL_REPO $rootdir/repos/turtl
+    #git clone $ZERONET_REPO $rootdir/repos/zeronet
+    #git clone $QTOX_REPO $rootdir/repos/qtox
+}
 
 ##############################################################################
 
     DEBIAN_REPO='ftp.de.debian.org'
 fi
 if [ ! $DEBIAN_VERSION ]; then
-    DEBIAN_VERSION='jessie'
+    DEBIAN_VERSION='stretch'
 fi
 
 set_apt_sources $BUILD_MIRROR
     chroot "$rootdir" gdebi -n /tmp/"$(basename $CUSTOM_SETUP)"
 fi
 
-if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "mesh" ]]; then
+if [[ $VARIANT != "mesh"* ]]; then
     chroot "$rootdir" apt-get install -y openssh-server
 fi
 chroot "$rootdir" apt-get install -y sudo git dialog build-essential
 chroot "$rootdir" apt-get install -y locales locales-all debconf wireless-tools wpasupplicant usbutils
 if [[ $ARCHITECTURE == 'qemu'* || $ARCHITECTURE == 'i386' || $ARCHITECTURE == 'i686' || $ARCHITECTURE == 'amd64' || $ARCHITECTURE == 'x86_64' ]]; then
     chroot "$rootdir" apt-get install -y cryptsetup zsh pinentry-curses iotop bc
-    chroot "$rootdir" apt-get install -y grub2 hostapd
+    chroot "$rootdir" apt-get install -y grub2 hostapd lvm2 initramfs-tools
 fi
 
-sed -i "s|#host-name=.*|host-name=${PROJECT_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
-sed -i "s|host-name=.*|host-name=${PROJECT_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
+sed -i "s|#host-name=.*|host-name=${LOCAL_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
+sed -i "s|host-name=.*|host-name=${LOCAL_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
+sed -i "s|use-ipv4=.*|use-ipv4=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
+sed -i "s|use-ipv6=.*|use-ipv6=no|g" $rootdir/etc/avahi/avahi-daemon.conf
+sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
+sed -i "s|hosts:.*|hosts:          files mdns4_minimal dns mdns4 mdns|g" $rootdir/etc/nsswitch.conf
+
+# Add an ssh avahi service
+echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/ssh.service
+echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/ssh.service
+echo '<service-group>' >> $rootdir/etc/avahi/services/ssh.service
+echo '  <name replace-wildcards="yes">%h SSH</name>' >> $rootdir/etc/avahi/services/ssh.service
+echo '  <service>' >> $rootdir/etc/avahi/services/ssh.service
+echo '    <type>_ssh._tcp</type>' >> $rootdir/etc/avahi/services/ssh.service
+echo "    <port>$SSH_PORT</port>" >> $rootdir/etc/avahi/services/ssh.service
+echo '  </service>' >> $rootdir/etc/avahi/services/ssh.service
+echo '</service-group>' >> $rootdir/etc/avahi/services/ssh.service
+
+# Ensure that the avahi daemon keeps running
+WATCHDOG_SCRIPT_NAME="keepon"
+echo '#!/bin/bash' > $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+echo 'LOGFILE=/var/log/keepon.log' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+echo 'CURRENT_DATE=$(date)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+echo "# keep avahi-daemon daemon running" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+echo "RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+echo 'if [ ! $RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+echo "  systemctl start avahi-daemon" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+echo "  echo \"avahi-daemon daemon restarted\" >> \$LOGFILE" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+echo "# End of avahi-daemon" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+echo "*/1            * *   *   *   root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> $rootdir/etc/crontab
 
 chroot "$rootdir" /bin/bash -x <<EOF
 git clone $PROJECT_REPO /root/$PROJECT_NAME
 cd /root/$PROJECT_NAME
-git checkout jessie
+git checkout stretch
 make install
+cp image_build/bbb-4.9.0.tar.gz /boot/bbb.tar.gz
 EOF
 
 chroot "$rootdir" ${PROJECT_NAME}-image-hardware-setup 2>&1 | \
 # Set up HRNG for systems known to have one
 # Otherwise install haveged
 if [[ "$MACHINE" != "beaglebone"* ]]; then
-    chroot $rootdir apt-get -yq install haveged
+    # With some VMs, the hardware cycles counter is emulated and deterministic,
+    # and thus predictible, so havege should not be used
+    if [[ "$MACHINE" != "qemu"* ]]; then
+        chroot $rootdir apt-get -yq install haveged
+    fi
 else
     chroot $rootdir apt-get -yq install rng-tools
     sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' $rootdir/etc/default/rng-tools
 image_setup_utils
 image_install_inadyn
 image_install_nodejs
+image_preinstall_repos
 
 # remove downloaded packages
 chroot $rootdir apt-get -y autoremove

src/freedombone-image-hardware-setup

     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
-    bbb_loadaddr='0x80200000'
-    bbb_initrd_addr='0x81000000'
-    bbb_fdtaddr='0x80F80000'
-    if [[ "$bbb_version" == "wireless" ]]; then
-        bbb_loadaddr='0x82000000'
-        bbb_initrd_addr='0x88080000'
-        bbb_fdtaddr='0x88000000'
-    fi
+    bbb_loadaddr='0x82000000'
+    bbb_initrd_addr='0x88080000'
+    bbb_fdtaddr='0x88000000'
 
     # uEnv.txt for Beaglebone
     # based on https://github.com/beagleboard/image-builder/blob/master/target/boot/beagleboard.org.txt
 loadfdt=load mmc \${mmcdev}:\${mmcpart} \${fdtaddr} /dtbs/\${fdtfile}
 
 loadfiles=run loadkernel; run loadinitrd; run loadfdt
-mmcargs=setenv bootargs console=tty0 console=\${console} root=\${mmcroot} rootfstype=\${mmcrootfstype} rootflags=\${mmcrootflags}
+mmcargs=setenv bootargs init=/lib/systemd/systemd console=tty0 console=\${console} root=\${mmcroot} rootfstype=\${mmcrootfstype} rootflags=\${mmcrootflags} ifnames=0 slub_debug=FZP slab_nomerge page_poison=1
 
 uenvcmd=run loadfiles; run mmcargs; bootz \${loadaddr} \${initrd_addr}:\${initrd_size} \${fdtaddr}
 EOF
 
     echo "info: repacking beaglebone kernel and initrd"
 
-    if [ ! $bbb_version ]; then
-        kernelVersion=$(ls /usr/lib/*/am335x-boneblack.dtb | head -1 | cut -d/ -f4)
-    else
-        kernelVersion=$(ls /usr/lib/*/am335x-boneblack-${1}.dtb | head -1 | cut -d/ -f4)
+    bbb_dtb='am335x-boneblack'
+    if [ $bbb_version ]; then
+        bbb_dtb="am335x-boneblack-${bbb_version}"
     fi
+
+    kernelVersion=$(ls /usr/lib/*/${bbb_dtb}.dtb | head -1 | cut -d/ -f4)
     version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
+    # optionally use a separately compiled kernel
+    bbb_dtb_file=/usr/lib/$kernelVersion/${bbb_dtb}.dtb
+    #if [ -f /boot/bbb.tar.gz ]; then
+    #    cd /boot
+    #    tar -xzvf /boot/bbb.tar.gz
+    #    if [ -f /boot/bbb/dtbs/${bbb_dtb}.dtb ]; then
+    #        if [ -f /boot/bbb/zImage ]; then
+    #            bbb_dtb_file=/boot/bbb/dtbs/${bbb_dtb}.dtb
+    #            vmlinuz=/boot/bbb/zImage
+    #        fi
+    #    fi
+    #fi
+
     mkdir /tmp/initrd-repack
 
     (cd /tmp/initrd-repack ; \
 
     rm -rf /tmp/initrd-repack
 
-    if [ ! $bbb_version ]; then
-        (cd /boot ; \
-         cp /usr/lib/$kernelVersion/am335x-boneblack.dtb dtb ; \
-         cat $vmlinuz dtb >> temp-kernel ; \
-         mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
-                 -C none -a 0x80200000 -e 0x80200000 -d temp-kernel uImage ; \
-         rm -f temp-kernel ; \
-         mkimage -A arm -O linux -T ramdisk -C gzip -a 0x81000000 -e 0x81000000 \
-                 -n "Debian ramdisk ${version}" \
-                 -d $initRd uInitrd )
-    else
-        (cd /boot ; \
-         cp /usr/lib/$kernelVersion/am335x-boneblack-${bbb_version}.dtb dtb ; \
-         cat $vmlinuz dtb >> temp-kernel ; \
-         mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
-                 -C none -a 0x82000000 -e 0x82000000 -d temp-kernel uImage ; \
-         rm -f temp-kernel ; \
-         mkimage -A arm -O linux -T ramdisk -C gzip -a 0x88080000 -e 0x88080000 \
-                 -n "Debian ramdisk ${version}" \
-                 -d $initRd uInitrd )
-    fi
+    (cd /boot ; \
+     cp ${bbb_dtb_file} dtb ; \
+     cat $vmlinuz dtb >> temp-kernel ; \
+     mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
+             -C none -a 0x82000000 -e 0x82000000 -d temp-kernel uImage ; \
+     rm -f temp-kernel ; \
+     mkimage -A arm -O linux -T ramdisk -C gzip -a 0x88080000 -e 0x88080000 \
+             -n "Debian ramdisk ${version}" \
+             -d $initRd uInitrd )
 }
 
 a20_setup_boot() {
 setenv loadfdt load mmc \${mmcdev}:\${mmcpart} \${fdtaddr} /dtbs/\${fdtfile}
 
 setenv loadfiles run loadkernel\\; run loadinitrd\\; run loadfdt
-setenv mmcargs setenv bootargs console=\${console} root=\${mmcroot} rootfstype=\${mmcrootfstype} rootflags=\${mmcrootflags}
+setenv mmcargs setenv bootargs init=/lib/systemd/systemd console=\${console} root=\${mmcroot} rootfstype=\${mmcrootfstype} rootflags=\${mmcrootflags} ifnames=0 slub_debug=FZP slab_nomerge page_poison=1
 
 run loadfiles; run mmcargs; bootz \${loadaddr} \${initrd_addr}:\${initrd_size} \${fdtaddr}
 EOF

src/freedombone-image-make

 export MINIMUM_PASSWORD_LENGTH
 export INSECURE
 export AMNESIC
+export SOCIALINSTANCE
+export LOCAL_NAME
 
 # Locate vmdebootstrap program fetched in Makefile
 basedir=`pwd`
 
 # Packages to install in all Freedombone environments
 base_pkgs="apt base-files ifupdown initramfs-tools \
-logrotate module-init-tools netbase rsyslog udev debian-archive-keyring"
+logrotate kmod netbase rsyslog udev debian-archive-keyring"
 
 # Packages needed on the beaglebone
 beaglebone_pkgs="linux-image-armmp u-boot-tools u-boot"
 sed -i "s|MINIMUM_PASSWORD_LENGTH=.*|MINIMUM_PASSWORD_LENGTH=\"${MINIMUM_PASSWORD_LENGTH}\"|g" $TEMP_CUSTOMISE3
 sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" $TEMP_CUSTOMISE3
 sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" $TEMP_CUSTOMISE3
+sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" $TEMP_CUSTOMISE3
+sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" $TEMP_CUSTOMISE3
 sed -i 's|#!/bin/bash||g' $TEMP_CUSTOMISE3
 
 cat $TEMP_CUSTOMISE2 $TEMP_CUSTOMISE3 > $TEMP_CUSTOMISE4

src/freedombone-image-makefile

 BUILD_MIRROR ?= http://httpredir.debian.org/debian
 IMAGE_SIZE ?= 8G
 IMAGE_NAME ?= 'full'
-SUITE ?= jessie
+SUITE ?= stretch
 # include source packages in image?
 SOURCE ?= false
 

src/freedombone-image-mesh

 
 DEFAULT_USERNAME=fbone
 
-GO_VERSION=1.7
-
 TOX_NODES=
 #TOX_NODES=(
 #  '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US'
 
 CURRENT_BLOG_INDEX=/home/$MY_USERNAME/.blog-index
 
+# Debian stretch has a problem where the formerly predictable wlan0 and eth0
+# device names get assigned random names. This is a hacky workaround.
+# Also adding net.ifnames=0 to kernel options on bootloader may work.
+function enable_predictable_device_names {
+    ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules
+    update-initramfs -u
+}
+
 function create_avahi_mesh_service {
     service_name=$1
     service_type=$2
 
 function make_root_read_only {
     if [ ! -d /home/$MY_USERNAME/Desktop ]; then
-        if ! grep 'ro,subvol=@' /etc/fstab; then
+        if ! grep -q 'ro,subvol=@' /etc/fstab; then
             sed -i 's|subvol=@|ro,subvol=@|g' /etc/fstab
             echo $'Root filesystem set to read only' >> $INSTALL_LOG
         fi
 
     #tomb slam all
     tmp_ram_disk 100
+    enable_predictable_device_names
     enable_batman_daemon
     #create_ram_disk 1
     #setup_amnesic_data
             rm /usr/share/images/desktop-base/desktop-background
             ln -s /usr/share/images/desktop-base/${PROJECT_NAME}_mesh_background.png /usr/share/images/desktop-base/desktop-background
         fi
-        reboot
+        if [ -f /etc/default/grub ]; then
+            update-grub
+        fi
+        systemctl reboot -i
     fi
 fi
 

src/freedombone-keydrive

 # License
 # =======
 #
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 
 while [[ $# > 1 ]]
 do
-key="$1"
+    key="$1"
 
-case $key in
-    -h|--help)
-    show_help
-    ;;
-    -u|--user)
+    case $key in
+        -h|--help)
+            show_help
+            ;;
+        -u|--user)
+            shift
+            MY_USERNAME="$1"
+            ;;
+        -d|--dev)
+            shift
+            if [[ "${1}" != '/dev/'* ]]; then
+                USB_DRIVE=/dev/${1}1
+            else
+                USB_DRIVE=${1}
+            fi
+            ;;
+        -m|--master)
+            shift
+            MASTER_DRIVE="$1"
+            ;;
+        -n|--fragments)
+            shift
+            KEY_FRAGMENTS=$1
+            ;;
+        -f|--format)
+            shift
+            FORMAT="yes"
+            ;;
+        *)
+            # unknown option
+            ;;
+    esac
     shift
-    MY_USERNAME="$1"
-    ;;
-    -d|--dev)
-    shift
-    USB_DRIVE=/dev/${1}1
-    ;;
-    -m|--master)
-    shift
-    MASTER_DRIVE="$1"
-    ;;
-    -n|--fragments)
-    shift
-    KEY_FRAGMENTS=$1
-    ;;
-    -f|--format)
-    shift
-    FORMAT="yes"
-    ;;
-    *)
-    # unknown option
-    ;;
-esac
-shift
 done
 
 if [ ! $MY_USERNAME ]; then
 fi
 
 if [ ! -b $USB_DRIVE ]; then
-  echo $'Please attach a USB drive'
-  exit 65743
+    echo $'Please attach a USB drive'
+    exit 65743
 fi
 
 umount -f $USB_MOUNT
 if [ ! -d $USB_MOUNT ]; then
-  mkdir $USB_MOUNT
+    mkdir $USB_MOUNT
 fi
 if [ -f /dev/mapper/encrypted_usb ]; then
-  rm -rf /dev/mapper/encrypted_usb
+    rm -rf /dev/mapper/encrypted_usb
 fi
 cryptsetup luksClose encrypted_usb
 
 # optionally format the drive
 if [[ $FORMAT == "yes" ]]; then
-  ${PROJECT_NAME}-format ${USB_DRIVE::-1}
-  if [ ! "$?" = "0" ]; then
-      exit 36823
-  fi
+    ${PROJECT_NAME}-format ${USB_DRIVE::-1}
+    if [ ! "$?" = "0" ]; then
+        exit 36823
+    fi
 fi
 
 cryptsetup luksOpen $USB_DRIVE encrypted_usb
 if [ "$?" = "0" ]; then
-  USB_DRIVE=/dev/mapper/encrypted_usb
+    USB_DRIVE=/dev/mapper/encrypted_usb
 fi
 mount $USB_DRIVE $USB_MOUNT
 if [ ! "$?" = "0" ]; then
-  echo $"There was a problem mounting the USB drive to $USB_MOUNT"
-  rm -rf $USB_MOUNT
-  exit 78543
+    echo $"There was a problem mounting the USB drive to $USB_MOUNT"
+    rm -rf $USB_MOUNT
+    exit 78543
 fi
 
 # optionally create a master drive which contains the full GPG keyring
 if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]]; then
-  if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
-      echo $"No .gnupg directory was found for $MY_USERNAME"
-      umount -f $USB_MOUNT
-      rm -rf $USB_MOUNT
-      exit 73025
-  fi
-  cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
-  if [ -d /etc/letsencrypt ]; then
-      cp -rf /etc/letsencrypt $USB_MOUNT
-      echo $"LetsEncrypt keys copied to $USB_DRIVE"
-  fi
-  if [ -d $USB_MOUNT/.gnupg ]; then
-      echo $"GPG Keyring copied to $USB_DRIVE. You may now remove the drive."
-  else
-      echo $"Unable to copy gpg keyring to $USB_DRIVE"
-  fi
-  umount -f $USB_MOUNT
-  rm -rf $USB_MOUNT
-  exit 0
+    if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
+        echo $"No .gnupg directory was found for $MY_USERNAME"
+        umount -f $USB_MOUNT
+        rm -rf $USB_MOUNT
+        exit 73025
+    fi
+
+    # export the gpg key and backup key as text
+    # so that it may be imported at the beginning of new installs
+    GPG_TTY=$(tty)
+    export GPG_TTY
+
+    USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
+    GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
+    GPG_BACKUP_ID=$(su -m root -c "gpg --list-keys \"(backup key)\" | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
+
+    gpgerrstr=$'error'
+    gpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_ID)
+    if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
+        echo $'Problem exporting public gpg key'
+        echo "$gpgkey"
+        exit 735282
+    fi
+    echo ''
+    echo $'Enter your gpg private key passphrase:'
+    gpgprivkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_ID)
+    if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
+        echo $'Problem exporting private gpg key'
+        echo "$gpgprivkey"
+        gpgprivkey=
+        exit 629362
+    fi
+
+    # Dummy password to get around not being able to create a key without passphrase
+    BACKUP_DUMMY_PASSWORD='backup'
+
+    backupgpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_BACKUP_ID)
+    if [[ "$backupgpgkey" == *"$gpgerrstr"* ]]; then
+        echo $'Problem exporting public gpg backup key'
+        echo "$backupgpgkey"
+        exit 735282
+    fi
+    backupgpgprivkey=$(echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_BACKUP_ID)
+    if [[ "$backupgpgprivkey" == *"$gpgerrstr"* ]]; then
+        echo $'Problem exporting private gpg backup key'
+        echo "$backupgpgprivkey"
+        backupgpgprivkey=
+        exit 629362
+    fi
+
+    echo "$gpgkey" > $USB_MOUNT/.mastergpgkey
+    echo "$gpgprivkey" >> $USB_MOUNT/.mastergpgkey
+    echo "$backupgpgkey" > $USB_MOUNT/.backupgpgkey
+    echo "$backupgpgprivkey" >> $USB_MOUNT/.backupgpgkey
+
+    cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
+
+    if [ -d /etc/letsencrypt ]; then
+        cp -rf /etc/letsencrypt $USB_MOUNT
+        echo $"LetsEncrypt keys copied to $USB_DRIVE"
+    fi
+    if [ -d $USB_MOUNT/.gnupg ]; then
+        echo $"GPG Keyring copied to $USB_DRIVE. You may now remove the drive."
+    else
+        echo $"Unable to copy gpg keyring to $USB_DRIVE"
+    fi
+    umount -f $USB_MOUNT
+    rm -rf $USB_MOUNT
+    exit 0
 fi
 
 # Don't use the USB drive if it already contains a full keyring
 if [ -d $USB_MOUNT/.gnupg ]; then
-  echo $'A full GPG keyring already exists on the USB drive.'
-  echo $'Either reformat the USB drive or use a different drive.'
-  umount -f $USB_MOUNT
-  rm -rf $USB_MOUNT
-  exit 3392
+    echo $'A full GPG keyring already exists on the USB drive.'
+    echo $'Either reformat the USB drive or use a different drive.'
+    umount -f $USB_MOUNT
+    rm -rf $USB_MOUNT
+    exit 3392
 fi
 
 # Append the username as a subdirectory.
 
 # make a directory to contain the fragments
 if [ ! -d $FRAGMENTS_DIR ]; then
-  mkdir -p $FRAGMENTS_DIR
-  echo $"Made directory $FRAGMENTS_DIR"
+    mkdir -p $FRAGMENTS_DIR
+    echo $"Made directory $FRAGMENTS_DIR"
 fi
 if [ ! -d $FRAGMENTS_DIR ]; then
-  echo $"There was a problem making the directory $FRAGMENTS_DIR"
-  umount -f $USB_MOUNT
-  rm -rf $USB_MOUNT
-  exit 6843
+    echo $"There was a problem making the directory $FRAGMENTS_DIR"
+    umount -f $USB_MOUNT
+    rm -rf $USB_MOUNT
+    exit 6843
 fi
 
 cd $FRAGMENTS_DIR

src/freedombone-logging

 
 WEBSERVER_LOG_LEVEL='warn'
 
+# Shredding could be used here, but especially on microSD
+# or SSD it's debatable how useful shredding really is.
+# Also the shred command can be very slow on Beaglebone Black
+REMOVE_FILES_COMMAND='rm -rf'
+
+APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+for f in $APP_FILES
+do
+    source $f
+done
+
+APPS_AVAILABLE=()
+
+function logging_get_app_names {
+    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+
+    for filename in $FILES
+    do
+        app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
+        if grep -q "logging_on_" ${filename}; then
+            if grep -q "logging_off_" ${filename}; then
+                APPS_AVAILABLE+=("${app_name}")
+            fi
+        fi
+    done
+}
+
+function turn_logging_on {
+    logging_get_app_names
+
+    for a in "${APPS_AVAILABLE[@]}"
+    do
+        echo $"Turning on logging for ${a}"
+        logging_on_${a}
+    done
+}
+
+function turn_logging_off {
+    logging_get_app_names
+
+    for a in "${APPS_AVAILABLE[@]}"
+    do
+        echo $"Turning off logging for ${a}"
+        logging_off_${a}
+    done
+}
+
 function turn_off_rsys_logging {
     sed -i 's|mail,news.none.*|mail,news.none      /dev/null|g' /etc/rsyslog.conf
     sed -i 's|auth,authpriv.\*.*|auth,authpriv.\*         /dev/null|g' /etc/rsyslog.conf
     sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none      /dev/null|g' /etc/rsyslog.conf
     sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
     sed -i 's|cron.\*.*|cron.\*             /dev/null|g' /etc/rsyslog.conf
-    shred -zu /var/log/wtmp*
-    shred -zu /var/log/debug*
-    shred -zu /var/log/cron.*
-    shred -zu /var/log/auth.*
-    shred -zu /var/log/mail.*
-    shred -zu /var/log/daemon.*
-    shred -zu /var/log/user.*
-    shred -zu /var/log/messages*
+    $REMOVE_FILES_COMMAND /var/log/wtmp*
+    $REMOVE_FILES_COMMAND /var/log/debug*
+    $REMOVE_FILES_COMMAND /var/log/cron.*
+    $REMOVE_FILES_COMMAND /var/log/auth.*
+    $REMOVE_FILES_COMMAND /var/log/mail.*
+    $REMOVE_FILES_COMMAND /var/log/daemon.*
+    $REMOVE_FILES_COMMAND /var/log/user.*
+    $REMOVE_FILES_COMMAND /var/log/messages*
 }
 
 function turn_on_rsys_logging {
 fi
 
 if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
-    if [ -f /var/lib/matrix/homeserver.yaml ]; then
-        sed -i 's|log_file:.*|log_file: /etc/matrix/homeserver.log|g' /var/lib/matrix/homeserver.yaml
-        if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
-            sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
-        fi
-    fi
+    turn_logging_on
+
     if [ -f /etc/fail2ban/fail2ban.conf ]; then
         sed -i 's|loglevel.*|loglevel = 3|g' /etc/fail2ban/fail2ban.conf
         sed -i 's|logtarget.*|logtarget = /var/log/fail2ban.log|g' /etc/fail2ban/fail2ban.conf
     fi
     if [ -d /etc/tor ]; then
-        if [ ! -f /var/log/tor.log ]; then
-            touch /var/log/tor.log
-            chown debian-tor:debian-tor /var/log/tor.log
+        if [ ! -d /var/log/tor ]; then
+            mkdir /var/log/tor
+            chown -R debian-tor:adm /var/log/tor
         fi
-        sed -i 's|#Log notice file.*|Log notice file /var/log/tor.log|g' /etc/tor/torrc
-        sed -i 's|Log notice file.*|Log notice file /var/log/tor.log|g' /etc/tor/torrc
-    fi
-    if [ -f /etc/mumble-server.ini ]; then
-        sed -i 's|logfile=.*|logfile=/var/log/mumble-server.log|g' /etc/mumble-server.ini
+        if [ ! -f /var/log/tor/notices.log ]; then
+            touch /var/log/tor/notices.log
+            chown debian-tor:adm /var/log/tor/notices.log
+        fi
+        sed -i 's|#Log notice file.*|Log notice file /var/log/tor/notices.log|g' /etc/tor/torrc
+        sed -i 's|Log notice file.*|Log notice file /var/log/tor/notices.log|g' /etc/tor/torrc
     fi
-    if [ -f /etc/php5/fpm/php-fpm.conf ]; then
-        sed -i 's|error_log =.*|error_log = /var/log/php5-fpm.log|g' /etc/php5/fpm/php-fpm.conf
+    if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
+        sed -i 's|error_log =.*|error_log = /var/log/php-fpm.log|g' /etc/php/7.0/fpm/php-fpm.conf
     fi
     if [ -d /etc/nginx ]; then
         if [ ! -d /var/log/nginx ]; then
     if [ -f /etc/init.d/spamassassin ]; then
         sed -i 's|DOPTIONS="-s null -d --pidfile=$PIDFILE"|DOPTIONS="-d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
     fi
-    if [ -d /etc/prosody ]; then
-        if [ ! -d /var/log/prosody ]; then
-            mkdir /var/log/prosody
-            chown root:adm /var/log/prosody
-        fi
-        sed -i 's|info = "/dev/null";|info = "/var/log/prosody/prosody.log";|g' /etc/prosody/prosody.cfg.lua
-        sed -i 's|error = "/dev/null";|error = "/var/log/prosody/prosody.err";|g' /etc/prosody/prosody.cfg.lua
-        sed -i 's|levels = { "error" }; to = "/dev/null";|levels = { "error" }; to = "syslog";|g' /etc/prosody/prosody.cfg.lua
-    fi
     if [ -d /etc/exim4 ]; then
         if [ ! -d /var/log/exim4 ]; then
             mkdir /var/log/exim4
     fi
     turn_on_rsys_logging
 else
-    if [ -f /var/lib/matrix/homeserver.yaml ]; then
-        sed -i 's|log_file:.*|log_file: /dev/null|g' /var/lib/matrix/homeserver.yaml
-        if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
-            sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
-        fi
-        if [ -f /etc/matrix/homeserver.log ]; then
-            shred -zu /etc/matrix/homeserver.log
-        fi
-        if [ -f /etc/matrix/homeserver.log.1 ]; then
-            shred -zu /etc/matrix/homeserver.log.1
-        fi
-    fi
+    turn_logging_off
+
     if [ -d /etc/tor ]; then
         sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
         sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
-        if [ -d /var/log/tor ]; then
-            shred -zu /var/log/tor/*
-            rm -rf /var/log/tor
-        fi
-    fi
-    if [ -f /etc/mumble-server.ini ]; then
-        sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
-        if [ -d /var/log/mumble-server ]; then
-            shred -zu /var/log/mumble-server/*
-            rm -rf /var/log/mumble-server
-        fi
     fi
     if [ -d /var/log/radicale ]; then
-        shred -zu /var/log/radicale/*
+        $REMOVE_FILES_COMMAND /var/log/radicale/*
         rm -rf /var/log/radicale
     fi
-    if [ -f /etc/php5/fpm/php-fpm.conf ]; then
-        sed -i 's|error_log =.*|error_log = /dev/null|g' /etc/php5/fpm/php-fpm.conf
-        shred -zu /var/log/php5-fpm.*
+    if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
+        sed -i 's|error_log =.*|error_log = /dev/null|g' /etc/php/7.0/fpm/php-fpm.conf
+        $REMOVE_FILES_COMMAND /var/log/php-fpm.*
     fi
     if [ -d /etc/nginx ]; then
         for filename in /etc/nginx/sites-available/* ; do
         done
         sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf
         sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf
-        shred -zu /var/log/nginx/*
+        $REMOVE_FILES_COMMAND /var/log/nginx/*
     fi
     if [ -f /etc/init.d/spamassassin ]; then
         sed -i 's|DOPTIONS="-d --pidfile=$PIDFILE"|DOPTIONS="-s null -d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
     fi
-    if [ -d /etc/prosody ]; then
-        sed -i 's|info = "/var/log/prosody/prosody.log";|info = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
-        sed -i 's|error = "/var/log/prosody/prosody.err";|error = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
-        sed -i 's|levels = { "error" }; to = "syslog";|levels = { "error" }; to = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
-        shred -zu /var/log/prosody/*
-        rm -rf /var/log/prosody
-    fi
     if [ -d /etc/exim4 ]; then
         sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
         sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/exim4.conf.template
         sed -i 's|log_selector =.*|log_selector = -all|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector
-        shred -zu /var/log/exim4/*
+        $REMOVE_FILES_COMMAND /var/log/exim4/*
     fi
     if [ -f /etc/dovecot/dovecot.conf ]; then
         sed -i 's|log_path =.*|log_path = /dev/null|g' /etc/dovecot/dovecot.conf
         sed -i 's|info_log_path =.*|info_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
         sed -i 's|debug_log_path =.*|debug_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
-        shred -zu /var/log/mail.*
-        shred -zu /var/log/dovecot*
+        $REMOVE_FILES_COMMAND /var/log/mail.*
+        $REMOVE_FILES_COMMAND /var/log/dovecot*
     fi
     if [ -d /etc/mysql ]; then
         if [ -d /var/log/mysql ]; then
-            shred -zu /var/log/mysql/*
+            $REMOVE_FILES_COMMAND /var/log/mysql/*
         fi
         if [ -f /var/log/mysql.err ]; then
-            shred -zu /var/log/mysql.err
+            $REMOVE_FILES_COMMAND /var/log/mysql.err
         fi
         if [ -f /var/log/mysql.log ]; then
-            shred -zu /var/log/mysql.log
+            $REMOVE_FILES_COMMAND /var/log/mysql.log
         fi
         if [ -f /etc/mysql/my.cnf ]; then
             sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf
     if [ -f /etc/fail2ban/fail2ban.conf ]; then
         sed -i 's|loglevel.*|loglevel = 1|g' /etc/fail2ban/fail2ban.conf
         sed -i 's|logtarget.*|logtarget = /dev/null|g' /etc/fail2ban/fail2ban.conf
-        shred -zu /var/log/fail2ban.*
+        $REMOVE_FILES_COMMAND /var/log/fail2ban.*
     fi
     turn_off_rsys_logging
 fi
 
+if [ -d /etc/exim4 ]; then
+    update-exim4.conf.template -r
+    update-exim4.conf
+    dpkg-reconfigure --frontend noninteractive exim4-config
+fi
+
+if [[ "$2" == "--reboot"* || "$2" == "--restart"* ]]; then
+    # if we are rebooting anyway then there is no need to
+    # restart the daemons
+    exit 0
+fi
+
+if [ -d /etc/exim4 ]; then
+    systemctl restart exim4
+fi
 systemctl restart syslog
 if [ -d /etc/tor ]; then
     if [[ "$2" != "--onion" ]]; then
     fi
 fi
 if [ -d /etc/nginx ]; then
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
     systemctl restart nginx
 fi
 if [ -f /etc/init.d/spamassassin ]; then
 if [ -d /etc/prosody ]; then
     systemctl restart prosody
 fi
-if [ -d /etc/exim4 ]; then
-    update-exim4.conf.template -r
-    update-exim4.conf
-    dpkg-reconfigure --frontend noninteractive exim4-config
-    systemctl restart exim4
-fi
 if [ -d /etc/dovecot ]; then
     systemctl restart dovecot
 fi

src/freedombone-mesh

 PEERS_FILE=/tmp/meshpeers.txt
 
 TOX_PORT=33445
-TOXCORE_REPO='git://github.com/irungentoo/toxcore.git'
+TOXCORE_REPO='https://github.com/irungentoo/toxcore'
 TOXCORE_COMMIT=
 # obtain tox values from main install
 if grep -q "TOX_PORT=" $CONFIG_FILE; then
 
     sudo apt-get -yq install build-essential libtool autotools-dev
     sudo apt-get -yq install automake checkinstall check git yasm
-    sudo apt-get -yq install libsodium13 libsodium-dev libcap2-bin
+    sudo apt-get -yq install libsodium18 libsodium-dev libcap2-bin
     sudo apt-get -yq install libconfig9 libconfig-dev
 
     if [ ! -d ~/develop ]; then
     sudo cp /tmp/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
     rm /tmp/tox-bootstrapd.conf
 
-    if [ -f /bin/systemctl ]; then
-        if [ ! -f ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service ]; then
-            echo $"File not found ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service"
-            exit 7359
-        fi
-        sudo cp ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/
-
-        sudo systemctl daemon-reload
-        sudo systemctl enable tox-bootstrapd.service
-        sudo systemctl start tox-bootstrapd.service
-        if [ ! "$?" = "0" ]; then
-            sudo systemctl status tox-bootstrapd.service
-            exit 5846
-        fi
+    if [ ! -f ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service ]; then
+        echo $"File not found ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service"
+        exit 7359
+    fi
+    sudo cp ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/
 
-        sudo systemctl restart tox-bootstrapd.service
-    else
-        sudo cp ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.sh /etc/init.d/tox-bootstrapd
-        sudo chmod 755 /etc/init.d/tox-bootstrapd
-        sudo update-rc.d tox-bootstrapd defaults
-        sudo service tox-bootstrapd start
+    sudo systemctl daemon-reload
+    sudo systemctl enable tox-bootstrapd.service
+    sudo systemctl start tox-bootstrapd.service
+    if [ ! "$?" = "0" ]; then
+        sudo systemctl status tox-bootstrapd.service
+        exit 5846
     fi
 
+    sudo systemctl restart tox-bootstrapd.service
+
     TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | awk -F ' ' '{print $8}' | tail -1)
     if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
         echo $'Could not obtain the tox node public key'

src/freedombone-mesh-batman

 CELLID='any'
 
 CHANNEL=2
+HOTSPOT_CHANNEL=6
 if [ -f $COMPLETION_FILE ]; then
     if grep -q "Wifi channel:" $COMPLETION_FILE; then
         CHANNEL=$(cat $COMPLETION_FILE | grep "Wifi channel:" | awk -F ':' '{print $2}')
                 ifconfig $IFACE_SECONDARY mtu 1500
                 ifconfig $IFACE_SECONDARY hw ether $(assign_peer_address)
                 iwconfig $IFACE_SECONDARY enc open
-                iwconfig $IFACE_SECONDARY mode managed essid $HOTSPOT_NAME channel ${CHANNEL}
+                iwconfig $IFACE_SECONDARY mode managed essid $HOTSPOT_NAME channel ${HOTSPOT_CHANNEL}
                 iwconfig $IFACE_SECONDARY ap $CELLID
 
                 brctl addbr $BRIDGE_HOTSPOT
                 echo "country_code=UK" >> /etc/hostapd/hostapd.conf
                 echo "ssid=$HOTSPOT_NAME" >> /etc/hostapd/hostapd.conf
                 echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
-                echo "channel=${CHANNEL}" >> /etc/hostapd/hostapd.conf
+                echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
                 echo 'wpa=2' >> /etc/hostapd/hostapd.conf
                 echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
                 echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf

src/freedombone-mesh-install

 rootdir=''
 FN=
 CHROOT_PREFIX=''
-FRIENDS_MIRRORS_SERVER=
 
 # To avoid confusions these are obtained from the main project file
 TOXID_REPO=
 }
 
 function enable_tox_repo {
-    sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > /etc/apt/sources.list.d/tox.list"
-    wget http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key
+    sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > /etc/apt/sources.list.d/tox.list"
+    wget http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key
     sudo sh -c "apt-key add - < Release.key"
     sudo apt-get update
     echo "Tox Repository Installed."
         shift
         WIFI_INTERFACE="$1"
         ;;
-    -m|--mirror)
-        shift
-        FRIENDS_MIRRORS_SERVER="$1"
-        ;;
     --remove)
         shift
         REMOVE="$1"

src/freedombone-mirrors

-#!/bin/bash
-#
-# .---.                  .              .
-# |                      |              |
-# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
-# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
-# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
-#
-#                    Freedom in the Cloud
-#
-# Mirror git repos which the project depends on
-#
-# License
-# =======
-#
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-PROJECT_NAME='freedombone'
-
-export TEXTDOMAIN=${PROJECT_NAME}-mirrors
-export TEXTDOMAINDIR="/usr/share/locale"
-
-# Minimum number of characters in a password
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
-
-CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
-
-# used to mirror a single application
-SYNC_SINGLE_APP=
-
-# if this is blank then just use the default repos
-FRIENDS_MIRRORS_SERVER=
-UTILS_REPOS=
-INSTALLED_APPS_REPOS=
-MY_MIRRORS_PASSWORD=
-FRIENDS_MIRRORS_PASSWORD=
-NEW_MIRRORS='no'
-FRIENDS_MIRRORS_SSH_PORT=2222
-
-MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME}
-if [ ! -f $MAIN_COMMAND ]; then
-    MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
-fi
-
-# local repos for utils
-UTILS_REPOS=($(cat ${MAIN_COMMAND} /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* | grep "_REPO=\"" | grep -v "(cat " | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
-
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
-for f in $UTILS_FILES
-do
-    source $f
-done
-
-# obtain the mirrors password if it exists
-read_config_param MY_MIRRORS_PASSWORD
-read_config_param FRIENDS_MIRRORS_SERVER
-read_config_param FRIENDS_MIRRORS_PASSWORD
-read_config_param FRIENDS_MIRRORS_SSH_PORT
-
-function show_help {
-    echo ''
-    echo $"${PROJECT_NAME}-mirrors --sync [domain/url] -p [password]"
-    echo ''
-    echo $'Creates or syncs with a set of git repositories'
-    echo ''
-    echo $'     --help                   Show help'
-    echo $'  -n|--new [yes|no]           Start a new mirrors'
-    echo $"  -p|--password [password]    Friend's mirrors user password"
-    echo $"  -m|--mypassword [password]  Local mirrors user password"
-    echo $"     --port [number]          Friend's server ssh port number"
-    echo $"  -s|--sync [domain]          Friend's server domain to sync with"
-    echo ''
-    exit 0
-}
-
-function create_mirrors_user {
-    if [ -d /home/mirrors ]; then
-        return
-    fi
-
-    create_password=1
-    if [ ${#MY_MIRRORS_PASSWORD} -ge ${MINIMUM_PASSWORD_LENGTH} ]; then
-        create_password=
-    fi
-
-    if [ $create_password ]; then
-        MY_MIRRORS_PASSWORD=$(openssl rand -base64 64 | tr -dc A-Za-z0-9 | head -c 18)
-    fi
-
-    chmod 600 /etc/shadow
-    chmod 600 /etc/gshadow
-    useradd -m -p "$MY_MIRRORS_PASSWORD" -s /bin/bash mirrors
-    chmod 0000 /etc/shadow
-    chmod 0000 /etc/gshadow
-
-    # remove any existing user files
-    rm -rf /home/mirrors/*
-
-    # store the mirrors password
-    write_config_param "MY_MIRRORS_PASSWORD" "${MY_MIRRORS_PASSWORD}"
-}
-
-function enable_mirrors_via_onion {
-    if ! grep -q 'Host *.onion' /home/mirrors/.ssh/config; then
-        if [ ! -d /home/mirrors/.ssh ]; then
-            mkdir /home/mirrors/.ssh
-        fi
-        echo 'Host *.onion' >> /home/mirrors/.ssh/config
-        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/mirrors/.ssh/config
-        chown mirrors:mirrors /home/mirrors/.ssh
-        chown mirrors:mirrors /home/mirrors/.ssh/config
-    fi
-}
-
-function update_installed_single_repo {
-    # only deal with a single app
-    filename=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${SYNC_SINGLE_APP}
-    if [ ! -f $filename ]; then
-        echo $"The app $SYNC_SINGLE_APP was not found"
-        exit 36822
-    fi
-    APP_REPOS=($(cat ${MAIN_COMMAND} $filename | grep "_REPO=\"" | grep -v "(cat " | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
-    for line in "${APP_REPOS[@]}"
-    do
-        INSTALLED_APPS_REPOS+=("${line}")
-    done
-}
-
-function update_installed_apps_repos {
-    INSTALLED_APPS_REPOS=()
-
-    function_check app_is_installed
-
-    if [ $SYNC_SINGLE_APP ]; then
-        update_installed_single_repo
-        return
-    fi
-
-    # all apps currently installed
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
-
-    # for all the app scripts
-    for filename in $FILES
-    do
-        app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
-        if [[ "$(app_is_installed ${app_name})" == "1" ]]; then
-            APP_REPOS=($(cat ${MAIN_COMMAND} $filename | grep "_REPO=\"" | grep -v "(cat " | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
-            for line in "${APP_REPOS[@]}"
-            do
-                INSTALLED_APPS_REPOS+=("${line}")
-            done
-        fi
-    done
-}
-
-function update_repos_from_friend_base {
-    syncrepos=${1}
-    new_repos=()
-    for line in $syncrepos
-    do
-        repo_name=$(echo "$line" | awk -F '=' '{print $1}')
-        mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
-        friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
-        new_line="${repo_name}=\"${friends_repo_url}\""
-        new_repos+=($new_line)
-    done
-}
-
-function update_repos_from_friend {
-    if [ ! $FRIENDS_MIRRORS_SERVER ]; then
-       return
-    fi
-    if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then
-        return
-    fi
-
-    update_repos_from_friend_base "${UTILS_REPOS[@]}"
-    UTILS_REPOS=("${new_repos[@]}")
-
-    update_repos_from_friend_base "${INSTALLED_APPS_REPOS[@]}"
-    INSTALLED_APPS_REPOS=("${new_repos[@]}")
-}
-
-function sync_mirrors_base {
-    syncrepos=${1}
-    for line in $syncrepos
-    do
-        repo_name=$(echo "$line" | awk -F '=' '{print $1}')
-        repo_url=$(echo "$line" | awk -F '=' '{print $2}'  | awk -F '"' '{print $2}')
-        mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
-        if [[ ${mirrors_name} != 'debian' ]]; then
-            if [[ $NEW_MIRRORS == 'yes' ]]; then
-                if [ -d /home/mirrors/${mirrors_name} ]; then
-                    rm -rf /home/mirrors/${mirrors_name}
-                fi
-            fi
-            if [ ! -d /home/mirrors/${mirrors_name} ]; then
-                if [[ ${repo_url} != 'ssh:'* ]]; then
-                    git clone --mirror ${repo_url} /home/mirrors/${mirrors_name}
-                else
-                    sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone --mirror ${repo_url} /home/mirrors/${mirrors_name}
-                fi
-                if [ ! -d /home/mirrors/${mirrors_name} ]; then
-                    echo $"WARNING: failed to mirror repo ${repo_url}"
-                fi
-            else
-                cd /home/mirrors/${mirrors_name}
-                git remote set-url origin ${repo_url}
-                if [[ ${repo_url} != 'ssh:'* ]]; then
-                    git fetch -p origin
-                else
-                    sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git fetch -p origin
-                fi
-            fi
-        fi
-    done
-    chown -R mirrors:mirrors /home/mirrors
-}
-
-function sync_mirrors_repos {
-    if [ ! $SYNC_SINGLE_APP ]; then
-        sync_mirrors_base "${UTILS_REPOS[@]}"
-    fi
-    sync_mirrors_base "${INSTALLED_APPS_REPOS[@]}"
-}
-
-while [[ $# > 1 ]]
-do
-key="$1"
-
-case $key in
-    --help)
-    show_help
-    ;;
-    -s|--sync)
-    shift
-    # use repos on another server
-    FRIENDS_MIRRORS_SERVER="$1"
-    ;;
-    -m|--mypass|--mypassword)
-    shift
-    MY_MIRRORS_PASSWORD="$1"
-    write_config_param "MY_MIRRORS_PASSWORD" "${MY_MIRRORS_PASSWORD}"
-    ;;
-    -p|--pass|--password)
-    shift
-    FRIENDS_MIRRORS_PASSWORD="$1"
-    write_config_param "FRIENDS_MIRRORS_PASSWORD" "${FRIENDS_MIRRORS_PASSWORD}"
-    ;;
-    -n|--new)
-    shift
-    NEW_MIRRORS="$1"
-    ;;
-    --port)
-    shift
-    FRIENDS_MIRRORS_SSH_PORT=${1}
-    ;;
-    -a|--app)
-    shift
-    SYNC_SINGLE_APP="${1}"
-    ;;
-    *)
-    # unknown option
-    ;;
-esac
-shift
-done
-
-create_mirrors_user
-enable_mirrors_via_onion
-update_installed_apps_repos
-update_repos_from_friend
-sync_mirrors_repos
-
-exit 0

src/freedombone-pass

 # License
 # =======
 #
-# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 NO_PASSWORD_STORE_FILE=~/.nostore
 
 function get_backup_key_id {
-    MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | \
-                           grep 'pub ' | awk -F ' ' '{print $2}' | \
-                           awk -F '/' '{print $2}')
+    MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
     if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
         echo $"Error: gpg backup key was not found"
         return 58213
         exit 78352
     fi
     ${PROJECT_NAME}-pass -u root -a tests -p "$pass"
+    if [ ! "$?" = "0" ]; then
+        echo $'Unable to encrypt password'
+        exit 72725
+    fi
+    echo $'Password encrypted'
     returned_pass=$(${PROJECT_NAME}-pass -u root -a tests)
     if [[ "$pass" != "$returned_pass" ]]; then
         echo "pass     :${pass}:"
         echo "returned :${returned_pass}:"
         exit 73825
     fi
+    echo $'Password decrypted'
     ${PROJECT_NAME}-pass -u root --rmapp tests
     echo "Tests passed"
 }
         echo ""
         exit 4
     else
-        pass=$(gpg -dq --passphrase "$MASTER_PASSWORD" ~/.passwords/$CURR_USERNAME/$CURR_APP)
+        pass=$(gpg --batch -dq --passphrase "$MASTER_PASSWORD" ~/.passwords/$CURR_USERNAME/$CURR_APP)
         remove_padding "${pass}"
     fi
 else
         mkdir -p ~/.passwords/$CURR_USERNAME
     fi
     # padding helps to ensure than nothing can be learned from the length of the cyphertext
-    pad_string "${CURR_PASSWORD}" | gpg -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > ~/.passwords/$CURR_USERNAME/$CURR_APP
+    pad_string "${CURR_PASSWORD}" | gpg --batch -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > ~/.passwords/$CURR_USERNAME/$CURR_APP
     if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then
         MASTER_PASSWORD=
         exit 5

src/freedombone-prepare-scripts

+#!/bin/bash
+#
+# .---.                  .              .
+# |                      |              |
+# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
+# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
+# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+#
+#                    Freedom in the Cloud
+#
+# Prepares control scripts
+#
+# License
+# =======
+#
+# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+PROJECT_NAME='freedombone'
+
+cat /usr/local/bin/${PROJECT_NAME}-vars /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* > /tmp/includescripts
+
+cat /tmp/includescripts /usr/local/bin/freedombone-controlpanel > /usr/local/bin/control
+cat /tmp/includescripts /usr/local/bin/freedombone-controlpanel-user > /usr/local/bin/controluser
+cat /tmp/includescripts /usr/local/bin/freedombone-addremove > /usr/local/bin/addremove
+
+sed -i '/# Start including files/,/# End including files/d' /usr/local/bin/control
+sed -i '/# Start including files/,/# End including files/d' /usr/local/bin/controluser
+sed -i '/# Start including files/,/# End including files/d' /usr/local/bin/addremove
+
+chmod +x /usr/local/bin/control
+chmod +x /usr/local/bin/controluser
+chmod +x /usr/local/bin/addremove
+
+rm /tmp/includescripts
+
+exit 0

src/freedombone-recoverkey

     source $f
 done
 
-read_config_param USB_DRIVE
-
 FRIENDS_SERVERS_LIST=
 MY_USERNAME=
-if [ $USB_DRIVE ]; then
-    GPG_USB_DRIVE=$USB_DRIVE
-else
-    GPG_USB_DRIVE='/dev/sdb1'
-fi
 
 function show_help {
     echo ''
-    echo $"${PROJECT_NAME}-recoverkey -u [username] -d [drive]"
-    echo $'                       -l [friends servers list filename]'
+    echo $"${PROJECT_NAME}-recoverkey -u [username]"
+    echo $'                           -l [friends servers list filename]'
     echo ''
     exit 0
 }
             shift
             FRIENDS_SERVERS_LIST="$1"
             ;;
-        -d|--drive)
-            shift
-            GPG_USB_DRIVE=/dev/${1}1
-            ;;
         *)
             # unknown option
             ;;
 echo $'Key fragments recombined'
 
 # import the gpg key
-su -c "gpg --allow-secret-key-import --import $KEYS_FILE" - $MY_USERNAME
+gpg --homedir=/home/$MY_USERNAME/.gnupg --allow-secret-key-import --import $KEYS_FILE
 if [ ! "$?" = "0" ]; then
     echo $'Unable to import gpg key'
     shred -zu $KEYS_FILE

src/freedombone-renew-cert

         sed -i "s|$HOSTNAME.crt|$HOSTNAME.bundle.crt|g" /etc/nginx/sites-available/$HOSTNAME
 
         echo $'Certificate installed'
-        service nginx restart
+        systemctl restart nginx
         return
     fi
 

src/freedombone-restore-local

 # License
 # =======
 #
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
+# MariaDB password
+DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+
+function please_wait {
+        local str width height length
+
+        width=$(tput cols)
+        height=$(tput lines)
+        str="Standby to restore from USB"
+        length=${#str}
+        clear
+        tput cup $((height / 2)) $(((width / 2) - (length / 2)))
+        echo "$str"
+        tput cup $((height * 3 / 5)) $(((width / 2)))
+        echo -n ''
+}
+
+please_wait
+
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 
 # include utils which allow function_check, go and drive mount
     source $f
 done
 
+clear
+
 USB_DRIVE=/dev/sdb1
 USB_MOUNT=/mnt/usb
 
     ADMIN_USERNAME=$(get_completion_param "Admin user")
 fi
 
-# MariaDB password
-DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-
 function check_backup_exists {
     if [ ! -d $USB_MOUNT/backup ]; then
         echo $"No backup directory found on the USB drive."
 function copy_gpg_keys {
     echo $"Copying GPG keys from admin user to root"
     cp -r /home/$ADMIN_USERNAME/.gnupg /root
+    gpg_set_permissions root
+}
+
+function restore_blocklist {
+    if [[ $RESTORE_APP != 'all' ]]; then
+        if [[ $RESTORE_APP != 'blocklist' ]]; then
+            return
+        fi
+    fi
+
+    if [ -d $USB_MOUNT/backup/blocklist ]; then
+        echo $"Restoring blocklist"
+        temp_restore_dir=/root/tempblocklist
+        restore_directory_from_usb $temp_restore_dir blocklist
+
+        if [ -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg ]; then
+            cp -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
+        fi
+
+        rm -rf $temp_restore_dir
+
+        firewall_refresh_blocklist
+    fi
 }
 
 function restore_configfiles {
     fi
 
     # this restores *.cfg and COMPLETION_FILE
-    if [ -d $USB_MOUNT/backup/config ]; then
+    if [ -d $USB_MOUNT/backup/configfiles ]; then
         echo $"Restoring configuration files"
-        temp_restore_dir=/root/tempconfig
+        temp_restore_dir=/root/tempconfigfiles
         restore_directory_from_usb $temp_restore_dir configfiles
 
         if [ -f $temp_restore_dir/root/.nostore ]; then
             fi
         fi
 
-        if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
-            cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
-        fi
-
-        if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
-            cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
-            if [ ! "$?" = "0" ]; then
-                set_user_permissions
-                backup_unmount_drive
-                rm -rf $temp_restore_dir
-                exit 5294
-            fi
-        fi
-
-        if [ -f $CONFIGURATION_FILE ]; then
-            # install according to the config file
-            freedombone -c $CONFIGURATION_FILE
-        fi
-
-        if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
-            cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
-            if [ ! "$?" = "0" ]; then
-                set_user_permissions
-                backup_unmount_drive
-                rm -rf $temp_restore_dir
-                exit 6382
-            fi
-        fi
+        #if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
+        #    cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
+        #fi
+
+        #if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
+        #    cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
+        #    if [ ! "$?" = "0" ]; then
+        #        set_user_permissions
+        #        backup_unmount_drive
+        #        rm -rf $temp_restore_dir
+        #        exit 5294
+        #    fi
+        #fi
+
+        #if [ -f $CONFIGURATION_FILE ]; then
+        #    # install according to the config file
+        #    freedombone -c $CONFIGURATION_FILE
+        #fi
+
+        #if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
+        #    cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
+        #    if [ ! "$?" = "0" ]; then
+        #        set_user_permissions
+        #        backup_unmount_drive
+        #        rm -rf $temp_restore_dir
+        #        exit 6382
+        #    fi
+        #fi
 
         if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
             cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
 
     if [ -d $USB_MOUNT/backup/mariadb ]; then
         echo $"Restoring mysql settings"
+        keep_database_running
         temp_restore_dir=/root/tempmariadb
         restore_directory_from_usb $temp_restore_dir mariadb
-        echo $'Obtaining MariaDB password'
-        db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
+
+        store_original_mariadb_password
+
+        echo $'Obtaining original MariaDB password'
+        db_pass=$(cat /root/.mariadboriginal)
         if [ ${#db_pass} -gt 0 ]; then
             echo $"Restore the MariaDB user table"
-            mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
+            mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
+                db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
                 mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
             fi
             if [ ! "$?" = "0" ]; then
                 exit 962
             fi
             echo $"Restarting database"
-            service mysql restart
-            echo $"Change the MariaDB password to the backup version"
-            DATABASE_PASSWORD="$db_pass"
-            ${PROJECT_NAME}-pass -u root -a mariadb -p "$DATABASE_PASSWORD"
+            systemctl restart mariadb
+            echo $"Ensure MariaDB handles authentication"
+            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            mariadb_fix_authentication
+            DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
         fi
         rm -rf $temp_restore_dir
     fi
         fi
     fi
     if [ -d $USB_MOUNT/backup/passwordstore ]; then
+        store_original_mariadb_password
         echo $"Restoring password store"
         restore_directory_from_usb / passwordstore
     fi
                 restore_directory_from_usb $temp_restore_dir mutt/$USERNAME
                 if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc ]; then
                     cp -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
+                    sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
+                    sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
                 fi
                 if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc ]; then
                     cp -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
+                    sed -i '/set sidebar_delim/d' /etc/Muttrc
+                    sed -i '/set sidebar_sort/d' /etc/Muttrc
                 fi
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
 }
 
 function restore_gpg {
-    if [[ $RESTORE_APP != 'all' ]]; then
-        if [[ $RESTORE_APP != 'gpg' ]]; then
-            return
-        fi
+    if [[ $RESTORE_APP != 'gpg' ]]; then
+        return
     fi
+
     if [ -d $USB_MOUNT/backup/gnupg ]; then
         for d in $USB_MOUNT/backup/gnupg/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
                     exit 276
                 fi
                 rm -rf $temp_restore_dir
+                gpg_set_permissions $USERNAME
                 if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
                     cp -r /home/$USERNAME/.gnupg /root
                     if [ ! "$?" = "0" ]; then
                         backup_unmount_drive
                         exit 283
                     fi
+                    gpg_set_permissions root
                 fi
             fi
         done
             exit 276
         fi
         rm -rf /root/tempssl
+        update-ca-certificates
 
         # restore ownership
         if [ -f /etc/ssl/private/xmpp.key ]; then
 check_backup_exists
 check_admin_user
 copy_gpg_keys
+restore_blocklist
 restore_configfiles
 same_admin_user
 restore_passwordstore

src/freedombone-restore-remote

 # License
 # =======
 #
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 function copy_gpg_keys {
     echo $"Copying GPG keys from admin user to root"
     cp -r /home/$ADMIN_USERNAME/.gnupg /root
+    gpg_set_permissions root
+}
+
+function restore_blocklist {
+    if [[ $RESTORE_APP != 'all' ]]; then
+        if [[ $RESTORE_APP != 'blocklist' ]]; then
+            return
+        fi
+    fi
+
+    if [ -d $USB_MOUNT/backup/blocklist ]; then
+        echo $"Restoring blocklist"
+        temp_restore_dir=/root/tempblocklist
+        restore_directory_from_friend $temp_restore_dir blocklist
+        restore_directory_from_usb $temp_restore_dir blocklist
+
+        if [ -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg ]; then
+            cp -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
+        fi
+
+        rm -rf $temp_restore_dir
+
+        firewall_refresh_blocklist
+    fi
 }
 
 function restore_configfiles {
             return
         fi
     fi
-    if [ -d $SERVER_DIRECTORY/backup/config ]; then
+    if [ -d $SERVER_DIRECTORY/backup/configfiles ]; then
         echo $"Restoring configuration files"
-        temp_restore_dir=/root/tempconfig
+        temp_restore_dir=/root/tempconfigfiles
         restore_directory_from_friend $temp_restore_dir configfiles
 
         if [ -f $temp_restore_dir/root/.nostore ]; then
             fi
         fi
 
-        if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
-            cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
-        fi
-
-        if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
-            cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
-            if [ ! "$?" = "0" ]; then
-                unmount_drive
-                rm -rf $temp_restore_dir
-                exit 5372
-            fi
-        fi
-
-        if [ -f $CONFIGURATION_FILE ]; then
-            # install according to the config file
-            freedombone -c $CONFIGURATION_FILE
-        fi
-
-        if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
-            cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
-            if [ ! "$?" = "0" ]; then
-                unmount_drive
-                rm -rf $temp_restore_dir
-                exit 7252
-            fi
-        fi
+        #if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
+        #    cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
+        #fi
+
+        #if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
+        #    cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
+        #    if [ ! "$?" = "0" ]; then
+        #        unmount_drive
+        #        rm -rf $temp_restore_dir
+        #        exit 5372
+        #    fi
+        #fi
+
+        #if [ -f $CONFIGURATION_FILE ]; then
+        #    # install according to the config file
+        #    freedombone -c $CONFIGURATION_FILE
+        #fi
+
+        #if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
+        #    cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
+        #    if [ ! "$?" = "0" ]; then
+        #        unmount_drive
+        #        rm -rf $temp_restore_dir
+        #        exit 7252
+        #    fi
+        #fi
 
         if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
             cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
         temp_restore_dir=/root/tempmariadb
         restore_directory_from_friend $temp_restore_dir mariadb
 
+        store_original_mariadb_password
+
         echo $'Obtaining MariaDB password'
-        db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        db_pass=$(cat /root/.mariadboriginal)
         if [ ${#db_pass} -gt 0 ]; then
             echo $"Restore the MariaDB user table"
-            mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
+            mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
+                db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
                 mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
             fi
             if [ ! "$?" = "0" ]; then
                 exit 962
             fi
             echo $"Restarting database"
-            service mysql restart
-            echo $"Change the MariaDB password to the backup version"
-            DATABASE_PASSWORD="$db_pass"
-            ${PROJECT_NAME}-pass -u root -a mariadb -p "$DATABASE_PASSWORD"
+            systemctl restart mariadb
+            echo $"Ensure MariaDB handles authentication"
+            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            mariadb_fix_authentication
         fi
         rm -rf ${temp_restore_dir}
     fi
         fi
     fi
     if [ -d $SERVER_DIRECTORY/backup/passwordstore ]; then
+        store_original_mariadb_password
         echo $"Restoring password store"
         restore_directory_from_friend / passwordstore
     fi
                 restore_directory_from_friend ${temp_restore_dir} mutt/$USERNAME
                 if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc ]; then
                     cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
+                    sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
+                    sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
                 fi
                 if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc ]; then
                     cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
+                    sed -i '/set sidebar_delim/d' /etc/Muttrc
+                    sed -i '/set sidebar_sort/d' /etc/Muttrc
                 fi
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
 }
 
 function restore_gpg {
-    if [[ $RESTORE_APP != 'all' ]]; then
-        if [[ $RESTORE_APP != 'gpg' ]]; then
-            return
-        fi
+    if [[ $RESTORE_APP != 'gpg' ]]; then
+        return
     fi
+
     for d in $SERVER_DIRECTORY/backup/gnupg/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
                     if [ ! "$?" = "0" ]; then
                         exit 283
                     fi
+                    gpg_set_permissions root
                 fi
             fi
         fi
             exit 276
         fi
         rm -rf /root/tempssl
+        update-ca-certificates
 
         # restore ownership
         if [ -f /etc/ssl/private/xmpp.key ]; then
 ${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
 
 copy_gpg_keys
+restore_blocklist
 restore_configfiles
 restore_passwordstore
 restore_mariadb

src/freedombone-rmuser

 fi
 
 if [ -f /etc/nginx/.htpasswd ]; then
-    if grep "${REMOVE_USERNAME}:" /etc/nginx/.htpasswd; then
+    if grep -q "${REMOVE_USERNAME}:" /etc/nginx/.htpasswd; then
         htpasswd -D /etc/nginx/.htpasswd $REMOVE_USERNAME
     fi
 fi

src/freedombone-sec

     if [ ! -d /var/www/${new_domain} ]; then
         domain_found=
         if [ -f /etc/nginx/sites-available/radicale ]; then
-            if grep "${new_domain}" /etc/nginx/sites-available/radicale; then
+            if grep -q "${new_domain}" /etc/nginx/sites-available/radicale; then
                 domain_found=1
             fi
         fi
 
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
         if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
-            echo $'monkeysphere unable to get GPG key ID for user $MY_USERNAME'
+            echo $"monkeysphere unable to get GPG key ID for user $MY_USERNAME@$HOSTNAME"
             exit 52825
         fi
 
             if [ ${#response} -gt 2 ]; then
                 if [[ "${response}" != *" "* ]]; then
                     if [[ "${response}" == *"."* ]]; then
-                        if grep "Bridge ${response}" /etc/tor/torrc; then
+                        if grep -q "Bridge ${response}" /etc/tor/torrc; then
                             tor_remove_bridge "${response}"
                             bridge_removed=1
                         fi
                     else
-                        if grep " $response" /etc/tor/torrc; then
+                        if grep -q " $response" /etc/tor/torrc; then
                             tor_remove_bridge "${response}"
                             bridge_removed=1
                         fi

src/freedombone-splitkey

 export TEXTDOMAIN=${PROJECT_NAME}-splitkey
 export TEXTDOMAINDIR="/usr/share/locale"
 
+# Dummy password to get around not being able to create a key without passphrase
+BACKUP_DUMMY_PASSWORD='backup'
+
 KEY_FRAGMENTS=3
 MY_USERNAME=
 MY_EMAIL_ADDRESS=
 MY_NAME=
+PASSWORD_FILE=
 
 function show_help {
     echo ''
     shift
     MY_NAME=$1
     ;;
+    --passwordfile)
+    shift
+    PASSWORD_FILE=$1
+    ;;
     *)
     # unknown option
     ;;
     exit 5393
 fi
 
+if [ $PASSWORD_FILE ]; then
+    if [ ! -f $PASSWORD_FILE ]; then
+        echo $'Password file not found'
+        exit 62952
+    fi
+fi
+
 FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
 if [ -d $FRAGMENTS_DIR ]; then
     exit 0
 if [ ! $MY_EMAIL_ADDRESS ]; then
     MY_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
 fi
-KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - \
-           $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
+
+KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS" - $MY_USERNAME | sed -n '2p' | sed 's/^[ \t]*//')
 if [ ${#KEYID} -lt 4 ]; then
     echo $"gpg key for $MY_EMAIL_ADDRESS was not found"
-    return 3682
+    exit 3682
 fi
 
-MY_BACKUP_KEY_ID=$(gpg --list-keys "$MY_NAME (backup key)" | \
-                          grep 'pub ' | awk -F ' ' '{print $2}' | \
-                          awk -F '/' '{print $2}')
+MY_BACKUP_KEY_ID=$(gpg --list-keys "$MY_NAME (backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
 if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
     echo $"gpg backup key for '$MY_NAME' was not found"
-    return 58213
+    exit 58213
 fi
 
 # create the key file
 mkdir -p $FRAGMENTS_DIR
+chown $MY_USERNAME:$MY_USERNAME $FRAGMENTS_DIR
 KEYS_FILE=$FRAGMENTS_DIR/keyshare.asc
 gpg --output $FRAGMENTS_DIR/pubkey.txt --armor --export $KEYID
 if [ ! "$?" = "0" ]; then
     echo $"Unable to extract public key for $KEYID"
     exit 7835
 fi
-gpg --output $FRAGMENTS_DIR/privkey.txt \
-    --armor --export-secret-key $KEYID
+if [ ! $PASSWORD_FILE ]; then
+    gpg --output $FRAGMENTS_DIR/privkey.txt \
+        --armor --export-secret-key $KEYID
+else
+    echo "$(printf `cat $PASSWORD_FILE`)" | \
+        gpg --batch --passphrase-fd 0 \
+        --output $FRAGMENTS_DIR/privkey.txt \
+        --armor --export-secret-key $KEYID
+fi
 if [ ! "$?" = "0" ]; then
     echo $"Unable to extract private key for $KEYID"
     exit 7823
 gpg --output $FRAGMENTS_DIR/backup_pubkey.txt \
     --armor --export $MY_BACKUP_KEY_ID
 if [ ! "$?" = "0" ]; then
+    shred -zu $FRAGMENTS_DIR/privkey.txt
     echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
     exit 62928
 fi
-gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
-    --armor --export-secret-key $MY_BACKUP_KEY_ID
+echo "$BACKUP_DUMMY_PASSWORD" | \
+    gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
+        --batch --passphrase-fd 0 \
+        --armor --export-secret-key $MY_BACKUP_KEY_ID
 if [ ! "$?" = "0" ]; then
+    shred -zu $FRAGMENTS_DIR/privkey.txt
     echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"
     exit 13783
 fi
 
+# Ensure there aren't any permissions problems when running cat
+chmod +r $FRAGMENTS_DIR/privkey.txt
+chmod +r $FRAGMENTS_DIR/backup_privkey.txt
+
 cat $FRAGMENTS_DIR/pubkey.txt \
     $FRAGMENTS_DIR/privkey.txt \
     $FRAGMENTS_DIR/backup_pubkey.txt \

src/freedombone-syncthing

 
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
+        if [ ! -f /home/$USERNAME/.syncthing-server-id ]; then
+            CHANGED=1
+            return
+        fi
+    done
+
+    for d in /home/*/ ; do
+        USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             if [ -f /home/$USERNAME/$SYNCTHING_UPDATE_FILE ]; then
                 CHANGED=1
     done
 }
 
+function syncthing_set_permissions {
+    for d in /home/*/ ; do
+        USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
+        if [ -d /home/$USERNAME/Sync ]; then
+            chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/Sync
+        fi
+        if [ -d /home/$USERNAME/SyncShared ]; then
+            chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/SyncShared
+        fi
+    done
+}
+
 user_devices_changed
 if [ $CHANGED ]; then
     create_syncthing_config
+    syncthing_set_permissions
     systemctl restart syncthing
+else
+    syncthing_set_permissions
 fi
 
 exit 0

src/freedombone-tests

     output "V-38616" $? ${SETLANG}
     ################
 
+    ##A FIPS 140-2 approved cryptographic algorithm must be used for SSH communications.
+    bash $STIG_TESTS_DIR/check-ssh.sh ciphers >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86845r2_rule" $? ${SETLANG}
+    ################
+
+    ##The Standard Notice must be displayed immediately prior to, or as part of, remote access logon prompts.
+    bash $STIG_TESTS_DIR/check-ssh.sh banner >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86849r2_rule" $? ${SETLANG}
+    ################
+
+    ##All networked systems must use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission.
+    bash $STIG_TESTS_DIR/check-ssh.sh sshd_status >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86859r2_rule" $? ${SETLANG}
+    ################
+
+    ##All network connections associated with SSH traffic must terminate at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
+    bash $STIG_TESTS_DIR/check-ssh.sh ClientAliveInterval >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86861r2_rule" $? ${SETLANG}
+    ################
+
+    ##The SSH daemon must not allow authentication using RSA rhosts authentication.
+    bash $STIG_TESTS_DIR/check-ssh.sh RhostsRSAAuthentication >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86863r2_rule" $? ${SETLANG}
+    ################
+
+    ##All network connections associated with SSH traffic must terminate after a period of inactivity.
+    bash $STIG_TESTS_DIR/check-ssh.sh ClientAliveCountMax >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86865r2_rule" $? ${SETLANG}
+    ################
+
+    ##The SSH daemon must not allow authentication using rhosts authentication.
+    bash $STIG_TESTS_DIR/check-ssh.sh IgnoreRhosts >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86867r2_rule" $? ${SETLANG}
+    ################
+
+    ##The system must display the date and time of the last successful account logon upon an SSH logon.
+    bash $STIG_TESTS_DIR/check-ssh.sh PrintLastLog >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86869r2_rule" $? ${SETLANG}
+    ################
+
+    ##The system must not permit direct logons to the root account using remote access via SSH.
+    bash $STIG_TESTS_DIR/check-ssh.sh permitroot >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86871r2_rule" $? ${SETLANG}
+    ################
+
+    ##The SSH daemon must not allow authentication using known hosts authentication.
+    bash $STIG_TESTS_DIR/check-ssh.sh IgnoreUserKnownHosts >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86873r2_rule" $? ${SETLANG}
+    ################
+
+    ##The SSH daemon must be configured to only use the SSHv2 protocol.
+    bash $STIG_TESTS_DIR/check-ssh.sh Protocol >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86875r2_rule" $? ${SETLANG}
+    ################
+
+    ##The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
+    bash $STIG_TESTS_DIR/check-ssh.sh macs >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86877r2_rule" $? ${SETLANG}
+    ################
+
+    ##The SSH public host key files must have mode 0644 or less permissive.
+    bash $STIG_TESTS_DIR/check-ssh.sh pubkeypermissive >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86879r1_rule" $? ${SETLANG}
+    ################
+
+    ##The SSH private host key files must have mode 0600 or less permissive.
+    bash $STIG_TESTS_DIR/check-ssh.sh hostkeypermissive >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86881r1_rule" $? ${SETLANG}
+    ################
+
+    ##The SSH daemon must not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed.
+    bash $STIG_TESTS_DIR/check-ssh.sh GSSAPIAuthentication >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86883r2_rule" $? ${SETLANG}
+    ################
+
+    ##The SSH daemon must not permit Kerberos authentication unless needed.
+    bash $STIG_TESTS_DIR/check-ssh.sh KerberosAuthentication >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86885r2_rule" $? ${SETLANG}
+    ################
+
+    ##The SSH daemon must perform strict mode checking of home directory configuration files.
+    bash $STIG_TESTS_DIR/check-ssh.sh StrictModes >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86887r2_rule" $? ${SETLANG}
+    ################
+
+    ##The SSH daemon must use privilege separation.
+    bash $STIG_TESTS_DIR/check-ssh.sh UsePrivilegeSeparation >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86889r2_rule" $? ${SETLANG}
+    ################
+
+    ##The SSH daemon must not allow compression or must only allow compression after successful authentication.
+    bash $STIG_TESTS_DIR/check-ssh.sh Compression >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86891r2_rule" $? ${SETLANG}
+    ################
+
+    ##Dont allow remote X connections.
+    bash $STIG_TESTS_DIR/check-ssh.sh X11Forwarding >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86927r2_rule" $? ${SETLANG}
+    ################
+
     ##RHEL-06-000247
     ##The system clock must be synchronized continuously, or at least daily.
 
     output "V-38641" $? ${SETLANG}
     ################
 
-    ##RHEL-06-000269
-    ##Remote file systems must be mounted with the nodev option.
-    if [ "$(mount | grep nfs | wc -l)" -gt 0 ];then
-        bash $STIG_TESTS_DIR/check-nfs.sh nodev >/dev/null 2>&1 &
-
-        stig_spinner $!
-        output "V-38652" $? ${SETLANG}
-    fi
-    ################
-
-    ##RHEL-06-000270
-    ##Remote file systems must be mounted with the nosuid option.
-    if [ "$(mount | grep nfs | wc -l)" -gt 0 ];then
-        bash $STIG_TESTS_DIR/check-nfs.sh nosuid >/dev/null 2>&1 &
-
-        stig_spinner $!
-        output "V-38654" $? ${SETLANG}
-    fi
-    ################
-
     ##RHEL-06-000271
     ##The noexec option must be added to removable media partitions.
     if [ "$(grep -Hv ^0$ /sys/block/*/removable | sed s/removable:.*$/device\\/uevent/ | xargs grep -H ^DRIVER=sd | sed s/device.uevent.*$/size/ | xargs grep -Hv ^0$ | cut -d / -f 4 | wc -l)" -gt 0 ];then
     output "V-38675" $? ${SETLANG}
     ################
 
-    ##RHEL-06-000309
-    ##The NFS server must not have the insecure file locking option enabled.
-
-    bash $STIG_TESTS_DIR/check-nfs-insecure.sh > /dev/null 2>&1 &
-
-    stig_spinner $!
-    output "V-38677" $? ${SETLANG}
-    ################
-
     ##RHEL-06-000319
     ##The system must limit users to 10 simultaneous system logins, or a site-defined number, in accordance with operational requirements.
 
     output "V-38645" $? ${SETLANG}
     ################
 
-    ##RHEL-06-000346
-    ##The system default umask for daemons must be 027 or 022.
-    ##For more detial :http://unix.stackexchange.com/questions/36220/how-to-set-umask-for-a-system-user
-
-    sed -e '/^#/d' -e '/^[ \t][ \t]*#/d' -e 's/#.*$//' -e '/^$/d' /etc/init.d/rc | grep -i "umask.*027\|umask.*022" >/dev/null 2>&1 &
-
-    stig_spinner $!
-    output "V-38646" $? ${SETLANG}
-    ################
-
     ##RHEL-06-000347
     ##There must be no .netrc files on the system.
 
     output "V-38462" $? ${SETLANG}
     ################
 
-    ##RHEL-06-000515
-    ##The NFS server must not have the all_squash option enabled.
-
-    bash $STIG_TESTS_DIR/check-nfs-all-squash.sh > /dev/null 2>&1 &
-
-    stig_spinner $!
-    output "V-38460" $? ${SETLANG}
-    ################
-
     ##RHEL-06-000523
     ##The systems local IPv6 firewall must implement a deny-all, allow-by-exception policy for inbound packets.
 
 test_app_functions
 test_unique_onion_ports
 remove_management_engine_interface
+freedombone-pass --test yes
 fix_stig
 test_stig