Merge branch 'stretch' of https://github.com/bashrc/freedombone

doc/EN/app_matrix.org

@@ -53,3 +53,6 @@ Destination: 10 0 8448 [yourmatrixsubdomain]
 #+end_src
 
 You may also want to make another entry with the same settings but replacing *tcp* with *udp*.
+
+* Mobile app
+If you're using the Riot mobile app to access your Matrix homeserver then you can significantly improve battery performance by going to the settings and changing *Sync request timeout* to 30 seconds and *Delay between two sync requests* to 600 seconds.

doc/EN/app_pleroma.org

@@ -35,3 +35,10 @@ Select *Add/Remove Apps* then *pleroma*. You will then be asked for a domain nam
 The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.
 
 Once you have done that then you can disable further registrations from the *Administrator control panel* by going to *App Settings* then *pleroma* then *Disable new account registrations*. This may take a while because the app gets recompiled afterwards.
+
+* Mastodon user interface
+If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to */yourpleromadomainname/web* and log in.
+
+#+BEGIN_CENTER
+[[file:images/pleromamastodon.jpg]]
+#+END_CENTER

doc/EN/meshindex.org

@@ -23,7 +23,7 @@ The following apps are available:
  <table style="width:80%; border:0">
   <tr>
     <td><center><b><a href="ssb.apk"><img src="images/ssb.png"/></a></b><br><a href="ssb.apk">Secure Scuttlebutt</a></center></td>
-    <td><center><b><h3></h3></b><br></center></td>
+    <td><center><b><a href="trifa.apk"><img src="images/trifa.png"/></a></b><br><a href="trifa.apk">Tox</a></center></td>
   </tr>
 </table>
 </center>

doc/EN/mobile.org

@@ -82,6 +82,8 @@ Even with free software apps it's not difficult to get into a situation where yo
 
 If you have Syncthing installed then change the settings so that it only syncs when charging and when on wifi. Avoid any apps which might be continuously polling and preventing the device from going into sleep mode when it's not used.
 
+If you're using the Riot mobile app to access a Matrix homeserver then you can significantly improve battery performance by going to the settings and changing *Sync request timeout* to 30 seconds and *Delay between two sync requests* to 600 seconds.
+
 * Blocking bad domains
 You can block known bad domains by editing the */system/etc/hosts* file on your device. It is possible to use extensive ad-blocking hosts files used by other ad-blocking systems such as pi-hole, but merely blocking Facebook and Google Analytics will protect you against much of the corporate surveillance which goes on. Even if you don't have a Facebook account this may still be useful since they will still try to create a "ghost profile" of you, so the less data they have the better.
 

src/freedombone-addcert

@@ -218,7 +218,7 @@ function add_cert_letsencrypt {
     fi
 
     if [ ! -f /usr/bin/certbot ]; then
-        apt-get -yq install certbot
+        apt-get -yq -t stretch-backports install certbot
         groupadd ssl-cert
         if [ ! -f /usr/bin/certbot ]; then
             echo $'LetsEncrypt certbot failed to install'

src/freedombone-app-matrix

@@ -51,7 +51,7 @@ MATRIX_PORT=8009
 MATRIX_FEDERATION_ONION_PORT=8111
 MATRIX_ONION_PORT=8109
 MATRIX_REPO="https://github.com/matrix-org/synapse"
-MATRIX_COMMIT='77ea8cbdd7202d75538623c79b3d33119221d02b'
+MATRIX_COMMIT='552f123bea1014680ab798b7e34cd1b23424a189'
 REPORT_STATS="no"
 MATRIX_SECRET=
 MATRIX_EXPIRE_MONTHS=1
@@ -409,6 +409,7 @@ function upgrade_matrix {
     chown -R matrix:matrix $MATRIX_DATA_DIR
 
     pip install --upgrade --force "pynacl==0.3.0"
+    pip install --upgrade --force "phonenumbers>=8.2.0"
 
     if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
         chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
@@ -755,6 +756,7 @@ function install_matrix {
     pip install --upgrade pip
     pip install --upgrade python-ldap
     pip install --upgrade lxml
+    pip install --upgrade --force "phonenumbers>=8.2.0"
 
     function_check matrix_nginx
     matrix_nginx

src/freedombone-app-pleroma

@@ -39,7 +39,7 @@ PLEROMA_CODE=
 PLEROMA_PORT=4000
 PLEROMA_ONION_PORT=8011
 PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
-PLEROMA_COMMIT='7252f6b054dfdfac1f9bac77c442c5a1ebd898af'
+PLEROMA_COMMIT='5fc6e9d467f69af155627cccaa27616fe7ffc61f'
 PLEROMA_ADMIN_PASSWORD=
 PLEROMA_DIR=/etc/pleroma
 PLEROMA_SECRET_KEY=""
@@ -64,6 +64,7 @@ pleroma_variables=(ONION_ONLY
 
 function pleroma_recompile {
     # necessary after parameter changes
+    chown -R pleroma:pleroma $PLEROMA_DIR
     sudo -u pleroma mix clean
     sudo -u pleroma mix deps.compile
     sudo -u pleroma mix compile
@@ -208,7 +209,7 @@ function pleroma_create_database {
     run_system_query_postgresql "GRANT ALL ON ALL tables IN SCHEMA public TO pleroma;"
     run_system_query_postgresql "GRANT ALL ON ALL sequences IN SCHEMA public TO pleroma;"
     run_system_query_postgresql "CREATE EXTENSION citext;"
-    run_system_query_postgresql "set statement_timeout to 20000;"
+    run_system_query_postgresql "set statement_timeout to 40000;"
 
     read_config_param "PLEROMA_SECRET_KEY"
     if [ ${#PLEROMA_SECRET_KEY} -lt 64 ]; then
@@ -520,6 +521,8 @@ function upgrade_pleroma {
     function_check set_repo_commit
     set_repo_commit $PLEROMA_DIR "pleroma commit" "$PLEROMA_COMMIT" $PLEROMA_REPO
     chown -R pleroma:pleroma $PLEROMA_DIR
+
+    sudo -u pleroma mix deps.get
     pleroma_recompile
 }
 
@@ -639,7 +642,7 @@ function remove_pleroma {
     rm /etc/systemd/system/pleroma.service
 
     userdel pleroma
-    apt-get -yq remove esl-erlang elixir erlang-xmerl erlang-dev erlang-parsetools
+    #apt-get -yq remove esl-erlang elixir erlang-xmerl erlang-dev erlang-parsetools
 
     function_check remove_nodejs
     remove_nodejs pleroma-backend
@@ -865,6 +868,19 @@ function install_pleroma {
 
     set_completion_param "pleroma domain" "$PLEROMA_DOMAIN_NAME"
 
+    # We need to set up the url option again because it somehow gets
+    # lost during mix compile
+    pleroma_secret=$PLEROMA_DIR/config/dev.secret.exs
+    if ! grep -q 'watchers: [],' $pleroma_secret; then
+        sed -i 's|watchers: []|watchers: [],|g' $pleroma_secret
+    fi
+    if ! grep -q 'url:' $pleroma_secret; then
+        if [[ $ONION_ONLY == 'no' ]]; then
+            sed -i "/watchers: []/a url: [host: \"$PLEROMA_DOMAIN_NAME\", scheme: \"https\", port: 443]" $pleroma_secret
+        else
+            sed -i "/watchers: []/a url: [host: \"$PLEROMA_ONION_HOSTNAME\", scheme: \"http\", port: 80]" $pleroma_secret
+        fi
+    fi
 
     # daemon
     echo '[Unit]' > /etc/systemd/system/pleroma.service

src/freedombone-app-riot

@@ -33,9 +33,9 @@ VARIANTS='full full-vim chat'
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
 
-RIOT_VERSION='0.12.2'
+RIOT_VERSION='0.13.0'
 RIOT_FILENAME="riot-v${RIOT_VERSION}"
-RIOT_HASH='d0de730cb3e688040ba5c23680a676dabc94386830582842a4728767ed6dcd7f'
+RIOT_HASH='b65535c4c3bfe6407b491f55df238847884ab83a9d5cbdd1f8b4d6e31cbb5870'
 RIOT_DOWNLOAD_URL="https://github.com/vector-im/riot-web/releases/download/v${RIOT_VERSION}"
 RIOT_ONION_PORT=8115
 RIOT_ONION_HOSTNAME=

src/freedombone-app-smilodon

@@ -0,0 +1,376 @@
+#!/bin/bash
+#
+# .---.                  .              .
+# |                      |              |
+# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
+# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
+# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+#
+#                    Freedom in the Cloud
+#
+# Smilodon ActivityPub app
+#
+# License
+# =======
+#
+# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+VARIANTS='full full-vim social'
+
+IN_DEFAULT_INSTALL=0
+SHOW_ON_ABOUT=1
+SHOW_ICANN_ADDRESS_ON_ABOUT=0
+
+SMILODON_REPO="https://github.com/bashrc/smilodon"
+SMILODON_COMMIT='e17dad10f9d4c00516b9c93a587e4298b3639af3'
+SMILODON_ADMIN_PASSWORD=
+SMILODON_ONION_PORT=8054
+SMILODON_PATH=/etc/smilodon
+SMILODON_SECRET_KEY=
+
+smilodon_variables=(SMILODON_REPO
+                    SMILODON_ADMIN_PASSWORD
+                    USB_MOUNT
+                    SMILODON_SECRET_KEY
+                    MY_EMAIL_ADDRESS
+                    MY_USERNAME)
+
+function logging_on_smilodon {
+    echo -n ''
+}
+
+function logging_off_smilodon {
+    echo -n ''
+}
+
+function remove_user_smilodon {
+    remove_username="$1"
+}
+
+function add_user_smilodon {
+    new_username="$1"
+    new_user_password="$2"
+    echo '0'
+}
+
+function install_interactive_smilodon {
+    echo -n ''
+    APP_INSTALLED=1
+}
+
+function change_password_smilodon {
+    curr_username="$1"
+    new_user_password="$2"
+
+    #${PROJECT_NAME}-pass -u "$curr_username" -a smilodon -p "$new_user_password"
+}
+
+function smilodon_create_database {
+    if [ ! $SMILODON_ADMIN_PASSWORD ]; then
+        return
+    fi
+
+    function_check create_database_mongodb
+    create_database_mongodb smilodon "$SMILODON_ADMIN_PASSWORD" smilodon
+}
+
+function reconfigure_smilodon {
+    echo -n ''
+}
+
+function upgrade_smilodon {
+    CURR_SMILODON_COMMIT=$(get_completion_param "smilodon commit")
+    if [[ "$CURR_SMILODON_COMMIT" == "$SMILODON_COMMIT" ]]; then
+        return
+    fi
+
+    if [[ $(app_is_installed smilodon) == "1" ]]; then
+        systemctl stop smilodon
+        function_check set_repo_commit
+        set_repo_commit $SMILODON_PATH "smilodon commit" "$SMILODON_COMMIT" $SMILODON_REPO
+        chown -R smilodon:smilodon $SMILODON_PATH
+        systemctl start smilodon
+    fi
+
+}
+
+function backup_local_smilodon {
+    if [ -d $SMILODON_PATH ]; then
+        systemctl stop smilodon
+
+        USE_MONGODB=1
+        function_check backup_database_to_usb
+        backup_database_to_usb smilodon
+
+        backup_directory_to_usb $SMILODON_PATH smilodon
+
+        systemctl start smilodon
+    fi
+}
+
+function restore_local_smilodon {
+    temp_restore_dir=/root/tempsmilodon
+
+    systemctl stop smilodon
+
+    function_check smilodon_create_database
+    smilodon_create_database
+
+    USE_MONGODB=1
+    restore_database smilodon
+
+    if [ -d ${SMILODON_PATH} ]; then
+        if [ -d $temp_restore_dir${SMILODON_PATH} ]; then
+            if [ -d $temp_restore_dir${SMILODON_PATH} ]; then
+                rm -rf ${SMILODON_PATH}
+                mv $temp_restore_dir$SMILODON_PATH ${SMILODON_PATH}/
+            else
+                cp -r $temp_restore_dir/* ${SMILODON_PATH}/
+            fi
+            if [ ! "$?" = "0" ]; then
+                function_check backup_unmount_drive
+                backup_unmount_drive
+                systemctl start smilodon
+                exit 528823
+            fi
+            chown -R smilodon:smilodon ${SMILODON_PATH}
+        fi
+    fi
+
+    if [ -d $USB_MOUNT/backup/smilodon ]; then
+        chown -R smilodon:smilodon ${SMILODON_PATH}
+        if [ -d $temp_restore_dir ]; then
+            rm -rf $temp_restore_dir
+        fi
+    fi
+
+    systemctl start smilodon
+}
+
+function backup_remote_smilodon {
+    if [ -d $SMILODON_PATH ]; then
+        function_check suspend_site
+        suspend_site smilodon
+
+        systemctl stop smilodon
+
+        USE_MONGODB=1
+        function_check backup_database_to_friend
+        backup_database_to_friend smilodon
+
+        function_check backup_directory_to_friend
+        backup_directory_to_friend $SMILODON_PATH smilodon
+
+        systemctl start smilodon
+
+        function_check restart_site
+        restart_site
+    else
+        echo $"Smilodon domain specified but not found in $SMILODON_PATH"
+    fi
+}
+
+function restore_remote_smilodon {
+    temp_restore_dir=/root/tempsmilodon
+    if grep -q "smilodon domain" $COMPLETION_FILE; then
+        echo $"Restoring smilodon"
+        systemctl stop smilodon
+
+        function_check restore_database_from_friend
+
+        function_check smilodon_create_database
+        smilodon_create_database
+
+        USE_MONGODB=1
+        restore_database_from_friend smilodon
+
+        if [ -d $SMILODON_PATH ]; then
+            if [ -d $temp_restore_dir$SMILODON_PATH ]; then
+                rm -rf $SMILODON_PATH
+                mv $temp_restore_dir$SMILODON_PATH ${SMILODON_PATH}/
+            else
+                cp -r $temp_restore_dir/* ${SMILODON_PATH}/
+            fi
+            if [ ! "$?" = "0" ]; then
+                systemctl start smilodon
+                exit 6391643
+            fi
+        fi
+
+        if [ -d $SERVER_DIRECTORY/backup/smilodon ]; then
+            chown -R smilodon:smilodon ${SMILODON_PATH}
+        fi
+        if [ -d /root/tempsmilodon ]; then
+            rm -rf /root/tempsmilodon
+        fi
+
+        systemctl start smilodon
+
+        echo $"Restore of smilodon complete"
+    fi
+}
+
+function remove_smilodon {
+    nginx_dissite smilodon
+
+    systemctl stop smilodon
+    systemctl disable smilodon
+    rm /etc/systemd/system/smilodon.service
+
+    function_check remove_onion_service
+    remove_onion_service smilodon ${SMILODON_ONION_PORT}
+    if [ -f /etc/nginx/sites-available/smilodon ]; then
+        rm /etc/nginx/sites-available/smilodon
+    fi
+
+    groupdel -f smilodon
+    userdel -r smilodon
+
+    if [ -d $SMILODON_PATH ]; then
+        rm -rf $SMILODON_PATH
+    fi
+
+    function_check remove_mongodb_user
+    remove_mongodb_user smilodon
+
+    function_check drop_database_mongodb
+    drop_database_mongodb smilodon
+
+    function_check remove_mongodb
+    remove_mongodb smilodon
+
+    remove_completion_param install_smilodon
+    sed -i '/smilodon/d' $COMPLETION_FILE
+}
+
+function install_smilodon {
+    apt-get -yq install python3-pip
+
+    if [ -d $SMILODON_PATH ]; then
+        rm -rf $SMILODON_PATH
+    fi
+
+    if [ -d /repos/smilodon ]; then
+        mkdir $SMILODON_PATH
+        cp -r -p /repos/smilodon/. $SMILODON_PATH
+        cd $SMILODON_PATH
+        git pull
+    else
+        function_check git_clone
+        git_clone $SMILODON_REPO $SMILODON_PATH
+    fi
+
+    if [ ! -d $SMILODON_PATH ]; then
+        echo $'Could not clone smilodon repo'
+        exit 6784783
+    fi
+    cd $SMILODON_PATH
+    git checkout $SMILODON_COMMIT -b $SMILODON_COMMIT
+    set_completion_param "smilodon commit" "$SMILODON_COMMIT"
+
+    groupadd smilodon
+    useradd -c "Smilodon system account" -d $SMILODON_PATH -m -r -g smilodon smilodon
+
+    SMILODON_ONION_HOSTNAME=$(add_onion_service smilodon 80 ${SMILODON_ONION_PORT})
+
+    if [ ! $SMILODON_SECRET_KEY ]; then
+        SMILODON_SECRET_KEY="$(create_password 30)$(create_password 30)$(create_password 30)$(create_password 30)"
+    fi
+
+    if [ -f $IMAGE_PASSWORD_FILE ]; then
+        SMILODON_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    else
+        if [ ! $SMILODON_ADMIN_PASSWORD ]; then
+            SMILODON_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        fi
+    fi
+
+    export smilodon_domain_name=$SMILODON_ONION_HOSTNAME
+    export secret_key="$SMILODON_SECRET_KEY"
+    export mongodb_username='smilodon'
+    export mongodb_password="$SMILODON_ADMIN_PASSWORD"
+    export smilodon_admin_address=$MY_EMAIL_ADDRESS
+    export MAIL_SERVER='localhost'
+    export MAIL_PORT=25
+
+    function_check install_mongodb
+    install_mongodb smilodon
+
+    smilodon_create_database
+
+    pip3 install -r requirements.txt
+    if [ ! "$?" = "0" ]; then
+        echo $'Unable to install smilodon dependencies'
+        exit 87352835
+    fi
+
+    echo 'server {' > /etc/nginx/sites-available/smilodon
+    echo "  listen 127.0.0.1:${SMILODON_ONION_PORT} default_server;" >> /etc/nginx/sites-available/smilodon
+    echo "  server_name $SMILODON_ONION_HOSTNAME;" >> /etc/nginx/sites-available/smilodon
+    echo '' >> /etc/nginx/sites-available/smilodon
+    echo '  access_log /dev/null;' >> /etc/nginx/sites-available/smilodon
+    echo '  error_log /dev/null;' >> /etc/nginx/sites-available/smilodon
+    echo '' >> /etc/nginx/sites-available/smilodon
+    echo '  location / {' >> /etc/nginx/sites-available/smilodon
+    echo '      proxy_pass http://localhost:5000;' >> /etc/nginx/sites-available/smilodon
+    echo '  }' >> /etc/nginx/sites-available/smilodon
+    echo '}' >> /etc/nginx/sites-available/smilodon
+
+    nginx_ensite smilodon
+    systemctl enable mongodb
+    systemctl restart mongodb
+
+    chown -R smilodon:smilodon ${SMILODON_PATH}
+
+    echo '#!/bin/bash' > ${SMILODON_PATH}/run_smilodon.sh
+    echo "cd ${SMILODON_PATH}" >> ${SMILODON_PATH}/run_smilodon.sh
+    echo "export smilodon_domain_name=$SMILODON_ONION_HOSTNAME" >> ${SMILODON_PATH}/run_smilodon.sh
+    echo "export secret_key='$SMILODON_SECRET_KEY'" >> ${SMILODON_PATH}/run_smilodon.sh
+    echo "export mongodb_username='smilodon'" >> ${SMILODON_PATH}/run_smilodon.sh
+    echo "export mongodb_password='$SMILODON_ADMIN_PASSWORD'" >> ${SMILODON_PATH}/run_smilodon.sh
+    echo "export smilodon_admin_address=$MY_EMAIL_ADDRESS" >> ${SMILODON_PATH}/run_smilodon.sh
+    echo "export MAIL_SERVER='localhost'" >> ${SMILODON_PATH}/run_smilodon.sh
+    echo "export MAIL_PORT=25" >> ${SMILODON_PATH}/run_smilodon.sh
+    echo "python3 run.py" >> ${SMILODON_PATH}/run_smilodon.sh
+    chmod +x ${SMILODON_PATH}/run_smilodon.sh
+    chown smilodon:smilodon ${SMILODON_PATH}/run_smilodon.sh
+
+    echo '[Unit]' > /etc/systemd/system/smilodon.service
+    echo 'Description=Smilodon ActivityPub messenger' >> /etc/systemd/system/smilodon.service
+    echo 'After=network.target mongodb.service' >> /etc/systemd/system/smilodon.service
+    echo 'After=tor.service' >> /etc/systemd/system/smilodon.service
+    echo '' >> /etc/systemd/system/smilodon.service
+    echo '[Service]' >> /etc/systemd/system/smilodon.service
+    echo 'User=smilodon' >> /etc/systemd/system/smilodon.service
+    echo 'Group=smilodon' >> /etc/systemd/system/smilodon.service
+    echo "WorkingDirectory=${SMILODON_PATH}/" >> /etc/systemd/system/smilodon.service
+    echo "ExecStart=${SMILODON_PATH}/run_smilodon.sh" >> /etc/systemd/system/smilodon.service
+    echo 'Restart=on-failure' >> /etc/systemd/system/smilodon.service
+    echo 'RestartSec=10' >> /etc/systemd/system/smilodon.service
+    echo '' >> /etc/systemd/system/smilodon.service
+    echo '[Install]' >> /etc/systemd/system/smilodon.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/smilodon.service
+    systemctl enable smilodon
+    systemctl daemon-reload
+    systemctl start smilodon
+    systemctl restart nginx
+
+    ${PROJECT_NAME}-pass -u $MY_USERNAME -a smilodon -p "$SMILODON_ADMIN_PASSWORD"
+
+    APP_INSTALLED=1
+}
+
+# NOTE: deliberately no exit 0

src/freedombone-backup-local

@@ -31,6 +31,7 @@
 PROJECT_NAME='freedombone'
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+MONGODB_APPS_FILE=$HOME/.mongodbapps
 BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
 ENABLE_BACKUP_VERIFICATION="no"
 
@@ -296,6 +297,9 @@ function backup_configfiles {
     if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
         cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
     fi
+    if [ -f $MONGODB_APPS_FILE ]; then
+        cp -f $MONGODB_APPS_FILE $temp_backup_dir
+    fi
     # nginx password hashes
     if [ -f /etc/nginx/.htpasswd ]; then
         cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd

src/freedombone-backup-remote

@@ -31,6 +31,7 @@
 PROJECT_NAME='freedombone'
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+MONGODB_APPS_FILE=$HOME/.mongodbapps
 BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
 ENABLE_VERIFICATION="no"
 
@@ -142,6 +143,9 @@ function backup_configfiles {
     if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
         cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
     fi
+    if [ -f $MONGODB_APPS_FILE ]; then
+        cp -f $MONGODB_APPS_FILE $temp_backup_dir
+    fi
     # nginx password hashes
     if [ -f /etc/nginx/.htpasswd ]; then
         cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd

src/freedombone-image-customise

@@ -685,6 +685,9 @@ initialise_mesh() {
     # install tor as a possible way of routing traffic between internet gateways
     chroot "$rootdir" apt-get -yq install tor
 
+    # dhcp daemon for hotspot on secondary wifi adapter
+    chroot "$rootdir" apt-get -yq install dnsmasq
+
     configure_firewall
     install_avahi
     install_batman
@@ -1256,7 +1259,7 @@ EOF
     chroot "$rootdir" /bin/chown -R ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/help
 
     # Tox user interface
-    enable_tox_repo
+    #enable_tox_repo
     mesh_tox_qtox
     # copy the default qtox ini file
     if [ ! -d ${rootdir}/home/${MY_USERNAME}/.config/tox ]; then

src/freedombone-mesh-batman

@@ -101,7 +101,7 @@ function get_ipv4_wlan {
 }
 
 function mesh_hotspot_ip_address {
-    echo $(ip -o -f inet addr show dev "$BRIDGE" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
+    echo $(ip -o -f inet addr show dev "${BRIDGE}" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
 }
 
 function global_rate_limit {
@@ -122,6 +122,10 @@ function stop {
         echo 'error: unable to find wifi interface, not enabling batman-adv mesh'
         return
     fi
+
+    systemctl stop dnsmasq
+    systemctl disable dnsmasq
+
     if [ "$EIFACE" ]; then
         brctl delif $BRIDGE bat0
         ifconfig $BRIDGE down || true
@@ -280,6 +284,9 @@ function mesh_create_app_downloads_page {
     if [ ! -f /var/www/html/ssb.apk ]; then
         cp /root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk /var/www/html/ssb.apk
     fi
+    if [ ! -f /var/www/html/trifa.apk ]; then
+        cp /root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk /var/www/html/trifa.apk
+    fi
     if [ ! -d /var/www/html/images ]; then
         mkdir /var/www/html/images
     fi
@@ -289,6 +296,9 @@ function mesh_create_app_downloads_page {
     if [ ! -f /var/www/html/images/ssb.png ]; then
         cp /root/$PROJECT_NAME/img/icon_patchwork.png /var/www/html/images/ssb.png
     fi
+    if [ ! -f /var/www/html/images/trifa.png ]; then
+        cp /root/$PROJECT_NAME/img/trifa.png /var/www/html/images/trifa.png
+    fi
     if [ ! -f /var/www/html/freedombone.css ]; then
         cp /root/$PROJECT_NAME/website/freedombone.css /var/www/html/freedombone.css
     fi
@@ -296,6 +306,8 @@ function mesh_create_app_downloads_page {
 }
 
 function start {
+    update_wifi_adaptors
+
     if [ -z "$IFACE" ] ; then
         echo 'error: unable to find wifi interface, not enabling batman-adv mesh'
         exit 723657
@@ -305,6 +317,9 @@ function start {
     systemctl stop network-manager
     sleep 5
 
+    systemctl stop dnsmasq
+    systemctl disable dnsmasq
+
     # remove an avahi service which isn't used
     if [ -f /etc/avahi/services/udisks.service ]; then
         sudo rm /etc/avahi/services/udisks.service
@@ -340,6 +355,7 @@ function start {
     brctl addbr $BRIDGE
     brctl addif $BRIDGE bat0
     ifconfig bat0 0.0.0.0
+    ethernet_connected='0'
     if [ "$EIFACE" ] ; then
         ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
         if [[ "$ethernet_connected" != "0" ]]; then
@@ -358,25 +374,43 @@ function start {
     if [ $secondary_wifi_available ]; then
         sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd
 
-        echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf
-        echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf
-        echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf
-        echo "country_code=UK" >> /etc/hostapd/hostapd.conf
-        echo "ssid=${WIFI_SSID}-$(mesh_hotspot_ip_address)" >> /etc/hostapd/hostapd.conf
-        echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
-        echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
-        echo 'wpa=2' >> /etc/hostapd/hostapd.conf
-        echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
-        echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf
-        echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf
-        echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf
-        echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf
-        echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf
-
-        systemctl enable hostapd
-        systemctl restart hostapd
-        mesh_create_app_downloads_page
-    else
+        mesh_hotspot_address=$(mesh_hotspot_ip_address)
+        if [[ "$mesh_hotspot_address" == *'.'* ]]; then
+            echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf
+            echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf
+            echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf
+            echo "country_code=UK" >> /etc/hostapd/hostapd.conf
+            echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}" >> /etc/hostapd/hostapd.conf
+            echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
+            echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
+            echo 'wpa=2' >> /etc/hostapd/hostapd.conf
+            echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
+            echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf
+            echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf
+            echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf
+            echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf
+            echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf
+
+            sed -i "s|#interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
+            sed -i "s|interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
+            sed -i "s|listen-address=.*|listen-address=127.0.0.1,$mesh_hotspot_address|g" /etc/dnsmasq.conf
+            sed -i 's|#listen-address|listen-address|g' /etc/dnsmasq.conf
+            systemctl enable dnsmasq
+            systemctl restart dnsmasq
+
+            systemctl enable hostapd
+            systemctl restart hostapd
+            mesh_create_app_downloads_page
+        else
+            secondary_wifi_available=
+            echo $'WARNING: No IP address could be obtained for the hotspot'
+        fi
+    fi
+
+    if [ ! $secondary_wifi_available ]; then
+        systemctl stop hostapd
+        systemctl disable hostapd
+
         # Recreate the cryptpad symlink
         if [ -f /etc/nginx/sites-available/cryptpad ]; then
             if [ -L /etc/nginx/sites-enabled/cryptpad ]; then
@@ -420,21 +454,22 @@ function start {
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
     iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
-    # vpn over the internet
-    iptables -A INPUT -p tcp --dport 653 -j ACCEPT
-    iptables -A INPUT -p udp --dport 653 -j ACCEPT
-    iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
-    iptables -A INPUT -i tun+ -j ACCEPT
-    iptables -A FORWARD -i tun+ -j ACCEPT
-    iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
-    iptables -A OUTPUT -o tun+ -j ACCEPT
-
-    echo 1 > /proc/sys/net/ipv4/ip_forward
-    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
-    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
-    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
+    if [[ "$ethernet_connected" != "0" ]]; then
+        # vpn over the internet
+        iptables -A INPUT -p tcp --dport 653 -j ACCEPT
+        iptables -A INPUT -p udp --dport 653 -j ACCEPT
+        iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
+        iptables -A INPUT -i tun+ -j ACCEPT
+        iptables -A FORWARD -i tun+ -j ACCEPT
+        iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
+        iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
+        iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
+        iptables -A OUTPUT -o tun+ -j ACCEPT
+        echo 1 > /proc/sys/net/ipv4/ip_forward
+        sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
+        sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
+        sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
+    fi
 
     systemctl restart avahi-daemon
 

src/freedombone-restore-local

@@ -30,6 +30,7 @@
 
 PROJECT_NAME='freedombone'
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+MONGODB_APPS_FILE=$HOME/.mongodbapps
 CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
 BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
 
@@ -184,6 +185,16 @@ function restore_configfiles {
         #    fi
         #fi
 
+        if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
+            cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
+            if [ ! "$?" = "0" ]; then
+                set_user_permissions
+                backup_unmount_drive
+                rm -rf $temp_restore_dir
+                exit 859034853
+            fi
+        fi
+
         #if [ -f $CONFIGURATION_FILE ]; then
         #    # install according to the config file
         #    freedombone -c $CONFIGURATION_FILE

src/freedombone-restore-remote

@@ -31,6 +31,7 @@
 PROJECT_NAME='freedombone'
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+MONGODB_APPS_FILE=$HOME/.mongodbapps
 BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
 
 export TEXTDOMAIN=${PROJECT_NAME}-restore-remote
@@ -172,6 +173,15 @@ function restore_configfiles {
         #    fi
         #fi
 
+        if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
+            cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
+            if [ ! "$?" = "0" ]; then
+                unmount_drive
+                rm -rf $temp_restore_dir
+                exit 7835335
+            fi
+        fi
+
         #if [ -f $CONFIGURATION_FILE ]; then
         #    # install according to the config file
         #    freedombone -c $CONFIGURATION_FILE

src/freedombone-upgrade

@@ -93,6 +93,7 @@ if [ -d $PROJECT_DIR ]; then
             exit 453536
         fi
 
+        apt-get -yq -t stretch-backports install certbot
         email_install_tls
         defrag_filesystem
     fi

src/freedombone-utils-backup

@@ -236,15 +236,29 @@ function backup_database_local_usb {
         mkdir -p ${local_database_dir}
     fi
     echo $"Obtaining ${1} database backup"
+    database_file_extension='sql'
+    if [ $USE_MONGODB ]; then
+        database_file_extension='mdb'
+        USE_POSTGRESQL=
+    fi
     if [ ! $USE_POSTGRESQL ]; then
-        keep_database_running
-        mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.sql
+        if [ ! $USE_MONGODB ]; then
+            USE_MONGODB=
+            USE_POSTGRESQL=
+            keep_database_running
+            mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.${database_file_extension}
+        else
+            USE_MONGODB=
+            USE_POSTGRESQL=
+            mongodump --db ${1} --archive=${local_database_dir}/${1}.${database_file_extension} --gzip
+        fi
     else
+        USE_MONGODB=
         USE_POSTGRESQL=
-        sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.sql
+        sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.${database_file_extension}
     fi
-    if [ -f ${local_database_dir}/${1}.sql ]; then
-        if [ ! -s ${local_database_dir}/${1}.sql ]; then
+    if [ -f ${local_database_dir}/${1}.${database_file_extension} ]; then
+        if [ ! -s ${local_database_dir}/${1}.${database_file_extension} ]; then
             echo $"${1} database could not be saved"
             shred -zu ${local_database_dir}/*
             rm -rf ${local_database_dir}
@@ -552,16 +566,30 @@ function backup_database_remote {
     fi
 
     echo "Obtaining ${1} database backup"
+    database_file_extension='sql'
+    if [ $USE_MONGODB ]; then
+        database_file_extension='mdb'
+        USE_POSTGRESQL=
+    fi
     if [ ! $USE_POSTGRESQL ]; then
-        keep_database_running
-        mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.sql
+        if [ ! $USE_MONGODB ]; then
+            USE_MONGODB=
+            USE_POSTGRESQL=
+            keep_database_running
+            mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.${database_file_extension}
+        else
+            USE_MONGODB=
+            USE_POSTGRESQL=
+            mongodump --db ${1} --archive=${local_database_dir}/${1}.${database_file_extension} --gzip
+        fi
     else
+        USE_MONGODB=
         USE_POSTGRESQL=
-        sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.sql
+        sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.${database_file_extension}
     fi
 
-    if [ -f ${local_database_dir}/${1}.sql ]; then
-        if [ ! -s ${local_database_dir}/${1}.sql ]; then
+    if [ -f ${local_database_dir}/${1}.${database_file_extension} ]; then
+        if [ ! -s ${local_database_dir}/${1}.${database_file_extension} ]; then
             echo $"${1} database could not be saved"
             shred -zu ${local_database_dir}/*
             rm -rf ${local_database_dir}
@@ -569,7 +597,7 @@ function backup_database_remote {
             echo $"Unable to export ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
             function_check restart_site
             restart_site
-            exit 5738
+            exit 57386728
         fi
     else
         echo $"${1} database could not be dumped"
@@ -578,7 +606,7 @@ function backup_database_remote {
         echo $"Unable to dump ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
         function_check restart_site
         restart_site
-        exit 3687
+        exit 36874289
     fi
 }
 
@@ -642,33 +670,47 @@ function restore_database_from_friend {
     RESTORE_SUBDIR="root"
 
     if [ -d $SERVER_DIRECTORY/backup/${1} ]; then
+        database_file_extension='sql'
+        if [ $USE_MONGODB ]; then
+            database_file_extension='mdb'
+            USE_POSTGRESQL=
+        fi
         echo $"Restoring ${1} database"
         local_database_dir=/root/temp${1}data
         restore_directory_from_friend ${local_database_dir} ${1}data
-        database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.sql
+        database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.${database_file_extension}
         if [ ! -f $database_file ]; then
-            database_file=${local_database_dir}/${restore_app_name}.sql
+            database_file=${local_database_dir}/${restore_app_name}.${database_file_extension}
         fi
         if [ ! -f $database_file ]; then
             echo $"Unable to restore ${1} database"
             rm -rf ${local_database_dir}
-            exit 503
+            exit 5289252
         fi
         if [ ! $USE_POSTGRESQL ]; then
-            keep_database_running
-            mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${1} -o < ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)
+            if [ ! $USE_MONGODB ]; then
+                USE_MONGODB=
+                USE_POSTGRESQL=
+                keep_database_running
+                mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < ${database_file})
+            else
+                USE_MONGODB=
+                USE_POSTGRESQL=
+                mongorestore --gzip --archive=${database_file} --db ${restore_app_name}
+            fi
         else
+            USE_MONGODB=
             USE_POSTGRESQL=
-            mysqlsuccess=$(sudo -u postgres pg_restore ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)
+            mysqlsuccess=$(sudo -u postgres pg_restore ${database_file})
         fi
         if [ ! "$?" = "0" ]; then
             echo "$mysqlsuccess"
-            exit 964
+            exit 8735271
         fi
         if [ -d ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data ]; then
             shred -zu ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/*
         else
-            shred -zu ${local_database_dir}/*.sql
+            shred -zu ${local_database_dir}/*.${database_file_extension}
         fi
         rm -rf ${local_database_dir}
         echo $"Restoring ${1} installation"
@@ -695,7 +737,7 @@ function restore_database_from_friend {
                         cp -r $restore_from_dir/* /var/www/${2}/htdocs/
                     fi
                     if [ ! "$?" = "0" ]; then
-                        exit 683
+                        exit 78352682
                     fi
                     if [ -d /etc/letsencrypt/live/${2} ]; then
                         ln -s /etc/letsencrypt/live/${2}/privkey.pem /etc/ssl/private/${2}.key
@@ -725,9 +767,14 @@ function restore_database {
         fi
         function_check restore_directory_from_usb
         restore_directory_from_usb "${local_database_dir}" "${restore_app_name}data"
-        database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.sql
+        database_file_extension='sql'
+        if [ $USE_MONGODB ]; then
+            database_file_extension='mdb'
+            USE_POSTGRESQL=
+        fi
+        database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.${database_file_extension}
         if [ ! -f $database_file ]; then
-            database_file=${local_database_dir}/${restore_app_name}.sql
+            database_file=${local_database_dir}/${restore_app_name}.${database_file_extension}
         fi
         if [ ! -f $database_file ]; then
             echo $"Unable to restore ${restore_app_name} database"
@@ -736,12 +783,21 @@ function restore_database {
             set_user_permissions
             function_check backup_unmount_drive
             backup_unmount_drive
-            exit 503
+            exit 7825235
         fi
         if [ ! $USE_POSTGRESQL ]; then
-            keep_database_running
-            mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < $database_file)
+            if [ ! $USE_MONGODB ]; then
+                USE_MONGODB=
+                USE_POSTGRESQL=
+                keep_database_running
+                mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < $database_file)
+            else
+                USE_MONGODB=
+                USE_POSTGRESQL=
+                mongorestore --gzip --archive=$database_file --db ${restore_app_name}
+            fi
         else
+            USE_MONGODB=
             USE_POSTGRESQL=
             mysqlsuccess=$(sudo -u postgres pg_restore $database_file)
         fi
@@ -751,12 +807,12 @@ function restore_database {
             set_user_permissions
             function_check set_user_permissions
             backup_unmount_drive
-            exit 964
+            exit 482638995
         fi
         if [ -d ${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data ]; then
             shred -zu ${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/*
         else
-            shred -zu ${local_database_dir}/*.sql
+            shred -zu ${local_database_dir}/*.${database_file_extension}
         fi
 
         rm -rf ${local_database_dir}
@@ -789,7 +845,7 @@ function restore_database {
                     if [ ! "$?" = "0" ]; then
                         set_user_permissions
                         backup_unmount_drive
-                        exit 683
+                        exit 78252429
                     fi
                     if [ -d /etc/letsencrypt/live/${restore_app_domain} ]; then
                         ln -s /etc/letsencrypt/live/${restore_app_domain}/privkey.pem /etc/ssl/private/${restore_app_domain}.key

src/freedombone-utils-mongodb

@@ -0,0 +1,176 @@
+#!/bin/bash
+#
+# .---.                  .              .
+# |                      |              |
+# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
+# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
+# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+#
+#                    Freedom in the Cloud
+#
+# mongodb database functions
+#
+# License
+# =======
+#
+# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Set this when calling backup and restore commands
+USE_MONGODB=
+MONGODB_APPS_FILE=$HOME/.mongodbapps
+
+function store_original_mongodb_password {
+    if [ ! -f /root/.mongodboriginal ]; then
+        echo $'Storing original mongodb password'
+        ORIGINAL_MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb)
+        # We can store this in plaintext because it will soon be of historical interest only
+        echo -n "$ORIGINAL_MONGODB_PASSWORD" > /root/.mongodboriginal
+    fi
+}
+
+function get_mongodb_password {
+    MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb)
+    if [[ "$MONGODB_PASSWORD" == *'failed'* ]]; then
+        echo $'Could not obtain mongodb password'
+        exit 7835272
+    fi
+}
+
+function install_mongodb {
+    app_name=$1
+
+    if [[ "$(uname -a)" == *"armv7"* ]]; then
+        echo $'mongodb package is not available for arm 7 architecture'
+        exit 7356272
+    fi
+
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        return
+    fi
+
+    function_check get_mongodb_password
+    get_mongodb_password
+    if [ ! $MONGODB_PASSWORD ]; then
+        if [ -f $IMAGE_PASSWORD_FILE ]; then
+            MONGODB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+        else
+            MONGODB_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
+        fi
+    fi
+    ${PROJECT_NAME}-pass -u root -a mongodb -p "$MONGODB_PASSWORD"
+
+    apt-get -yq install mongodb mongo-tools
+    apt-get -yq remove --purge apache2-bin*
+    if [ -d /etc/apache2 ]; then
+        rm -rf /etc/apache2
+        echo $'Removed Apache installation after mongodb install'
+    fi
+
+    if [ ! -d /var/lib/mongodb ]; then
+        echo $"ERROR: mongodb does not appear to have installed. $CHECK_MESSAGE"
+        exit 78352
+    fi
+
+    if [ $app_name ]; then
+        if ! grep -q "$app_name" $MONGODB_APPS_FILE; then
+           echo "$app_name" >> $MONGODB_APPS_FILE
+        fi
+    fi
+
+    mark_completed $FUNCNAME
+}
+
+function remove_mongodb {
+    app_name=$1
+
+    if [ ! $app_name ]; then
+        return
+    fi
+
+    removemongo=
+    if [ -f $MONGODB_APPS_FILE ]; then
+        sed -i "/$app_name/d" $MONGODB_APPS_FILE
+        if [ ! -s $MONGODB_APPS_FILE ]; then
+            removemongo=1
+        fi
+    else
+        removemongo=1
+    fi
+
+    if [ $removemongo ]; then
+        systemctl stop mongodb
+        systemctl disable mongodb
+        apt-get -yq remove --purge mongodb mongo-tools
+        apt-get -yq autoremove
+        if [ -d /var/lib/mongodb ]; then
+            rm -rf /var/lib/mongodb
+        fi
+        if [ -f /etc/systemd/system/mongodb.service ]; then
+            rm /etc/systemd/system/mongodb.service
+            systemctl daemon-reload
+        fi
+        if [ -f /etc/init.d/mongodb ]; then
+            rm /etc/init.d/mongodb
+        fi
+        sed -i '/install_mongodb/d' $COMPLETION_FILE
+    fi
+}
+
+function add_mongodb_user {
+    mongodb_username=$1
+    mongodb_password=$2
+
+    mongo admin --eval "db.createUser({user: '$mongodb_username', pwd: '$mongodb_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })"
+}
+
+function remove_mongodb_user {
+    mongodb_username=$1
+    mongo admin --eval "db.removeUser($mongodb_username)"
+}
+
+function drop_database_mongodb {
+    database_name="$1"
+    if [[ "$database_name" == 'admin' ]]; then
+        return
+    fi
+    mongo $database_name --eval "db.runCommand( { dropDatabase: 1 } )"
+    if [ $app_name ]; then
+        if grep -q "$app_name" $MONGODB_APPS_FILE; then
+            sed -i "/$app_name/d" $MONGODB_APPS_FILE
+        fi
+    fi
+}
+
+function initialise_database_mongodb {
+    database_name=$1
+    database_file=$2
+    mongorestore $database_file
+    if [ ! "$?" = "0" ]; then
+        exit 8358365
+    fi
+}
+
+function create_database_mongodb {
+    app_name="$1"
+    app_admin_password="$2"
+    app_admin_username=$3
+    mongo admin --eval "db.createUser({user: '$app_admin_username', pwd: '$app_admin_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })"
+    if [ $app_name ]; then
+        if ! grep -q "$app_name" $MONGODB_APPS_FILE; then
+           echo "$app_name" >> $MONGODB_APPS_FILE
+        fi
+    fi
+}

website/EN/app_matrix.html

@@ -3,10 +3,10 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-08-23 Wed 19:23 -->
+<!-- 2017-11-19 Sun 23:19 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
-<title></title>
+<title>&lrm;</title>
 <meta name="generator" content="Org mode" />
 <meta name="author" content="Bob Mottram" />
 <meta name="description" content="How to use Matrix"
@@ -264,16 +264,16 @@ Matrix is a federated communications system, typically for multi-user chat, with
 Another consideration is that since matrix operates on the usual HTTPS port number (443) this may make it difficult for ISPs or governments to censor this type of communications via port blocking without significant blowback.
 </p>
 
-<div id="outline-container-orgc78770d" class="outline-2">
-<h2 id="orgc78770d">Installation</h2>
-<div class="outline-text-2" id="text-orgc78770d">
+<div id="outline-container-orgd6cc689" class="outline-2">
+<h2 id="orgd6cc689">Installation</h2>
+<div class="outline-text-2" id="text-orgd6cc689">
 <p>
 Log into your system with:
 </p>
 
 <div class="org-src-container">
-<pre><code class="src src-bash">ssh myusername@mydomain -p 2222
-</code></pre>
+<pre class="src src-bash">ssh myusername@mydomain -p 2222
+</pre>
 </div>
 
 <p>
@@ -286,9 +286,9 @@ Select <b>Add/Remove Apps</b> then <b>matrix</b>. You will then be asked for a d
 </div>
 </div>
 
-<div id="outline-container-org5262b52" class="outline-2">
-<h2 id="org5262b52">Initial setup</h2>
-<div class="outline-text-2" id="text-org5262b52">
+<div id="outline-container-org3292734" class="outline-2">
+<h2 id="org3292734">Initial setup</h2>
+<div class="outline-text-2" id="text-org3292734">
 <p>
 Go to the <b>Administrator control panel</b> and select <b>Passwords</b> then <b>matrix</b>. This will give you the password to initially log in to the system and you can change it later from a client app if needed.
 </p>
@@ -303,19 +303,19 @@ Other client apps are available but are currently mostly only at the alpha stage
 </div>
 </div>
 
-<div id="outline-container-orgd8eede9" class="outline-2">
-<h2 id="orgd8eede9">DNS setup</h2>
-<div class="outline-text-2" id="text-orgd8eede9">
+<div id="outline-container-org82239c4" class="outline-2">
+<h2 id="org82239c4">DNS setup</h2>
+<div class="outline-text-2" id="text-org82239c4">
 <p>
 It's recommended that you add an SRV record for Matrix to your DNS setup. How you do this will depend upon your dynamic DNS provider and their web interface. On FreeDNS on the subdomains settings in addition to the subdomain which you are using for the matrix server create an extra entry as follows:
 </p>
 
 <div class="org-src-container">
-<pre><code class="src src-text">Type: SRV
+<pre class="src src-text">Type: SRV
 Subdomain: _matrix._tcp
 Domain: [youdomain]
 Destination: 10 0 8448 [yourmatrixsubdomain]
-</code></pre>
+</pre>
 </div>
 
 <p>
@@ -323,6 +323,15 @@ You may also want to make another entry with the same settings but replacing <b>
 </p>
 </div>
 </div>
+
+<div id="outline-container-org9568212" class="outline-2">
+<h2 id="org9568212">Mobile app</h2>
+<div class="outline-text-2" id="text-org9568212">
+<p>
+If you're using the Riot mobile app to access your Matrix homeserver then you can significantly improve battery performance by going to the settings and changing <b>Sync request timeout</b> to 30 seconds and <b>Delay between two sync requests</b> to 600 seconds.
+</p>
+</div>
+</div>
 </div>
 <div id="postamble" class="status">
 

website/EN/app_pleroma.html

@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-11-10 Fri 17:42 -->
+<!-- 2017-11-12 Sun 18:45 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -264,9 +264,9 @@ Pleroma is an OStatus-compatible social networking server, compatible with GNU S
 </div>
 </div>
 
-<div id="outline-container-org630bbcf" class="outline-2">
-<h2 id="org630bbcf">Installation</h2>
-<div class="outline-text-2" id="text-org630bbcf">
+<div id="outline-container-org39de7d0" class="outline-2">
+<h2 id="org39de7d0">Installation</h2>
+<div class="outline-text-2" id="text-org39de7d0">
 <p>
 Log into your system with:
 </p>
@@ -286,9 +286,9 @@ Select <b>Add/Remove Apps</b> then <b>pleroma</b>. You will then be asked for a
 </div>
 </div>
 
-<div id="outline-container-org703cfb4" class="outline-2">
-<h2 id="org703cfb4">Initial setup</h2>
-<div class="outline-text-2" id="text-org703cfb4">
+<div id="outline-container-org35d8b0a" class="outline-2">
+<h2 id="org35d8b0a">Initial setup</h2>
+<div class="outline-text-2" id="text-org35d8b0a">
 <p>
 The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.
 </p>
@@ -298,6 +298,23 @@ Once you have done that then you can disable further registrations from the <b>A
 </p>
 </div>
 </div>
+
+<div id="outline-container-org31f6ea0" class="outline-2">
+<h2 id="org31f6ea0">Mastodon user interface</h2>
+<div class="outline-text-2" id="text-org31f6ea0">
+<p>
+If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to <b>/yourpleromadomainname/web</b> and log in.
+</p>
+
+<div class="org-center">
+
+<div class="figure">
+<p><img src="images/pleromamastodon.jpg" alt="pleromamastodon.jpg" />
+</p>
+</div>
+</div>
+</div>
+</div>
 </div>
 <div id="postamble" class="status">
 

website/EN/meshindex.html

@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-10-05 Thu 11:44 -->
+<!-- 2017-11-20 Mon 14:33 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -256,7 +256,7 @@ The following apps are available:
  <table style="width:80%; border:0">
   <tr>
     <td><center><b><a href="ssb.apk"><img src="images/ssb.png"/></a></b><br><a href="ssb.apk">Secure Scuttlebutt</a></center></td>
-    <td><center><b><h3></h3></b><br></center></td>
+    <td><center><b><a href="trifa.apk"><img src="images/trifa.png"/></a></b><br><a href="trifa.apk">Tox</a></center></td>
   </tr>
 </table>
 </center>

website/EN/mobile.html

@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-09-22 Fri 13:18 -->
+<!-- 2017-11-19 Sun 23:19 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -277,9 +277,9 @@ Mobile phones are insecure devices, but they're regarded as being so essential t
 </table>
 </center>
 
-<div id="outline-container-org066f7fb" class="outline-2">
-<h2 id="org066f7fb">Open</h2>
-<div class="outline-text-2" id="text-org066f7fb">
+<div id="outline-container-org028bfb1" class="outline-2">
+<h2 id="org028bfb1">Open</h2>
+<div class="outline-text-2" id="text-org028bfb1">
 <p>
 Use a Linux based phone operating system. Typically this will mean Android, but could also mean LineageOS or Replicant. LineageOS is the most preferable, because you can usually get an up to date image with a recent kernel which will give you better security against exploits. If you're buying a phone then look for a model which is supported by LineageOS. Replicant is the most free (as in freedom) but only runs on a small number of phone models. If you have a phone which runs a full GNU/Linux system then that's fantastic, and you can probably use it in much the same way as a desktop system and the rest of the advice on this page won't apply. If you don't have a phone capable of running a Linux based operating system then consider selling, giving away or bartering your existing one.
 </p>
@@ -290,45 +290,45 @@ Why is it so important to run Linux on a phone? Aren't <i>iThings</i> supposed t
 </div>
 </div>
 
-<div id="outline-container-org1a24680" class="outline-2">
-<h2 id="org1a24680">Remove</h2>
-<div class="outline-text-2" id="text-org1a24680">
+<div id="outline-container-orgf5a1356" class="outline-2">
+<h2 id="orgf5a1356">Remove</h2>
+<div class="outline-text-2" id="text-orgf5a1356">
 <p>
 So maybe you're running Android and the phone came with some apps already installed. Almost certainly they'll be proprietary. Go to Settings/Apps and then uninstall or deactivate any apps which you really don't need. Mostly preinstalled apps are intended to send your data to companies who will then sell it to advertisers or governments under the business model of <i>surveillance capital</i>. It's not a good idea to get caught up in that, and to avoid becoming addicted to apps which are surveilling you without consent or installing spyware in the background without your knowledge.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org390d2d0" class="outline-2">
-<h2 id="org390d2d0">Encrypt</h2>
-<div class="outline-text-2" id="text-org390d2d0">
+<div id="outline-container-org8f0466d" class="outline-2">
+<h2 id="org8f0466d">Encrypt</h2>
+<div class="outline-text-2" id="text-org8f0466d">
 <p>
 Encrypt your phone. This can usually be done via <b>Settings/Security</b> and you may need to fully charge the phone first. Encryption means that if you lose your phone or it gets stolen then there is less chance that anyone who picks it up will get access to your data, photos and so on.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org3d6081e" class="outline-2">
-<h2 id="org3d6081e">Apps</h2>
-<div class="outline-text-2" id="text-org3d6081e">
+<div id="outline-container-orgfec183a" class="outline-2">
+<h2 id="orgfec183a">Apps</h2>
+<div class="outline-text-2" id="text-orgfec183a">
 <p>
 Installing <b>F-droid</b> and only adding any new apps via F-droid will ensure that you are always using free and open source software. Open source is not a panacea, since bugs can and do still occur, but it will help you to avoid the worst security and privacy pitfalls.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org5a55ec6" class="outline-2">
-<h2 id="org5a55ec6">Lock</h2>
-<div class="outline-text-2" id="text-org5a55ec6">
+<div id="outline-container-org77de138" class="outline-2">
+<h2 id="org77de138">Lock</h2>
+<div class="outline-text-2" id="text-org77de138">
 <p>
 Add a lock screen, preferably with a password which is not easy for other people to guess or for quicker access with a PIN number. Install an app called <b>Locker</b>, activate it and set the maximum number of password guesses to ten (or whatever you feel comfortable with). If bad people get hold of your phone then they may try to brute force your lock screen password or PIN (i.e. automatically trying millions of common word and number combinations) and the locker app will prevent them from succeeding by resetting the phone back to its factory default condition and wiping the data.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgaf7fb89" class="outline-2">
-<h2 id="orgaf7fb89">Onion</h2>
-<div class="outline-text-2" id="text-orgaf7fb89">
+<div id="outline-container-org4dc0e5b" class="outline-2">
+<h2 id="org4dc0e5b">Onion</h2>
+<div class="outline-text-2" id="text-org4dc0e5b">
 <p>
 Both governments and corporations want to compile matadata dossiers about you. Who you communicated with, when and how often. They want this so that they can data mine, simulate, predict and then ultimately influence (sometimes also called "nudge") your actions and preferences in the directions they prefer. By routing your connections through a number of proxy servers (Tor routers) you can make it perhaps not <i>theoretically</i> impossible but at least <i>very hard</i> for them to have a complete and accurate list of who your friends are, your religion, politics, likely health issues, sexual orientation and what news sites or books you read.
 </p>
@@ -339,26 +339,26 @@ In F-droid under the <b>repositories</b> menu you can enable the <b>guardian pro
 </div>
 </div>
 
-<div id="outline-container-orgc7a0b9e" class="outline-2">
-<h2 id="orgc7a0b9e">Email</h2>
-<div class="outline-text-2" id="text-orgc7a0b9e">
+<div id="outline-container-org466eb29" class="outline-2">
+<h2 id="org466eb29">Email</h2>
+<div class="outline-text-2" id="text-org466eb29">
 <p>
 The easiest way to access email is by installing the <a href="./app_mailpile.html">Mailpile</a> app. This keeps your GPG keys off of possibly insecure mobile devices but still enables encrypted email communications in an easy way. You can use K9 mail if you prefer, but that will require installing OpenKeychain and having your GPG keys on the device, which is a lot more risky.
 </p>
 </div>
 </div>
-<div id="outline-container-orgfcecdf8" class="outline-2">
-<h2 id="orgfcecdf8">Services</h2>
-<div class="outline-text-2" id="text-orgfcecdf8">
+<div id="outline-container-org978ea8b" class="outline-2">
+<h2 id="org978ea8b">Services</h2>
+<div class="outline-text-2" id="text-org978ea8b">
 <p>
 For information on configuring various apps to work with Freedombone see the <a href="./usage.html">usage section</a>. Also see advice on chat apps in the <a href="./faq.html">FAQ</a>.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org469e667" class="outline-2">
-<h2 id="org469e667">Battery preservation</h2>
-<div class="outline-text-2" id="text-org469e667">
+<div id="outline-container-org3546225" class="outline-2">
+<h2 id="org3546225">Battery preservation</h2>
+<div class="outline-text-2" id="text-org3546225">
 <p>
 Even with free software apps it's not difficult to get into a situation where your battery doesn't last for long. To maximize battery life access RSS feeds via the onion-based mobile reader within a Tor-compatible browser and not from a locally installed RSS app.
 </p>
@@ -366,12 +366,16 @@ Even with free software apps it's not difficult to get into a situation where yo
 <p>
 If you have Syncthing installed then change the settings so that it only syncs when charging and when on wifi. Avoid any apps which might be continuously polling and preventing the device from going into sleep mode when it's not used.
 </p>
+
+<p>
+If you're using the Riot mobile app to access a Matrix homeserver then you can significantly improve battery performance by going to the settings and changing <b>Sync request timeout</b> to 30 seconds and <b>Delay between two sync requests</b> to 600 seconds.
+</p>
 </div>
 </div>
 
-<div id="outline-container-orgcaf0530" class="outline-2">
-<h2 id="orgcaf0530">Blocking bad domains</h2>
-<div class="outline-text-2" id="text-orgcaf0530">
+<div id="outline-container-org6ebc6c4" class="outline-2">
+<h2 id="org6ebc6c4">Blocking bad domains</h2>
+<div class="outline-text-2" id="text-org6ebc6c4">
 <p>
 You can block known bad domains by editing the <b>/system/etc/hosts</b> file on your device. It is possible to use extensive ad-blocking hosts files used by other ad-blocking systems such as pi-hole, but merely blocking Facebook and Google Analytics will protect you against much of the corporate surveillance which goes on. Even if you don't have a Facebook account this may still be useful since they will still try to create a "ghost profile" of you, so the less data they have the better.
 </p>