Merge branch 'stretch' of https://github.com/bashrc/freedombone

code-of-conduct.md

 
 Serious or persistent offenders will be kicked from chat rooms and any of their subsequent patches will be unlikely to be upstreamed. In this context "serious" means that someone is causing others to feel unsafe or be unable to contribute, for whatever reason.
 
-This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG/OpenPGP if you can, or XMPP with OTR/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response.
+This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG if you can, or XMPP with OpenPGP/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response.

doc/EN/app_gnusocial.org

 
 You can host your own GNU Social instance and then "/remote follow/" other users who may also be doing the same. With a federated structure this type of system is hard to censor or ban. Unlike Twitter, there are no bribed adverts pushed into your stream, and any trends happening are likely to be real rather than being manipulated by some opaque algorithm.
 
-You should regard anything posted to GNU Social as being /public communication/ visible to anyone on the internet. There is a direct messaging capability between users but it's not particularly secure, so for one-to-one messages stick to better methods, such as XMPP with OTR/OMEMO or Tox.
+You should regard anything posted to GNU Social as being /public communication/ visible to anyone on the internet. There is a direct messaging capability between users but it's not particularly secure, so for one-to-one messages stick to better methods, such as XMPP with OpenPGP/OMEMO or Tox.
 
 Some general advice about life in the fediverse [[./fediverse.html][can be found here]].
 

doc/EN/backups.org

 * Distributed/remote backups
 Distributed backups are a better way of ensuring the persistence of your data, such that even if your system gets stolen or destroyed then the data will still be recoverable from your friends. Since the backups are encrypted your friends (or anyone else with access to their systems) won't be able to read your backed up content even if their systems are subsequently compromised.
 
-Firstly you will need to have a user account on one or more of your friends servers.  They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access.  They can create a user account for you with the control panel on a Freedombone system or with the *adduser <username>* command on any other system when logged in as root and then give you the username and password via a secure method, such as on paper, via an encrypted email, Tox or via an XMPP chat using OTR. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will not be easy. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
+Firstly you will need to have a user account on one or more of your friends servers.  They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access.  They can create a user account for you with the control panel on a Freedombone system or with the *adduser <username>* command on any other system when logged in as root and then give you the username and password via a secure method, such as on paper, via an encrypted email, Tox or via an XMPP chat using OpenPGP/OMEMO. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will not be easy. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
 
 #+BEGIN_SRC bash
 ssh username@domainname -p 2222

doc/EN/codeofconduct.org

 
 Serious or persistent offenders will be kicked from chat rooms and any of their subsequent patches will be unlikely to be upstreamed. In this context "serious" means that someone is causing others to feel unsafe or be unable to contribute, for whatever reason.
 
-This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG/OpenPGP if you can, or XMPP with OTR/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response.
+This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG if you can, or XMPP with OpenPGP/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response.

doc/EN/support.org

 
 *PGP/GPG Fingerprint:* 9ABB82C00ABF39F82680487DCC2536191FA7C33F
 
-*XMPP:* bob@freedombone.net with OMEMO or OTR
+*XMPP:* bob@freedombone.net with OMEMO or OpenPGP
 
 *Matrix:* #fbone:matrix.freedombone.net
 

src/freedombone-addsipuser

-#!/bin/bash
-#
-# .---.                  .              .
-# |                      |              |
-# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
-# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
-# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
-#
-#                    Freedom in the Cloud
-#
-
-# Adds a SIP phone user to the system
-
-# License
-# =======
-#
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-PROJECT_NAME='freedombone'
-
-export TEXTDOMAIN=${PROJECT_NAME}-addsipuser
-export TEXTDOMAINDIR="/usr/share/locale"
-
-MY_USERNAME=
-EXTENSION=
-PASSWORD=
-CONFIG_FILE=/etc/sipwitch.conf
-USER_EXISTS="no"
-
-function show_help {
-    echo ''
-    echo $"${PROJECT_NAME}-addsipuser -u [username] -e [extension] -p [password]"
-    echo ''
-    exit 0
-}
-
-function sip_user_exists {
-    IFS=''
-    while read line; do
-    if [[ "$line" == *"<user id=\"$MY_USERNAME\">" ]]; then
-        USER_EXISTS="yes"
-        return
-    fi
-    done < $CONFIG_FILE
-}
-
-function update_sip_user {
-    USER_FOUND=
-    NEW_CONFIG_FILE="${CONFIG_FILE}.new"
-    if [ -f $NEW_CONFIG_FILE ]; then
-    rm -f $NEW_CONFIG_FILE
-    fi
-    touch $NEW_CONFIG_FILE
-    IFS=''
-    while read line; do
-    if [ ! $USER_FOUND ]; then
-        if [[ "$line" == *"<user id=\"$MY_USERNAME\">" ]]; then
-        USER_FOUND="yes"
-        fi
-    else
-        if [[ "$line" == *"<extension>"* ]]; then
-        line="      <extension>$EXTENSION</extension>"
-        fi
-        if [[ "$line" == *"<secret>"* ]]; then
-        line="      <secret>$PASSWORD</secret>"
-        fi
-        if [[ "$line" == *"<display>"* ]]; then
-        line="      <display>$MY_USERNAME $EXTENSION</display>"
-        USER_FOUND=
-        fi
-    fi
-    echo $line >> $NEW_CONFIG_FILE
-    done < $CONFIG_FILE
-    mv $NEW_CONFIG_FILE $CONFIG_FILE
-}
-
-function add_sip_user {
-    NEW_CONFIG_FILE="${CONFIG_FILE}.new"
-    if [ -f $NEW_CONFIG_FILE ]; then
-    rm -f $NEW_CONFIG_FILE
-    fi
-    touch $NEW_CONFIG_FILE
-    IFS=''
-    while read line; do
-    if [[ "$line" == *'</provision>' ]]; then
-        echo "    <user id=\"$MY_USERNAME\">" >> $NEW_CONFIG_FILE
-        echo "      <extension>$EXTENSION</extension>" >> $NEW_CONFIG_FILE
-        echo "      <secret>$PASSWORD</secret>" >> $NEW_CONFIG_FILE
-        echo "      <display>$MY_USERNAME $EXTENSION</display>" >> $NEW_CONFIG_FILE
-        echo '    </user>' >> $NEW_CONFIG_FILE
-    fi
-    echo $line >> $NEW_CONFIG_FILE
-    done < $CONFIG_FILE
-    mv $NEW_CONFIG_FILE $CONFIG_FILE
-    chmod 600 /etc/shadow
-    chmod 600 /etc/gshadow
-    usermod -aG sipwitch $MY_USERNAME
-    chmod 0000 /etc/shadow
-    chmod 0000 /etc/gshadow
-}
-
-while [[ $# > 1 ]]
-do
-    key="$1"
-
-    case $key in
-    -h|--help)
-        show_help
-        ;;
-    -u|--user)
-        shift
-        MY_USERNAME="$1"
-        ;;
-    -e|--extension)
-        shift
-        EXTENSION="$1"
-        ;;
-    -p|--password)
-        shift
-        PASSWORD="$1"
-        ;;
-    *)
-        # unknown option
-        ;;
-    esac
-    shift
-done
-
-if ! [[ $MY_USERNAME && $EXTENSION && $PASSWORD ]]; then
-    show_help
-fi
-
-if [ ! -f $CONFIG_FILE ]; then
-    echo $"SIP configuration file not found"
-    exit 1
-fi
-
-# the user must already exist on the system
-if [ ! -d /home/$MY_USERNAME ]; then
-    echo $"User $MY_USERNAME not found"
-    exit 2
-fi
-
-sip_user_exists
-
-if [[ $USER_EXISTS == "yes" ]]; then
-    update_sip_user
-    echo $"SIP user $MY_USERNAME amended"
-else
-    add_sip_user
-    echo $"SIP user $MY_USERNAME added"
-fi
-
-systemctl restart sipwitch
-
-exit 0

src/freedombone-app-mumble

             rm -rf $temp_restore_dir
             exit 7823
         fi
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
-        else
-            cp -f $temp_restore_dir/sipwitch.conf /etc/sipwitch.conf
-        fi
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             exit 7823

src/freedombone-app-sip

-#!/bin/bash
-#
-# .---.                  .              .
-# |                      |              |
-# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
-# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
-# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
-#
-#                    Freedom in the Cloud
-#
-# SIP functions
-#
-# License
-# =======
-#
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-VARIANTS=''
-
-IN_DEFAULT_INSTALL=0
-SHOW_ON_ABOUT=0
-
-SIP_SERVER_PASSWORD=
-SIP_PORT=5060
-SIP_TLS_PORT=5061
-
-TURN_PORT=3478
-TURN_TLS_PORT=5349
-TURN_NONCE=
-
-sip_variables=(ONION_ONLY
-               MY_USERNAME
-               SIP_PORT
-               SIP_TLS_PORT
-               SIP_SERVER_PASSWORD
-               TURN_PORT
-               TURN_TLS_PORT
-               TURN_NONCE)
-
-function logging_on_sip {
-    echo -n ''
-}
-
-function logging_off_sip {
-    echo -n ''
-}
-
-function remove_user_sip {
-    remove_username="$1"
-    ${PROJECT_NAME}-rmsipuser ${remove_username}
-
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp sip
-
-    # remove user from SIP TURN/STUN
-    if [ -f /etc/turnserver/turnusers.txt ]; then
-        sed -i "/${remove_username}:/d" /etc/turnserver/turnusers.txt
-    fi
-}
-
-function add_user_sip {
-    new_username="$1"
-    new_user_password="$2"
-
-    ${PROJECT_NAME}-pass -u $new_username -a sip -p "$new_user_password"
-
-    SIP_EXTENSION=$(${PROJECT_NAME}-sipfreeext)
-    ${PROJECT_NAME}-addsipuser -u $new_username -e $SIP_EXTENSION -p "$new_user_password"
-    if [ ! "$?" = "0" ]; then
-        echo '1'
-        return
-    fi
-
-    # add user to the sipwitch group
-    if [ -f /etc/sipwitch.conf ]; then
-        chmod 600 /etc/shadow
-        chmod 600 /etc/gshadow
-        usermod -aG sipwitch $new_username
-        chmod 0000 /etc/shadow
-        chmod 0000 /etc/gshadow
-    fi
-
-    # add user for SIP STUN/TURN
-    if [ -d /etc/turnserver ]; then
-        if grep -q "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE; then
-            read_config_param "DEFAULT_DOMAIN_NAME"
-            echo "${new_username}:${new_user_password}:${DEFAULT_DOMAIN_NAME}:authorized" >> /etc/turnserver/turnusers.txt
-        fi
-    fi
-
-    echo '0'
-}
-
-function install_interactive_sip {
-    echo -n ''
-    APP_INSTALLED=1
-}
-
-function change_password_sip {
-    curr_username="$1"
-    new_user_password="$2"
-
-    #${PROJECT_NAME}-pass -u "$curr_username" -a sip -p "$new_user_password"
-}
-
-function reconfigure_sip {
-    echo -n ''
-}
-
-function upgrade_sip {
-    # remove the original sipwitch daemon if it exists
-    if [ -f /etc/init.d/sipwitch ]; then
-        rm -f /etc/init.d/sipwitch
-    fi
-}
-
-function backup_local_sip {
-    if [ -f /etc/sipwitch.conf ]; then
-        echo $"Backing up SIP settings"
-        temp_backup_dir=/root/tempsipbackup
-        if [ ! -d $temp_backup_dir ]; then
-            mkdir -p $temp_backup_dir
-        fi
-        cp -f /etc/sipwitch.conf $temp_backup_dir
-        backup_directory_to_usb $temp_backup_dir sip
-        echo $"SIP settings backup complete"
-    fi
-}
-
-function restore_local_sip {
-    if [ -d $USB_MOUNT/backup/sip ]; then
-        echo $"Restoring SIP settings"
-        temp_restore_dir=/root/tempsip
-        function_check restore_directory_from_usb
-        restore_directory_from_usb $temp_restore_dir sip
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
-        else
-            cp -f $temp_restore_dir/sipwitch.conf /etc/sipwitch.conf
-        fi
-        if [ ! "$?" = "0" ]; then
-            rm -rf $temp_restore_dir
-            function_check set_user_permissions
-            set_user_permissions
-            backup_unmount_drive
-            exit 3679
-        fi
-        rm -rf $temp_restore_dir
-        systemctl restart sipwitch
-        echo $"Restore of SIP settings complete"
-    fi
-}
-
-function backup_remote_sip {
-    if [ -f /etc/sipwitch.conf ]; then
-        echo $"Backing up SIP settings"
-        temp_backup_dir=/root/tempsipbackup
-        if [ ! -d $temp_backup_dir ]; then
-            mkdir -p $temp_backup_dir
-        fi
-        cp -f /etc/sipwitch.conf $temp_backup_dir
-        backup_directory_to_friend $temp_backup_dir sip
-        echo $"Backup SIP settings complete"
-    fi
-}
-
-function restore_remote_sip {
-    temp_restore_dir=/root/tempsip
-    function_check restore_directory_from_friend
-    restore_directory_from_friend $temp_restore_dir sip
-    if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-        cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
-    else
-        cp -f $temp_restore_dir/sipwitch.conf /etc/sipwitch.conf
-    fi
-    if [ ! "$?" = "0" ]; then
-        rm -rf $temp_restore_dir
-        function_check set_user_permissions
-        set_user_permissions
-        backup_unmount_drive
-        exit 3679
-    fi
-    rm -rf $temp_restore_dir
-    systemctl restart sipwitch
-}
-
-function remove_sip {
-    firewall_remove ${TURN_PORT}
-    firewall_remove ${TURN_TLS_PORT} tcp
-    firewall_remove ${SIP_PORT}
-    firewall_remove ${SIP_TLS_PORT}
-
-    function_check remove_onion_service
-    remove_onion_service sip ${SIP_PORT}
-
-    apt-get -yq remove --purge sipwitch
-    apt-get -yq remove --purge turnserver
-    if [ -f /etc/sipwitch.conf ]; then
-        rm /etc/sipwitch.conf
-    fi
-    if [ -d /etc/turnserver ]; then
-        rm -rf /etc/turnserver
-    fi
-    remove_completion_param install_sip
-    remove_completion_param configure_firewall_for_turn
-    remove_completion_param configure_firewall_for_sip4
-}
-
-function configure_firewall_for_turn {
-    if [[ $ONION_ONLY != "no" ]]; then
-        return
-    fi
-    firewall_add TURN ${TURN_PORT}
-    firewall_add "TURN TLS" ${TURN_TLS_PORT} tcp
-}
-
-
-function configure_firewall_for_sip4 {
-    if [[ $ONION_ONLY != "no" ]]; then
-        return
-    fi
-    firewall_add SIP ${SIP_PORT}
-    firewall_add "SIP TLS" ${SIP_TLS_PORT}
-}
-
-function update_sipwitch_daemon {
-    if [ ! -f /etc/init.d/sipwitch ]; then
-        return
-    fi
-
-    systemctl stop sipwitch
-
-    # remove the original sipwitch daemon if it exists
-    if [ -f /etc/init.d/sipwitch ]; then
-        rm -f /etc/init.d/sipwitch
-    fi
-
-    # daemon
-    echo '[Unit]' > /etc/systemd/system/sipwitch.service
-    echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service
-    echo 'After=network.target' >> /etc/systemd/system/sipwitch.service
-    echo '' >> /etc/systemd/system/sipwitch.service
-    echo '[Service]' >> /etc/systemd/system/sipwitch.service
-    echo 'Type=simple' >> /etc/systemd/system/sipwitch.service
-    echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service
-    echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service
-    echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service
-    echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service
-    echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service
-    echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service
-    echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service
-    echo 'Restart=always' >> /etc/systemd/system/sipwitch.service
-    echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service
-    echo '' >> /etc/systemd/system/sipwitch.service
-    echo '[Install]' >> /etc/systemd/system/sipwitch.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service
-
-    systemctl enable sipwitch
-    systemctl daemon-reload
-    systemctl start sipwitch
-}
-
-function install_sip_main {
-    if [[ $(app_is_installed sip_main) == "1" ]]; then
-        return
-    fi
-
-    apt-get -yq install sipwitch
-
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-    else
-        if [ ! $SIP_SERVER_PASSWORD ]; then
-            SIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-        fi
-    fi
-
-    echo '<?xml version="1.0"?>' > /etc/sipwitch.conf
-    echo '<sipwitch>' >> /etc/sipwitch.conf
-    echo '<provision>' >> /etc/sipwitch.conf
-
-    echo "<user id=\"$MY_USERNAME\">" >> /etc/sipwitch.conf
-    echo '<extension>201</extension>' >> /etc/sipwitch.conf
-    echo "<secret>$SIP_SERVER_PASSWORD</secret>" >> /etc/sipwitch.conf
-    echo "<display>$MY_USERNAME 201</display>" >> /etc/sipwitch.conf
-    echo '</user>' >> /etc/sipwitch.conf
-
-    echo '</provision>' >> /etc/sipwitch.conf
-    echo '<access>' >> /etc/sipwitch.conf
-    echo '</access>' >> /etc/sipwitch.conf
-    echo '<stack>' >> /etc/sipwitch.conf
-    echo "  <localnames>$DEFAULT_DOMAIN_NAME</localnames>" >> /etc/sipwitch.conf
-    echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
-    echo '  <threading>2</threading>' >> /etc/sipwitch.conf
-    echo '  <interface>*</interface>' >> /etc/sipwitch.conf
-    echo '  <dumping>false</dumping>' >> /etc/sipwitch.conf
-    echo '  <system>system</system>' >> /etc/sipwitch.conf
-    echo '  <anon>anonymous</anon>' >> /etc/sipwitch.conf
-    echo '</stack>' >> /etc/sipwitch.conf
-    echo '<timers>' >> /etc/sipwitch.conf
-    echo '  <!-- ring every 4 seconds -->' >> /etc/sipwitch.conf
-    echo '  <ring>4</ring>' >> /etc/sipwitch.conf
-    echo '  <!-- call forward no answer after x rings -->' >> /etc/sipwitch.conf
-    echo '  <cfna>4</cfna>' >> /etc/sipwitch.conf
-    echo '  <!-- call reset to clear cid in stack, 6 seconds -->' >> /etc/sipwitch.conf
-    echo '  <reset>6</reset>' >> /etc/sipwitch.conf
-    echo '</timers>' >> /etc/sipwitch.conf
-    echo '<!-- we have 2xx numbers plus space for external users -->' >> /etc/sipwitch.conf
-    echo '<registry>' >> /etc/sipwitch.conf
-    echo '  <prefix>200</prefix>' >> /etc/sipwitch.conf
-    echo '  <range>100</range>' >> /etc/sipwitch.conf
-    echo '  <keysize>77</keysize>' >> /etc/sipwitch.conf
-    echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
-    echo '  <!-- <realm>GNU Telephony</realm> -->' >> /etc/sipwitch.conf
-    echo '</registry>' >> /etc/sipwitch.conf
-    echo '<routing>' >> /etc/sipwitch.conf
-    echo '</routing>' >> /etc/sipwitch.conf
-    echo '</sipwitch>' >> /etc/sipwitch.conf
-
-    sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
-    sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch
-    groupadd sipwitch
-    chmod 600 /etc/shadow
-    chmod 600 /etc/gshadow
-    usermod -aG sipwitch $MY_USERNAME
-    chmod 0000 /etc/shadow
-    chmod 0000 /etc/gshadow
-
-    SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
-
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a sip -p "$SIP_SERVER_PASSWORD"
-
-    function_check configure_firewall_for_sip4
-    configure_firewall_for_sip4
-    install_completed sip_main
-}
-
-function install_sip_turn {
-    if [[ $(app_is_installed sip_turn) == "1" ]]; then
-        return
-    fi
-
-    apt-get -yq install turnserver
-
-    # create a nonce if needed
-    if [ ! $TURN_NONCE ]; then
-        TURN_NONCE="$(create_password 30)"
-    fi
-
-    function_check create_site_certificate
-    create_site_certificate $DEFAULT_DOMAIN_NAME 'yes'
-
-    echo '##' > /etc/turnserver/turnserver.conf
-    echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf
-    echo '#' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf
-    echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf
-    echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf
-    echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf
-    echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf
-    echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf
-    echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf
-    echo "udp_port = $TURN_PORT" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf
-    echo "tcp_port = $TURN_PORT" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf
-    echo "tls_port = $TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## TLS support.' >> /etc/turnserver/turnserver.conf
-    echo 'tls = true' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf
-    echo '## standard.' >> /etc/turnserver/turnserver.conf
-    echo 'dtls = false' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf
-    echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf
-    echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf
-    echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf
-    echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf
-    echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf
-    echo 'daemon = true' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf
-    echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf
-    echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf
-    echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Realm value.' >> /etc/turnserver/turnserver.conf
-    echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Nonce key.' >> /etc/turnserver/turnserver.conf
-    echo "nonce_key = \"$TURN_NONCE\"" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf
-    echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf
-    echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf
-    echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf
-    echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf
-    echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf
-    echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf
-    echo 'denied_address {' >> /etc/turnserver/turnserver.conf
-    echo '  address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf
-    echo '  mask = "8"' >> /etc/turnserver/turnserver.conf
-    echo '  port = 0' >> /etc/turnserver/turnserver.conf
-    echo '}' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf
-    echo 'denied_address {' >> /etc/turnserver/turnserver.conf
-    echo '  address = "::1"' >> /etc/turnserver/turnserver.conf
-    echo '  mask = "128"' >> /etc/turnserver/turnserver.conf
-    echo '  port = 0' >> /etc/turnserver/turnserver.conf
-    echo '}' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf
-    echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf
-    if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then
-        echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf
-    else
-        if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then
-            echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf
-        fi
-    fi
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Private key file.' >> /etc/turnserver/turnserver.conf
-    echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Account method.' >> /etc/turnserver/turnserver.conf
-    echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf
-    echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf
-    echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf
-
-    echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt
-
-    systemctl restart turnserver
-
-    function_check configure_firewall_for_turn
-    configure_firewall_for_turn
-    install_completed sip_turn
-}
-
-function install_sip {
-    install_sip_main
-    update_sipwitch_daemon
-    APP_INSTALLED=1
-}
-
-# NOTE: deliberately no exit 0

src/freedombone-controlpanel

 
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 SELECTED_USERNAME=
-SIP_CONFIGURATION_FILE=/etc/sipwitch.conf
 ADMIN_USER=
 UPGRADE_SCRIPT_NAME="${PROJECT_NAME}-upgrade"
 UPDATE_DATE_SCRIPT=/usr/bin/updatedate
     echo '====='
     echo ''
     echo -n -e "$(pad_string 'Name')"
-    if [[ $(app_is_installed sip) == "1" ]]; then
-        echo -n -e "$(pad_string 'SIP ext')"
-    fi
     echo -n -e "$(pad_string 'Data')"
     echo ''
     echo '----------------------------------'
         USRNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USRNAME") == "1" ]]; then
             echo -n -e "$(pad_string ${USRNAME})"
-            # get the SIP extension
-            SIPEXT=
-            if [ -f $SIP_CONFIGURATION_FILE ]; then
-                while read ext; do
-                    if [[ $ext == *"user id"* ]]; then
-                        CURR_UID=$(echo "$ext" | awk -F '"' '{print $2}' | awk -F '"' '{print $1}')
-                    fi
-                    if [[ $ext == *"extension"* ]]; then
-                        if [[ $CURR_UID == $USRNAME ]]; then
-                            SIPEXT=$(echo "$ext" | awk -F '>' '{print $2}' | awk -F '<' '{print $1}')
-                        fi
-                    fi
-                done < $SIP_CONFIGURATION_FILE
-            fi
-            if [ $SIPEXT ]; then
-                echo -n -e "$(pad_string SIP:${SIPEXT})"
-            else
-                echo -n -e "$(pad_string '')"
-            fi
 
             # size of the home directory
             echo "$(du -s -h /home/${USRNAME} | awk -F ' ' '{print $1}')"

src/freedombone-rmsipuser

-#!/bin/bash
-#
-# .---.                  .              .
-# |                      |              |
-# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
-# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
-# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
-#
-#                    Freedom in the Cloud
-#
-
-# Removes a SIP phone user from the system
-
-# License
-# =======
-#
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-PROJECT_NAME='freedombone'
-
-export TEXTDOMAIN=${PROJECT_NAME}-rmsipuser
-export TEXTDOMAINDIR="/usr/share/locale"
-
-MY_USERNAME=$1
-CONFIG_FILE=/etc/sipwitch.conf
-USER_EXISTS="no"
-
-function show_help {
-    echo ''
-    echo $"${PROJECT_NAME}-rmsipuser [username]"
-    echo ''
-    exit 0
-}
-
-function sip_user_exists {
-    IFS=''
-    while read line; do
-        if [[ "$line" == *"<user id=\"$MY_USERNAME\">" ]]; then
-            USER_EXISTS="yes"
-            return
-        fi
-    done < $CONFIG_FILE
-}
-
-function remove_sip_user {
-    USER_FOUND=
-    NEW_CONFIG_FILE="${CONFIG_FILE}.new"
-    if [ -f $NEW_CONFIG_FILE ]; then
-        rm -f $NEW_CONFIG_FILE
-    fi
-    touch $NEW_CONFIG_FILE
-    IFS=''
-    while read line; do
-        if [ ! $USER_FOUND ]; then
-            if [[ "$line" == *"<user id=\"$MY_USERNAME\">" ]]; then
-                USER_FOUND="yes"
-            fi
-        fi
-        if [ ! $USER_FOUND ]; then
-            echo "$line" >> $NEW_CONFIG_FILE
-        else
-            if [[ "$line" == *'</user>' ]]; then
-                USER_FOUND=
-            fi
-        fi
-    done < $CONFIG_FILE
-    mv $NEW_CONFIG_FILE $CONFIG_FILE
-}
-
-if [ ! $MY_USERNAME ]; then
-    show_help
-fi
-
-if [ ! -f $CONFIG_FILE ]; then
-    echo $"SIP configuration file not found"
-    exit 1
-fi
-
-# the user must already exist on the system
-if [ ! -d /home/$MY_USERNAME ]; then
-    echo $"User $MY_USERNAME not found"
-    exit 2
-fi
-
-sip_user_exists
-
-if [[ $USER_EXISTS != "yes" ]]; then
-    echo $'User not found within SIP configuration file'
-    exit 3
-fi
-
-systemctl stop sipwitch
-
-remove_sip_user
-
-systemctl start sipwitch
-
-echo $"SIP user $MY_USERNAME removed"
-exit 0

src/freedombone-sipfreeext

-#!/bin/bash
-#
-# .---.                  .              .
-# |                      |              |
-# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
-# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
-# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
-#
-#                    Freedom in the Cloud
-#
-
-# Returns the next free SIP extension number
-
-# License
-# =======
-#
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-PROJECT_NAME='freedombone'
-
-export TEXTDOMAIN=${PROJECT_NAME}-sipfreeext
-export TEXTDOMAINDIR="/usr/share/locale"
-
-CONFIG_FILE=/etc/sipwitch.conf
-
-maxnum=201
-while (( maxnum < 299 )); do
-    if ! grep -q "extension>$maxnum<" $CONFIG_FILE; then
-        break;
-    fi
-    maxnum=$((maxnum + 1))
-done
-echo $maxnum
-exit 0

src/freedombone-utils-upgrade

     sed -i 's|XMPP|xmpp|g' $COMPLETION_FILE
     sed -i 's|voip|mumble|g' $COMPLETION_FILE
     sed -i 's|VoIP|mumble|g' $COMPLETION_FILE
-    sed -i 's|SIP |sip |g' $COMPLETION_FILE
     sed -i 's|Blog|htmly|g' $COMPLETION_FILE
     sed -i 's|Hubzilla|hubzilla|g' $COMPLETION_FILE
     sed -i 's|Gogs|gogs|g' $COMPLETION_FILE

website/EN/app_gnusocial.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-05-09 Tue 15:00 -->
+<!-- 2018-02-20 Tue 10:55 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
-<title></title>
+<title>&lrm;</title>
 <meta name="generator" content="Org mode" />
 <meta name="author" content="Bob Mottram" />
 <meta name="description" content="How to use GNU Social"
 </p>
 
 <p>
-You should regard anything posted to GNU Social as being <i>public communication</i> visible to anyone on the internet. There is a direct messaging capability between users but it's not particularly secure, so for one-to-one messages stick to better methods, such as XMPP with OTR/OMEMO or Tox.
+You should regard anything posted to GNU Social as being <i>public communication</i> visible to anyone on the internet. There is a direct messaging capability between users but it's not particularly secure, so for one-to-one messages stick to better methods, such as XMPP with OpenPGP/OMEMO or Tox.
 </p>
 
 <p>
 </div>
 
 
-<div id="outline-container-org5123b46" class="outline-2">
-<h2 id="org5123b46">Installation</h2>
-<div class="outline-text-2" id="text-org5123b46">
+<div id="outline-container-orgd505b7e" class="outline-2">
+<h2 id="orgd505b7e">Installation</h2>
+<div class="outline-text-2" id="text-orgd505b7e">
 <p>
 Log into your system with:
 </p>
 
 <div class="org-src-container">
-<pre><code class="src src-bash">ssh myusername@mydomain -p 2222
-</code></pre>
+<pre class="src src-bash">ssh myusername@mydomain -p 2222
+</pre>
 </div>
 
 <p>
 </div>
 </div>
 
-<div id="outline-container-org9477256" class="outline-2">
-<h2 id="org9477256">Initial setup</h2>
-<div class="outline-text-2" id="text-org9477256">
+<div id="outline-container-org23e7827" class="outline-2">
+<h2 id="org23e7827">Initial setup</h2>
+<div class="outline-text-2" id="text-org23e7827">
 <p>
 If you have just obtained a Lets Encrypt certificate as above then go to <b>About</b> on the administrator control panel and you should see your GNU Social domain listed there along with an onion address. You can then navigate to your site in a browser.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org3314c00" class="outline-2">
-<h2 id="org3314c00">Switching user interfaces</h2>
-<div class="outline-text-2" id="text-org3314c00">
+<div id="outline-container-orge65b439" class="outline-2">
+<h2 id="orge65b439">Switching user interfaces</h2>
+<div class="outline-text-2" id="text-orge65b439">
 <p>
 A few web based user interfaces are available for GNU SOcial. They are selectable by going to the <b>Administrator control panel</b> and choosing <b>App settings</b> then <b>gnusocial</b>.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org52974f0" class="outline-2">
-<h2 id="org52974f0">Using with Emacs</h2>
-<div class="outline-text-2" id="text-org52974f0">
+<div id="outline-container-org6444239" class="outline-2">
+<h2 id="org6444239">Using with Emacs</h2>
+<div class="outline-text-2" id="text-org6444239">
 <div class="org-center">
 
 <div class="figure">
 </p>
 
 <div class="org-src-container">
-<pre><code class="src src-bash">mkdir ~/elisp
+<pre class="src src-bash">mkdir ~/elisp
 git clone https://github.com/bashrc/gnu-social-mode ~/elisp/gnu-social-mode
 <span class="org-builtin">echo</span> <span class="org-string">"(add-to-list 'load-path \"~/elisp/gnu-social-mode\")"</span> &gt;&gt; ~/.emacs
 <span class="org-builtin">echo</span> <span class="org-string">"(require 'gnu-social-mode)"</span> &gt;&gt; ~/.emacs
 <span class="org-builtin">echo</span> <span class="org-string">"      gnu-social-server \"yourgnusocialdomain\""</span> &gt;&gt; ~/.emacs
 <span class="org-builtin">echo</span> <span class="org-string">"    gnu-social-username \"yourusername\""</span> &gt;&gt; ~/.emacs
 <span class="org-builtin">echo</span> <span class="org-string">"    gnu-social-password \"gnusocialpassword\")"</span> &gt;&gt; ~/.emacs
-</code></pre>
+</pre>
 </div>
 
 <p>
 </p>
 
 <div class="org-src-container">
-<pre><code class="src src-bash">M-x gnu-social
-</code></pre>
+<pre class="src src-bash">M-x gnu-social
+</pre>
 </div>
 
 <p>
 </div>
 </div>
 
-<div id="outline-container-orgd6dab31" class="outline-2">
-<h2 id="orgd6dab31">Blocking controls</h2>
-<div class="outline-text-2" id="text-orgd6dab31">
+<div id="outline-container-org231ba8e" class="outline-2">
+<h2 id="org231ba8e">Blocking controls</h2>
+<div class="outline-text-2" id="text-org231ba8e">
 <div class="org-center">
 
 <div class="figure">

website/EN/backups.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2016-10-31 Mon 16:23 -->
+<!-- 2018-02-20 Tue 11:20 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
-<title></title>
+<title>&lrm;</title>
 <meta name="generator" content="Org mode" />
 <meta name="author" content="Bob Mottram" />
 <meta name="description" content="Turn the Beaglebone Black into a personal communications server"
   pre.src-fortran:before { content: 'Fortran'; }
   pre.src-gnuplot:before { content: 'gnuplot'; }
   pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
   pre.src-java:before { content: 'Java'; }
   pre.src-js:before { content: 'Javascript'; }
   pre.src-latex:before { content: 'LaTeX'; }
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
 </colgroup>
 <tbody>
 <tr>
-<td class="org-left"><a href="#org5101793">Backup keys</a></td>
+<td class="org-left"><a href="#org9e30c71">Backup keys</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgbd04f75">Backup to USB</a></td>
+<td class="org-left"><a href="#org51128a3">Backup to USB</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org3944959">Restore from USB</a></td>
+<td class="org-left"><a href="#org471bcb9">Restore from USB</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org4ffab21">Distributed/remote backups</a></td>
+<td class="org-left"><a href="#orgbd325f2">Distributed/remote backups</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org52a7ed8">Restore from a friend</a></td>
+<td class="org-left"><a href="#orged9af55">Restore from a friend</a></td>
 </tr>
 </tbody>
 </table>
 </div>
 
-<div id="outline-container-org5101793" class="outline-2">
-<h2 id="org5101793">Backup keys</h2>
-<div class="outline-text-2" id="text-org5101793">
+<div id="outline-container-org9e30c71" class="outline-2">
+<h2 id="org9e30c71">Backup keys</h2>
+<div class="outline-text-2" id="text-org9e30c71">
 <p>
 As part of the Freedombone installation the GPG key used to encrypt backups will have been added to the <i>.gnupg</i> keyring in your home directory. Ensure that you have a copy of all your keys by plugging in a LUKS encrypted USB drive and then running the commands:
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-orgbd04f75" class="outline-2">
-<h2 id="orgbd04f75">Backup to USB</h2>
-<div class="outline-text-2" id="text-orgbd04f75">
+<div id="outline-container-org51128a3" class="outline-2">
+<h2 id="org51128a3">Backup to USB</h2>
+<div class="outline-text-2" id="text-org51128a3">
 <p>
 First and foremost - <b>encrypt your USB drives</b>! Even if you think you have "<i>nothing to hide</i>" if you accidentally lose a USB thumb drive (it's easy to lose small objects) and it's not encrypted then potentially someone might be able to obtain enough information about you to commit identity fraud, take out loans, open bank accounts, etc. Use LUKS encryption. In Ubuntu you can do this using the <i>Disk Utility</i> application. Some instructions <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">can be found here</a>.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org3944959" class="outline-2">
-<h2 id="org3944959">Restore from USB</h2>
-<div class="outline-text-2" id="text-org3944959">
+<div id="outline-container-org471bcb9" class="outline-2">
+<h2 id="org471bcb9">Restore from USB</h2>
+<div class="outline-text-2" id="text-org471bcb9">
 <p>
 Log into the system and become the root user:
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org4ffab21" class="outline-2">
-<h2 id="org4ffab21">Distributed/remote backups</h2>
-<div class="outline-text-2" id="text-org4ffab21">
+<div id="outline-container-orgbd325f2" class="outline-2">
+<h2 id="orgbd325f2">Distributed/remote backups</h2>
+<div class="outline-text-2" id="text-orgbd325f2">
 <p>
 Distributed backups are a better way of ensuring the persistence of your data, such that even if your system gets stolen or destroyed then the data will still be recoverable from your friends. Since the backups are encrypted your friends (or anyone else with access to their systems) won't be able to read your backed up content even if their systems are subsequently compromised.
 </p>
 
 <p>
-Firstly you will need to have a user account on one or more of your friends servers.  They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access.  They can create a user account for you with the control panel on a Freedombone system or with the <b>adduser &lt;username&gt;</b> command on any other system when logged in as root and then give you the username and password via a secure method, such as on paper, via an encrypted email, Tox or via an XMPP chat using OTR. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will not be easy. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
+Firstly you will need to have a user account on one or more of your friends servers.  They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access.  They can create a user account for you with the control panel on a Freedombone system or with the <b>adduser &lt;username&gt;</b> command on any other system when logged in as root and then give you the username and password via a secure method, such as on paper, via an encrypted email, Tox or via an XMPP chat using OpenPGP/OMEMO. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will not be easy. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
 </p>
 
 <div class="org-src-container">
 </p>
 </div>
 </div>
-<div id="outline-container-org52a7ed8" class="outline-2">
-<h2 id="org52a7ed8">Restore from a friend</h2>
-<div class="outline-text-2" id="text-org52a7ed8">
-</div><div id="outline-container-org9783b56" class="outline-3">
-<h3 id="org9783b56">With a completely new Freedombone installation</h3>
-<div class="outline-text-3" id="text-org9783b56">
+<div id="outline-container-orged9af55" class="outline-2">
+<h2 id="orged9af55">Restore from a friend</h2>
+<div class="outline-text-2" id="text-orged9af55">
+</div>
+<div id="outline-container-orgf5b5789" class="outline-3">
+<h3 id="orgf5b5789">With a completely new Freedombone installation</h3>
+<div class="outline-text-3" id="text-orgf5b5789">
 <p>
 This is the ultimate disaster recovery scenario in which you are beginning completely from scratch with new hardware and a new Freedombone installation (configured with the same username and domain names). It is assumed that the old hardware was destroyed, but that you have the backup key stored on a USB thumb drive.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-orgf7adedb" class="outline-3">
-<h3 id="orgf7adedb">On an existing Freedombone installation</h3>
-<div class="outline-text-3" id="text-orgf7adedb">
+<div id="outline-container-orgda018d1" class="outline-3">
+<h3 id="orgda018d1">On an existing Freedombone installation</h3>
+<div class="outline-text-3" id="text-orgda018d1">
 <p>
 This is for more common situations in which maybe some data became corrupted and you want to restore it.
 </p>

website/EN/codeofconduct.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-12-29 Fri 10:25 -->
+<!-- 2018-02-20 Tue 11:21 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
 
 <center><h1>Code of Conduct</h1></center>
 
-<div id="outline-container-org7389049" class="outline-2">
-<h2 id="org7389049">Be respectful</h2>
-<div class="outline-text-2" id="text-org7389049">
+<div id="outline-container-org52494ee" class="outline-2">
+<h2 id="org52494ee">Be respectful</h2>
+<div class="outline-text-2" id="text-org52494ee">
 <p>
 In any Free Software project with more than one participant inevitably there may be people with whom you may disagree, or find it difficult to cooperate. Accept that, but even so, remain respectful. Disagreement is no excuse for poor behaviour or personal attacks, and a community in which people feel threatened is not a healthy community.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgb4a8701" class="outline-2">
-<h2 id="orgb4a8701">Assume good faith</h2>
-<div class="outline-text-2" id="text-orgb4a8701">
+<div id="outline-container-orgf45c2d3" class="outline-2">
+<h2 id="orgf45c2d3">Assume good faith</h2>
+<div class="outline-text-2" id="text-orgf45c2d3">
 <p>
 Freedombone Contributors have many ways of reaching our common goal of providing freedom respecting internet or mesh systems which may differ from your ways. Assume that other people are working towards this goal.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org323e1d5" class="outline-2">
-<h2 id="org323e1d5">Be collaborative</h2>
-<div class="outline-text-2" id="text-org323e1d5">
+<div id="outline-container-org2cd0532" class="outline-2">
+<h2 id="org2cd0532">Be collaborative</h2>
+<div class="outline-text-2" id="text-org2cd0532">
 <p>
 Freedombone is a moderately complex project, though nothing big and professional like GNU. It's good to ask for help when you need it. Similarly, offers for help should be seen in the context of our shared goal of improving the system.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org2247eb7" class="outline-2">
-<h2 id="org2247eb7">Try to be concise</h2>
-<div class="outline-text-2" id="text-org2247eb7">
+<div id="outline-container-orgbc9ebe6" class="outline-2">
+<h2 id="orgbc9ebe6">Try to be concise</h2>
+<div class="outline-text-2" id="text-orgbc9ebe6">
 <p>
 If you're submitting documentation then keep in mind that what you write once could be read by many other people. To avoid TL;DR keep it as short and concise as possible. This will also reduce the amount of translations effort needed.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org9d2afa5" class="outline-2">
-<h2 id="org9d2afa5">Be open</h2>
-<div class="outline-text-2" id="text-org9d2afa5">
+<div id="outline-container-org9cc58e7" class="outline-2">
+<h2 id="org9cc58e7">Be open</h2>
+<div class="outline-text-2" id="text-org9cc58e7">
 <p>
 Most ways of communication used within Freedombone (eg Matrix/XMPP) allow for public and private communication. Prefer public methods of communication for Freedombone-related messages, unless posting something sensitive.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgeac99f0" class="outline-2">
-<h2 id="orgeac99f0">In case of problems</h2>
-<div class="outline-text-2" id="text-orgeac99f0">
+<div id="outline-container-orgcc0a62b" class="outline-2">
+<h2 id="orgcc0a62b">In case of problems</h2>
+<div class="outline-text-2" id="text-orgcc0a62b">
 <p>
 While this code of conduct should be adhered to by participants, we recognize that sometimes people may have a bad day, or be unaware of some of the guidelines in this code of conduct. When that happens, you may reply to them and point out this code of conduct. Such messages may be in public or in private, whatever is most appropriate. However, regardless of whether the message is public or not, it should still adhere to the relevant parts of this code of conduct; in particular, it should not be abusive or disrespectful. Assume good faith; it is more likely that participants are unaware of their bad behaviour than that they intentionally try to degrade the quality of the discussion.
 </p>
 </p>
 
 <p>
-This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG/OpenPGP if you can, or XMPP with OTR/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response.
+This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG if you can, or XMPP with OpenPGP/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response.
 </p>
 </div>
 </div>

website/EN/support.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-02-04 Sun 21:22 -->
+<!-- 2018-02-20 Tue 11:19 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
 <h1>Support</h1>
 </center>
 
-<div id="outline-container-orgbc8f3ea" class="outline-2">
-<h2 id="orgbc8f3ea">Contact details</h2>
-<div class="outline-text-2" id="text-orgbc8f3ea">
+<div id="outline-container-org96625f0" class="outline-2">
+<h2 id="org96625f0">Contact details</h2>
+<div class="outline-text-2" id="text-org96625f0">
 <p>
 This site can also be accessed via a Tor browser at <b><a href="http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion">http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion</a></b>
 </p>
 </p>
 
 <p>
-<b>XMPP:</b> bob@freedombone.net with OMEMO or OTR
+<b>XMPP:</b> bob@freedombone.net with OMEMO or OpenPGP
 </p>
 
 <p>
 </div>
 </div>
 
-<div id="outline-container-org742c05a" class="outline-2">
-<h2 id="org742c05a">Things which would be nice to have</h2>
-<div class="outline-text-2" id="text-org742c05a">
+<div id="outline-container-orgf7837ec" class="outline-2">
+<h2 id="orgf7837ec">Things which would be nice to have</h2>
+<div class="outline-text-2" id="text-orgf7837ec">
 </div>
-<div id="outline-container-org317c742" class="outline-3">
-<h3 id="org317c742">Ideas</h3>
-<div class="outline-text-3" id="text-org317c742">
+<div id="outline-container-orgff56304" class="outline-3">
+<h3 id="orgff56304">Ideas</h3>
+<div class="outline-text-3" id="text-orgff56304">
 <p>
 Know of some fabulous web system which could run on Freedombone, but currently doesn't? Contact the above, and be prepared to make a compelling argument for why it should be included.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgafbb438" class="outline-3">
-<h3 id="orgafbb438">Money</h3>
-<div class="outline-text-3" id="text-orgafbb438">
+<div id="outline-container-org2a3b4c0" class="outline-3">
+<h3 id="org2a3b4c0">Money</h3>
+<div class="outline-text-3" id="text-org2a3b4c0">
 <p>
 At the present time this project is not seeking any funding. There is no crowdfunding campaign and no slick marketing video. Those aren't ruled out as future possibilities, but for now they're just not needed.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org2edf966" class="outline-3">
-<h3 id="org2edf966">Testing and reporting bugs</h3>
-<div class="outline-text-3" id="text-org2edf966">
+<div id="outline-container-org0aab630" class="outline-3">
+<h3 id="org0aab630">Testing and reporting bugs</h3>
+<div class="outline-text-3" id="text-org0aab630">
 <p>
 Testing of the install on different hardware. Also pentesting on test installations to find vulnerabilities.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org10bcaa2" class="outline-3">
-<h3 id="org10bcaa2">Web design and artwork</h3>
-<div class="outline-text-3" id="text-org10bcaa2">
+<div id="outline-container-org9f29739" class="outline-3">
+<h3 id="org9f29739">Web design and artwork</h3>
+<div class="outline-text-3" id="text-org9f29739">
 <p>
 A better design for this website would be nice to have. Photos, icons or other artwork are all welcome. I've always liked the cartoon artwork of the <a href="https://www.mediagoblin.org/">Mediagoblin</a> project, and attractive graphics can help to get people initially interested.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org881c8f8" class="outline-3">
-<h3 id="org881c8f8">Howto videos</h3>
-<div class="outline-text-3" id="text-org881c8f8">
+<div id="outline-container-org73db84c" class="outline-3">
+<h3 id="org73db84c">Howto videos</h3>
+<div class="outline-text-3" id="text-org73db84c">
 <p>
 If you're good at making videos then a howto for installing Freedombone onto various types of hardware, or testing the mesh system in realistic/exotic scenarios would be good. You could even host videos on PeerTube or Mediagoblin.
 </p>
 </div>
 </div>
-<div id="outline-container-org237516c" class="outline-3">
-<h3 id="org237516c">More education and promotion</h3>
-<div class="outline-text-3" id="text-org237516c">
+<div id="outline-container-org34d84b9" class="outline-3">
+<h3 id="org34d84b9">More education and promotion</h3>
+<div class="outline-text-3" id="text-org34d84b9">
 <div class="org-center">
 
 <div class="figure">
 </div>
 </div>
 
-<div id="outline-container-org92766d9" class="outline-3">
-<h3 id="org92766d9">Translations</h3>
-<div class="outline-text-3" id="text-org92766d9">
+<div id="outline-container-orgb28d5fb" class="outline-3">
+<h3 id="orgb28d5fb">Translations</h3>
+<div class="outline-text-3" id="text-orgb28d5fb">
 <p>
 To add translations modify the json files within the <b>locale</b> subdirectory. Then make a pull request on the <a href="https://github.com/bashrc/freedombone">Github site</a>.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgaf00625" class="outline-3">
-<h3 id="orgaf00625">Packaging</h3>
-<div class="outline-text-3" id="text-orgaf00625">
+<div id="outline-container-org6dfbb85" class="outline-3">
+<h3 id="org6dfbb85">Packaging</h3>
+<div class="outline-text-3" id="text-org6dfbb85">
 <p>
 Helping to package GNU Social and Hubzilla for Debian would be beneficial.
 </p>