Merge branch 'stretch' of https://github.com/bashrc/freedombone

doc/EN/app_akaunting.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Akaunting</h1>
-</center>
-#+END_EXPORT
+* Akaunting
 
 The Freedombone system isn't primarily aimed at companies or institutions, but if you're a one person company or freelancer then having the ability to run your own accounting system and keep the data private and also backed up is useful. Akaunting provides a nice web based system for small business accounts, and is also quite usable within a mobile web browser.
 
 
 Now in a browser navigate to your subdomain. You will need to enter some details for the database. The password should be the mariadb one.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/akaunting_setup.jpg]]
-#+END_CENTER
 
 After that you'll need to enter a company name and an email address. You can make the administrator password anything you prefer, and a suggestion can be found within the *Passwords* section of the *Administrator control panel* under *akaunting*.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/akaunting_setup_company.jpg]]
-#+END_CENTER
 
 From then on the system should be usable. Accounts software can often be quite complex, and so you'll probably want to refer to the [[https://akaunting.com/docs][official documentation]] for details.

doc/EN/app_bdsmail.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>BDS Mail</h1>
-</center>
-#+END_EXPORT
+* BDS Mail
 
 BDS Mail (aka "Brain Dead Simple Mail") is an optional addition to the existing email server which comes installed as default. It creates an extra folder within the Mutt client which allows you to send and receive email using [[https://en.wikipedia.org/wiki/I2P][i2p]] as the transport layer. This solves the problem of being blocked by dubious systems and also the problem of user friendly email encryption. If you're behind a hostile firewall which you don't control and which blocks all ports, this system is still likely to work. You can use GPG as an additional encryption layer if you prefer, but it's not strictly necessary because you already have the i2p public key system to ensure end-to-end security.
 

doc/EN/app_bludit.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Bludit</h1>
-</center>
-#+END_EXPORT
+* Bludit
 
 This is a databaseless blogging system which uses markdown files. It's not very complex and so there is not much to go wrong, and it should run well on any server hardware.
 

doc/EN/app_cryptpad.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>CryptPad</h1>
-</center>
-#+END_EXPORT
+* CryptPad
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/cryptpad.jpg]]
-#+END_CENTER
 
 This is similar to [[./app_etherpad.html][EtherPad]] but with better security and more document types which can be collaboratively edited in real time. It includes not just text editing but also creating presentations, voting and editing source code.
 

doc/EN/app_dlna.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>DLNA</h1>
-</center>
-#+END_EXPORT
+* DLNA
 
 An easy way to play music on any mobile device in your home is to use the DLNA service. Copy your music into a directory called "/Music/" on an unencrypted USB thumb drive and then insert it into a USB socket on the Freedombone system.
 

doc/EN/app_dokuwiki.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Dokuwiki</h1>
-</center>
-#+END_EXPORT
+* Dokuwiki
 
 Dokuwiki is a wiki which stores its content in text files. Having no database makes maintaining it simpler, and it's not tied to any particular domain name so you can easily copy the files to a different domain if you need to.
 
-
 * Installation
 Log into your system with:
 

doc/EN/app_edith.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Edith Notes</h1>
-</center>
-#+END_EXPORT
+* Edith Notes
 
 Edith notes is the simplest and quickest kind of notes system. It has no complicated user interface. Just enter your domain and a title and a note will be created. Everything typed is saved automatically.
 
 
 Select *Administrator controls* then *App Settings* then *edith*. Enter a subdomain name, such as /notes.mydomain.com/, and optionally a freedns code. When the installation is complete you can then look up the password for the site within the *Passwords* section of the *Administrator control panel*, then  navigate to the subdomain. Log in, then enter something like /notes.mydomain.com/testnote/ and start typing.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/edith_notes.jpg]]
-#+END_CENTER
 
 It is possible to turn off the login via *App Settings/edith* if you wish, but this will enable anyone on the internet to view or edit notes on your system, which could have obvious privacy or stability implications. From *App settings/edith* it's also possible to browse through your notes files.

doc/EN/app_emacs.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Emacs</h1>
-</center>
-#+END_EXPORT
+* Emacs
 
 Emacs is a text editor popular with software developers or anyone who needs to take notes at high speed or be able to customise their editing environment to a high degree. When installed on Freedombone it can be used together the Mutt email client to edit new emails or if you need to manually edit configuration files.
 

doc/EN/app_etherpad.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Etherpad</h1>
-</center>
-#+END_EXPORT
+* Etherpad
 
 This is a well known system for real time collaborative editing of documents. Just log in, choose a document title and then edit. Different users will appear in different colours, and can also chat in the sidebar. This is installed as a private system in which only users on your Freedombone server will be able to create and edit documents, so it's not open to any random users on the internet.
 

doc/EN/app_fedwiki.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Federated Wiki</h1>
-</center>
-#+END_EXPORT
+* Federated Wiki
 
 Federated wikis are a relatively new concept. There can be multiple copies of the same page on different servers and it's then easy to pick which version you prefer, or make something new. It's like wiki meets mashup meets federation, and so is different from many previous web paradigms and may take some recalibration of how you think the web should work.
 

doc/EN/app_friendica.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Friendica</h1>
-</center>
-#+END_EXPORT
+* Friendica
 
 Friendica is a federated social networking system. It can federate with other popular systems such as GNU Social and Diaspora. Currently Friendica only works on the clearnet and doesn't have an onion address.
 
 
 On first visiting your Friendica site you'll see the login screen. The first thing you need to do is to select *register* to create a new Friendica administrator user. The first user on the system then becomes its administrator.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/friendicaadmin.jpg]]
-#+END_CENTER
 
 Friendica has numerous addons which you might want to explore. Select the small icon next to the search box and you will get to the administrator settings. Select *plugins* and you can then configure which ones you want. From the *site* settings you can also force all links to use SSL/TLS for added security.
 

doc/EN/app_gnusocial.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>GNU Social</h1>
-</center>
-#+END_EXPORT
+* GNU Social
 
 GNU Social is typically referred to as a microblogging system, although with a maximum post length much longer than Twitter it's really a sort of federated community blog with a stream-based appearance which also supports markdown formatting.
 
 
 Some general advice about life in the fediverse [[./fediverse.html][can be found here]].
 
-
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/gnusocial_pleroma.jpg]]
-#+END_CENTER
 
 
 * Installation
 
 GNU Social has a clutter-free mobile user interface which can be accessed via a Tor compatible browser (make sure to add a NoScript exception). Unlike similar proprietary sites there are no bribed posts.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/gnusocial_mobile.jpg]]
-#+END_CENTER
 
 * Switching user interfaces
 A few web based user interfaces are available for GNU SOcial. They are selectable by going to the *Administrator control panel* and choosing *App settings* then *gnusocial*.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/gnusocial_settings.jpg]]
-#+END_CENTER
 
  * *Qvitter*: Looks similar to Twitter during its golden era, before the ads and other antifeatures arrived
  * *Pleroma*: A modern and lightweight user interface
 
 * Using with Emacs
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/gnu-social-mode.jpg]]
-#+END_CENTER
 
 If you are an Emacs user it's also possible to set up GNU Social mode as follows:
 
 | CTRL-c CTRL-d | Post direct Message   |
 
 * Blocking controls
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/controlpanel/control_panel_blocking.jpg]]
-#+END_CENTER
 
 The biggest hazard with GNU Social is that it's part of a public federated communications system. This means that conversations and replies from other servers may end up in your "whole known network" stream. The internet being what it is, some of these could be undesirable. You can block individual users or entire domains by going to the *Administrator control panel* and selecting *Domain or User Blocking*, then adding or removing entries. This blocks domains at the firewall level and also at the level of database and file storage.
 

doc/EN/app_gogs.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Gogs</h1>
-</center>
-#+END_EXPORT
+* Gogs
 
 Github is ok, but it's proprietary and funded by venture capital. If you been around on the internet for long enough then you know how this story eventually works itself out - i.e. badly for the users. It's really only a question of time. If you're a software developer or do things which involve the Git version control system then it's a good idea to become accustomed to hosting your own repositories, before the inevitable Github shitstorm occurs.
 

doc/EN/app_htmly.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>HTMLy</h1>
-</center>
-#+END_EXPORT
+* HTMLy
 
 HTMLy is a databaseless blogging system.
 

doc/EN/app_hubzilla.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Hubzilla</h1>
-</center>
-#+END_EXPORT
+* Hubzilla
 
 Hubzilla is a web publishing and social network system which includes wiki, web pages, photo albums and file storage. It also has privacy controls which allow you to define who can see which content. It's possible to write posts and have them visible only to a group of friends (known as "/privacy groups/"), with the encryption being handled automatically. Currently Hubzilla only works on the clearnet and doesn't have an onion address.
 
 
 On first visiting your Hubzilla site you'll see the login screen. The first thing you need to do is *register* a new user. The first user on the system then becomes its administrator.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/hubzilla_mobile.jpg]]
-#+END_CENTER

doc/EN/app_icecast.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Icecast</h1>
-</center>
-#+END_EXPORT
+* Icecast
 
 Icecast enables you to run something like an internet radio station. So if you have multiple audio files and want to be able to stream those in sequence from a web site then this can be useful.
 

doc/EN/app_irc.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>IRC</h1>
-</center>
-#+END_EXPORT
+* IRC
 
 IRC is useful for multi-user chat. The classic use case is for software development where many engineers might need to coordinate their activities, but it's also useful for meetings, parties and general socialising.
 
 
 If you are using the ordinary domain name (clearnet/ICANN) then make sure that *Use SSL* is checked.
 
+#+attr_html: :width 80% :align center
 [[file:images/hexchat_setup_clearnet.jpg]]
 
 If you are using the onion address then *use SSL* should be unchecked and the transport encryption will be handled via the onion address itself.
 
+#+attr_html: :width 80% :align center
 [[file:images/hexchat_setup.jpg]]
 
 Within the *Password* field enter the password which can be found from the IRC menu of the *control panel*.

doc/EN/app_kanboard.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>KanBoard</h1>
-</center>
-#+END_EXPORT
+* KanBoard
 
 Kanbans are one way of managing projects. They're traditionally used in businesses but can also be useful for personal TODO lists or within open source or DIY projects. If you have a list of things which need to be done and want to keep track of progress then this provides a way to do that.
 

doc/EN/app_keyserver.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>OpenPGP Key Server</h1>
-</center>
-#+END_EXPORT
+* OpenPGP Key Server
 
 The /web of trust/ is a nice idea, but how trustable is it? If you take a look at how many OpenPGP key servers are out there then there are a two or three main ones and not much else. Can you trust those servers? Who is maintaining them and how often? Is any censorship going on? How hard would it be for adversaries to get implants onto them? In terms of technology this infrastructure is quite old and it could have been neglected for a long time. Once vigilant maintainers might have turned lazy and gotten lax with server security, or been recruited over to the dark side.
 
 For these kinds of reasons you might prefer to run your own web of trust infrastructure. In simple terms it's a database of GPG public keys which provides a way for users to /find out how to communicate with others securely via email/. You can meet in person and exchange public keys via sneakernet on USB drives, but most users of GPG don't do that. Instead they just download the public key for a given email address from one of the key servers.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/keyserver.jpg]]
-#+END_CENTER
 
 * Installation
 

doc/EN/app_koel.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Koel</h1>
-</center>
-#+END_EXPORT
+* Koel
 
 This enables you to store your music on the Freedombone server and then access it from any internet connected device. If you just want to make music accessible within your home network then [[./app_dlna.html][DLNA]] is usually sufficient, but if you want to be able to play your music from anywhere then [[https://koel.phanan.net][Koel]] is a better option.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/koel.jpg]]
-#+END_CENTER
 
 * Installation
 Log into your system with:
 
 Once logged in go to settings and set the media path to */music*.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/koelsettings.jpg]]
-#+END_CENTER
 
 * Importing music
 
 This app doesn't have any way to upload music and instead just expects that there will be a directory on the server containing music files. There are a couple of ways to get new music files onto the system: either by using ssh or by putting them onto a USB drive.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/controlpanel/control_panel_koel.jpg]]
-#+END_CENTER
 
 ** Via ssh
 

doc/EN/app_lychee.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Lychee</h1>
-</center>
-#+END_EXPORT
+* Lychee
 
 Lychee is a simple and lightweight photo album for the web. Whether you're an amateur or professional photographer, or want to publish random holiday pics or cat pictures. Lychee just does what it says it does without any fuss. There is also a photo album feature within [[./app_hubzilla.html][Hubzilla]] if you need more sophisticated social photo sharing with individualised permissions.
 
 
 Within a browser navigate to your lychee domain name or onion address. It should look like this:
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/lychee_setup.jpg]]
-#+END_CENTER
 
 Within the *Administrator control panel* select *App Settings* and then *lychee*. This will show the initial login settings which you need to set up the database. To copy the password hold down the shift key, select the password then right click and copy.
 

doc/EN/app_mailpile.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Mailpile</h1>
-</center>
-#+END_EXPORT
+* Mailpile
 
 Mailpile provides a nice looking webmail interface suitable for use on desktop or mobile clients. It has good support for email encryption and makes that quite an simple process. At present it's usable but still has a few bugs and limitations. If you need a fully functional email client with comprehensive encryption support then either use Mutt or Thunderbird/Icedove.
 
 
 Under *Sending Mail* select *local* or if you need to proxy outgoing email through your ISP's server select *SMTP/TLS* and enter the details, then click *Next*.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/mailpile_setup.jpg]]
-#+END_CENTER
 
 Under *Receiving files* select *IMAP*, the domain as *localhost*, port *143* and your username, then click *Next*. Astute readers may well be concerned that IMAP over port 143 is not encrypted, but since this is only via localhost communication between the Mail Transport Agent and Mailpile doesn't travel over the internet and port 143 is not opened on the firewall so it's not possible to accidentally connect an external mail client insecurely.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/mailpile_setup_keys.jpg]]
-#+END_CENTER
 
 Under *Security and Privacy* either select your existing encryption key or if you only get the option to create a new one then do so, then click *Add* or *Save*.
 

doc/EN/app_matrix.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Matrix</h1>
-</center>
-#+END_EXPORT
+* Matrix
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/matrix_riotweb.jpg]]
-#+END_CENTER
 
 Matrix is a federated communications system, typically for multi-user chat, with end-to-end content security features. You can consider it to be like a modernized version of IRC chat where the crypto and access controls have been built in by default. At present Matrix is really only a creature of the clearnet and so there isn't any way to protect the metadata. Despite the talk of security the lack of metadata defenses make this really only suitable for public communications, similar to microblogging or public IRC channels.
 

doc/EN/app_mediagoblin.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Mediagoblin</h1>
-</center>
-#+END_EXPORT
+* Mediagoblin
 
 With Mediagoblin you can host video and audio content in a similar manner to the proprietary systems such as YouTube and SoundCloud. This system supports free media formats such as /webm/, /ogv/ and /ogg/. Another similar system which might be better fitted for small servers is [[./app_peertube.html][PeerTube]], since it uses webtorrent to distribute video files. Webtorrent will only work with WebRTC enabled browsers though.
 
 When hosting media files you should take into consideration that since anyone on the internet can view your content then this could significantly increase your bandwidth usage and overall strain on the server. Also unless you are just hosting images then hardware such as the Beaglebone Black won't be powerful enough for a good user experience when either uploading or playing back videos. It's recommended that you use one of the more powerful quad (or more) core single board computers or an old laptop if you want to run Mediagoblin on it.
 
+#+attr_html: :width 50% :align center
 #+BEGIN_CENTER
 [[file:images/mediagoblin.jpg]]
 #+END_CENTER

doc/EN/app_mumble.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Mumble</h1>
-</center>
-#+END_EXPORT
+* Mumble
 
 Mumble is a well known VoIP system originally used for gaming, but which works just as well for any general conference calls or meetings.
 
 
 From the menu select *Configure* then *Settings*. Select the *Advanced* checkbox then select *Network*. Select *Force TCP mode* and proxy type *Socks5*. Hostname should be set to *localhost* and port should be *9050*.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/mumble_config.jpg]]
-#+END_CENTER
 
 Select *Apply* and *Ok*, then on the menu *Server* and *Connect*.
 

doc/EN/app_nextcloud.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>NextCloud</h1>
-</center>
-#+END_EXPORT
+* NextCloud
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/nextcloud.jpg]]
-#+END_CENTER
 
 NextCloud is a system for file synchronisation and also has many other plugins for calendar, videoconferencing, collaborative document editing and federated file sharing. It's a lot more elaborate than Syncthing, but there may be situations where centralized control of your files on your server is better than a purely peer-to-peer approach (eg. if you need to remove a user's access to files).
 

doc/EN/app_peertube.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/peertube.jpg]]
-#+END_CENTER
 
 This is a video hosting system similar to Mediagoblin but using webtorrent to help distribute the files to or between clients. This should be more practical for situations where a video becomes popular because the load is then spread across the network, with performance increasing with the number of nodes. However, the torrenting aspect of it only works with WebRTC enabled browsers and so this means it's unlikely to fully work with a Tor browser. Without WebRTC then from a user point of view it's effectively the same thing as Mediagoblin.
 

doc/EN/app_pihole.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>PI-Hole: The Black Hole for Web Adverts</h1>
-</center>
-#+END_EXPORT
+* PI-Hole: The Black Hole for Web Adverts
 
 Idiots who have an inflated sense of self-entitlement will tell you that it's /your moral duty/ to view their mind-numbingly tedious corporate ads on their web site or YouTube channel, or else their kids will starve and the sky will fall because their revenue stream will dry up. But that's bullshit. There is nothing intrinsic or morally mandatory about adverts propping up the livelihoods of netizens, and indeed a web not primarily based on advertising money might have been a much better and more interesting place by now, with a lot less spying.
 

doc/EN/app_pleroma.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
-
-#+BEGIN_CENTER
-[[file:images/pleroma-logo.png]]
-#+END_CENTER
 
 #+BEGIN_QUOTE
 "/The way to keep giant companies from sterilizing the Internet is to make their sites irrelevant. If all the cool stuff happens elsewhere, people will follow. We did this with AOL and Prodigy, and we can do it again./" -- Maciej Cegłowski
 
 Some general advice about life in the fediverse [[./fediverse.html][can be found here]].
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/pleroma.jpg]]
-#+END_CENTER
 
 * Installation
 Log into your system with:
 * Mastodon user interface
 If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to */yourpleromadomainname/web* and log in.
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/pleromamastodon.jpg]]
-#+END_CENTER
 
 * Mobile apps
 It's also possible to use Mastodon apps together with Pleroma, such as Tusky, since it supports the Mastodon API. You may need to install *IcecatMobile* and set it as your default browser (under *Settings/Apps/Menu*) in order for the initial oauth registration process to work.
 
-#+BEGIN_CENTER
+#+attr_html: :width 50% :align center
 [[file:images/tusky.jpg]]
-#+END_CENTER
+
 * Blocking controls
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/controlpanel/control_panel_blocking.jpg]]
-#+END_CENTER
 
 The biggest hazard with Pleroma is that it's part of a public federated communications system. This means that conversations and replies from other servers may end up in your "whole known network" stream. The internet being what it is, some of these could be undesirable. You can block individual users or entire domains by going to the *Administrator control panel* and selecting *Domain or User Blocking*, then adding or removing entries. This blocks domains at the firewall level and also at the level of database and file storage.
 

doc/EN/app_postactiv.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>PostActiv</h1>
-</center>
-#+END_EXPORT
+* PostActiv
 
 PostActiv is a fork of [[./app_gnusocial.html][GNU Social]] which includes some extra fixes and optimisations to improve performance. It federates just like GNU Social does and so whether you choose GNU Social or PostActiv is really just down to personal prefernce.
 
 Some general advice about life in the fediverse [[./fediverse.html][can be found here]].
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/postactiv_pleroma.jpg]]
-#+END_CENTER
 
 * Installation
 Log into your system with:
 * Switching user interfaces
 A few web based user interfaces are available for PostActiv. They are selectable by going to the *Administrator control panel* and choosing *App settings* then *postactiv*.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/postactiv_settings.jpg]]
-#+END_CENTER
 
  * *Qvitter*: Looks similar to Twitter during its golden era, before the ads and other antifeatures arrived
  * *Pleroma*: A modern and lightweight user interface
 
 * Using with Emacs
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/gnu-social-mode.jpg]]
-#+END_CENTER
 
 If you are an Emacs user it's also possible to set up GNU Social mode, which is compatible with PostActiv. You can do that as follows:
 
 | CTRL-c CTRL-d | Post direct Message   |
 
 * Blocking controls
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/controlpanel/control_panel_blocking.jpg]]
-#+END_CENTER
 
 The biggest hazard with PostActiv is that it's part of a public federated communications system. This means that conversations and replies from other servers may end up in your "/whole known network/" stream. The internet being what it is, some of these could be undesirable. You can block individual users or entire domains by going to the *Administrator control panel* and selecting *Domain or User Blocking*, then adding or removing entries. This blocks domains at the firewall level and also at the level of database and file storage.
 

doc/EN/app_privatebin.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>PrivateBin</h1>
-</center>
-#+END_EXPORT
+* PrivateBin
 
 This is an encrypted pastebin, such that the server has zero knowledge of the content. It's intended for small amounts of text less than 32K in length. It's not intended for transfering large files, or for storing pastes for more than a day.
 

doc/EN/app_profanity.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Profanity</h1>
-</center>
-#+END_EXPORT
+* Profanity
 
 To install this app you will first need to install the [[./app_xmpp.html][XMPP server]].
 

doc/EN/app_riot.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Riot Web</h1>
-</center>
-#+END_EXPORT
+* Riot Web
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/riotweb.jpg]]
-#+END_CENTER
 
 Riot Web is a browser based user interface for the [[./app_matrix.html][Matrix]] federated communications system. It allows you to do encrypted one-to-one or group chat, and has some fancy WebRTC features for voice and video conversations. The WebRTC stuff won't work in a Tor browser though. This type of system is fine for general public communications and collaboration on open source projects or gaming groups. For things which require real privacy though stick to XMPP with OMEMO.
 

doc/EN/app_rss.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>RSS Reader</h1>
-</center>
-#+END_EXPORT
+* RSS Reader
 
 The way that RSS reading is set up on Freedombone gives you strong reading privacy. Not only is there onion routing between you and the server but also between the server and the source of the RSS feed. The only down side is that many RSS feeds are still http only, and so could be vulnerable to injection attacks, but it's expected that more of this will go to https in the foreseeable future due to a combination of growing recognition of security issues and systems like Let's Encrypt which make obtaining certificates much easier.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/rss_reader_mobile.jpg]]
-#+END_CENTER
 
 * Finding the onion address
 See the control panel for the RSS reader onion address.

doc/EN/app_searx.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>SearX</h1>
-</center>
-#+END_EXPORT
+* SearX
 
 SearX is a metasearch engine. That means it returns results from other selected search engines. It's accessible via an onion address and provides a private search ability. Really the only advantage it gives you over searching directly from a Tor browser is the ability to customise your search experience.
 
 In terms of security both the connection between you and the server, and the outgoing connection from the server to other search engines are onion routed. This should give you a reasonable level of search privacy.
 
-
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/searx.jpg]]
-#+END_CENTER
 
 * Installation
 

doc/EN/app_syncthing.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Syncthing</h1>
-</center>
-#+END_EXPORT
+* Syncthing
 
 Syncthing provides a similar capability to proprietary systems such as Dropbox, and also is well suited for use with low power single board computers. You can have one or more directories which are synchronized across your various laptops/desktops/devices, and this makes it hard for you to ever lose important files. The manner in which the synchronization is done is pretty secure, such that it would be difficult for passive adversaries (mass surveillance, "/men in the middle/", etc) to know what files you're sharing. Of course, you don't necessarily need to be running a server in order to use Syncthing, but if you do have a server which is always running then there's always at least one place to synchronize your files to or from.
 
 
 Then select *File Synchronization*.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/controlpanel/control_panel_file_sync.jpg]]
-#+END_CENTER
 
 Select *Show device ID* and copy the long string of letters and numbers shown, using the shift key then select the text followed by right click then select copy.
 
 Open a non-Tor browser and enter  *http://127.0.0.1:8384* as the URL. You should now see the minimalistic user interface. Under *Remote Devices* select *Add Remote Device*. In the *Device ID* field paste the string you just copied (CTRL+v). The Device name can be anything. Under *Share Folders with Device* check *default* (or whatever folder you created on your local machine), then save.
 
-#+BEGIN_CENTER
+#+attr_html: :width 50% :align center
 [[file:images/syncthing_browser.jpg]]
-#+END_CENTER
 
 From the top menu select *Actions* and then *Show ID*, then copy the ID string (usually select then CTRL+c). Go back to the terminal control panel menu and select *Add an ID* then paste what you just copied (CTRL+v). Optionally you can also provide a description so that you later can know what that string corresponds to.
 

doc/EN/app_tahoelafs.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Tahoe-LAFS</h1>
-</center>
-#+END_EXPORT
+* Tahoe-LAFS
 
 This is a robust system for encrypted file storage on one or more servers. Files are accessed via a URL which contains the public key with which it was encrypted.
 
 * Adding more servers
 You can add more servers to the system to increase its storage capacity. In a typical Tahoe-LAFS new data storage servers are automatically discovered via an introducer node, but that creates a single centralised point of failure. The installation on Freedombone has no introducer node and so details for the servers of your friends need to be entered manually.
 
-#+BEGIN_CENTER
+#+attr_html: :width 50% :align center
 [[file:images/controlpanel/control_panel_tahoelafs.jpg]]
-#+END_CENTER
 
 Other servers will typically be Freedombone systems with Tahoe-LAFS installed. Your Tahoe-LAFS server settings can be found on the *About* screen of the *Administrator control panel*. Use an end-to-end encrypted chat app to copy and paste those details and send them to other friends. To add the server details go to *App settings* on the *Administrator control panel* then select *tahoelafs* and *Add server*.

doc/EN/app_tox.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Tox</h1>
-</center>
-#+END_EXPORT
+* Tox
 
 Tox is an encrypted peer-to-peer messaging system and so should work without Freedombone. It uses a system of nodes which act as a sort of directory service allowing users to find and connect to each other. The Tox node ID on the Freedombone can be found within *App Settings* under *tox* within the *Administrator control panel*. If you have other users connect to your node then you will be able to continue chatting even when no other nodes are available.
 
 
 Then from the menu select *Run an app* followed by *tox*. Tox is encrypted by default and also routed through Tor, so it should be reasonably secure both in terms of message content and metadata.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/toxic.jpg]]
-#+END_CENTER

doc/EN/app_turtl.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Turtl</h1>
-</center>
-#+END_EXPORT
+* Turtl
 
 #+begin_quote
 "/Now is a very important time in history. Every aspect of our lives is moving into the digital world faster than we realize. We use apps like Dropbox or Evernote because of their convenience, but in doing so we sacrifice our privacy. What data isn't sold to advertisers or stolen by hackers is carved up by government surveillance./"
 
 Since the data at rest is stored in PGP encrypted format this is a good system to use in cases where security really is a critical factor.
 
-
-#+BEGIN_CENTER
+#+attr_html: :width 50% :align center
 [[file:images/turtl.jpg]]
-#+END_CENTER
 
 * Installation
 Log into your system with:
 
 You should then be able to log in and start using the app. You might also want to invite any other users of your Freedombone system to also sign up using the turtl domain name which you specified during installation.
 
-
 * Locking it down
 Once you have created accounts it's a good idea to turn off new turtl signups. This will prevent millions of random users on the interwebs from creating accounts on your system and killing your server, or possibly other nefarious security scenarios. Go to the *administrator control panel* and select *App Settings* then *turtl*. You will then be able to disable new user registrations and also set the data storage limit for users. If you need additional users later you can always temporarily re-enable signups.

doc/EN/app_vpn.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>OpenVPN</h1>
-</center>
-#+END_EXPORT
+* OpenVPN
 
 #+begin_quote
 "/The Net interprets censorship as damage and routes around it./" -- John Gilmore

doc/EN/app_xmpp.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>XMPP/Jabber</h1>
-</center>
-#+END_EXPORT
+* XMPP/Jabber
 
 Most people know XMPP as "/Jabber/" and it's sometimes regarded and an old protocol once used by Google and Facebook but which is no longer relevant. However, it still works and if appropriately configured, as it is on Freedombone, can provide the best chat messaging security currently available.
 

doc/EN/apps.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
 #+begin_quote
 "/In times of aggressive corporatization, increasing enclosure of communication spaces, and blanket surveillance, emancipatory communication practices appear to be particularly well suited to offer concrete alternatives to activists and citizens alike/" -- Stefania Milan
 
 The base install of the system just contains an email server and Mutt client, but not much else. In addition from within the *Administrator control panel* under *Add/remove apps* the following are installable. This list only applies on the home server version, with the mesh network version having a different and smaller set of apps.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/controlpanel/control_panel_apps.jpg]]
-#+END_CENTER
-
 
 * Akaunting
 A web based accounts system for small businesses or freelancers.
 Chat server which can be used together with client such as Gajim or Conversations to provide end-to-end content security and also onion routed metadata security. Includes advanced features such as /client state notification/ to save battery power on your mobile devices, support for seamless roaming between networks and /message carbons/ so that you can receive the same messages while being simultaneously logged in to your account on more than one device.
 
 [[./app_xmpp.html][How to use it]]
+
+
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/armbian.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, armbian
+#+KEYWORDS: freedombone, debian, armbian, sbc
 #+DESCRIPTION: Installing Freedombone on Armbian
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
 
 #+begin_export html
 
 Using the default Armbian password of *1234*. You should see the Armbian welcome message and will be asked to change the password, then create a new user account.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/armbian_setup.jpg]]
-#+END_CENTER
 
 When the user account is created type *exit* to leave the ssh session then log back in with your new user account.
 

doc/EN/backups.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: freedombone, backup
+#+DESCRIPTION: How to make backups on Freedombone
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Backups</h1>
-</center>
-#+END_EXPORT
+* Backups
 
 #+BEGIN_CENTER
 #+ATTR_HTML: :border -1

doc/EN/beaglebone.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Installing Freedombone on a Beaglebone Black</h1>
-</center>
-#+END_EXPORT
+* Installing Freedombone on a Beaglebone Black
 
 The Beaglebone Black is small, cheap, a fully open hardware design, has a hardware random number generator and consumes very little electrical power, making it suitable for all kinds of uses. There is also a wireless version.
 
 You can easily use one to run your own internet services from home.
 
-#+BEGIN_CENTER
+#+attr_html: :width 50% :align center
 [[file:images/bbb_board.jpg]]
-#+END_CENTER
 
 You will need:
 
 freedombone-image --setup parabola
 #+end_src
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/microsd_reader.jpg]]
-#+END_CENTER
 
 If you own a domain name and have it linked to a dynamic DNS account (eg. [[https://freedns.afraid.org][freeDNS]]) and want to make a system accessible via an ordinary browser then run:
 
 
 Onion addresses have the advantage of being difficult to censor and you don't need to buy a domain or have a dynamic DNS account. An onion based system also means you don't need to think about NAT traversal type issues. This *does not* mean that everything gets routed through Tor, it just means that the sites for apps which you install will be available through Tor's address system.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/bbb_back.jpg]]
-#+END_CENTER
 
 Now follow the [[./homeserver.html][instructions given here to copy the image to the microSD drive]] beginning with running the /freedombone-client/ command. Wherever it says "USB drive" substitute "microSD drive". When the microSD drive is ready plug it into the front of the Beaglebone. The photo below also includes an Atheros wifi USB dongle plugged into the front, but that's not necessary unless you want to set up the system to run on a wifi network.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/bbb_front.jpg]]
-#+END_CENTER
 
 Connect the power and for the non-wireless versions of the Beaglebone Black also connect the ethernet cable and plug it into your internet router.
 

doc/EN/boards.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Supported ARM boards</h1>
-</center>
-#+END_EXPORT
+* Supported ARM boards
 
 The following ARM boards are supported by the build system. If your board isn't listed here then you may still be able to install Freedombone using [[./armbian.html][Armbian]].
 
- - [[./downloads/current/freedombone-current-beaglebone-armhf.img.xz][beaglebone]]
- - [[./downloads/current/freedombone-current-cubieboard2-armhf.img.xz][cubieboard2]]
- - [[./downloads/current/freedombone-current-cubietruck-armhf.img.xz][cubietruck]]
- - [[./downloads/current/freedombone-current-pcduino3-armhf.img.xz][pcduino3]]
+ - [[./downloads/v31/freedombone-beaglebone-armhf.img.xz][beaglebone]]
+ - [[./downloads/v31/freedombone-cubieboard2-armhf.img.xz][cubieboard2]]
+ - [[./downloads/v31/freedombone-cubietruck-armhf.img.xz][cubietruck]]
+ - [[./downloads/v31/freedombone-pcduino3-armhf.img.xz][pcduino3]]
  - a20-olinuxino-lime
  - a20-olinuxino-lime2
  - a20-olinuxino-micro

doc/EN/code.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: freedombone, code
+#+DESCRIPTION: Freedombone codebase
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Code</h1>
-</center>
-#+END_EXPORT
+* Code
 
 Freedombone is really just a couple of [[https://www.gnu.org/software/bash][bash]] scripts which install and configure software on a Debian GNU/Linux system. If you're a system administrator, software engineer or Linux hobbyist you'll probably be familiar with command line scripting and be able to make your own modifications or custom variants to suit your needs. Freedombone is licensed under the [[https://www.gnu.org/licenses/agpl.html][GNU Affero General Public License version 3]] (or later).
 

doc/EN/codeofconduct.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+begin_export html
-<center><h1>Code of Conduct</h1></center>
-#+end_export
+* Code of Conduct
 
 * Be respectful
 
 Serious or persistent offenders will be kicked from chat rooms and any of their subsequent patches will be unlikely to be upstreamed. In this context "serious" means that someone is causing others to feel unsafe or be unable to contribute, for whatever reason.
 
 This is not a big project and so there is no division of labor or special enforcement committee or bureaucratic process. Complaints should be made (in private) to the maintainer or chat room admin. The typical email address can be found in the source code headers. Preferably use GPG if you can, or XMPP with OpenPGP/OMEMO to bob@freedombone.net. XMPP messages are likely to get a quicker response.
+
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/controlpanel.org

-#+TITLE:
-#+AUTHOR: Bob Mottram
-#+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Control Panel
-#+OPTIONS: ^:nil toc:nil
-#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
-
-#+BEGIN_CENTER
-[[file:images/logo.png]]
-#+END_CENTER
-
-#+BEGIN_EXPORT html
-<center>
-<h1>Control panel</h1>
-</center>
-#+END_EXPORT
-
-| [[Main menu]]               |
-| [[User control panel]]      |
-| [[About screen]]            |
-| [[Email filtering rules]]   |
-| [[Hubzilla menu]]           |
-| [[IRC menu]]                |
-| [[Media menu]]              |
-| [[Repository mirrors]]      |
-| [[Backup and restore menu]] |
-| [[Security menu]]           |
-| [[User management menu]]    |
-
-* Main menu
-You can access the main menu by logging into the system.
-
-#+BEGIN_SRC bash
-ssh myusername@mydomain -p 2222
-#+END_SRC
-
-Then selecting /Administrator controls/.
-
-It should look like this:
-
-#+BEGIN_CENTER
-[[file:images/controlpanel/control_panel.jpg]]
-#+END_CENTER
-
-To select anythng on the control panel use the *up and down* cursor keys and *space bar* to tag, then press *Enter*.
-
-* User control panel
-When a user initially logs in they will see a version of the control panel with restricted options aimed at the kinds of things which someone who isn't the administrator might wish to do. An expected scenario is that you might have a few friends or family members on the system, and this is who this menu is intended for.
-
-From this menu checking email or running chat applications is very easy, and they are configured in a safe manner without the user needing to do anything special. Email uses *mutt*, XMPP uses *profanity* and IRC uses *irssi*.
-
-#+BEGIN_CENTER
-[[./images/controlpanel/control_panel_user.jpg]]
-#+END_CENTER
-
-It's also possible for the user to define email filtering rules, add a ssh public key for key based login and also add or remove GPG public keys. They can also do this via the commandline if they prefer, but the menu system may provide an easier user interface.
-* About screen
-To find out your current domain names select the About screen from the main menu. This is especially useful for finding your onion addresses. For improved security by compartmentalisation, and also simpler implementation, each application has its own onion address.
-
-#+BEGIN_CENTER
-[[file:images/controlpanel/control_panel_about.jpg]]
-#+END_CENTER
-
-You can also see the SIP extension numbers for each user and how much disk space each user is consuming (typically this corresponds with email use).
-
-The Local Mirrors contains mirrored copies of the git repositories used by the system. If they don't have access to default repositories (mostly Github) then you can give these details to other users and then they can set their main repository such that they can pull from your system. Obviously any users doing this need to trust that you havn't modified the mirrored repositories in any way.
-
-* Email filtering rules
-You can add users to mailing lists, or block particular email addresses or subject lines in this menu.
-
-#+BEGIN_CENTER
-[[file:images/controlpanel/control_panel_filtering.jpg]]
-#+END_CENTER
-
-* Hubzilla menu
-This allows you to set the global directory location and obtain an SSL/TLS certificate if necessary.
-
-#+BEGIN_CENTER
-[[file:images/controlpanel/control_panel_hubzilla.jpg]]
-#+END_CENTER
-
-* IRC menu
-You can view the current IRC password or change it from here. Currently the IRC server does not work equally well on clrearnet and via Tor, so there is an option to switch from one to the other. Initially the IRC server will be running on clearnet (i.e. no onion routing).
-
-#+BEGIN_CENTER
-[[file:images/controlpanel/control_panel_irc.jpg]]
-#+END_CENTER
-
-* Media menu
-It's possible to add playable media to a USB drive and plug it into the system, then make it accessible to other devices such as tablets or phones on your local network via DLNA.
-
-#+BEGIN_CENTER
-[[file:images/controlpanel/control_panel_media.jpg]]
-#+END_CENTER
-
-* Repository mirrors
-If you don't want to use the default repositories, or don't have access to them, then you can obtain them from another Freedombone server (the details can be found on the other server on the *About* screen of the control panel).
-
-#+BEGIN_CENTER
-[[file:images/controlpanel/control_panel_mirrors.jpg]]
-#+END_CENTER
-
-* Backup and restore menu
-You can create backups or restore from backup here. It's also possible to create keydrives which store the backup key.
-
-#+BEGIN_CENTER
-[[file:images/controlpanel/control_panel_backup_restore.jpg]]
-#+END_CENTER
-
-* Security menu
-If you need to generate SSL/TLS certificates or change cypher details due to changing recommendations then you can do that here. If you are changing cypher details be extra careful not to make mistakes/typos, which could reduce the security of your system.
-
-#+BEGIN_CENTER
-[[file:images/controlpanel/control_panel_security.jpg]]
-#+END_CENTER
-
-* User management menu
-Users can be added or removed here.
-
-#+BEGIN_CENTER
-[[file:images/controlpanel/control_panel_users.jpg]]
-#+END_CENTER

doc/EN/debianinstall.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>How to install on an existing Debian system</h1>
-</center>
-#+END_EXPORT
+* How to install on an existing Debian system
 
 #+BEGIN_QUOTE
 "/The antagonism of surveillance is not privacy but the making of communities in struggle/"

doc/EN/devguide.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: freedombone, developers
+#+DESCRIPTION: Freedombone developers guide
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+begin_export html
-<center><h1>Developers Guide</h1></center>
-#+end_export
+* Developers Guide
 
 * Introduction
 Freedombone consists of a set of bash scripts. There are a lot of them, but they're not very complicated. If you're familiar with the GNU/Linux commandline and can hack a bash script then you can probably add a new app or fix a bug in the system. There are no trendy development frameworks to learn or to get in your way. You might also want to consult the [[./codeofconduct.html][Code of Conduct]], and there is a Matrix room at *#fbone:matrix.freedombone.net*
 If you want to make your own specially branded version of the mesh images, such as for a particular event, then to change the default desktop backgrounds edit the images within *img/backgrounds* and to change the available avatars and desktop icons edit the images within *img/avatars*. Re-create disk images using the instructions shown previously.
 
 If you need particular /dconf/ commands to alter desktop appearance or behavior then see the function /mesh_client_startup_applications/ within *src/freedombone-image-customise*.
+
+
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/domains.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+begin_export html
-<center><h1>How to get a domain name</h1></center>
-#+end_export
+* How to get a domain name
 
 * The domain name itself
 

doc/EN/faq.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, hubzilla, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
+#+KEYWORDS: freedombone, faq
 #+DESCRIPTION: Frequently asked questions
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
-
-#+BEGIN_EXPORT html
-<center>
-<h1>Frequently Asked Questions</h1>
-</center>
-#+END_EXPORT
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/surveillanceoptions.jpg]]
+
 /Possible options for dealing with bulk surveillance at The Glass Room exhibition, 2017/
-#+END_CENTER
+
 
 #+BEGIN_CENTER
 #+ATTR_HTML: :border -1
 | [[How is Tor integrated with Freedombone?]]                                                   |
 | [[Can I add a clearnet domain to an onion build?]]                                            |
 | [[Why use Github?]]                                                                           |
+| [[After using nmap or other scanning tool I can no longer log in]]                            |
 | [[Should I upload my GPG keys to keybase.io?]]                                                |
 | [[Keys and emails should not be stored on servers. Why do you do that?]]                      |
 | [[Why can't I access my .onion site with a Tor browser?]]                                     |
 | [[Tor is censored/blocked in my area. What can I do?]]                                        |
 | [[I want to block a particular domain from getting its content into my social network sites]] |
 | [[The mesh system doesn't boot from USB drive]]                                               |
+| [[Mesh system doesn't connect to the network]]                                                |
 
 #+END_CENTER
 
 The source code for this project is experimentally independently hosted, and it is expected that in future the main development will shift over to an independent site, maybe with mirrors on Github if it still exists in a viable form.
 
 Currently many of the repositories used for applications which are not yet packaged for Debian are on Github, and to provide some degree of resilliance against depending too much upon that copies of them also exist within disk images.
+* After using nmap or other scanning tool I can no longer log in
+This system tries to block port scanners. Any other system trying to scan for open ports will have their IP address added to a temporary block list for 24 hours.
 * Should I upload my GPG keys to keybase.io?
 It's not recommended unless there exists some compelling reason for you to be on there. That site asks users to upload the *private keys*, and even if the keys are client side encrypted with a passphrase there's always the chance that there will be a data leak in future and letter agencies will then have a full time opportunity to crack the passphrases.
 
 
 ssh into your Freedombone system, go to the *administrator control panel*, select *security settings* then *Tor Bridges* and *Add a bridge*. You can then enter the details.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/controlpanel/control_panel_bridges.jpg]]
-#+END_CENTER
 
 Any bridges that you add will also show up on the About screen of the administrator control panel.
 
 
 After the system has booted successfully the problem should resolve itself on subsequent reboots.
 
+* Mesh system doesn't connect to the network
+Sometimes after boot the mesh system won't connect to other peers on the network. If this happens select the *network restart* icon and enter the password, which by default is just "freedombone". Wait for a few minutes to see if it connects.
 
-#+BEGIN_EXPORT html
-<center>
-Return to the <a href="index.html">home page</a>
-</center>
-#+END_EXPORT
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/fediverse.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_CENTER
-*Homesteading the Fediverse*
-#+END_CENTER
+* Homesteading the Fediverse
 
 Some things you might want to know about the Fediverse:
 
 * Avoid big public servers
 It may seem like a good idea and it may seem like you're doing a service to the community by allowing random strangers to register, but servers with thousands of users only cause problems - social, administrative, financial and possibly also legal. The financial strain of running a powerful server with high reliability may be enough to encourage the administrator to begin pushing advertising onto the system, or sell user content, and then before you know it you have identical problems to Twitter. Instead try to encourage people to set up their own servers. Follow this principle and a lot of arguments and stress will be more easily avoided.
 
-
-
-#+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
-#+END_CENTER
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/homeserver.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: freedombone, home server
+#+DESCRIPTION: Freedombone home server setup
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
 
-#+begin_export html
-<center><h1>Home Server</h1></center>
-#+end_export
+* Home Server
 
 The quickest way to get started is as follows. You will need to be running a Debian based system (version 8 or later), have an old but still working laptop or netbook which you can use as a server, and 8GB or larger USB thumb drive and an ethernet cable to connect the laptop to your internet router.
 
 freedombone-client
 #+end_src
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/tor_onion.jpg]]
-#+END_CENTER
 
 The version in which sites are available only via onion addresses is the easiest to get started with, since you can evaluate the system without committing to buying an ICANN domain name or needing to get involved with SSL/TLS certificates at all. However, if you do want your sites to be available typically as subdomains of a domain name which you own then remove the *--onion-addresses-only yes* option from the last command shown above. Also see the [[./domains.html][guide on setting up an ICANN domain name]].
 
 
 If you want to create images for microSD cards used within various single board computers then replace the *i386* with *beaglebone* / *cubieboard2* / *cubietruck* / *a20-olinuxino-lime* / *a20-olinuxino-lime2* / *a20-olinuxino-micro* or *apu*.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/beaglebone_black9.jpg]]
-#+END_CENTER
 
 This takes a while. Maybe an hour or so, depending on the speed of your system and the internets. The good news though is that once created you can use the resulting image any number of times, and you don't need to trust some pre-built image.
 
 
 This will show the hash code for the public ssh key of the Freedombone system.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/ssh_key_verify.jpg]]
-#+END_CENTER
 
 Open another terminal window then run:
 
 
 Use the password you wrote down earlier to log in. Select the *administrator control panel* with up and down cursor keys, space bar and enter key. You should see something like this, and you might need to re-enter your password.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/controlpanel/control_panel.jpg]]
-#+END_CENTER
 
 Then select *About*. You'll see a list of sites and their onion addresses.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/controlpanel/control_panel_about.jpg]]
-#+END_CENTER
 
 The About screen contains the ssh server public key hashes and you can compare the relevant one with the previous terminal window to verify that they're the same. If they're not then you might have a /machine-in-the-middle/ snooping on you.
 
 
 Press any key to exit from the About screen. You can then select *Add/Remove apps* and add whatever applications you wish to run. Note that some apps will only run on x86 systems, but most will install and run on ARM single board computers. More details on particular apps can be [[./apps.html][found here]].
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/controlpanel/control_panel_apps.jpg]]
-#+END_CENTER
 
 Once your apps have installed you can go back to the About screen, pick an onion address and try it within a Tor compatible browser. You'll need to know the login passwords and those can be found within the /Passwords/ section of the administrator control panel. An axiom of the Freedombone system is that /if given the choice users will usually use insecure passwords/, so on this system passwords are generated randomly. If you need to then you can transfer the passwords into your favourite password manager and remove them from the server by going to the *Security Settings* section of the administrator control panel and choosing *Export passwords* and *Password storage*.
 
 man freedombone-image
 #+end_src
 
-#+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion
-#+END_CENTER
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/index.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: freedombone
+#+DESCRIPTION: Freedombone project
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-[[file:images/bbb3.png]]
-#+END_CENTER
 
-#+begin_quote
-"/With the increasing move of our computing to cloud infrastructures, we give up the control of our computing to the managers of those infrastructures. Our terminals (laptops, desktops) might now be running entirely on Free Software, but this is increasingly irrelevant given that most of what actually matters gets executed on a remote closed system that we don’t control. The Free Software community needs to work to help users keep the control of all their computing, by developing suitable alternatives and facilitating their deployment./"
+So you want to run your own internet services? Email, chat, VoIP, web sites, file synchronisation, wikis, blogs, social networks, media hosting, backups, VPN. Freedombone is a home server system which enables you to self-host all of these things.
 
-#+end_quote
+You can run Freedombone on an old laptop or a single board computer. See the [[./installmethods.html][list of installation methods]]. You can also use it to [[./mesh.html][set up a mesh network]] in your local area.
 
-So you want to run your own internet services? Email, chat, VoIP, web sites, file synchronisation, wikis, blogs, social networks, media hosting, backups, VPN. Freedombone enables you to do all of that in a self-hosted way, where you keep control of your data and it resides in your own home.
-
-A list of other supported ARM boards [[./boards.html][can be found here]], or you can install onto an old laptop or netbook. Some installation instructions for different use cases are:
-
- * [[./homeserver.html][Typical installation]]
- * Installing [[./beaglebone.html][on a Beaglebone Black]]
- * Installing on an [[./debianinstall.html][existing Debian system]]
- * Installing [[./armbian.html][on Armbian]], for unsupported ARM boards such as Raspberry Pi
- * Creating a dedicated [[./socialinstance.html][fediverse instance]] for a single user or to host a community
- * Deploying a [[./mesh.html][mesh network]] which can operate with or without the internet
-
-After installation it's possible that you might want some advice on how to run your system and set up apps to work nicely with it.
-
- * [[./domains.html][How to get a domain name]]
- * [[./security.html][Improving security]]
- * [[./users.html][Adding or removing users]]
- * [[./apps.html][Apps available on the system]]
- * [[./faq.html][Frequently Asked Questions]]
- * [[./mobile.html][Advice on setting up a mobile phone]]
- * [[./support.html][I like this project. How can I help to support it?]]
+Check out the [[./apps.html][list of available apps]] and [[./faq.html][Frequently Asked Questions]] section. Recent developments are also described on [[https://blog.freedombone.net/tag/freedombone][the blog]].
 
+Disk images which can be cloned straight to USB or microSD drives are [[./downloads/v31][available here]].
 
 If you find bugs, or want to add a new app to this system see the [[./devguide.html][Developers Guide]] and [[./codeofconduct.html][Code of Conduct]]. There is a Matrix chat room available at *#fbone:matrix.freedombone.net*.
 
-Ready made disk images which can be copied onto USB or microSD drives are [[./downloads/current][available here]].
+If you like this project and want to support continued development then [[./support.html][here's what to do]].
 
-#+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
-#+END_CENTER
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/installation.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, hubzilla, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: freedombone, installation
+#+DESCRIPTION: Freedombone installation
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Installation</h1>
-</center>
-#+END_EXPORT
+* Installation
 
 | [[Building an image for a Single Board Computer or Virtual Machine]] |
 | [[Checklist]]                                                        |

doc/EN/installmethods.org

+#+TITLE:
+#+AUTHOR: Bob Mottram
+#+EMAIL: bob@freedombone.net
+#+KEYWORDS:  freedombone, installation
+#+DESCRIPTION: Installation methods
+#+OPTIONS: ^:nil toc:nil
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
+
+#+attr_html: :width 80% :height 10% :align center
+[[file:images/logo.png]]
+
+Most people don't have a static external IP address, so you will need to have an account on a dymanic DNS service. [[https://freedns.afraid.org][FreeDNS]] is the one recommended, but others are available.
+
+If you want systems to be available within an ordinary web browser, such as Firefox, then you will need to [[./domains.html][obtain a domain name]].
+
+A list of other supported ARM boards [[./boards.html][can be found here]], or you can install onto an old laptop or netbook. Some installation instructions for different use cases are:
+
+ * [[./homeserver.html][Typical installation]]
+ * Installing [[./beaglebone.html][on a Beaglebone Black]]
+ * Installing on an [[./debianinstall.html][existing Debian system]]
+ * Installing [[./armbian.html][on Armbian]], for unsupported ARM boards such as Raspberry Pi
+ * Creating a dedicated [[./socialinstance.html][fediverse instance]] for a single user or to host a community
+ * Deploying a [[./mesh.html][mesh network]] which can operate with or without the internet
+ * [[./users.html][Adding or removing users]]
+ * [[./security.html][Improving security]]
+ * [[./mobile.html][Advice on setting up a mobile phone]]
+ * [[./apps.html][Apps available on the system]]
+ * [[./faq.html][Frequently Asked Questions]]
+
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/mesh.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: freedombone, mesh
+#+DESCRIPTION: Freedombone mesh network
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+begin_export html
-<center><h1>Mesh Network</h1></center>
-#+end_export
+* Mesh Network
 
 The Freedombone Mesh is a wireless solution for autonomous or internet connected communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
 
  * [[./mesh_custom.html][Customisation]]
  * [[./mesh_usage.html][How to use it]]
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/mesh_desktop1.png]]
-#+END_CENTER
 
 Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small businesses who don't want the overhead of server maintenance, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies.
 
 
 Like [[https://libremesh.org][LibreMesh]], this system uses a combination of [[https://en.wikipedia.org/wiki/B.A.T.M.A.N.][batman-adv]] on network layer 2 and [[http://bmx6.net][BMX]] on layer 3. Routing protocols [[http://www.olsr.org][OLSR2]] and [[https://www.irif.fr/~jch/software/babel][Babel]] are also selectable.
 
-#+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion
-#+END_CENTER
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/mesh_capabilities.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: freedombone, mesh
+#+DESCRIPTION: Freedombone mesh network capabilities
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+begin_export html
-<center><h1>Mesh Network: Capabilities</h1></center>
-#+end_export
+* Mesh Network: Capabilities
 
 The mesh system has the following capabilities:
 
  - Publicly shared data is /content addressable/
 
 This system should be quite scalable. Both qTox and IPFS are based upon distributed hash tables (DHT) so that each peer does not need to store the full index of data for the entire network. Gossiping between SSB peers may be slower, but the [[https://en.wikipedia.org/wiki/Small-world_network][small world effect]] will presumably still make for quite efficient delivery in a large network. Caching or pinning of IPFS data and its content addressability means that if a file or blog becomes popular then performance should improve as the number of downloads increases, which is the opposite of the client/server paradigm.
+
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/mesh_custom.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: freedombone, mesh
+#+DESCRIPTION: Freedombone mesh network customisation
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+begin_export html
-<center><h1>Mesh Network: Customisation</h1></center>
-#+end_export
+* Mesh Network: Customisation
 
 If you want to make your own specially branded version, such as for a particular event, then to change the default desktop backgrounds edit the images within *img/backgrounds* and to change the available avatars and desktop icons edit the images within *img/avatars*. Re-create disk images using the instructions shown previously.
 
 If you need particular /dconf/ commands to alter desktop appearance or behavior then see the function /mesh_client_startup_applications/ within *src/freedombone-image-customise*.
+
+
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/mesh_images.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: freedombone, mesh
+#+DESCRIPTION: Freedombone mesh network images
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+begin_export html
-<center><h1>Mesh Network: Images</h1></center>
-#+end_export
+* Mesh Network: Images
 
 * Pre-built Disk Images
 ** Writing many images quickly
 The MultiWriter tool is also available within mesh client images, so that you can use mesh systems to create more copies of the same system.
 ** Client images
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/mesh_netbook.jpg]]
-#+END_CENTER
 
 "Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 16GB in size.
 
 #+begin_src bash
 sudo apt-get install xz-utils wget
-wget https://freedombone.net/downloads/current/freedombone-meshclient-i386.img.xz
-wget https://freedombone.net/downloads/current/freedombone-meshclient-i386.img.xz.sig
+wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz
+wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz.sig
 gpg --verify freedombone-meshclient-i386.img.xz.sig
-sha256sum freedombone-meshclient-i386.img.xz
-49391230de6a4f1966db091813deb8f9d93c947677f5483baa52400d7fcba7d3
 unxz freedombone-meshclient-i386.img.xz
 sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8
 sudo dd bs=1M if=freedombone-meshclient-i386.img of=/dev/sdX conv=fdatasync
 
 #+begin_src bash
 sudo apt-get install xz-utils wget
-wget https://freedombone.net/downloads/current/freedombone-meshclient-insecure-i386.img.xz
-wget https://freedombone.net/downloads/current/freedombone-meshclient-insecure-i386.img.xz.sig
+wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.img.xz
+wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.img.xz.sig
 gpg --verify freedombone-meshclient-insecure-i386.img.xz.sig
-sha256sum freedombone-meshclient-insecure-i386.img.xz
-c11783741e66df5072ffcbef8d9b04260a2298d84e33c72fefa4bb539d094810
 unxz freedombone-meshclient-insecure-i386.img.xz
 sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8
 sudo dd bs=1M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdatasync
 ** Router images
 Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do.
 *** Beaglebone Black
-#+BEGIN_CENTER
+#+attr_html: :width 50% :align center
 [[file:images/mesh_router.jpg]]
-#+END_CENTER
 
 The above picture shows a Beaglebone Black with the image copied onto a microSD card (there's no need to do anything with the internal EMMC). A USB Atheros wifi adaptor with a large antenna is attached and in this case power is from the mains, although it could be from a battery or solar power system capable of supplying 5 volts and maybe 1A (depending upon how active the router is).
 
 #+begin_src bash
 sudo apt-get install xz-utils wget
-wget https://freedombone.net/downloads/current/freedombone-mesh_beaglebone-armhf.img.xz
-wget https://freedombone.net/downloads/current/freedombone-mesh_beaglebone-armhf.img.xz.sig
+wget https://freedombone.net/downloads/v31/freedombone-mesh_beaglebone-armhf.img.xz
+wget https://freedombone.net/downloads/v31/freedombone-mesh_beaglebone-armhf.img.xz.sig
 gpg --verify freedombone-mesh_beaglebone-armhf.img.xz.sig
 sha256sum freedombone-mesh_beaglebone-armhf.img.xz
 ad8f22c0d46c98a80aa47b5809402971cf5cf26ebf587c59a667307b2386c3d2
 
 #+begin_src bash
 sudo apt-get -y install git wget build-essential
-wget https://freedombone.net/downloads/current/freedombone.tar.gz
-wget https://freedombone.net/downloads/current/freedombone.tar.gz.sig
+wget https://freedombone.net/downloads/v31/freedombone.tar.gz
+wget https://freedombone.net/downloads/v31/freedombone.tar.gz.sig
 gpg --verify freedombone.tar.gz.sig
-sha256sum freedombone.tar.gz
-afbb536564140aa28c6491d45b7474ced5a0b018539ffd3e96b13b242a41792e
 tar -xzvf freedombone.tar.gz
 cd freedombone
 git checkout stretch
 #+end_src
 
 The resulting image can be copied to a microSD card, inserted into a Beaglebone Black and booted. Don't forget to plug in an Atheros USB wifi dongle.
+
+
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/mesh_philosophic.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, mesh
-#+DESCRIPTION: Turn any laptop or a Beaglebone Black into an off-the-grid mesh peer
+#+KEYWORDS: freedombone, mesh
+#+DESCRIPTION: Philosophy of the Freedombone mesh
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+begin_export html
-<center><h1>Mesh Network: Philosophic</h1></center>
-#+end_export
+* Mesh Network: Philosophic
 
 #+begin_quote
  "/I see mesh networks naturally evolving to become the dominant form of network over the next few decades, because it’s the most practical solution to a number of problems that will have to be solved in order to build the VR web as well as to connect the entire world to the internet. Centralized networks are only possible in highly developed countries with existing infrastructures like power and telephone grids, as well as roads. You can’t build a tower where you don’t have either power or access. For vast areas of the world, mesh networks will be the only feasible solution./" -- Valkyrie Ice
 
 * Evolvable
 The network should be built with future development in mind. The platform should be flexible enough to support technologies, protocols and modes of usage that have not yet been developed.
+
+
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/mesh_usage.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: mesh, network, freedombone
+#+DESCRIPTION: How to use the Freedombone mesh network
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+begin_export html
-<center><h1>Mesh Network: How to use it</h1></center>
-#+end_export
+* Mesh Network: How to use it
 
  * [[Boot trouble]]
  * [[Set the Date]]
 
 When you first boot from the USB drive the system will create some encryption keys, assign a unique network address to the system and then reboot itself. When that's done you should see a prompt asking for a username. This username just makes it easy for others to initially find you on the mesh and will appear in the list of users.
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/mesh_initial_login.jpg]]
-#+END_CENTER
+
 
 After a minute or two if you are within wifi range and there is at least one other user on the network then you should see additional icons appear on the desktop, such as /Other Users/ and /Chat/.
 
 
 Select the wifi icon on the desktop and enter the password '/freedombone/'. The network configuration will go into a monitoring mode and in the bottom right side of the window you will be able to see signal strength and other parameters. This can help you to locate systems or adjust antennas to get the best wifi performance.
 
-
-#+BEGIN_CENTER
+#+attr_html: :width 70% :align center
 [[file:images/mesh_signal.jpg]]
-#+END_CENTER
 
 When you are finished close the window and then select the /Network Restart/ desktop icon, which will restart the B.A.T.M.A.N. network. You can also use the restart icon if you are within range of the mesh network but the /Chat/ and /Other Users/ icons do not automatically appear after a few minutes.
 * Connecting to the internet
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/mesh_architecture2.jpg]]
-#+END_CENTER
 
 If you need to be able to access the internet from the mesh then connect one of the peers to an internet router using an ethernet cable (shown as yellow above), then reboot it. Other peers in the mesh, including any attached mobile devices, will then be able to access the internet using the ethernet attached peer as a gateway. [[https://en.wikipedia.org/wiki/Freifunk][Freifunk]] works in a similar way.
 
 Where /myclient.ovpn/ comes from your VPN provider and with the password "/freedombone/".
 * Connecting two meshes over the internet via a VPN tunnel
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/mesh_architecture_vpn.jpg]]
-#+END_CENTER
 
 Maybe the internet exists, but you don't care about getting any content from it and just want to use it as a way to connect mesh networks from different geographical locations together.
 
 In your home directory on a system connected via ethernet to an internet router you'll find a file called *vpn.tar.gz*. If you want another mesh to be able to connect to yours then send them this file and get them to uncompress it into their home directory also on an internet gateway machine. If they have an external IP address or domain name for your router then they will be able to VPN connect using the *Connect Meshes* icon. They should also forward port 653 from their internet router to the mesh gateway machine.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/mesh_connect.png]]
-#+END_CENTER
 
 You should create a new *vpn.tar.gz* file for every other mesh which wants to be able to connect to yours. If you are prompted for a password it is 'freedombone'.
 
 
 * Mobile devices (phones, etc)
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/mesh_architecture3.jpg]]
-#+END_CENTER
 
 To allow mobile devices to connect to the mesh you will need a second wifi adapter connected to your laptop/netbook/SBC. Plug in a second wifi adapter then reboot the system. The second adaptor will then create a wifi hotspot (the connection shown in green above) which mobile devices can connect to. The hotspot name also contains its local IP address (eg. "/mesh-192.168.1.83/").
 
 On a typical Android device go to *Settings* then *Security* and ensure that *Unknown sources* is enabled. Also within *Wifi* from the *Settings* screen select the mesh hotspot. The password is "/freedombone/". Open a non-Tor browser and navigate to the IP address showing in the hotspot name. You can then download and install mesh apps.
 
-#+BEGIN_CENTER
+#+attr_html: :width 50% :align center
 [[file:images/mesh_mobileapps.jpg]]
-#+END_CENTER
 
 On some android devices you may need to move the downloaded APK file from the *Downloads* directory to your *home* directory before you can install it.
 * Chat System
 
 Ensure that you're within wifi range of at least one other mesh peer (could be a router or client) and then you should see that the /Chat/ and /Other Users/ icons appear. Select the users icon and you should see a list of users on the mesh.
 
-#+BEGIN_CENTER
+#+attr_html: :width 50% :align center
 [[file:images/mesh_peerslist.png]]
-#+END_CENTER
 
 Selecting a user followed by the Ok button will copy their Tox ID to the clipboard.
 
 Now select the /Chat/ icon and once you are connected you should see the status light turn green. If after a few minutes you don't get the green status light then try closing and re-opening the Tox chat application. Select the plus button to add a friend and then paste in a Tox ID.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/mesh_paste_tox_id.jpg]]
-#+END_CENTER
 
 The other user can then accept or decline your friend request.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/mesh_friend_request.jpg]]
-#+END_CENTER
 
 You can also select an avatar by selecting the grey head and shoulders image.
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/mesh_choose_avatar.jpg]]
-#+END_CENTER
 
 And by selecting the user from the list on the left hand side the chat can begin.
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/mesh_text_chat.jpg]]
-#+END_CENTER
 
 One important point is that by default the microphone is turned off. When doing voice chat you can select the microphone volume with the drop down slider in the top right corner of the screen.
 
 * Collaborative document editing
 The mesh system includes the ability to collaboratively edit various sorts of documents using CryptPad. CryptPad is an almost peer-to-peer system in that it is designed for a client/server environment but that the server aspect of it is very minimal and limited to orchestrating the connected clients. With CryptPad installed on each mesh peer it effectively enables peer-to-peer collaborative editing. Documents are ephemeral and forgotten unless they're exported or copy-pasted to permanent storage.
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/mesh_cryptpad1.jpg]]
-#+END_CENTER
 
 To create a document click on the CryptPad icon. Depending upon the specifications of your system it may take a few seconds to load, so don't be too disturned if the browser contents look blank for a while. Select _Rich Text Pad_ and give yourself a username.
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/mesh_cryptpad2.jpg]]
-#+END_CENTER
 
 If you have the chat system running you can then copy and paste the URL for your pad into the chat, and the other user can then open the link and edit the document with you. You can repeat that for however many other users you wish to be able to edit.
 
 
 Double click on the "Social" icon to open the app, then add your nickname and optionally a description. If you want to choose an avatar image some can be found within the directory */usr/share/freedombone/avatars*. On older systems or systems without a hardware random number generator, Patchwork sometimes takes a long time (a few minutes) to open for the first time after clicking the icon. This is most likely due to the initial generation of encryption keys, so be patient.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/patchwork_setup.jpg]]
-#+END_CENTER
 
 Other Patchwork users on the mesh will appear automatically under the *local* list and you can select and follow them if you wish. It's also possible to select the dark theme from *settings* on the drop down menu if you prefer.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/patchwork_public.jpg]]
-#+END_CENTER
 
 The Secure Scuttlebutt protocol which Patchwork is based upon is intended to be robust to intermittent network connectivity, so you can write posts when out of range and they will sync once you are back in the network.
 
 * Sharing Files
 You can make files publicly available on the network simply by dragging and dropping them into the /Public/ folder on the desktop. To view the files belonging to another user select the desktop icon called /Visit a site/ and enter the username or Tox ID of the other user.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/mesh_share_files.jpg]]
-#+END_CENTER
 
 * Blogging
 To create a blog post select the /Blog/ icon on the desktop and then select *New blog entry* and *Ok*. Edit the title of the entry and add your text. You can also include photos if you wish - just copy them to the *CreateBlog/content/images* directory and then link to them as shown.
 
-#+BEGIN_CENTER
+#+attr_html: :width 50% :align center
 [[file:images/mesh_blog.png]]
-#+END_CENTER
 
 To finish your blog entry just select /Save/ and then close the editor. On older hardware it may take a while to publish the results, and this depends upon the amount of computation needed by IPFS to create file hashes. If you make no changes to the default text then the new blog entry will not be saved.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/mesh_new_blog2.jpg]]
-#+END_CENTER
 
-#+BEGIN_CENTER
+
+#+attr_html: :width 80% :align center
 [[file:images/mesh_view_blog.jpg]]
-#+END_CENTER
 
 You can also visit other blogs, edit or delete your previous entry and change your blog theme.
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[file:images/mesh_select_blog_theme.png]]
-#+END_CENTER
+
+
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/meshindex.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h3>Welcome to the Freedombone Mesh</h3>
-The following apps are available:
-</center>
-#+END_EXPORT
+* Welcome to the Freedombone Mesh
+>>>>>>> 8161704e106728bec7e22d3211109faa06801081
 
 #+BEGIN_EXPORT html
  <center>

doc/EN/mirrors.org

-#+TITLE:
-#+AUTHOR: Bob Mottram
-#+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Mirroring git repositories
-#+OPTIONS: ^:nil toc:nil
-#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
-
-#+BEGIN_CENTER
-[[file:images/logo.png]]
-#+END_CENTER
-
-#+BEGIN_EXPORT html
-<center>
-<h1>Mirrors</h1>
-</center>
-#+END_EXPORT
-
-| [[What are mirrors and why do they exist?]]                         |
-| [[What security do mirrors have?]]                                  |
-| [[How do I set up mirrors?]]                                        |
-| [[Do mirrors include debian package repositories?]]                 |
-| [[What do I need to do to keep the mirrored repositories updated?]] |
-
-* What are mirrors and why do they exist?
-It would be nice if all of the applications used by this project were packaged for Debian, but currently they're not. This means that various upstream git repositories are used and these mostly reside on Github. What if Github were to go away, become paying only or be censored in some manner which was difficult to work around? To guard against this possibility the repositories are mirrored on each install and can then be made available to other users so that new installations or updates could still occur without the original default repos.
-* What security do mirrors have?
-On each install you have a /mirrors/ user created, whose only purpose is to mirror upstream repositories. A random password is generated for the /mirrors/ user which can be seen within the control panel and so given to other users who may need it.
-* How do I set up mirrors?
-The interactive installer will ask whether you want to configure the main respositories. Enter the URL, which will typically be an onion address, the ssh port number and the password for the mirrors on that system.
-* Do mirrors include debian package repositories?
-No. Packages for Debian will still be accessed in the conventional manner.
-* Can I change mirrors after the system has been installed
-Yes. From the control panel select "/Set the main repository/"
-
-#+BEGIN_CENTER
-[[file:images/controlpanel/control_panel_mirrors.jpg]]
-#+END_CENTER
-
-* What do I need to do to keep the mirrored repositories updated?
-Nothing. That happens as part of regular automatic updates.
-
-#+BEGIN_EXPORT html
-<center>
-Return to the <a href="index.html">home page</a>
-</center>
-#+END_EXPORT

doc/EN/mobile.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: freedombone, mobile
+#+DESCRIPTION: Freedombone mobile setup
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Mobile</h1>
-</center>
-#+END_EXPORT
+* Mobile
 
 Mobile phones are insecure devices, but they're regarded as being so essential to modern life that telling people not to use them isn't a viable option. Here are some recommendations on setting up a mobile phone (aka "smartphone") to work with Freedombone.
 
 * Email
 The easiest way to access email is by installing the [[./app_mailpile.html][Mailpile]] app. This keeps your GPG keys off of possibly insecure mobile devices but still enables encrypted email communications in an easy way. You can use K9 mail if you prefer, but that will require installing OpenKeychain and having your GPG keys on the device, which is a lot more risky.
 * Services
-For information on configuring various apps to work with Freedombone see the [[file:./usage.html][usage section]]. Also see advice on chat apps in the [[file:./faq.html][FAQ]].
+For information on configuring various apps to work with Freedombone see the [[file:./apps.html][apps section]]. Also see advice on chat apps in the [[file:./faq.html][FAQ]].
 
 * Battery
 Even with free software apps it's not difficult to get into a situation where your battery doesn't last for long. To maximize battery life access RSS feeds via the onion-based mobile reader within a Tor-compatible browser and not from a locally installed RSS app.
 Return to the <a href="index.html">home page</a>
 </center>
 #+END_EXPORT
+
+
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/related.org

-#+TITLE:
-#+AUTHOR: Bob Mottram
-#+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, hubzilla, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
-#+OPTIONS: ^:nil toc:nil
-#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
-
-#+BEGIN_CENTER
-[[file:images/logo.png]]
-#+END_CENTER
-
-#+BEGIN_EXPORT html
-<center>
-<h1>Related Projects</h1>
-</center>
-#+END_EXPORT
-
-#+BEGIN_EXPORT html
- <center>
-The following projects made Freedombone possible.<br>
- <table style="width:80%; border:0">
-  <tr>
-    <td><center><a href="https://wiki.nginx.org">Nginx</a></center></td>
-    <td><center><a href="https://www.openssl.org">Openssl</a></center></td>
-    <td><center><a href="https://www.gnupg.org">Gnupg</a></center></td>
-  </tr>
-  <tr>
-    <td><center><a href="https://www.debian.org">Debian</a></center></td>
-    <td><center><a href="https://freedomboxfoundation.org">Freedombox</a></center></td>
-    <td><center><a href="https://beagleboard.org/products/beaglebone+black">Beagleboard</a></center></td>
-  </tr>
-  <tr>
-    <td><center><a href="https://www.dokuwiki.org/dokuwiki">Dokuwiki</a></center></td>
-    <td><center><a href="https://gnu.io">GNU Social</a></center></td>
-    <td><center><a href="https://github.com/redmatrix/hubzilla">Hubzilla</a></center></td>
-  </tr>
-  <tr>
-    <td><center><a href="https://www.torproject.org">Tor</a></center></td>
-    <td><center><a href="https://prosody.im">Prosody</a></center></td>
-    <td><center><a href="https://syncthing.net">Syncthing</a></center></td>
-  </tr>
-  <tr>
-    <td><center><a href="https://tox.chat/">Tox</a></center></td>
-    <td><center><a href="https://bettercrypto.org">Bettercrypto</a></center></td>
-  </tr>
-</table>
-</center>
-#+END_EXPORT

doc/EN/release3.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/release3.jpg]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h2>Building an internet run by the users, for the users</h2>
-</center>
-#+END_EXPORT
+* Building an internet run by the users, for the users
 
 The internet may still be mostly in the clutches of a few giant megacorporations and dubious governments with sketchy agendas, but it doesn't have to remain that way. With the third version of the Freedombone system there is now more scope than before to take back your privacy, have ownership of personal data and run your own online communities without undesirable intermediaries.
 

doc/EN/release31.org

+#+TITLE:
+#+AUTHOR: Bob Mottram
+#+EMAIL: bob@freedombone.net
+#+KEYWORDS: freedombone
+#+DESCRIPTION: Version 3.1
+#+OPTIONS: ^:nil toc:nil
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
+
+#+attr_html: :width 80% :height 10% :align center
+[[file:images/logo.png]]
+
+* *Version 3.1*
+
+Newer and shinier than before, [[./index.html][Freedombone]] 3.1 rests upon the solid foundation of Debian stable and delivers major new self-hosted apps, improved mesh networking and a new logo. It supports version 3 onion addresses and the ability to use [[./usage_email.html][email with onion and I2P addresses]]. New apps are:
+
+ * [[./app_akaunting.html][Akaunting]]: Personal or small business accounts
+ * [[./app_bdsmail.html][bdsmail]]: Avoid PGP complexity by using email over I2P
+ * [[./app_bludit.html][Bludit]]: Painless markdown blogging
+ * [[./app_edith.html][Edith]]: The simplest possible note taking system
+ * [[./app_icecast.html][Icecast]]: Run your own internet radio station
+ * [[./app_peertube.html][PeerTube]]: Peer-to-peer video hosting system
+ * [[./app_pleroma.html][Pleroma]]: Ultra lightweight fediverse instance with Mastodon compatibility
+
+The [[./mesh.html][mesh version]] now supports BMX6, OLSR2 and Babel routing protocols on layer 3 and so is protocol compatible with [[https://libremesh.org][LibreMesh]]. It also now runs on pure IPv6 and has built in video editor and CryptPad integration for networked collaboration even during times when the internet is not available.
+
+There is a new [[./socialinstance.html][social instance]] image build option, if you want to be able to rapidly deploy fediverse instances, and a [[./devguide.html][template command]] for quickly adding new apps to the system which automates a lot of the boilerplate.
+
+According to some narratives the open web is dying with the silo companies comprising 80% of web traffic and what remains being pushed into an increasingly marginal corner. But at the same time these colonial occupiers have come under renewed [[https://www.wired.co.uk/article/open-letter-mark-zuckerberg-congress][public criticism]] as they continue to abuse their monopoly powers in ever more egregious ways. 2017 seemed to be a turning point in attitudes towards Silicon Valley generally and there is room for a new kind of movement to get started which is about reclaiming the internet for the common good.
+
+This is where we make our stand. If the internet falls then so too does freedom.
+
+The future is decentralized.
+
+* Installation
+
+The simplest way to install is from a pre-made disk image. Images can be [[https://freedombone.net/downloads/v31][downloaded here]]. You will need to have previously obtained a domain name and have a dynamic DNS account somewhere. Or if you don't need clearnet domains and will be using Tor compatible browsers then you can use the "onion only" images where apps will be accessible via an onion address.
+
+Copy the image to a microSD card or USB thumb drive, replacing sdX with the identifier of the USB thumb drive. Don't include any numbers (so for example use sdc instead of sdc1).
+
+#+BEGIN_SRC bash
+unxz downloadedimagefile.img.xz
+dd bs=1M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
+#+END_SRC
+
+And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.
+
+Plug the microSD or USB drive into the target hardware which you want to use as a server and power on. If you're using an old laptop or netbook as the server then you will need to set the BIOS to boot from USB.
+
+As the system boots for the first time the login is:
+
+#+BEGIN_SRC bash
+username: fbone
+password: freedombone
+#+END_SRC
+
+If you're installing from a microSD card on a single board computer without a screen and keyboard attached then you can ssh into it with:
+
+#+BEGIN_SRC bash
+ssh fbone@freedombone.local -p 2222
+#+END_SRC
+
+Using the initial password "freedombone". If you have trouble accessing the server then make sure you have Avahi installed and [[https://en.wikipedia.org/wiki/Multicast_DNS][mDNS]] enabled.
+
+You will then be shown a new randomly generated password. It's very important that you write this down somewhere or transfer it to a password manager before going further, because you'll need this to log in later.
+
+More detailed installation instructions are linked from [[./installmethods.html][the main site]].
+
+* Upgrading from a previous install
+
+To upgrade from version 3 just go to the *administrator control panel* and select *check for updates*.

doc/EN/security.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
 * Authentication with keys
 It's a lot more secure to log in to the Freedombone system using ssh keys rather than with a password. You can set that up by first running:

doc/EN/socialinstance.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT HTML
-<center>
-<h1>Social Instance</h1>
-</center>
-#+END_EXPORT
+* Social Instance
 
 A social instance image allows you to easily set up a fediverse server, which federates using the OStatus or ActivityPub protocol. You will need:
 
 
 #+begin_src bash
 sudo apt-get install xz-utils wget
-wget https://freedombone.net/downloads/current/freedombone-pleroma-amd64.img.xz
-wget https://freedombone.net/downloads/current/freedombone-pleroma-amd64.img.xz.sig
+wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz
+wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz.sig
 gpg --verify freedombone-pleroma-amd64.img.xz.sig
 unxz freedombone-pleroma-amd64.img.xz
 sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8
 
 Plug the USB drive into the laptop and connect it to your internet router with the ethernet cable.
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/laptop_router.jpg]]
-#+END_CENTER
 
 * Boot the laptop from the USB drive
 
 You may need to alter the BIOS settings to get this to work reliably.
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/bios_boot_usb.jpg]]
-#+END_CENTER
 
 * Forward ports 80 (HTTP) and 443 (HTTPS) from your internet router to the laptop
 
 Log into your internet router using a non-Tor browser (usually it's on an address like 192.168.1.1 or 192.168.1.254). Often port forwarding settings are together with firewall settings.
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/port_forwarding.png]]
-#+END_CENTER
 
 * From another machine ssh into the laptop
 
 
 Navigate to your domain and register a new user.
 
-#+BEGIN_CENTER
+#+attr_html: :width 100% :align center
 [[file:images/pleroma_register.jpg]]
-#+END_CENTER
 
 More details about setting up and using Pleroma [[./app_pleroma.html][can be found here]].
 
-#+BEGIN_CENTER
+#+attr_html: :width 50% :align center
 [[file:images/tusky.jpg]]
-#+END_CENTER

doc/EN/support.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: freedombone, support
+#+DESCRIPTION: How to support the Freedombone project
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
-#+BEGIN_EXPORT html
-<center>
-<h1>Support</h1>
-</center>
-#+END_EXPORT
+* Support
 
 * Contact details
 
 ** Howto videos
 If you're good at making videos then a howto for installing Freedombone onto various types of hardware, or testing the mesh system in realistic/exotic scenarios would be good. You could even host videos on PeerTube or Mediagoblin.
 ** More education and promotion
-#+BEGIN_CENTER
+#+attr_html: :width 50% :align center
 [[./images/educate.png]]
-#+END_CENTER
+
 Many people are unaware that running their own internet services /is even a possibility/. Many also believe that internet services can be provided only if they're supported by advertising or donations, and that only gigantic data centres have enough computing capacity to serve web pages on a worldwide scale. Others may be fearful of encryption due to misrepresentations or misunderstandings of it in the mainstream media. Some may be intimidated by the apparent complexity and think that you need to be some sort of silicon valley genius in order to run a web service on your own. Even many technically-minded folks often believe that they can't run a home server unless they have a static IP address, which isn't true, and others are put off by thinking that any such server will be immediately [[https://en.wikipedia.org/wiki/Pwn][pwned]] by blackhat hackers.
 
 Raising awareness beyond the near zero current level, overcoming fear and paranoia and dispelling some of the prevalent myths will definitely help.
 ** Packaging
 Helping to package GNU Social and Hubzilla for Debian would be beneficial.
 
-#+BEGIN_EXPORT html
-<center>
-Return to the <a href="index.html">home page</a>
-</center>
-#+END_EXPORT
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/usage.org

-#+TITLE:
-#+AUTHOR: Bob Mottram
-#+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, hubzilla, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
-#+OPTIONS: ^:nil toc:nil
-#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
-
-#+BEGIN_CENTER
-[[file:images/logo.png]]
-#+END_CENTER
-
-#+BEGIN_EXPORT html
-<center>
-<h1>Usage</h1>
-</center>
-#+END_EXPORT
-
-| [[Improving security]]                                   |
-| [[Administrating the system via an onion address (Tor)]] |
-| [[./mobile.html][Mobile advice]]                                        |
-| [[./usage_email.html][Using Email]]                                          |
-| [[./app_syncthing.html][Syncing to the Cloud]]                                 |
-| [[./app_dlna.html][Play Music]]                                           |
-| [[./app_gnusocial.html][Microblogging (GNU Social)]]                           |
-| [[./app_postactiv.html][Microblogging (PostActiv)]]                            |
-| [[./app_ghost.html][Blogging with Ghost]]                                  |
-| [[./app_htmly.html][Blogging with HTMLy]]                                  |
-| [[./app_hubzilla.html][Social Network]]                                       |
-| [[./app_lychee.html][Photo albums]]                                         |
-| [[./app_mediagoblin.html][Hosting video and audio content]]                      |
-| [[./app_dokuwiki.html][Wiki]]                                                 |
-| [[./app_etherpad.html][Collaborative document editing]]                       |
-| [[./app_irc.html][Multi-user chat with IRC]]                             |
-| [[./app_xmpp.html][XMPP/Jabber]]                                          |
-| [[./app_tox.html][Tox]]                                                  |
-| [[./app_mumble.html][Mumble]]                                               |
-| [[./app_mailpile.jtml][Mailpile]]                                             |
-| [[./app_rss.html][RSS Reader]]                                           |
-| [[./app_radicale.html][CalDAV calendar server]]                               |
-| [[./app_gogs.html][Git Projects]]                                         |
-| [[Adding or removing users]]                             |
-| [[./app_pihole.html][Blocking Ads]]                                         |
-| [[./app_turtl.html][Making and sharing notes and images]]                  |
-
-* Improving security
-It's a lot more secure to log in to the Freedombone system using ssh keys rather than with a password. You can set that up by first running:
-
-#+begin_src bash
-freedombone-client
-#+end_src
-
-On your local system (i.e. whatever you're logging in to the Freedombone system from, typically a laptop). Then:
-
-#+begin_src
-ssh myusername@freedombone.local -p 2222
-#+end_src
-
-Select *Administrator controls* and re-enter your password, then *Manage Users* and *Change user ssh public key*. Copy and paste the ssh public keys which appeared after the *freedombone-client* command was run. Then go to *Security settings* and select *Allow ssh login with passwords* followed by *no*.
-
-You'll need to make sure that you have a copy of the ~/.ssh directory on your local system. You could just copy that directory to a USB drive and then keep that somewhere safe so that you can restore the keys if you need to.
-* Administrating the system via an onion address (Tor)
-You can also access your system via the Tor system using an onion address. To find out what the onion address for ssh access is you can do the following:
-
-#+BEGIN_SRC bash
-ssh username@freedombone.local -p 2222
-#+END_SRC
-
-Select /Administrator controls/ then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following on your local system:
-
-#+BEGIN_SRC bash
-freedombone-client
-#+END_SRC
-
-This will set up your ssh environment to be able to handle onion addresses. Then you can test ssh with:
-
-#+BEGIN_SRC bash
-ssh username@address.onion -p 2222
-#+END_SRC
-
-Subsequently even if dynamic DNS isn't working you may still be able to administer your system. Using the onion address also gives you some degree of protection against corporate or government metadata analysis, since it becomes more difficult to passively detect which systems are communicating.
-* Adding or removing users
-Log into the system with:
-
-#+BEGIN_SRC bash
-ssh username@domainname -p 2222
-#+END_SRC
-
-Select *Administrator controls* then *User Management*. Depending upon the type of installation after selecting administrator controls you might need to enter:
-
-#+BEGIN_SRC bash
-sudo su
-control
-#+END_SRC
-
-[[file:images/controlpanel/control_panel_manage_users.jpg]]

doc/EN/usage_email.org

 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, hubzilla, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
+#+KEYWORDS: freedombone, email
+#+DESCRIPTION: How to use email on Freedombone
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
 | [[Things to be aware of]]                           |
 | [[A technical note about email transport security]] |
 #+BEGIN_QUOTE
 /The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor/
 #+END_QUOTE
+
+A way to avoid these pitfalls altogether is to use onion addresses (see the section below) or [[./app_bdsmail.html][I2P addresses]] for email. These are not so convenient because they use long random strings which aren't memorable as addresses, but they do give a strong assurance that whoever recieves the message is the intended recipient and that emails can't be read passively during their transport across the internet.
 * Add a password to your GPG key
 If you didn't use existing GPG keys during the Freedombone installation then you'll need to add a password to your newly generated private key. This is highly recommended. Go through the following sequence of commands to ssh into the Freedombone and then change your GPG password.
 
 exit
 #+END_SRC
 * Mutt email client
-
-#+BEGIN_CENTER
+#+attr_html: :width 80% :align center
 [[./images/mutt.jpeg]]
-#+END_CENTER
 
 Mutt is a terminal based email client which comes already installed onto the Freedombone. To access it you'll need to access it via ssh with:
 
 #+END_SRC
 
 Select /Administrator controls/ then *Email filtering rules* then *Block/Unblock and email address* or *Block/Unblock email with subject line*. Also see the manpage for *freedombone-ignore*.
+* Using onion email addresses
+By default this system comes with the ability to send and receive emails using onion addresses as the domain name. On the *user control panel* if you select *Show your email address* then you should find one ending with /dot onion/. You will also see a QR code for that address, which provides a simple way to transfer it to a mobile phone if necessary.
+
+If you want to give your onion email address to someone else securely then you can use the QR code to transfer it to a phone and copy and paste the address into an encrypted chat app, such as Conversations. Of course they will probably also need to be running Freedombone or some system capable of handling onion email addresses.
+
+When sending email from an onion address it's not strictly necessary to use GPG/PGP. Tor handles the transport security by itself. You can still use it though if you prefer to have an extra layer of message security. You can also still use onion email addresses even if your ISP blocks the typical email ports (25 and 465).
+
+If you don't make your onion email address public then it should be fairly resisent to spam, since spammers won't be able to randomly guess onion addresses (there are far too many), whereas it's a lot easier for them to do that with conventional domain names.
 * Using I2P for email transport
 For the most paranoid use cases it is also possible to use I2P as an email transport mechanism. This will of course require the people you're communicating with to have a similar setup in place. For details see the [[./app_bdsmail.html][bdsmail app]]. An advantage of this is that it's very unlikely that your email will get blocked. The disadvantage is that few others will be capable of receiving email this way, and it's only really usable via the Mutt email client.

doc/EN/users.org

 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 
-#+BEGIN_CENTER
+#+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
-#+END_CENTER
 
 Log into the system with:
 
 
 Select *Administrator controls* then *User Management*.
 
+#+attr_html: :width 80% :align center
 [[file:images/controlpanel/control_panel_manage_users.jpg]]
+
+#+attr_html: :width 10% :height 2% :align center
+[[file:fdl-1.3.txt][file:images/gfdl.png]]

doc/EN/variants.org

-#+TITLE:
-#+AUTHOR: Bob Mottram
-#+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
-#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
-#+OPTIONS: ^:nil toc:nil
-#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
-
-#+BEGIN_CENTER
-[[file:images/logo.png]]
-#+END_CENTER
-
-#+BEGIN_EXPORT html
-<center>
-<h1>Variants</h1>
-</center>
-#+END_EXPORT
-
-Freedombone may be installed either in its entirety or as different variants with a more specialised purpose.  So for example if you just want to run a blog but don't care about any other services then you can do that. The following variants are available:
-
-#+BEGIN_EXPORT html
- <center>
- <table style="width:80%; border:0">
-  <tr>
-    <td><center><b>Mailbox</b><br>An email server with GPG encryption</center></td>
-    <td><center><b>Cloud</b><br>Sync and share files. Never lose important files again</center></td>
-  </tr>
-  <tr>
-    <td><center><b>Social</b><br>Social networking with Hubzilla and GNU Social</center></td>
-    <td><center><b>Media</b><br>Runs media services such as DLNA to play music or videos on your devices</center></td>
-  </tr>
-  <tr>
-    <td><center><b>Writer</b><br>Host your blog and wiki</center></td>
-    <td><center><b>Chat</b><br>Encrypted IRC, XMPP, Tox and VoIP services for one-to-one and many-to-many chat</center></td>
-  </tr>
-  <tr>
-    <td><center><b>Developer</b><br>Github-like system to host your software projects</center></td>
-    <td><center><b>Mesh</b><br>A wireless mesh network which is like the internet, but not the internet</center></td>
-  </tr>
-</table>
-</center>
-#+END_EXPORT
-
-Non-mesh installs also come with an RSS reader which provides strong reading privacy on desktop and mobile via the use of a Tor onion service.
-
-#+BEGIN_EXPORT html
-<center>
-Return to the <a href="index.html">home page</a>
-</center>
-#+END_EXPORT

src/freedombone-app-datserver

+#!/bin/bash
+#
+#  _____               _           _
+# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
+# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
+# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
+#
+#                              Freedom in the Cloud
+#
+# The main issue here is bootstrapping. What is running
+# on the bootstrap server publicbits.org port 6881 ?
+#
+# Also it appears that users trying to clone have to
+# register an account on datbase.org or another datbase
+# server
+#
+# License
+# =======
+#
+# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+VARIANTS='full full-vim'
+
+IN_DEFAULT_INSTALL=0
+SHOW_ON_ABOUT=0
+
+DATSERVER_DOMAIN_NAME=
+DATSERVER_CODE=
+DATSERVER_HYPERCORED_VERSION='1.4.1'
+DATSERVER_DIRECTORY=/etc/datserver
+DATSERVER_PORT=3282
+
+# bootstrap servers are specified here
+DATSERVER_BOOTSTRAP_FILE=$DATSERVER_DIRECTORY/node_modules/datland-swarm-defaults/index.js
+
+DATSERVER_DISCOVERY1='discovery1.publicbits.org'
+DATSERVER_DISCOVERY2='discovery2.publicbits.org'
+DATSERVER_BOOTSTRAP1='bootstrap1.publicbits.org:6881'
+DATSERVER_BOOTSTRAP2='bootstrap2.publicbits.org:6881'
+DATSERVER_BOOTSTRAP3='bootstrap3.publicbits.org:6881'
+DATSERVER_BOOTSTRAP4='bootstrap4.publicbits.org:6881'
+
+datserver_variables=(MY_USERNAME
+                     DATSERVER_DISCOVERY1
+                     DATSERVER_DISCOVERY2
+                     DATSERVER_BOOTSTRAP1
+                     DATSERVER_BOOTSTRAP2
+                     DATSERVER_BOOTSTRAP3
+                     DATSERVER_BOOTSTRAP4)
+
+function datserver_generate_bootstraps {
+  { echo "var extend = require('xtend')";
+    echo '';
+    echo "var DAT_DOMAIN = 'dat.local'";
+    echo 'var DEFAULT_DISCOVERY = [';
+    echo "  '$DATSERVER_DISCOVERY1',";
+    echo "  '$DATSERVER_DISCOVERY2'";
+    echo ']';
+    echo 'var DEFAULT_BOOTSTRAP = [';
+    echo "  '$DATSERVER_BOOTSTRAP1',";
+    echo "  '$DATSERVER_BOOTSTRAP2',";
+    echo "  '$DATSERVER_BOOTSTRAP3',";
+    echo "  '$DATSERVER_BOOTSTRAP4'";
+    echo ']';
+    echo '';
+    echo 'var DEFAULT_OPTS = {';
+    echo '  dns: {server: DEFAULT_DISCOVERY, domain: DAT_DOMAIN},';
+    echo '  dht: {bootstrap: DEFAULT_BOOTSTRAP}';
+    echo '}';
+    echo '';
+    echo 'module.exports = function (opts) {';
+    echo '  return extend(DEFAULT_OPTS, opts) // opts takes priority';
+    echo '}'; } > $DATSERVER_BOOTSTRAP_FILE
+
+  chown datserver:datserver $DATSERVER_BOOTSTRAP_FILE
+}
+
+function datserver_configure_bootstraps {
+    read_config_param DATSERVER_DISCOVERY1
+    read_config_param DATSERVER_DISCOVERY2
+
+    read_config_param DATSERVER_BOOTSTRAP1
+    read_config_param DATSERVER_BOOTSTRAP2
+    read_config_param DATSERVER_BOOTSTRAP3
+    read_config_param DATSERVER_BOOTSTRAP4
+
+    data=$(mktemp 2>/dev/null)
+    dialog --backtitle $"Freedombone Control Panel" \
+           --title $"dat bootstrap servers" \
+           --form $"Specify discovery and bootstrap servers:\\n" 14 68 6 \
+           $"Discovery 1:" 1 1 "$DATSERVER_DISCOVERY1" 1 15 50 99 \
+           $"Discovery 2:" 2 1 "$DATSERVER_DISCOVERY2" 2 15 50 99 \
+           $"Bootstrap 1:" 3 1 "$DATSERVER_BOOTSTRAP1" 3 15 50 99 \
+           $"Bootstrap 2:" 4 1 $"$DATSERVER_BOOTSTRAP2" 4 15 50 99 \
+           $"Bootstrap 3:" 5 1 $"$DATSERVER_BOOTSTRAP3" 5 15 50 99 \
+           $"Bootstrap 4:" 6 1 $"$DATSERVER_BOOTSTRAP4" 6 15 50 99 \
+           2> "$data"
+    sel=$?
+    case $sel in
+        1)  rm -f "$data"
+            return;;
+        255) rm -f "$data"
+             return;;
+    esac
+    DATSERVER_DISCOVERY1=$(sed -n 1p < "$data")
+    DATSERVER_DISCOVERY2=$(sed -n 2p < "$data")
+    DATSERVER_BOOTSTRAP1=$(sed -n 3p < "$data")
+    DATSERVER_BOOTSTRAP2=$(sed -n 4p < "$data")
+    DATSERVER_BOOTSTRAP3=$(sed -n 4p < "$data")
+    DATSERVER_BOOTSTRAP4=$(sed -n 4p < "$data")
+    rm "$data"
+
+    write_config_param DATSERVER_DISCOVERY1
+    write_config_param DATSERVER_DISCOVERY2
+
+    write_config_param DATSERVER_BOOTSTRAP1
+    write_config_param DATSERVER_BOOTSTRAP2
+    write_config_param DATSERVER_BOOTSTRAP3
+    write_config_param DATSERVER_BOOTSTRAP4
+
+    datserver_generate_bootstraps
+    systemctl restart datserver
+}
+
+function logging_on_datserver {
+    echo -n ''
+}
+
+function logging_off_datserver {
+    echo -n ''
+}
+
+function remove_user_datserver {
+    echo -n ''
+}
+
+function add_user_datserver {
+    echo -n ''
+    echo '0'
+}
+
+function change_password_datserver {
+    echo -n ''
+}
+
+function install_interactive_datserver {
+    echo -n ''
+    APP_INSTALLED=1
+}
+
+function reconfigure_datserver {
+    # This is used if you need to switch identity. Dump old keys and generate new ones
+    echo -n ''
+}
+
+function datserver_add_dat {
+    data=$(mktemp 2>/dev/null)
+    dialog --title $"Add a dat" \
+           --backtitle $"Freedombone Control Panel" \
+           --inputbox $"dat link:" 8 70 2>"$data"
+    sel=$?
+    case $sel in
+        0)
+            dat_link=$(<"$data")
+            if [ "$dat_link" ]; then
+                if [ ${#dat_link} -gt 5 ]; then
+                    if ! grep -q "$dat_link" $DATSERVER_DIRECTORY/feeds; then
+                        echo "$dat_link" >> $DATSERVER_DIRECTORY/feeds
+                        chown -R datserver:datserver $DATSERVER_DIRECTORY/feeds
+                        systemctl restart datserver
+                    fi
+                fi
+            fi
+            ;;
+    esac
+    rm -f "$data"
+}
+
+function configure_interactive_datserver {
+    W=(1 $"Add a dat"
+       2 $"Browse or edit feeds"
+       3 $"Bootstrap servers")
+
+    while true
+    do
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"dat server" --menu $"Choose an operation, or ESC for main menu:" 11 70 4 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+           break
+        fi
+        case $selection in
+            1) datserver_add_dat
+               ;;
+            2) cd $DATSERVER_DIRECTORY || break
+               editor feeds
+               chown -R datserver:datserver $DATSERVER_DIRECTORY/feeds
+               systemctl restart datserver
+               ;;
+            3) datserver_configure_bootstraps
+               ;;
+        esac
+    done
+}
+
+function upgrade_datserver {
+    CURR_DATSERVER_HYPERCORED_VERSION=$(get_completion_param "datserver hypercored version")
+    if [[ "$CURR_DATSERVER_HYPERCORED_VERSION" != "$DATSERVER_HYPERCORED_VERSION" ]]; then
+        cd $DATSERVER_DIRECTORY || exit 254274
+        systemctl stop datserver
+        if npm update hypercored@$DATSERVER_HYPERCORED_VERSION; then
+            set_completion_param "datserver hypercored version" "$DATSERVER_HYPERCORED_VERSION"
+        fi
+        datserver_generate_bootstraps
+        chown -R datserver:datserver "$DATSERVER_DIRECTORY"
+        systemctl restart datserver
+    fi
+}
+
+function backup_local_datserver {
+    source_directory=$DATSERVER_DIRECTORY
+
+    systemctl stop datserver
+
+    dest_directory=datserver
+    backup_directory_to_usb "$source_directory" $dest_directory
+
+    systemctl start datserver
+}
+
+function restore_local_datserver {
+    systemctl stop datserver
+
+    temp_restore_dir=/root/tempdatserver
+    datserver_dir=$DATSERVER_DIRECTORY
+
+    restore_directory_from_usb $temp_restore_dir datserver
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$datserver_dir" ]; then
+            cp -rp "$temp_restore_dir$datserver_dir"/* "$datserver_dir"/
+        else
+            if [ ! -d "$datserver_dir" ]; then
+                mkdir "$datserver_dir"
+            fi
+            cp -rp "$temp_restore_dir"/* "$datserver_dir"/
+        fi
+        chown -R datserver:datserver "$datserver_dir"
+        rm -rf $temp_restore_dir
+    fi
+    systemctl start datserver
+
+}
+
+function backup_remote_datserver {
+    source_directory=$DATSERVER_DIRECTORY
+    systemctl stop datserver
+
+    dest_directory=datserver
+    backup_directory_to_friend "$source_directory" $dest_directory
+
+    systemctl start datserver
+}
+
+function restore_remote_datserver {
+    systemctl stop datserver
+
+    temp_restore_dir=/root/tempdatserver
+    datserver_dir=$DATSERVER_DIRECTORY
+
+    restore_directory_from_friend $temp_restore_dir datserver
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$datserver_dir" ]; then
+            cp -rp "$temp_restore_dir$datserver_dir"/* "$datserver_dir"/
+        else
+            if [ ! -d "$datserver_dir" ]; then
+                mkdir "$datserver_dir"
+            fi
+            cp -rp $temp_restore_dir/* "$datserver_dir"/
+        fi
+        chown -R datserver:datserver "$datserver_dir"
+        rm -rf $temp_restore_dir
+    fi
+    systemctl start datserver
+
+}
+
+function remove_datserver {
+    if [ -f /etc/systemd/system/datserver.service ]; then
+        systemctl stop datserver
+        systemctl disable datserver
+        rm /etc/systemd/system/datserver.service
+    fi
+    userdel -r datserver
+
+    remove_nodejs datserver
+
+    if [ -d $DATSERVER_DIRECTORY ]; then
+        rm -rf $DATSERVER_DIRECTORY
+    fi
+
+    remove_app datserver
+    remove_completion_param install_datserver
+    sed -i '/datserver/d' "$COMPLETION_FILE"
+    firewall_remove $DATSERVER_PORT
+}
+
+function install_datserver {
+    apt-get -yq install wget
+
+    install_nodejs datserver
+
+    if [ -d $DATSERVER_DIRECTORY ]; then
+        rm -rf $DATSERVER_DIRECTORY
+    fi
+    mkdir $DATSERVER_DIRECTORY
+    cd $DATSERVER_DIRECTORY || exit 3658356
+
+    if ! npm install hypercored@$DATSERVER_HYPERCORED_VERSION; then
+        echo $'hypercored was not installed'
+        exit 4635439
+    fi
+
+    if ! npm install lil-pids@2.6.1; then
+        echo $'lil-pids was not installed'
+        exit 36483463
+    fi
+
+    echo "$DATSERVER_DIRECTORY/node_modules/.bin/hypercored --cwd $DATSERVER_DIRECTORY" > $DATSERVER_DIRECTORY/services
+
+    set_completion_param "datserver hypercored version" "$DATSERVER_HYPERCORED_VERSION"
+
+    adduser --system --home="$DATSERVER_DIRECTORY" --group datserver
+    if [ ! -d $DATSERVER_DIRECTORY ]; then
+        echo $'dat directory was not created'
+        exit 9568356
+    fi
+
+    datserver_generate_bootstraps
+
+    chown -R datserver:datserver "$DATSERVER_DIRECTORY"
+
+    firewall_add datserver $DATSERVER_PORT
+
+    { echo '[Unit]';
+      echo 'After=syslog.target network.target remote-fs.target nss-lookup.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=datserver';
+      echo 'Group=datserver';
+      echo "ExecStart=$DATSERVER_DIRECTORY/node_modules/.bin/lil-pids $DATSERVER_DIRECTORY/services $DATSERVER_DIRECTORY/pids";
+      echo 'Restart=always';
+      echo "WorkingDirectory=$DATSERVER_DIRECTORY";
+      echo 'StandardError=syslog';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/datserver.service
+
+    systemctl enable datserver
+    systemctl start datserver
+
+    APP_INSTALLED=1
+}
+
+# NOTE: deliberately there is no "exit 0"

src/freedombone-app-peertube

         nodecmd='torsocks node'
     fi
 
-    data2=$(mktemp 2>/dev/null)
-    dialog --title "Choose the video file (select with spacebar)" --fselect "/home/$MY_USERNAME/" 30 60 2> "$data2"
-    selected_file=$(cat "$data2")
-    rm -f "$data2"
+    selected_file=$(dialog --title "Choose the video file (select with spacebar)" --fselect "/home/$MY_USERNAME/" 30 60)
     if [ ! "$selected_file" ]; then
         return
     fi

src/freedombone-app-pleroma

 PLEROMA_PORT=4000
 PLEROMA_ONION_PORT=8011
 PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
-PLEROMA_COMMIT='303289d7daac3a51f991bb8603f36628a5d944c1'
+PLEROMA_COMMIT='fef8daa454ab04ac2394e02efcc2b48c1fbad91c'
 PLEROMA_ADMIN_PASSWORD=
 PLEROMA_DIR=/etc/pleroma
 PLEROMA_SECRET_KEY=""

src/freedombone-app-scuttlebot

 
 SCUTTLEBOT_DOMAIN_NAME=
 SCUTTLEBOT_CODE=
-SCUTTLEBOT_VERSION='10.4.6'
+SCUTTLEBOT_VERSION='11.2.0'
 SCUTTLEBOT_PORT=8010
 SCUTTLEBOT_ONION_PORT=8623
 GIT_SSB_PORT=7718
 }
 
 function scuttlebot_create_invite {
-    invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g')
+    invite_string=$(su -c "/etc/scuttlebot/node_modules/.bin/sbot invite.create 1" - scuttlebot | sed 's/"//g')
 
     clear
     echo -e "\\n\\nYour Scuttlebot invite code is:\\n\\n${invite_string}\\n\\n"
 
 function scuttlebot_git_setup {
     if [[ "$1" == "mesh" ]]; then
-        if [ ! -d "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight" ]; then
-            mkdir "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight"
+
+        if [ ! -d "$rootdir/root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight" ]; then
+            mkdir "$rootdir/root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight"
         fi
-        if [ ! -f "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" ]; then
+        if [ ! -f "$rootdir/root/.npm-global/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" ]; then
             echo $'Could not find foundation.css'
             exit 347687245
         fi
-        cp "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css"
+        cp "$rootdir/root/.npm-global/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" "$rootdir/root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css"
 
         git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb
         { echo 'server {';
             exit 7357225
         fi
 
-        if [ ! -d /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight ]; then
-            mkdir /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight
+        if [ ! -d /root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight ]; then
+            mkdir /root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight
         fi
-        if [ ! -f /usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css ]; then
+        if [ ! -f /root/.npm-global/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css ]; then
             echo $'Could not find foundation.css'
             exit 347687245
         fi
-        cp /usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css
+        cp /root/.npm-global/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css /root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css
 
         git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
         function_check nginx_http_redirect
     fi
 
     { echo '';
-      echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
+      echo '  root /root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
       echo '';
       echo '  location = / {';
       echo "    proxy_pass http://localhost:${GIT_SSB_PORT};";
           echo '  add_header X-Content-Type-Options nosniff;';
           echo '  add_header X-Frame-Options SAMEORIGIN;';
           echo '';
-          echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
+          echo '  root /root/.npm-global/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
           echo '';
           echo '  location = / {';
           echo "    proxy_pass http://localhost:${GIT_SSB_PORT};";
 
 function mesh_install_dat {
     get_npm_arch
+    mesh_setup_npm
 
     cat <<EOF > "$rootdir/usr/bin/install_dat"
 #!/bin/bash
     mesh_install_dat
 
     get_npm_arch
+    mesh_setup_npm
+
+    if [ ! -d "$rootdir/etc/scuttlebot" ]; then
+        mkdir -p "$rootdir/etc/scuttlebot"
+    fi
+
+    # an unprivileged user to install and run as
+    chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot
+    chroot "$rootdir" chown -R scuttlebot:scuttlebot /etc/scuttlebot
 
     cat <<EOF > "$rootdir/usr/bin/install_scuttlebot"
 #!/bin/bash
-npm install --arch=$NPM_ARCH -g scuttlebot@${SCUTTLEBOT_VERSION}
-npm install --arch=$NPM_ARCH -g git-ssb
-npm install --arch=$NPM_ARCH -g git-remote-ssb
+cd /etc/scuttlebot || exit 1
+if ! npm install --arch=$NPM_ARCH scuttlebot@${SCUTTLEBOT_VERSION}; then
+    exit 2
+fi
+exit 0
 EOF
     chroot "$rootdir" /bin/chmod +x /usr/bin/install_scuttlebot
-    chroot "$rootdir" /usr/bin/install_scuttlebot
+    chroot "$rootdir" sudo -u scuttlebot /usr/bin/install_scuttlebot
     rm "$rootdir/usr/bin/install_scuttlebot"
 
-    if [ ! -f "$rootdir/usr/local/bin/sbot" ]; then
+    if [ ! -f "$rootdir/etc/scuttlebot/node_modules/.bin/sbot" ]; then
         echo $'Scuttlebot was not installed'
         exit 528253
     fi
 
-    if [ ! -d "$rootdir/etc/scuttlebot" ]; then
-        mkdir -p "$rootdir/etc/scuttlebot"
-    fi
-
-    # an unprivileged user to run as
-    chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot
+    cat <<EOF > "$rootdir/usr/bin/install_git_ssb"
+#!/bin/bash
+npm config set prefix '~/.npm-global'
+export PATH=~/.npm-global/bin:$PATH
+export NPM_CONFIG_PREFIX=~/.npm-global
+source ~/.profile
+if ! npm install --arch=$NPM_ARCH -g git-ssb; then
+    exit 1
+fi
+if ! npm install --arch=$NPM_ARCH -g git-remote-ssb; then
+    exit 2
+fi
+exit 0
+EOF
+    chroot "$rootdir" /bin/chmod +x /usr/bin/install_git_ssb
+    chroot "$rootdir" /usr/bin/install_git_ssb
+    rm "$rootdir/usr/bin/install_git_ssb"
 
     # daemon
     { echo '[Unit]';
       echo 'User=scuttlebot';
       echo 'Group=scuttlebot';
       echo "WorkingDirectory=/etc/scuttlebot";
-      echo 'ExecStart=/usr/local/bin/sbot server';
+      echo 'ExecStart=/etc/scuttlebot/node_modules/.bin/sbot server';
       echo 'Restart=always';
       echo 'Environment="USER=scuttlebot"';
       echo '';
     function_check install_nodejs
     install_nodejs scuttlebot
 
-    npm install -g scuttlebot@${SCUTTLEBOT_VERSION}
-    if [ ! -f /usr/local/bin/sbot ]; then
+    if [ ! -d /etc/scuttlebot ]; then
+        mkdir -p /etc/scuttlebot
+    fi
+
+    # an unprivileged user to install and run as
+    useradd -d /etc/scuttlebot/ scuttlebot
+    chown -R scuttlebot:scuttlebot /etc/scuttlebot
+
+    cat <<EOF > /usr/bin/install_scuttlebot
+#!/bin/bash
+cd /etc/scuttlebot || exit 1
+if ! npm install scuttlebot@${SCUTTLEBOT_VERSION}; then
+    exit 2
+fi
+exit 0
+EOF
+    chmod +x /usr/bin/install_scuttlebot
+    su -c '/usr/bin/install_scuttlebot' - scuttlebot
+    rm /usr/bin/install_scuttlebot
+
+    if [ ! -f /etc/scuttlebot/node_modules/.bin/sbot ]; then
+        echo $'Scuttlebot was not installed'
         exit 528253
     fi
 
     npm install -g git-ssb
     npm install -g git-remote-ssb
 
-    if [ ! -d /etc/scuttlebot ]; then
-        mkdir -p /etc/scuttlebot
-    fi
-
-    npm install -g dat
-
-    # an unprivileged user to run as
-    useradd -d /etc/scuttlebot/ scuttlebot
-
     # daemon
     { echo '[Unit]';
       echo 'Description=Scuttlebot (messaging system)';
       echo 'User=scuttlebot';
       echo 'Group=scuttlebot';
       echo "WorkingDirectory=/etc/scuttlebot";
-      echo 'ExecStart=/usr/local/bin/sbot server';
+      echo 'ExecStart=/etc/scuttlebot/node_modules/.bin/sbot server';
       echo 'Restart=always';
       echo 'Environment="USER=scuttlebot"';
       echo '';

src/freedombone-base-tripwire

     if ! grep -q '!/usr/local/lib/node_modules' /etc/tripwire/twpol.txt; then
         sed -i '\|/etc\t\t->.*|a\    !/usr/local/lib/node_modules ;' /etc/tripwire/twpol.txt
     fi
+    if ! grep -q '!/root/.npm-global/lib/node_modules' /etc/tripwire/twpol.txt; then
+        sed -i '\|/etc\t\t->.*|a\    !/root/.npm-global/lib/node_modules ;' /etc/tripwire/twpol.txt
+    fi
     # Events here are likely due to USB HRNG activity
     if ! grep -q '!/dev/char' /etc/tripwire/twpol.txt; then
         sed -i '\|/dev\t\t->.*|a\    !/dev/char ;' /etc/tripwire/twpol.txt

src/freedombone-client

 SETUP_CLIENT_APP_NAME=
 
 # Version number of this script
-VERSION="2.00"
+VERSION="3.1"
 
 # get the main project file, so that some values can be extracted
 MAIN_PROJECT_FILE=/usr/local/bin/${PROJECT_NAME}

src/freedombone-image-customise

     fi
 
     get_npm_arch
+    mesh_setup_npm
 
     git clone "$PATCHWORK_REPO" "$rootdir/etc/patchwork"
     if [ ! -d "$rootdir/etc/patchwork" ]; then
     install_avahi
     install_batman
     install_bmx6
-    install_bmx7
+    #install_bmx7
     install_olsr2
     install_babel
     mesh_shutdown_script

src/freedombone-image-mesh

     systemctl disable bmx6
     echo $'BMX6 disabled' >> $INSTALL_LOG
 
-    systemctl stop bmx7
-    systemctl disable bmx7
-    echo $'BMX7 disabled' >> $INSTALL_LOG
+    if [ -d /etc/bmx7 ]; then
+        systemctl stop bmx7
+        systemctl disable bmx7
+        echo $'BMX7 disabled' >> $INSTALL_LOG
+    fi
 
     systemctl stop olsr2
     systemctl disable olsr2

src/freedombone-mesh-batman

     fi
 
     systemctl stop bmx6
-    systemctl stop bmx7
+    if [ -d /etc/bmx7 ]; then
+        systemctl stop bmx7
+    fi
     systemctl stop olsr2
     systemctl stop babel
     systemctl disable bmx6

src/freedombone-template

 echo ''
 echo "function install_interactive_${app_name} {"
 if [ ! $app_onion_only ]; then
-    echo "    if [ ! \"\$ONION_ONLY\" ]; then"
-    echo "        ONION_ONLY='no'"
-    echo '    fi'
-    echo ''
-    echo "    if [[ \"\$ONION_ONLY\" != \"no\" ]]; then"
-    echo "        ${app_name_upper}_DOMAIN_NAME='${app_name}.local'"
-    echo "        write_config_param \"${app_name_upper}_DOMAIN_NAME\" \"\$${app_name_upper}_DOMAIN_NAME\""
-    echo '    else'
-    echo "        interactive_site_details \"${app_name}\" \"${app_name_upper}_DOMAIN_NAME\" \"${app_name_upper}_CODE\""
-    echo '    fi'
+    if [ $app_webui ]; then
+        echo "    if [ ! \"\$ONION_ONLY\" ]; then"
+        echo "        ONION_ONLY='no'"
+        echo '    fi'
+        echo ''
+        echo "    if [[ \"\$ONION_ONLY\" != \"no\" ]]; then"
+        echo "        ${app_name_upper}_DOMAIN_NAME='${app_name}.local'"
+        echo "        write_config_param \"${app_name_upper}_DOMAIN_NAME\" \"\$${app_name_upper}_DOMAIN_NAME\""
+        echo '    else'
+        echo "        interactive_site_details \"${app_name}\" \"${app_name_upper}_DOMAIN_NAME\" \"${app_name_upper}_CODE\""
+        echo '    fi'
+    else
+        echo "    echo -n ''"
+    fi
 else
     echo "    echo -n ''"
 fi
 echo "function change_password_${app_name} {"
 echo "    curr_username=\"\$1\""
 echo "    new_user_password=\"\$2\""
-echo ''
-echo "    read_config_param '${app_name_upper}_DOMAIN_NAME'"
+if [ $app_webui ]; then
+    echo ''
+    echo "    read_config_param '${app_name_upper}_DOMAIN_NAME'"
+fi
 echo ''
 echo "    \"\${PROJECT_NAME}-pass\" -u \"\$curr_username\" -a ${app_name} -p \"\$new_user_password\""
 echo '}'
 echo '}'
 echo ''
 echo "function configure_interactive_${app_name} {"
+echo '    W=(1 $"Option 1"'
+echo '       2 $"Option 2")'
+echo ''
 echo '    while true'
 echo '    do'
-echo "        data=\$(mktemp 2>/dev/null)"
-echo "        dialog --backtitle \$\"Freedombone Control Panel\" \\"
-echo "               --title \$\"${app_name}\" \\"
-echo "               --radiolist \$\"Choose an operation:\" 16 70 3 \\"
-echo "               1 \$\"Option 1\" off \\"
-echo "               2 \$\"Option 2\" off \\"
-echo "               3 \$\"Exit\" on 2> \"\$data\""
-echo '        sel=$?'
-echo "        case \$sel in"
-echo "            1) rm -f \"\$data\""
-echo '               return;;'
-echo "            255) rm -f \"\$data\""
-echo '                 return;;'
-echo '        esac'
-echo "        case \$(cat \"\$data\") in"
+echo '        # shellcheck disable=SC2068'
+echo "        selection=\$(dialog --backtitle \$\"Freedombone Administrator Control Panel\" --title \$\"${app_name}\" --menu \$\"Choose an operation, or ESC for main menu:\" 14 70 3 \"\${W[@]}\" 3>&2 2>&1 1>&3)"
+echo ''
+echo "        if [ ! \"\$selection\" ]; then"
+echo '           break'
+echo '        fi'
+echo "        case \$selection in"
 echo '            1) # call some function for option 1'
 echo '               ;;'
 echo '            2) # call some function for option 2'
 echo '               ;;'
-echo "            3) rm -f \"\$data\""
-echo '               break;;'
 echo '        esac'
-echo "        rm -f \"\$data\""
 echo '    done'
 echo '}'
 echo ''
 echo "    if [[ \"\$CURR_${app_name_upper}_COMMIT\" == \"\$${app_name_upper}_COMMIT\" ]]; then"
 echo '        return'
 echo '    fi'
-echo ''
-echo "    if grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
-echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
-echo '    fi'
+if [ $app_webui ]; then
+    echo ''
+    echo "    if grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
+    echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
+    echo '    fi'
+fi
 echo ''
 echo '    # update to the next commit'
 if [ ! "$app_dir" ]; then
-    echo "    set_repo_commit \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\" \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\" \$${app_name_upper}_REPO"
+    echo "    set_repo_commit \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\" \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\" \"\$${app_name_upper}_REPO\""
     echo "    chown -R www-data:www-data \"/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs\""
 else
-    echo "    set_repo_commit \"${app_dir}\" \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\" \$${app_name_upper}_REPO"
+    echo "    set_repo_commit \"${app_dir}\" \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\" \"\$${app_name_upper}_REPO\""
     echo "    chown -R ${app_name}:${app_name} \"${app_dir}\""
 fi
 echo '}'
 echo ''
 echo "function backup_local_${app_name} {"
-echo "    ${app_name_upper}_DOMAIN_NAME='${app_name}'"
-echo "    if grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
-echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
-echo '    fi'
-echo ''
+if [ $app_webui ]; then
+    echo "    ${app_name_upper}_DOMAIN_NAME='${app_name}'"
+    echo "    if grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
+    echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
+    echo '    fi'
+    echo ''
+fi
 if [ ! "$app_dir" ]; then
     echo "    source_directory=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "    source_directory=${app_dir}"
 fi
-echo ''
-echo "    suspend_site \"\${${app_name_upper}_DOMAIN_NAME}\""
+if [ $app_webui ]; then
+    echo ''
+    echo "    suspend_site \"\${${app_name_upper}_DOMAIN_NAME}\""
+fi
+if [ $app_daemon ]; then
+    echo ''
+    echo "    systemctl stop ${app_name}"
+fi
 echo ''
 echo "    dest_directory=${app_name}"
 echo "    backup_directory_to_usb \"\$source_directory\" \$dest_directory"
     echo "    backup_database_to_usb ${app_name}"
     echo ''
 fi
-echo '    restart_site'
+if [ $app_webui ]; then
+    echo '    restart_site'
+fi
+if [ $app_daemon ]; then
+    echo "    systemctl start ${app_name}"
+fi
 echo '}'
 echo ''
 echo "function restore_local_${app_name} {"
-echo "    if ! grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
-echo '        return'
-echo '    fi'
-echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
-echo "    if [ \"\$${app_name_upper}_DOMAIN_NAME\" ]; then"
-echo "        temp_restore_dir=/root/temp${app_name}"
+if [ $app_webui ]; then
+    echo "    if ! grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
+    echo '        return'
+    echo '    fi'
+    echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
+    echo "    if [ ! \"\$${app_name_upper}_DOMAIN_NAME\" ]; then"
+    echo "        return"
+    echo "    fi"
+fi
+if [ $app_webui ]; then
+    echo "    suspend_site \"\${${app_name_upper}_DOMAIN_NAME}\""
+fi
+if [ $app_daemon ]; then
+    echo "    systemctl stop ${app_name}"
+    echo ''
+fi
+echo "    temp_restore_dir=/root/temp${app_name}"
 if [ ! "$app_dir" ]; then
-    echo "        ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
+    echo "    ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
-    echo "        ${app_name}_dir=${app_dir}"
+    echo "    ${app_name}_dir=${app_dir}"
 fi
 echo ''
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
-    echo "        ${app_name}_create_database"
+    echo "    ${app_name}_create_database"
     echo ''
-    echo "        restore_database ${app_name}"
-    echo "        if [ -d \$temp_restore_dir ]; then"
-    echo "            rm -rf \$temp_restore_dir"
-    echo '        fi'
+    echo "    restore_database ${app_name}"
+    echo "    if [ -d \$temp_restore_dir ]; then"
+    echo "        rm -rf \$temp_restore_dir"
+    echo '    fi'
     echo ''
 fi
 if [[ "$database_type" == "postgres"* ]]; then
-    echo "        ${app_name}_create_database"
+    echo "    ${app_name}_create_database"
     echo ''
-    echo '        USE_POSTGRESQL=1'
-    echo "        restore_database ${app_name}"
-    echo "        if [ -d \$temp_restore_dir ]; then"
-    echo "            rm -rf \$temp_restore_dir"
-    echo '        fi'
+    echo '    USE_POSTGRESQL=1'
+    echo "    restore_database ${app_name}"
+    echo "    if [ -d \$temp_restore_dir ]; then"
+    echo "        rm -rf \$temp_restore_dir"
+    echo '    fi'
     echo ''
 fi
-echo "        restore_directory_from_usb \$temp_restore_dir ${app_name}"
-echo "        if [ -d \$temp_restore_dir ]; then"
-echo "            if [ -d \"\$temp_restore_dir\$${app_name}_dir\" ]; then"
-echo "                cp -rp \"\$temp_restore_dir\$${app_name}_dir\"/* \"\$${app_name}_dir\"/"
-echo '            else'
-echo "                if [ ! -d \"\$${app_name}_dir\" ]; then"
-echo "                    mkdir \"\$${app_name}_dir\""
-echo '                fi'
-echo "                cp -rp \"\$temp_restore_dir\"/* \"\$${app_name}_dir\"/"
+echo "    restore_directory_from_usb \$temp_restore_dir ${app_name}"
+echo "    if [ -d \$temp_restore_dir ]; then"
+echo "        if [ -d \"\$temp_restore_dir\$${app_name}_dir\" ]; then"
+echo "            cp -rp \"\$temp_restore_dir\$${app_name}_dir\"/* \"\$${app_name}_dir\"/"
+echo '        else'
+echo "            if [ ! -d \"\$${app_name}_dir\" ]; then"
+echo "                mkdir \"\$${app_name}_dir\""
 echo '            fi'
-echo "            chown -R www-data:www-data \"\$${app_name}_dir\""
-echo "            rm -rf \$temp_restore_dir"
+echo "            cp -rp \"\$temp_restore_dir\"/* \"\$${app_name}_dir\"/"
 echo '        fi'
-echo ''
+if [[ ! "$app_dir" ]]; then
+    echo "        chown -R www-data:www-data \"\$${app_name}_dir\""
+else
+    echo "        chown -R ${app_name}:${app_name} \"\$${app_name}_dir\""
+fi
+echo "        rm -rf \$temp_restore_dir"
 echo '    fi'
+if [ $app_daemon ]; then
+    echo "    systemctl start ${app_name}"
+    echo ''
+fi
+if [ $app_webui ]; then
+    echo '    restart_site'
+fi
 echo '}'
 echo ''
 echo "function backup_remote_${app_name} {"
-echo "    ${app_name_upper}_DOMAIN_NAME='${app_name}'"
-echo "    if grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
-echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
-echo '    fi'
-echo ''
+if [ $app_webui ]; then
+    echo "    ${app_name_upper}_DOMAIN_NAME='${app_name}'"
+    echo "    if grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
+    echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
+    echo '    fi'
+    echo ''
+fi
 if [ ! "$app_dir" ]; then
     echo "    source_directory=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "    source_directory=${app_dir}"
 fi
-echo ''
-echo "    suspend_site \"\${${app_name_upper}_DOMAIN_NAME}\""
+if [ $app_webui ]; then
+    echo ''
+    echo "    suspend_site \"\${${app_name_upper}_DOMAIN_NAME}\""
+fi
+if [ $app_daemon ]; then
+    echo "    systemctl stop ${app_name}"
+fi
 echo ''
 echo "    dest_directory=${app_name}"
 echo "    backup_directory_to_friend \"\$source_directory\" \$dest_directory"
     echo "    backup_database_to_friend ${app_name}"
     echo ''
 fi
-echo ''
-echo '    restart_site'
+if [ $app_daemon ]; then
+    echo ''
+    echo "    systemctl start ${app_name}"
+fi
+if [ $app_webui ]; then
+    echo ''
+    echo '    restart_site'
+fi
 echo '}'
 echo ''
 echo "function restore_remote_${app_name} {"
-echo "    if ! grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
-echo '        return'
-echo '    fi'
-echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
-echo "    if [ \"\$${app_name_upper}_DOMAIN_NAME\" ]; then"
-echo "        temp_restore_dir=/root/temp${app_name}"
+if [ $app_webui ]; then
+    echo "    if ! grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
+    echo '        return'
+    echo '    fi'
+    echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
+    echo "    if [ ! \"\$${app_name_upper}_DOMAIN_NAME\" ]; then"
+    echo "        return"
+    echo "    fi"
+fi
+if [ $app_webui ]; then
+    echo "    suspend_site \"\${${app_name_upper}_DOMAIN_NAME}\""
+fi
+if [ $app_daemon ]; then
+    echo "    systemctl stop ${app_name}"
+    echo ''
+fi
+echo "    temp_restore_dir=/root/temp${app_name}"
 if [ ! "$app_dir" ]; then
-    echo "        ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
+    echo "    ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
-    echo "        ${app_name}_dir=${app_dir}"
+    echo "    ${app_name}_dir=${app_dir}"
 fi
 echo ''
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
-    echo "        ${app_name}_create_database"
+    echo "    ${app_name}_create_database"
     echo ''
-    echo "        restore_database_from_friend ${app_name}"
-    echo "        if [ -d \"\$temp_restore_dir\" ]; then"
-    echo "            rm -rf \$temp_restore_dir"
-    echo '        fi'
+    echo "    restore_database_from_friend ${app_name}"
+    echo "    if [ -d \"\$temp_restore_dir\" ]; then"
+    echo "        rm -rf \$temp_restore_dir"
+    echo '    fi'
     echo ''
 fi
 if [[ "$database_type" == "postgres"* ]]; then
-    echo "        ${app_name}_create_database"
+    echo "    ${app_name}_create_database"
     echo ''
-    echo '        USE_POSTGRESQL=1'
-    echo "        restore_database_from_friend ${app_name}"
-    echo "        if [ -d \"\$temp_restore_dir\" ]; then"
-    echo "            rm -rf \$temp_restore_dir"
-    echo '        fi'
+    echo '    USE_POSTGRESQL=1'
+    echo "    restore_database_from_friend ${app_name}"
+    echo "    if [ -d \"\$temp_restore_dir\" ]; then"
+    echo "        rm -rf \$temp_restore_dir"
+    echo '    fi'
     echo ''
 fi
-echo "        restore_directory_from_friend \$temp_restore_dir ${app_name}"
-echo "        if [ -d \$temp_restore_dir ]; then"
-echo "            if [ -d \"\$temp_restore_dir\$${app_name}_dir\" ]; then"
-echo "                cp -rp \"\$temp_restore_dir\$${app_name}_dir\"/* \"\$${app_name}_dir\"/"
-echo '            else'
-echo "                if [ ! -d \"\$${app_name}_dir\" ]; then"
-echo "                    mkdir \"\$${app_name}_dir\""
-echo '                fi'
-echo "                cp -rp \$temp_restore_dir/* \"\$${app_name}_dir\"/"
+echo "    restore_directory_from_friend \$temp_restore_dir ${app_name}"
+echo "    if [ -d \$temp_restore_dir ]; then"
+echo "        if [ -d \"\$temp_restore_dir\$${app_name}_dir\" ]; then"
+echo "            cp -rp \"\$temp_restore_dir\$${app_name}_dir\"/* \"\$${app_name}_dir\"/"
+echo '        else'
+echo "            if [ ! -d \"\$${app_name}_dir\" ]; then"
+echo "                mkdir \"\$${app_name}_dir\""
 echo '            fi'
-echo "            chown -R www-data:www-data \"\$${app_name}_dir\""
-echo "            rm -rf \$temp_restore_dir"
+echo "            cp -rp \$temp_restore_dir/* \"\$${app_name}_dir\"/"
 echo '        fi'
-echo ''
+if [[ ! "$app_dir" ]]; then
+    echo "        chown -R www-data:www-data \"\$${app_name}_dir\""
+else
+    echo "        chown -R ${app_name}:${app_name} \"\$${app_name}_dir\""
+fi
+echo "        rm -rf \$temp_restore_dir"
 echo '    fi'
+if [ $app_daemon ]; then
+    echo "    systemctl start ${app_name}"
+    echo ''
+fi
+if [ $app_webui ]; then
+    echo '    restart_site'
+fi
 echo '}'
 echo ''
 echo "function remove_${app_name} {"
-if [[ "$app_node" == 'yes' ]]; then
-    echo "    remove_nodejs ${app_name}"
+if [ $app_webui ]; then
+    echo "    nginx_dissite \"\$${app_name_upper}_DOMAIN_NAME\""
+    echo "    remove_certs \"\$${app_name_upper}_DOMAIN_NAME\""
     echo ''
 fi
-echo "    nginx_dissite \"\$${app_name_upper}_DOMAIN_NAME\""
-echo "    remove_certs \"\$${app_name_upper}_DOMAIN_NAME\""
-echo ''
 if [ $app_daemon ]; then
     echo "    if [ -f /etc/systemd/system/${app_name}.service ]; then"
     echo "        systemctl stop ${app_name}"
     echo '    fi'
     echo "    userdel -r ${app_name}"
 fi
-echo ''
-echo "    if [ -d \"/var/www/\$${app_name_upper}_DOMAIN_NAME\" ]; then"
-echo "        rm -rf \"/var/www/\$${app_name_upper}_DOMAIN_NAME\""
-echo '    fi'
-echo "    if [ -f \"/etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME\" ]; then"
-echo "        rm \"/etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME\""
-echo '    fi'
+if [ "$app_nodeapp" ]; then
+    echo "    npm uninstall -g ${app_nodeapp}"
+    echo ''
+fi
+if [[ "$app_node" == 'yes' ]]; then
+    echo "    remove_nodejs ${app_name}"
+    echo ''
+fi
+if [ $app_webui ]; then
+    echo ''
+    echo "    if [ -d \"/var/www/\$${app_name_upper}_DOMAIN_NAME\" ]; then"
+    echo "        rm -rf \"/var/www/\$${app_name_upper}_DOMAIN_NAME\""
+    echo '    fi'
+    echo "    if [ -f \"/etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME\" ]; then"
+    echo "        rm \"/etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME\""
+    echo '    fi'
+fi
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "    drop_database ${app_name}"
 fi
 if [[ "$database_type" == "postgres"* ]]; then
     echo "    drop_database_postgresql ${app_name}"
 fi
-echo "    remove_onion_service ${app_name} \${${app_name_upper}_ONION_PORT}"
+echo "    remove_onion_service ${app_name} \"\${${app_name_upper}_ONION_PORT}\""
 echo "    if grep -q \"${app_name}\" /etc/crontab; then"
 echo "        sed -i \"/${app_name}/d\" /etc/crontab"
 echo '    fi'
     echo ''
     echo "    firewall_remove ${app_port} tcp"
 fi
-echo ''
-echo "    remove_ddns_domain \"\$${app_name_upper}_DOMAIN_NAME\""
+if [ $app_webui ]; then
+    echo ''
+    echo "    remove_ddns_domain \"\$${app_name_upper}_DOMAIN_NAME\""
+fi
 echo '}'
 echo ''
 echo "function install_${app_name} {"
     echo ''
 fi
 if [[ "$app_node" == 'yes' ]]; then
-    echo "install_nodejs ${app_name}"
+    echo "    install_nodejs ${app_name}"
 fi
 if [ "$app_nodeapp" ]; then
-    echo "npm install -g ${app_nodeapp}"
+    echo "    npm install -g ${app_nodeapp}"
 fi
 if [[ "$app_php" == 'yes' ]]; then
     echo '    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl'
     echo ''
 fi
 
-echo "    if [ ! \"\$${app_name_upper}_DOMAIN_NAME\" ]; then"
-echo "        echo \$'No domain name was given'"
-echo '        exit 3568356'
-echo '    fi'
-
 if [ $app_webui ]; then
+    echo "    if [ ! \"\$${app_name_upper}_DOMAIN_NAME\" ]; then"
+    echo "        echo \$'No domain name was given'"
+    echo '        exit 3568356'
+    echo '    fi'
     echo ''
     echo "    if [ -d \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\" ]; then"
     echo "        rm -rf \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
     echo '    fi'
 fi
 
-echo "      if [ -d /repos/${app_name} ]; then"
-echo "          mkdir \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
+echo "    if [ -d /repos/${app_name} ]; then"
+if [ $app_webui ]; then
+    echo "        mkdir \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
+fi
 if [ ! "$app_dir" ]; then
-    echo "          cp -r -p /repos/${app_name}/. \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
-    echo "          cd \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\" || exit 324687356"
+    echo "        cp -r -p /repos/${app_name}/. \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
+    echo "        cd \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\" || exit 324687356"
 else
-    echo "          cp -r -p /repos/${app_name}/. \"${app_dir}\""
-    echo "          cd \"${app_dir}\" || exit 36487365"
+    echo "        cp -r -p /repos/${app_name}/. \"${app_dir}\""
+    echo "        cd \"${app_dir}\" || exit 36487365"
 fi
-echo '          git pull'
-echo '      else'
+echo '        git pull'
+echo '    else'
 if [ ! "$app_dir" ]; then
-    echo "          git_clone \$${app_name_upper}_REPO \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
+    echo "        git_clone \"\$${app_name_upper}_REPO\" \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
 else
-    echo "          git_clone \$${app_name_upper}_REPO \"${app_dir}\""
+    echo "        git_clone \"\$${app_name_upper}_REPO\" \"${app_dir}\""
 fi
-echo '      fi'
+echo '    fi'
 echo ''
 if [ ! "$app_dir" ]; then
-    echo "        if [ ! -d \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\" ]; then"
+    echo "    if [ ! -d \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\" ]; then"
 else
-    echo "        if [ ! -d \"${app_dir}\" ]; then"
+    echo "    if [ ! -d \"${app_dir}\" ]; then"
 fi
-echo "            echo \$'Unable to clone ${app_name} repo'"
-echo '            exit 87525'
-echo '        fi'
+echo "        echo \$'Unable to clone ${app_name} repo'"
+echo '        exit 87525'
+echo '    fi'
 echo ''
 if [ ! "$app_dir" ]; then
     echo "    cd \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\" || exit 36587356"
 else
     echo "    cd \"${app_dir}\" || exit 3463754637"
 fi
-echo "    git checkout \$${app_name_upper}_COMMIT -b \$${app_name_upper}_COMMIT"
+echo "    git checkout \"\$${app_name_upper}_COMMIT\" -b \"\$${app_name_upper}_COMMIT\""
 echo "    set_completion_param \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\""
-echo ''
-echo "    chmod g+w \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
-echo "    chown -R www-data:www-data \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
+if [ $app_webui ]; then
+    echo ''
+    echo "    chmod g+w \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
+    echo "    chown -R www-data:www-data \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
+fi
 
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" || "$database_type" == "postgres"*  ]]; then
     echo ''
     echo "    ${app_name}_create_database"
 fi
+if [ $app_webui ]; then
+    echo ''
+    echo "    add_ddns_domain \"\$${app_name_upper}_DOMAIN_NAME\""
+fi
 echo ''
-echo "    add_ddns_domain \"\$${app_name_upper}_DOMAIN_NAME\""
-echo ''
-echo "    ${app_name_upper}_ONION_HOSTNAME=\$(add_onion_service ${app_name} 80 \${${app_name_upper}_ONION_PORT})"
+echo "    ${app_name_upper}_ONION_HOSTNAME=\$(add_onion_service ${app_name} 80 \"\${${app_name_upper}_ONION_PORT}\")"
 
 if [ $app_webui ]; then
     echo ''
 
 if [ $app_daemon ]; then
     echo ''
-    echo "    useradd -d \"TODO_PATH_TO_INSTALL\" -s /bin/false ${app_name}"
+    if [[ ! "$app_dir" ]]; then
+        echo "    adduser --system --home=\"TODO_PATH_TO_INSTALL\" --group ${app_name}"
+    else
+        echo "    adduser --system --home=\"${app_dir}\" --group ${app_name}"
+    fi
     echo ''
     echo "    { echo '[Unit]';"
     echo "      echo 'Description=${app_name}';"
     echo "      echo '[Service]';"
     echo "      echo 'Type=simple';"
     echo "      echo 'User=${app_name}';"
-    echo "      echo 'Group=${app_name}'; } > \"/etc/systemd/system/${app_name}.service\""
+    echo "      echo 'Group=${app_name}';"
     if [ ! "$app_dir" ]; then
-        echo "    echo 'WorkingDirectory=TODO' >> \"/etc/systemd/system/${app_name}.service\""
+        echo "      echo 'WorkingDirectory=TODO';"
+    else
+        echo "      echo 'WorkingDirectory=${app_dir}';"
+    fi
+    if [[ ! "$app_nodeapp" ]]; then
+        if [ ! $app_node ]; then
+            echo "      echo 'ExecStart=TODO';"
+        else
+            echo "      echo 'ExecStart=/usr/local/bin/npm start';"
+            echo "      echo 'ExecStop=/usr/local/bin/npm stop';"
+        fi
     else
-        echo "    echo 'WorkingDirectory=${app_dir}' >> \"/etc/systemd/system/${app_name}.service\""
+        echo "      echo 'ExecStart=/usr/local/bin/node $app_nodeapp';"
+        echo "      echo 'Environment=NODE_ENV=production';"
     fi
-    echo "    { echo 'ExecStart=TODO';"
+    echo "      echo 'Environment=USER=${app_name}';"
     echo "      echo 'Restart=always';"
-    echo "      echo 'Environment=\"USER=${app_name}\"';"
+    echo "      echo 'StandardError=syslog';"
     echo "      echo '';"
     echo "      echo '[Install]';"
     echo "      echo 'WantedBy=multi-user.target'; } >> \"/etc/systemd/system/${app_name}.service\""
     fi
     echo "    systemctl start ${app_name}"
 fi
-echo ''
-echo "    create_site_certificate \"\$${app_name_upper}_DOMAIN_NAME\" 'yes'"
-echo ''
-echo "    nginx_ensite \"\$${app_name_upper}_DOMAIN_NAME\""
-echo ''
+if [ $app_webui ]; then
+    echo ''
+    echo "    create_site_certificate \"\$${app_name_upper}_DOMAIN_NAME\" 'yes'"
+    echo ''
+    echo "    nginx_ensite \"\$${app_name_upper}_DOMAIN_NAME\""
+fi
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
+    echo ''
     echo '    systemctl restart mariadb'
 fi
-if [[ "$app_php" == 'yes' ]]; then
-    echo '    systemctl restart php7.0-fpm'
+if [ $app_webui ]; then
+    if [[ "$app_php" == 'yes' ]]; then
+        echo ''
+        echo '    systemctl restart php7.0-fpm'
+    fi
+    echo ''
+    echo '    systemctl restart nginx'
 fi
-echo '    systemctl restart nginx'
 echo ''
 echo "    \"\${PROJECT_NAME}-pass\" -u \"\$MY_USERNAME\" -a ${app_name} -p \"\$${app_name_upper}_ADMIN_PASSWORD\""
-echo "    set_completion_param \"${app_name} domain\" \"\$${app_name_upper}_DOMAIN_NAME\""
+if [ $app_webui ]; then
+    echo "    set_completion_param \"${app_name} domain\" \"\$${app_name_upper}_DOMAIN_NAME\""
+fi
 if [ "$app_port" ]; then
     echo ''
     echo "    firewall_add ${app_name} ${app_port} tcp"

src/freedombone-utils-firewall

 function save_firewall_settings {
     iptables-save > /etc/firewall.conf
     ip6tables-save > /etc/firewall6.conf
+    if [ ! -d /etc/network/if-up.d ]; then
+        mkdir /etc/network/if-up.d
+    fi
     printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
     printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
     printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
     fi
 }
 
+function firewall_handle_port_scans {
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
+        return
+    fi
+    # only works for high frequency port scanning
+
+    # flooding of RST packets, smurf attack Rejection
+    iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT
+
+    # Protecting portscans
+    # Attacking IP will be locked for 24 hours (3600 x 24 = 86400 Seconds)
+    iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP
+    iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP
+
+    # Remove attacking IP after 24 hours
+    iptables -A INPUT -m recent --name portscan --remove
+    iptables -A FORWARD -m recent --name portscan --remove
+
+    # These rules add scanners to the portscan list, and log the attempt.
+    iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:"
+    iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
+
+    iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:"
+    iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
+    save_firewall_settings
+    mark_completed "${FUNCNAME[0]}"
+}
 
 function firewall_remove {
     firewall_port=$1

src/freedombone-utils-network

 # OpenDNS ipv6 DNS  2620:0:ccc::2
 IPV4_ADDRESS_TEST_DESTINATION='85.214.73.63'
 IPV6_ADDRESS_TEST_DESTINATION='2620:0:ccc::2'
-EXTERNAL_IP_LOOKUP_URL='ifcfg.me'
 
 # The static IP address of the system within the local network
 # By default the IP address is dynamic within your LAN
 }
 
 function get_external_ipv4_address {
-    nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print $2}'
+    curl -s ipinfo.io/ip
 }
 
 function get_ipv4_address {
     ip_update_script=/usr/bin/externalipupdate
     { echo '#!/bin/bash';
       echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'";
-      echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')";
+      echo "curr_ip=\$(curl -s ipinfo.io/ip)";
       echo "if [[ \"\$curr_ip\" != \"\$existing_ip\" ]]; then";
       echo "  sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE";
       echo "  echo \"\$(date)\" >> ~/${PROJECT_NAME}-external-ip-changes.txt";

src/freedombone-utils-nodejs

     npm update -g
 }
 
+function mesh_setup_npm {
+    cat <<EOF > "$rootdir/usr/bin/install_npm_global"
+#!/bin/bash
+if [ ! -d ~/.npm-global ]; then
+    mkdir ~/.npm-global
+fi
+npm config set prefix '~/.npm-global'
+if [[ "$PATH" != *'~/.npm-global/bin'* ]]; then
+    export PATH=~/.npm-global/bin:$PATH
+    echo 'export PATH=~/.npm-global/bin:$PATH' >> ~/.bashrc
+fi
+export NPM_CONFIG_PREFIX=~/.npm-global
+echo 'export NPM_CONFIG_PREFIX=~/.npm-global' >> ~/.bashrc
+source ~/.profile
+EOF
+    chroot "$rootdir" /bin/chmod +x /usr/bin/install_npm_global
+    chroot "$rootdir" /usr/bin/install_npm_global
+    rm "$rootdir/usr/bin/install_npm_global"
+}
+
 function nodejs_setup_global_modules {
     if [ ! -f /usr/local/bin/node ]; then
         return