Merge branch 'stretch' of https://github.com/bashrc/freedombone

Makefile

@@ -20,6 +20,7 @@ install:
 	mkdir -p ${DESTDIR}${PREFIX}/bin
 	mkdir -p ${DESTDIR}/usr/share/${APP}/base
 	mkdir -p ${DESTDIR}/usr/share/${APP}/apps
+	mkdir -p ${DESTDIR}/usr/share/${APP}/android-app
 	mkdir -p ${DESTDIR}/usr/share/${APP}/utils
 	mkdir -p ${DESTDIR}/usr/share/${APP}/avatars
 	mkdir -p ${DESTDIR}/etc/${APP}
@@ -46,6 +47,7 @@ install:
 	cp man/*.1.gz ${DESTDIR}${PREFIX}/share/man/man1
 	cp man/${APP}-backup-local.1.gz ${DESTDIR}${PREFIX}/share/man/man1/backup.1.gz
 	cp man/${APP}-restore-local.1.gz ${DESTDIR}${PREFIX}/share/man/man1/restore.1.gz
+	cp img/android-app/*.png ${DESTDIR}/usr/share/${APP}/android-app
 	chown -R root: /usr/share/${APP}
 	chmod -R +r /usr/share/${APP}
 #	bash -c "./translate install"

README.md

@@ -4,11 +4,11 @@ So you want to run your own internet services? Email, chat, VoIP, web sites, fil
 
 You can run Freedombone on an old laptop or a single board computer. See the [list of installation methods](https://freedombone.net/installmethods.html). You can also use it to [set up a mesh network](https://freedombone.net/mesh.html) in your local area.
 
-Check out the [list of available apps](https://freedombone.net/apps.html) and [Frequently Asked Questions](https://freedombone.net/faq.html) section. Recent developments are also described on [the blog](https://blog.freedombone.net/tag/freedombone).
+Check out the [list of available apps](https://freedombone.net/apps.html) and [Frequently Asked Questions](https://freedombone.net/faq.html) section. Recent developments are also described on [the blog](https://blog.freedombone.net/tag/freedombone). You might also wish to know how to [backup and restore the system](https://freedombone.net/backups.html).
 
 Disk images which can be cloned straight to USB or microSD drives are [available here](https://freedombone.net/downloads/v31).
 
-If you find bugs, or want to add a new app to this system see the [Developers Guide](https://freedombone.net/devguide.html) and [Code of Conduct](https://freedombone.net/codeofconduct.html). There is a Matrix chat room available at *#fbone:matrix.freedombone.net*.
+If you find bugs, or want to add a new app to this system see the [Developers Guide](https://freedombone.net/devguide.html) and [Code of Conduct](https://freedombone.net/codeofconduct.html). There is a Matrix chat room available at *#fbone:matrix.freedombone.net* and an XMPP channel at *support@chat.freedombone.net*. The XMPP channel requires membership which you can ask for via [these contact details](https://freedombone.net/support.html).
 
 If you like this project and want to support continued development then [here's what to do](https://freedombone.net/support.html).
 

doc/EN/app_bdsmail.org

@@ -1,7 +1,7 @@
 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombone, dlna
+#+KEYWORDS: freedombone, bdsmail
 #+DESCRIPTION: How to use BDS Mail
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />

doc/EN/app_dlna.org

@@ -23,6 +23,4 @@ Select *Administrator controls* then *App Settings* then *dlna*. From there you
 
 The system will scan the /Music/ directory, which could take a while if there are thousands of files, but you don't need to do anything further other than perhaps to log out by selecting *Exit* a couple of times.
 
-If you have an Android device then go to F-Droid (if you don't already have it installed then it can be [[https://f-droid.org/][downloaded here]]) and search for *ControlDLNA*. On running the app you should see a red Debian icon which you can press on, then you may need to select "local". After a few seconds the list of albums or tracks should then appear and you can browse and play them.
-
 The DLNA service will only work within your local home network, and isn't remotely accessible from other locations via the internet. That can be both a good and a bad thing. Another consideration is that there are /no access controls/ on DLNA services, so any music or videos on the USB drive will be playable by anyone within your home network.

doc/EN/app_rocketchat.org

@@ -0,0 +1,28 @@
+#+TITLE:
+#+AUTHOR: Bob Mottram
+#+EMAIL: bob@freedombone.net
+#+KEYWORDS: freedombone, rocketchat
+#+DESCRIPTION: How to use Rocketchat
+#+OPTIONS: ^:nil toc:nil
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
+
+#+attr_html: :width 80% :height 10% :align center
+[[file:images/logo.png]]
+
+* Rocketchat
+
+Rocketchat is a chat system which is mainly suited for private chat with a few family and friends. It has some integration capability with other systems, but isn't federated as [[./app_xmpp.html][XMPP]] or [[./app_matrix.html][Matrix]] are. If you need high security then XMPP with Conversations is probably still the best option.
+
+This system is only available for X86 architecture, so won't install on ARM boards but probably will on an old laptop.
+
+* Installation
+
+ssh into the system with:
+
+#+BEGIN_SRC bash
+ssh myusername@mydomain.com -p 2222
+#+END_SRC
+
+Select *Administrator controls* then *Add/Remove Apps* then *rocketchat*. Enter your domain name and freedns code if you're using freedns.
+
+Navigate to your rocketchat domain and register an account. The first registration becomes the administrator. It's a good idea within the Rocketchat administration settings under *Accounts* to select *Registration* and *Manually Approve New Users*, then save. This will prevent millions of random internet users from creating accounts on your server.

doc/EN/app_smolrss.org

@@ -0,0 +1,29 @@
+#+TITLE:
+#+AUTHOR: Bob Mottram
+#+EMAIL: bob@freedombone.net
+#+KEYWORDS: freedombone, smolrss, rss
+#+DESCRIPTION: How to use Smol RSS
+#+OPTIONS: ^:nil toc:nil
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
+
+#+attr_html: :width 80% :height 10% :align center
+[[file:images/logo.png]]
+
+* Smol RSS
+This is an extremely simple RSS reader which is available only from an onion address, so that you have /the right to read/. There is very little code and so not much attack surface, and it will scale to screens of any size. This should be a better reading experience on mobile than with [[./app_ttrss.html][tt-rss]].
+
+A disadvantage is that you can only add or remove feeds via the Freedombone administrator control panel, so this isn't suitable for multi-user environments. But once you have your feeds set up it's trivial to use, and unless you publish the onion address confidentiality should be maintained.
+
+* Installation
+
+ssh into the system with:
+
+#+BEGIN_SRC bash
+ssh myusername@mydomain.com -p 2222
+#+END_SRC
+
+Select *Administrator controls* then *Add/Remove Apps* then *smolrss*.
+
+After installation within *Administrator controls* go to *App settings* then *smolrss*. You can then add some feeds or edit the existing feed list. There are a few default feeds as an example.
+
+Within *Administrator controls* go to *About this system* and select *smolrss*. You will then have the onion address. Navigate to your reader in a Tor compatible browser. You may need to allow the site within NoScript. Then select a feed from the list and begin reading. That's all there is to it.

doc/EN/app_syncthing.org

@@ -39,7 +39,7 @@ In another terminal log into Freedombone:
 ssh username@domainname -p 2222
 #+END_SRC
 
-Then select *File Synchronization*.
+Then select *Run an App* and *syncthing*.
 
 #+attr_html: :width 80% :align center
 [[file:images/controlpanel/control_panel_file_sync.jpg]]
@@ -55,6 +55,9 @@ From the top menu select *Actions* and then *Show ID*, then copy the ID string (
 
 Now wait for a few minutes. Eventually you will see two messages appear within the browser asking if you want to add two new folders from the Freedombone server. Say yes to both, and specify *~/Sync* as the directory with your username and *~/SyncShared* as the shared directory. You can now copy files into your *~/Sync* directory and they will automatically be synced to the server. Those will be files which only you can access. If you copy files into *~/SyncShared* then they will also be available to any other users on the system.
 
+* Desktop app
+If you're running Arch/Parabola there is a package called [[https://github.com/syncthing/syncthing-gtk][syncthing-gtk]] which provides a GTK GUI and an icon indicating whether synchronization is happening. This can be more convenient than using the browser interface.
+
 * On Android
 Install Syncthing and Connectbot from F-droid.
 

doc/EN/app_xmpp.org

@@ -71,9 +71,6 @@ Enter your username (username@domainname) and password.
 
 Click on *Advanced* and make sure that *Encryption required* and *Ignore SSL certificate errors* are checked.  Ignoring the certificate errors will allow you to use the self-signed certificate created earlier.  Then click *Done* and set your Jabber account and Empathy to *On*.
 
-* Using Tor Messenger
-Tor Messenger is a messaging client which supports XMPP, and its onion routing enables you to protect the metadata of chat interactions to some extent by making it difficult for an adversary to know which server is talking to which. You can download Tor Messenger from [[https://torproject.org][torproject.org]] and the setup is pretty simple.
-
 * Using with Android/Conversations
 Install [[https://f-droid.org/][F-Droid]]
 

doc/EN/apps.org

@@ -155,18 +155,26 @@ A shell based XMPP client which you can run on the Freedombone server via ssh.
 A browser based user interface for the Matrix federated communications system, including WebRTC audio and video chat.
 
 [[./app_riot.html][How to use it]]
+* Rocketchat
+A non-federated chat server (x86 systems only).
+
+[[./app_rocketchat.html][How to use it]]
 * SearX
 A metasearch engine for customised and private web searches.
 
 [[./app_searx.html][How to use it]]
-* tt-rss
-Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "/the right to read/" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox.
+* Smol RSS
+A very minimal RSS reader.
 
-[[./app_rss.html][How to use it]]
+[[./app_smolrss.html][How to use it]]
 * Syncthing
 Possibly the best way to synchronise files across all of your devices. Once it has been set up it "just works" with no user intervention needed.
 
 [[./app_syncthing.html][How to use it]]
+* tt-rss
+Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "/the right to read/" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox.
+
+[[./app_rss.html][How to use it]]
 * Tahoe-LAFS
 Robust and encrypted storage of files on one or more server.
 

doc/EN/armbian.org

@@ -23,7 +23,7 @@ If you have a single board ARM computer which isn't one of the supported ones th
 Download the Armbian image for your board. It must be version 9 (Stretch), otherwise it won't work. Extract the image from its archive, then copy it to a microSD card:
 
 #+begin_src bash
-sudo dd bs=32M if=[Armbian .img file] of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=[Armbian .img file] of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src
 
 Where */dev/sdX* is the path for the microSD drive on your system.

doc/EN/boards.org

@@ -20,6 +20,7 @@ The following ARM boards are supported by the build system. If your board isn't
  - a20-olinuxino-lime
  - a20-olinuxino-lime2
  - a20-olinuxino-micro
+ - [[http://www.lemaker.org/product-bananapro-index.html][Lemaker Banana Pro]]
 
 The latest image builds can be [[./downloads/current][found here]].
 

doc/EN/devguide.org

@@ -18,10 +18,11 @@ Suppose you have some internet application which you want to add to the system.
 
 There's a command which you can use to generate scripts for new apps. Some examples are as follows:
 
-To create a script for a generic PHP plus MySql/MariaDB web app:
+To create a script for a generic PHP plus MySql/MariaDB web app with a couple of extra packages:
 
 #+begin_src bash
 freedombone-template --app [name] -e [email] -r [repo url] \
+                     --packages "cowsay libssl-dev" \
                      -c [commit] --php yes -d mariadb > \
                      src/freedombone-app-myappname
 #+end_src

doc/EN/homeserver.org

@@ -70,7 +70,7 @@ You can now copy the image to the USB thumb drive, replacing *sdX* with the iden
 
 #+begin_src bash
 dd if=/dev/zero of=/dev/sdX bs=32M count=8
-dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync
+dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src
 
 And wait. Again it will take a while to copy over. When that's done plug it into the laptop or netbook which you want to use as a server, power on and set the BIOS to boot from the USB stick.

doc/EN/index.org

@@ -17,11 +17,11 @@ So you want to run your own internet services? Email, chat, VoIP, web sites, fil
 
 You can run Freedombone on an old laptop or a single board computer. See the [[./installmethods.html][list of installation methods]]. You can also use it to [[./mesh.html][set up a mesh network]] in your local area.
 
-Check out the [[./apps.html][list of available apps]] and [[./faq.html][Frequently Asked Questions]] section. Recent developments are also described on [[https://blog.freedombone.net/tag/freedombone][the blog]].
+Check out the [[./apps.html][list of available apps]] and [[./faq.html][Frequently Asked Questions]] section. Recent developments are also described on [[https://blog.freedombone.net/tag/freedombone][the blog]]. You might also wish to know how to [[./backups.html][backup and restore the system]].
 
 Disk images which can be cloned straight to USB or microSD drives are [[./downloads/v31][available here]].
 
-If you find bugs, or want to add a new app to this system see the [[./devguide.html][Developers Guide]] and [[./codeofconduct.html][Code of Conduct]]. There is a Matrix chat room available at *#fbone:matrix.freedombone.net*.
+If you find bugs, or want to add a new app to this system see the [[./devguide.html][Developers Guide]] and [[./codeofconduct.html][Code of Conduct]]. There is a Matrix chat room available at *#fbone:matrix.freedombone.net* and an XMPP channel at *support@chat.freedombone.net*. The XMPP channel requires membership which you can ask for via [[./support.html][these contact details]].
 
 If you like this project and want to support continued development then [[./support.html][here's what to do]].
 

doc/EN/installation.org

@@ -129,7 +129,7 @@ unxz filename.img.xz
 Then copy it to a microSD card. Depending on your system you may need an adaptor to be able to do that.
 
 #+BEGIN_SRC bash
-sudo dd bs=32M if=filename.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=filename.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+END_SRC
 
 Where *sdX* is the microSD drive. You can check which drive is the microSD drive using:

doc/EN/mesh_images.org

@@ -42,7 +42,7 @@ wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz.si
 gpg --verify freedombone-meshclient-i386.img.xz.sig
 unxz freedombone-meshclient-i386.img.xz
 sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
-sudo dd bs=32M if=freedombone-meshclient-i386.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=freedombone-meshclient-i386.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src
 
 To get a number of systems onto the mesh repeat the /dd/ command to create however many bootable USB drives you need.
@@ -56,7 +56,7 @@ wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.
 gpg --verify freedombone-meshclient-insecure-i386.img.xz.sig
 unxz freedombone-meshclient-insecure-i386.img.xz
 sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
-sudo dd bs=32M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src
 
 ** Router images
@@ -75,7 +75,7 @@ gpg --verify freedombone-mesh_beaglebone-armhf.img.xz.sig
 sha256sum freedombone-mesh_beaglebone-armhf.img.xz
 ad8f22c0d46c98a80aa47b5809402971cf5cf26ebf587c59a667307b2386c3d2
 unxz freedombone-mesh_beaglebone-armhf.img.xz
-sudo dd bs=32M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src
 
 If you have a few Beaglebone Blacks to use as routers then repeat the /dd/ command to create however many microSD cards you need.
@@ -120,7 +120,7 @@ You can now copy the image to the USB thumb drive, replacing *sdX* with the iden
 
 #+begin_src bash
 sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
-sudo dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src
 
 And wait. Again it will take a while to copy over. When that's done plug it into the laptop or netbook which you want to use on the mesh, power on and set the BIOS to boot from the USB stick.

doc/EN/release3.org

@@ -31,7 +31,7 @@ Copy the image to a microSD card or USB thumb drive, replacing sdX with the iden
 
 #+BEGIN_SRC bash
 unxz downloadedimagefile.img.xz
-dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
+dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+END_SRC
 
 And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.

doc/EN/release31.org

@@ -39,7 +39,7 @@ Copy the image to a microSD card or USB thumb drive, replacing sdX with the iden
 
 #+BEGIN_SRC bash
 unxz downloadedimagefile.img.xz
-dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
+dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+END_SRC
 
 And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.

doc/EN/socialinstance.org

@@ -32,7 +32,7 @@ wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz.sig
 gpg --verify freedombone-pleroma-amd64.img.xz.sig
 unxz freedombone-pleroma-amd64.img.xz
 sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
-sudo dd bs=32M if=freedombone-pleroma-amd64.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=freedombone-pleroma-amd64.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src
 
 Also note that if the laptop has a removable SSD drive it's possible to copy the image directly to that if you have enough equipment.

doc/EN/support.org

@@ -15,11 +15,29 @@
 
 This site can also be accessed via a Tor browser at *http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion*
 
-*Email:* bob@freedombone.net
-
-*PGP/GPG Fingerprint:* 9ABB82C00ABF39F82680487DCC2536191FA7C33F
-
-*XMPP:* bob@freedombone.net with OMEMO or OpenPGP
+*Email/XMPP:* bob@freedombone.net
+
+*PGP/GPG Public key:*
+#+BEGIN_SRC bash
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEWZBueBYJKwYBBAHaRw8BAQdAKx1t6wL0RTuU6/IBjngMbVJJ3Wg/3UW73/PV
+I47xKTS0IUJvYiBNb3R0cmFtIDxib2JAZnJlZWRvbWJvbmUubmV0PoiQBBMWCAA4
+FiEEmruCwAq/OfgmgEh9zCU2GR+nwz8FAlmQbngCGwMFCwkIBwMFFQoJCAsFFgID
+AQACHgECF4AACgkQzCU2GR+nwz/9sAD/YgsHnVszHNz1zlVc5EgY1ByDupiJpHj0
+XsLYk3AbNRgBALn45RqgD4eWHpmOriH09H5Rc5V9iN4+OiGUn2AzJ6oHuDgEWZBu
+eBIKKwYBBAGXVQEFAQEHQPRBG2ZQJce475S3e0Dxeb0Fz5WdEu2q3GYLo4QG+4Ry
+AwEIB4h4BBgWCAAgFiEEmruCwAq/OfgmgEh9zCU2GR+nwz8FAlmQbngCGwwACgkQ
+zCU2GR+nwz+OswD+JOoyBku9FzuWoVoOevU2HH+bPOMDgY2OLnST9ZSyHkMBAMcK
+fnaZ2Wi050483Sj2RmQRpb99Dod7rVZTDtCqXk0J
+=gv5G
+-----END PGP PUBLIC KEY BLOCK-----
+#+END_SRC
+
+#+attr_html: :width 60% :align center
+[[file:images/pubkey.png]]
+
+*XMPP channel:* support@chat.freedombone.net (Requires membership. Ask via XMPP to *bob@freedombone.net*)
 
 *Matrix:* #fbone:matrix.freedombone.net
 

src/freedombone-addremove

@@ -267,5 +267,6 @@ if [[ "$1" == "add-all" ]]; then
 else
     install_apps_selected
 fi
+android_update_apps
 
 exit 0

src/freedombone-app-akaunting

@@ -40,6 +40,10 @@ AKAUNTING_ADMIN_PASSWORD=
 
 AKAUNTING_BACKGROUND_IMAGE_URL=
 
+AKAUNTING_SHORT_DESCRIPTION=$'Personal accounting'
+AKAUNTING_DESCRIPTION=$'Personal or small business accounting'
+AKAUNTING_MOBILE_APP_URL=
+
 akaunting_variables=(ONION_ONLY
                      AKAUNTING_DOMAIN_NAME
                      AKAUNTING_CODE
@@ -110,7 +114,7 @@ function install_interactive_akaunting {
         while [ ! $AKAUNTING_DETAILS_COMPLETE ]
         do
             data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ $DDNS_PROVIDER == *"freedns"* ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Akaunting Configuration" \
                        --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
@@ -142,7 +146,7 @@ function install_interactive_akaunting {
                     AKAUNTING_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ $DDNS_PROVIDER == *"freedns"* ]]; then
                         AKAUNTING_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$AKAUNTING_CODE"
                         if [ ! "$VALID_CODE" ]; then

src/freedombone-app-batman

@@ -105,6 +105,12 @@ function mesh_install_batman {
     if ! grep -q "batman_adv" "$rootdir/etc/modules"; then
         echo 'batman_adv' >> "$rootdir/etc/modules"
     fi
+    if ! grep -q "tunnel6" "$rootdir/etc/modules"; then
+        echo 'tunnel6' >> "$rootdir/etc/modules"
+    fi
+    if ! grep -q "ip6_tunnel" "$rootdir/etc/modules"; then
+        echo 'ip6_tunnel' >> "$rootdir/etc/modules"
+    fi
 
     BATMAN_SCRIPT=$rootdir/var/lib/batman
 

src/freedombone-app-bludit

@@ -35,6 +35,10 @@ BLUDIT_ONION_PORT=9844
 BLUDIT_REPO="https://github.com/bludit/bludit"
 BLUDIT_COMMIT='0e27e31a84421b3e6bd000a77bc89c2dff3c446a'
 
+BLUDIT_SHORT_DESCRIPTION=$'Markdown blogging'
+BLUDIT_DESCRIPTION=$'Simple Markdown blogging'
+BLUDIT_MOBILE_APP_URL=
+
 bludit_variables=(ONION_ONLY
                   BLUDIT_DOMAIN_NAME
                   BLUDIT_CODE

src/freedombone-app-dlna

@@ -31,6 +31,10 @@ VARIANTS='full full-vim media'
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=0
 
+DLNA_SHORT_DESCRIPTION=$'Streaming media'
+DLNA_DESCRIPTION=$'Streaming media'
+DLNA_MOBILE_APP_URL=
+
 dlna_variables=(SYSTEM_TYPE
                 USB_MOUNT_DLNA
                 INSTALLED_WITHIN_DOCKER

src/freedombone-app-dokuwiki

@@ -40,6 +40,10 @@ DOKUWIKI_TITLE="${PROJECT_NAME} Dokuwiki"
 DOKUWIKI_REPO="https://github.com/splitbrain/dokuwiki"
 DOKUWIKI_COMMIT='be15c01c0b982cf1a75b5af031bf077143c63f39'
 
+DOKUWIKI_SHORT_DESCRIPTION=$'Databaseless wiki'
+DOKUWIKI_DESCRIPTION=$'Databaseless wiki'
+DOKUWIKI_MOBILE_APP_URL=
+
 dokuwiki_variables=(ONION_ONLY
                     MY_USERNAME
                     DOKUWIKI_TITLE

src/freedombone-app-edith

@@ -38,6 +38,10 @@ EDITH_CODE=
 EDITH_ONION_PORT=8278
 EDITH_LOGIN_TEXT=$"Edith login"
 
+EDITH_SHORT_DESCRIPTION=$'Simple notes'
+EDITH_DESCRIPTION=$'Extremely simple note taking'
+EDITH_MOBILE_APP_URL=
+
 edith_variables=(MY_USERNAME
                  MY_EMAIL_ADDRESS
                  ONION_ONLY

src/freedombone-app-etherpad

@@ -42,6 +42,10 @@ ETHERPAD_ADMIN_PASSWORD=
 ETHERPAD_TITLE=$'Freedombone Docs'
 ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\\n\\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!"
 
+ETHERPAD_SHORT_DESCRIPTION=$'Collaborative document editor'
+ETHERPAD_DESCRIPTION=$'Collaborative document editor'
+ETHERPAD_MOBILE_APP_URL=
+
 etherpad_variables=(ONION_ONLY
                     DEFAULT_DOMAIN_NAME
                     ETHERPAD_DOMAIN_NAME

src/freedombone-app-fedwiki

@@ -42,6 +42,10 @@ FEDWIKI_PORT=3053
 FEDWIKI_DATA=/var/lib/fedwiki
 FEDWIKI_COOKIE=
 
+FEDWIKI_SHORT_DESCRIPTION=$'Federated wiki'
+FEDWIKI_DESCRIPTION=$'Federated wiki'
+FEDWIKI_MOBILE_APP_URL=
+
 fedwiki_variables=(FEDWIKI_DOMAIN_NAME
                    FEDWIKI_CODE
                    FEDWIKI_COOKIE

src/freedombone-app-friendica

@@ -40,6 +40,10 @@ FRIENDICA_ADMIN_PASSWORD=
 FRIENDICA_COMMIT='b5a42c5b31fae5315bacd37769eba20ab2345aaa'
 FRIENDICA_ADDONS_COMMIT='7cb9dbdda7f227462895c07be3c968405561d40e'
 
+FRIENDICA_SHORT_DESCRIPTION=$'Federated social network'
+FRIENDICA_DESCRIPTION=$'Federated social network'
+FRIENDICA_MOBILE_APP_URL=
+
 friendica_variables=(ONION_ONLY
                      FRIENDICA_DOMAIN_NAME
                      FRIENDICA_CODE

src/freedombone-app-gnusocial

@@ -46,6 +46,10 @@ GNUSOCIAL_TITLE='Pleroma FE'
 # Number of months after which posts expire
 GNUSOCIAL_EXPIRE_MONTHS=3
 
+GNUSOCIAL_SHORT_DESCRIPTION=$'Federated microblogging'
+GNUSOCIAL_DESCRIPTION=$'Federated microblogging'
+GNUSOCIAL_MOBILE_APP_URL='https://f-droid.org/packages/org.mariotaku.twidere/'
+
 gnusocial_variables=(ONION_ONLY
                      GNUSOCIAL_DOMAIN_NAME
                      GNUSOCIAL_CODE
@@ -112,7 +116,7 @@ function install_interactive_gnusocial {
         while [ ! $GNUSOCIAL_DETAILS_COMPLETE ]
         do
             data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ $DDNS_PROVIDER == *"freedns"* ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"GNU Social Configuration" \
                        --form $"\\nPlease enter your GNU Social details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
@@ -156,7 +160,7 @@ function install_interactive_gnusocial {
                     GNUSOCIAL_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ $DDNS_PROVIDER == *"freedns"* ]]; then
                         GNUSOCIAL_CODE=$(sed -n 4p < "$data")
                         validate_freedns_code "$GNUSOCIAL_CODE"
                         if [ ! "$VALID_CODE" ]; then

src/freedombone-app-gogs

@@ -34,17 +34,21 @@ SHOW_ON_ABOUT=1
 GOGS_USERNAME='gogs'
 GOGS_VERSION='0.11.29'
 
-GIT_DOMAIN_NAME=
-GIT_CODE=
+GOGS_DOMAIN_NAME=
+GOGS_CODE=
 GIT_ONION_PORT=8090
 GIT_ADMIN_PASSWORD=
 GOGS_BIN=
+GOGS_PORT=3145
+
+GOGS_SHORT_DESCRIPTION=$'Git repo management'
+GOGS_DESCRIPTION=$'Git repo management'
+GOGS_MOBILE_APP_URL=
 
 gogs_variables=(ONION_ONLY
                 GIT_ADMIN_PASSWORD
-                GIT_DOMAIN_NAME
-                GIT_CODE
-                GIT_ONION_PORT
+                GOGS_DOMAIN_NAME
+                GOGS_CODE
                 MY_USERNAME
                 DDNS_PROVIDER
                 ARCHITECTURE)
@@ -64,8 +68,8 @@ function change_password_gogs {
 
 function install_interactive_gogs {
     if [[ $ONION_ONLY != "no" ]]; then
-        GIT_DOMAIN_NAME='gogs.local'
-        write_config_param "GIT_DOMAIN_NAME" "$GIT_DOMAIN_NAME"
+        GOGS_DOMAIN_NAME='gogs.local'
+        write_config_param "GOGS_DOMAIN_NAME" "$GOGS_DOMAIN_NAME"
     else
         function_check interactive_site_details
         interactive_site_details git
@@ -149,6 +153,18 @@ function upgrade_gogs {
         return
     fi
 
+    GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
+    GOGS_CONFIG_FILE=$GOGS_CONFIG_PATH/app.ini
+
+    # Change port number if necessary
+    if ! grep -q "HTTP_PORT = ${GOGS_PORT}" "${GOGS_CONFIG_FILE}"; then
+        sed -i "s|HTTP_PORT =.*|HTTP_PORT = ${GOGS_PORT}|g" "${GOGS_CONFIG_FILE}"
+        read_config_param GOGS_DOMAIN_NAME
+        sed -i "s|proxy_pass .*|proxy_pass http://localhost:${GOGS_PORT};|g" "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
+        systemctl restart gogs
+        systemctl restart nginx
+    fi
+
     CURR_GOGS_VERSION=$(get_completion_param "gogs version")
     echo "gogs current version: ${CURR_GOGS_VERSION}"
     echo "gogs app version: ${GOGS_VERSION}"
@@ -156,8 +172,6 @@ function upgrade_gogs {
         return
     fi
 
-    GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
-    GOGS_CONFIG_FILE=$GOGS_CONFIG_PATH/app.ini
     cp "$GOGS_CONFIG_FILE $INSTALL_DIR/gogs_config.ini"
 
     if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
@@ -257,7 +271,7 @@ function restore_local_gogs {
         return
     fi
 
-    if [ ${#GIT_DOMAIN_NAME} -gt 2 ]; then
+    if [ ${#GOGS_DOMAIN_NAME} -gt 2 ]; then
         function_check gogs_create_database
         gogs_create_database
 
@@ -265,7 +279,7 @@ function restore_local_gogs {
         GOGS_CONFIG_FILE="${GOGS_CONFIG_PATH}/app.ini"
 
         function_check restore_database
-        restore_database gogs "${GIT_DOMAIN_NAME}"
+        restore_database gogs "${GOGS_DOMAIN_NAME}"
         temp_restore_dir=/root/tempgogs
         if [ -d "${USB_MOUNT}/backup/gogs" ]; then
             echo $"Restoring Gogs settings"
@@ -339,7 +353,7 @@ function restore_local_gogs {
 function backup_remote_gogs {
     if [ -d /home/$GOGS_USERNAME ]; then
         function_check suspend_site
-        suspend_site ${GIT_DOMAIN_NAME}
+        suspend_site ${GOGS_DOMAIN_NAME}
 
         function_check backup_database_to_friend
         backup_database_to_friend gogs
@@ -368,7 +382,7 @@ function backup_remote_gogs {
 
 function restore_remote_gogs {
     if grep -q "gogs domain" "$COMPLETION_FILE"; then
-        GIT_DOMAIN_NAME=$(get_completion_param "gogs domain")
+        GOGS_DOMAIN_NAME=$(get_completion_param "gogs domain")
 
         function_check gogs_create_database
         gogs_create_database
@@ -377,7 +391,7 @@ function restore_remote_gogs {
         GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
 
         function_check restore_database_from_friend
-        restore_database_from_friend gogs "${GIT_DOMAIN_NAME}"
+        restore_database_from_friend gogs "${GOGS_DOMAIN_NAME}"
         if [ -d "${SERVER_DIRECTORY}/backup/gogs" ]; then
             if [ ! -d $GOGS_CONFIG_PATH ]; then
                 mkdir -p $GOGS_CONFIG_PATH
@@ -434,19 +448,19 @@ function restore_remote_gogs {
 }
 
 function remove_gogs {
-    if [ ${#GIT_DOMAIN_NAME} -eq 0 ]; then
+    if [ ${#GOGS_DOMAIN_NAME} -eq 0 ]; then
         return
     fi
     systemctl stop gogs
     systemctl disable gogs
 
-    nginx_dissite "${GIT_DOMAIN_NAME}"
-    remove_certs "${GIT_DOMAIN_NAME}"
-    if [ -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
-        rm -rf "/var/www/${GIT_DOMAIN_NAME}"
+    nginx_dissite "${GOGS_DOMAIN_NAME}"
+    remove_certs "${GOGS_DOMAIN_NAME}"
+    if [ -d "/var/www/${GOGS_DOMAIN_NAME}" ]; then
+        rm -rf "/var/www/${GOGS_DOMAIN_NAME}"
     fi
-    if [ -f "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}" ]; then
-        rm "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}" ]; then
+        rm "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
     fi
     function_check drop_database
     drop_database gogs
@@ -462,11 +476,11 @@ function remove_gogs {
     userdel -r gogs
 
     function_check remove_ddns_domain
-    remove_ddns_domain "$GIT_DOMAIN_NAME"
+    remove_ddns_domain "$GOGS_DOMAIN_NAME"
 }
 
 function install_gogs {
-    if [ ! "$GIT_DOMAIN_NAME" ]; then
+    if [ ! "$GOGS_DOMAIN_NAME" ]; then
         return
     fi
 
@@ -569,34 +583,34 @@ function install_gogs {
     systemctl daemon-reload
     systemctl start gogs
 
-    if [ ! -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
-        mkdir "/var/www/${GIT_DOMAIN_NAME}"
+    if [ ! -d "/var/www/${GOGS_DOMAIN_NAME}" ]; then
+        mkdir "/var/www/${GOGS_DOMAIN_NAME}"
     fi
-    if [ -d "/var/www/${GIT_DOMAIN_NAME}/htdocs" ]; then
-        rm -rf "/var/www/${GIT_DOMAIN_NAME}/htdocs"
+    if [ -d "/var/www/${GOGS_DOMAIN_NAME}/htdocs" ]; then
+        rm -rf "/var/www/${GOGS_DOMAIN_NAME}/htdocs"
     fi
 
     if [[ "${ONION_ONLY}" == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect "${GIT_DOMAIN_NAME}"
+        nginx_http_redirect "${GOGS_DOMAIN_NAME}"
         { echo 'server {';
           echo '    listen 443 ssl;';
           echo '    #listen [::]:443 ssl;';
-          echo "    root /var/www/${GIT_DOMAIN_NAME}/htdocs;";
-          echo "    server_name ${GIT_DOMAIN_NAME};";
+          echo "    root /var/www/${GOGS_DOMAIN_NAME}/htdocs;";
+          echo "    server_name ${GOGS_DOMAIN_NAME};";
           echo '    access_log /dev/null;';
           echo "    error_log /dev/null;";
-          echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+          echo ''; } >> "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
         function_check nginx_ssl
-        nginx_ssl "${GIT_DOMAIN_NAME}"
+        nginx_ssl "${GOGS_DOMAIN_NAME}"
         function_check nginx_security_options
-        nginx_security_options "${GIT_DOMAIN_NAME}"
+        nginx_security_options "${GOGS_DOMAIN_NAME}"
         { echo '    add_header Strict-Transport-Security max-age=0;';
           echo '';
-          echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+          echo '    location / {'; } >> "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
         function_check nginx_limits
-        nginx_limits "${GIT_DOMAIN_NAME}" '10G'
-        { echo '        proxy_pass http://localhost:3000;';
+        nginx_limits "${GOGS_DOMAIN_NAME}" '10G'
+        { echo "        proxy_pass http://localhost:${GOGS_PORT};";
           echo '    }';
           echo '';
           echo '    fastcgi_buffers 64 4K;';
@@ -610,25 +624,25 @@ function install_gogs {
           echo '        access_log /dev/null;';
           echo '    }';
           echo '}';
-          echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+          echo ''; } >> "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
     else
-        echo -n '' > "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+        echo -n '' > "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
     fi
     { echo 'server {';
       echo "    listen 127.0.0.1:${GIT_ONION_PORT} default_server;";
-      echo "    root /var/www/$GIT_DOMAIN_NAME/htdocs;";
-      echo "    server_name $GIT_DOMAIN_NAME;";
+      echo "    root /var/www/$GOGS_DOMAIN_NAME/htdocs;";
+      echo "    server_name $GOGS_DOMAIN_NAME;";
       echo '    access_log /dev/null;';
       echo "    error_log /dev/null;";
-      echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+      echo ''; } >> "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
     function_check nginx_security_options
-    nginx_security_options "${GIT_DOMAIN_NAME}"
+    nginx_security_options "${GOGS_DOMAIN_NAME}"
     { echo '    add_header Strict-Transport-Security max-age=0;';
       echo '';
-      echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+      echo '    location / {'; } >> "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
     function_check nginx_limits
-    nginx_limits "${GIT_DOMAIN_NAME}" '10G'
-    { echo '        proxy_pass http://localhost:3000;';
+    nginx_limits "${GOGS_DOMAIN_NAME}" '10G'
+    { echo "        proxy_pass http://localhost:${GOGS_PORT};";
       echo '    }';
       echo '';
       echo '    fastcgi_buffers 64 4K;';
@@ -641,15 +655,15 @@ function install_gogs {
       echo '        log_not_found off;';
       echo '        access_log /dev/null;';
       echo '    }';
-      echo '}'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+      echo '}'; } >> "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate "${GIT_DOMAIN_NAME}" 'yes'
+    create_site_certificate "${GOGS_DOMAIN_NAME}" 'yes'
 
-    nginx_ensite "${GIT_DOMAIN_NAME}"
+    nginx_ensite "${GOGS_DOMAIN_NAME}"
 
     if [ ! -d /var/lib/tor ]; then
         echo $'No Tor installation found. Gogs onion site cannot be configured.'
@@ -674,11 +688,11 @@ function install_gogs {
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    set_completion_param "gogs domain" "$GIT_DOMAIN_NAME"
+    set_completion_param "gogs domain" "$GOGS_DOMAIN_NAME"
     set_completion_param "gogs onion domain" "$GIT_ONION_HOSTNAME"
 
     function_check add_ddns_domain
-    add_ddns_domain "${GIT_DOMAIN_NAME}"
+    add_ddns_domain "${GOGS_DOMAIN_NAME}"
 
     # obtain the secret key
     GOGS_SECRET_KEY="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
@@ -707,17 +721,17 @@ function install_gogs {
       echo '';
       echo '[server]'; } >> ${GOGS_CONFIG_FILE}
     if [[ ${ONION_ONLY} == 'no' ]]; then
-        echo "DOMAIN = ${GIT_DOMAIN_NAME}" >> ${GOGS_CONFIG_FILE}
-        echo "ROOT_URL = https://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
+        echo "DOMAIN = ${GOGS_DOMAIN_NAME}" >> ${GOGS_CONFIG_FILE}
+        echo "ROOT_URL = https://$GOGS_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
     else
         echo "DOMAIN = ${GIT_ONION_HOSTNAME}" >> ${GOGS_CONFIG_FILE}
-        echo "ROOT_URL = http://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
+        echo "ROOT_URL = http://$GOGS_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
     fi
-    { echo 'HTTP_PORT = 3000';
+    { echo "HTTP_PORT = ${GOGS_PORT}";
       echo "SSH_PORT = $SSH_PORT";
       echo 'SSH_DOMAIN = %(DOMAIN)s';
-      echo "CERT_FILE = /etc/ssl/certs/${GIT_DOMAIN_NAME}.pem";
-      echo "KEY_FILE = /etc/ssl/private/${GIT_DOMAIN_NAME}.key";
+      echo "CERT_FILE = /etc/ssl/certs/${GOGS_DOMAIN_NAME}.pem";
+      echo "KEY_FILE = /etc/ssl/private/${GOGS_DOMAIN_NAME}.key";
       echo 'DISABLE_ROUTER_LOG = true';
       echo '';
       echo '[session]';
@@ -747,9 +761,9 @@ function install_gogs {
     systemctl restart gogs
 
     if ! grep -q "gogs domain:" "${COMPLETION_FILE}"; then
-        echo "gogs domain:${GIT_DOMAIN_NAME}" >> "${COMPLETION_FILE}"
+        echo "gogs domain:${GOGS_DOMAIN_NAME}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|gogs domain.*|gogs domain:${GIT_DOMAIN_NAME}|g" "${COMPLETION_FILE}"
+        sed -i "s|gogs domain.*|gogs domain:${GOGS_DOMAIN_NAME}|g" "${COMPLETION_FILE}"
     fi
 
     function_check configure_firewall_for_git

src/freedombone-app-htmly

@@ -39,6 +39,10 @@ HTMLY_COMMIT='bf5fe9486160be4da86d8987d3e5c977e1dc6d32'
 HTMLY_TITLE="My Blog"
 HTMLY_SUBTITLE="Another ${PROJECT_NAME} blog"
 
+HTMLY_SHORT_DESCRIPTION=$'Databaseless blogging'
+HTMLY_DESCRIPTION=$'Databaseless blogging'
+HTMLY_MOBILE_APP_URL=
+
 htmly_variables=(HTMLY_REPO
                  HTMLY_DOMAIN_NAME
                  HTMLY_CODE

src/freedombone-app-hubzilla

@@ -41,6 +41,10 @@ HUBZILLA_ADDONS_REPO="https://github.com/redmatrix/hubzilla-addons.git"
 HUBZILLA_ADDONS_COMMIT='be9dcd044b9326c3bd9301d7c4b375a2c2f54663'
 HUBZILLA_ADMIN_PASSWORD=
 
+HUBZILLA_SHORT_DESCRIPTION=$'Web publishing system'
+HUBZILLA_DESCRIPTION=$'Web publishing system'
+HUBZILLA_MOBILE_APP_URL=
+
 hubzilla_variables=(ONION_ONLY
                     HUBZILLA_DOMAIN_NAME
                     HUBZILLA_CODE

src/freedombone-app-icecast

@@ -44,6 +44,10 @@ ICECAST_DIR=/icestream
 ICECAST_PLAYLIST_FILE=/etc/ices2/playlist.txt
 ICECAST_LOGIN_TEXT=$"Icecast login"
 
+ICECAST_SHORT_DESCRIPTION=$'Media broadcast'
+ICECAST_DESCRIPTION=$'Media broadcast'
+ICECAST_MOBILE_APP_URL=
+
 icecast_variables=(MY_USERNAME
                    MY_EMAIL_ADDRESS
                    ONION_ONLY

src/freedombone-app-irc

@@ -41,6 +41,10 @@ IRC_PASSWORD=
 # Number of entries for the bouncer to buffer
 IRC_BUFFER_LENGTH=300
 
+IRC_SHORT_DESCRIPTION=$'Classic chat system'
+IRC_DESCRIPTION=$'Classic chat system'
+IRC_MOBILE_APP_URL='https://f-droid.org/packages/org.yaaic'
+
 irc_variables=(MY_USERNAME
                MY_NAME
                IRC_PORT

src/freedombone-app-jitsi

@@ -33,6 +33,7 @@ VARIANTS=""
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=0
 NOT_ON_ONION=1
+NOT_ON_ARM=1
 
 VIDEOBRIDGE_PORT=5347
 JITSI_ONION_PORT=8102
@@ -43,6 +44,10 @@ JITSI_DOMAIN_NAME=
 JITSI_CODE=
 JITSI_ONION_HOSTNAME=
 
+JITSI_SHORT_DESCRIPTION=$'Video conferencing'
+JITSI_DESCRIPTION=$'Video conferencing'
+JITSI_MOBILE_APP_URL=
+
 jitsi_variables=(ONION_ONLY
                  JITSI_DOMAIN_NAME
                  JITSI_ONION_HOSTNAME

src/freedombone-app-kanboard

@@ -38,6 +38,9 @@ KANBOARD_REPO="https://github.com/kanboard/kanboard"
 KANBOARD_COMMIT='7a6b1bc3da0af442e02b5a2dc430a4ded8e7c4ee'
 KANBOARD_ADMIN_PASSWORD=
 
+KANBOARD_SHORT_DESCRIPTION=$'Simple kanban'
+KANBOARD_DESCRIPTION=$'Simple kanban'
+KANBOARD_MOBILE_APP_URL=
 
 kanboard_variables=(ONION_ONLY
                     KANBOARD_DOMAIN_NAME
@@ -91,7 +94,7 @@ function install_interactive_kanboard {
         while [ ! $KANBOARD_DETAILS_COMPLETE ]
         do
             data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ $DDNS_PROVIDER == *"freedns"* ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"KanBoard Configuration" \
                        --form $"\\nPlease enter your KanBoard details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
@@ -123,7 +126,7 @@ function install_interactive_kanboard {
                     KANBOARD_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                         KANBOARD_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$KANBOARD_CODE"
                         if [ ! "$VALID_CODE" ]; then

src/freedombone-app-koel

@@ -40,6 +40,10 @@ KOEL_REPO="https://github.com/phanan/koel"
 KOEL_COMMIT='8e9b021aa09f2b1460977bdd52fff14ea2bc1607'
 KOEL_ADMIN_PASSWORD=
 
+KOEL_SHORT_DESCRIPTION=$'Music player'
+KOEL_DESCRIPTION=$'Music player'
+KOEL_MOBILE_APP_URL=
+
 koel_variables=(ONION_ONLY
                 KOEL_DOMAIN_NAME
                 KOEL_CODE
@@ -90,7 +94,7 @@ function install_interactive_koel {
         while [ ! $KOEL_DETAILS_COMPLETE ]
         do
             data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Koel Configuration" \
                        --form $"\\nPlease enter your Koel details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
@@ -122,7 +126,7 @@ function install_interactive_koel {
                     KOEL_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                         KOEL_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$KOEL_CODE"
                         if [ ! "$VALID_CODE" ]; then

src/freedombone-app-lychee

@@ -37,6 +37,10 @@ LYCHEE_ONION_PORT=8105
 LYCHEE_REPO="https://github.com/electerious/Lychee"
 LYCHEE_COMMIT='27f207dcbac8488629ffc3b5a9cac78ae123bee9'
 
+LYCHEE_SHORT_DESCRIPTION=$'Photo album'
+LYCHEE_DESCRIPTION=$'Photo album'
+LYCHEE_MOBILE_APP_URL=
+
 lychee_variables=(LYCHEE_REPO
                   LYCHEE_DOMAIN_NAME
                   LYCHEE_CODE

src/freedombone-app-mailpile

@@ -35,9 +35,13 @@ MAILPILE_DOMAIN_NAME=
 MAILPILE_CODE=
 MAILPILE_ONION_PORT=8103
 MAILPILE_REPO="https://github.com/mailpile/Mailpile"
-MAILPILE_COMMIT='f82074d2ab5ccd65d14a6b3c6cd65aeb132831d7'
+MAILPILE_COMMIT='4f28f1bb55b3b9985f22ab6372d539b1087482dd'
 MAILPILE_PORT=33411
 
+MAILPILE_SHORT_DESCRIPTION=$'Email system'
+MAILPILE_DESCRIPTION=$'Email system'
+MAILPILE_MOBILE_APP_URL=
+
 mailpile_variables=(MAILPILE_REPO
                     MAILPILE_DOMAIN_NAME
                     MAILPILE_CODE
@@ -105,6 +109,7 @@ function upgrade_mailpile {
     pip install -r requirements.txt
 
     chown -R mailpile:mailpile "/var/www/$MAILPILE_DOMAIN_NAME/mail"
+    systemctl restart mailpile
 }
 
 function backup_local_mailpile {
@@ -171,6 +176,7 @@ function install_mailpile {
     fi
 
     apt-get -yq install python-pip python-lxml python-dev libjpeg-dev
+    apt-get -yq install openssl python-pgpdump python-cryptography libssl-dev
 
     if [ ! -d /var/www/$MAILPILE_DOMAIN_NAME ]; then
         mkdir /var/www/$MAILPILE_DOMAIN_NAME

src/freedombone-app-matrix

@@ -48,11 +48,15 @@ MATRIX_PORT=8009
 MATRIX_FEDERATION_ONION_PORT=8111
 MATRIX_ONION_PORT=8109
 MATRIX_REPO="https://github.com/matrix-org/synapse"
-MATRIX_COMMIT='ddb00efc1ddec646d02e8def6053003f04d077d7'
+MATRIX_COMMIT='9e8ab0a4f44a3ec9e4b049f5571c14e333e8f0fa'
 REPORT_STATS="no"
 MATRIX_SECRET=
 MATRIX_EXPIRE_MONTHS=1
 
+MATRIX_SHORT_DESCRIPTION=$'Chat system'
+MATRIX_DESCRIPTION=$'Chat system'
+MATRIX_MOBILE_APP_URL='https://f-droid.org/packages/im.vector.alpha'
+
 matrix_variables=(ONION_ONLY
                   MY_USERNAME
                   MATRIX_SECRET
@@ -418,6 +422,11 @@ function upgrade_matrix {
     function_check set_repo_commit
     set_repo_commit /etc/matrix "matrix commit" "$MATRIX_COMMIT" $MATRIX_REPO
     cd /etc/matrix || exit 62476724
+    if [ ! -d /etc/matrix/tmp ]; then
+        mkdir /etc/matrix/tmp
+    fi
+    export TMPDIR=/etc/matrix/tmp
+
     pip install --upgrade --process-dependency-links .
     pip install --upgrade --force "pynacl>=1.2.1"
 
@@ -426,7 +435,8 @@ function upgrade_matrix {
     chown -R matrix:matrix /etc/matrix
     chown -R matrix:matrix $MATRIX_DATA_DIR
 
-    pip install --upgrade --force "pynacl==0.3.0"
+    pip install --upgrade --force "pynacl>=1.2.1"
+    pip install --upgrade --force "canonicaljson>=1.1.3"
     pip install --upgrade --force "phonenumbers>=8.2.0"
 
     if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
@@ -434,6 +444,11 @@ function upgrade_matrix {
     fi
     systemctl start turn
     systemctl start matrix
+
+    export TMPDIR=/tmp
+    if [ -d /etc/matrix/tmp ]; then
+        rm -rf /etc/matrix/tmp/*
+    fi
 }
 
 function backup_local_matrix {
@@ -794,7 +809,8 @@ function install_matrix {
     # wait for nginx to start otherwise user add fails later
     sleep 5
 
-    pip install --upgrade --force "pynacl==0.3.0"
+    pip install --upgrade --force "pynacl>=1.2.1"
+    pip install --upgrade --force "canonicaljson>=1.1.3"
 
     if [[ $(add_user_matrix "${MY_USERNAME}" "${MATRIX_PASSWORD}" | tail -n 1) != "0" ]]; then
         echo $'Failed to add matrix admin user';

src/freedombone-app-mediagoblin

@@ -35,11 +35,15 @@ MEDIAGOBLIN_DOMAIN_NAME=
 MEDIAGOBLIN_ADMIN_PASSWORD=
 MEDIAGOBLIN_CODE=
 MEDIAGOBLIN_ONION_PORT=8108
-MEDIAGOBLIN_REPO="http://git.savannah.gnu.org/r/mediagoblin.git"
+MEDIAGOBLIN_REPO="https://git.savannah.gnu.org/git/mediagoblin.git"
 MEDIAGOBLIN_COMMIT='c4d3293dfa4076719e60fe9e052add07426f9a9a'
 MEDIAGOBLIN_BASE_DIR=/var/www/mediagoblin.local/htdocs
 MEDIAGOBLIN_PORT=6543
 
+MEDIAGOBLIN_SHORT_DESCRIPTION=$'Media storage and broadcast'
+MEDIAGOBLIN_DESCRIPTION=$'Media storage and broadcast'
+MEDIAGOBLIN_MOBILE_APP_URL=
+
 mediagoblin_variables=(ONION_ONLY
                        MY_USERNAME
                        MEDIAGOBLIN_DOMAIN_NAME

src/freedombone-app-movim

@@ -39,6 +39,10 @@ MOVIM_COMMIT='6142c2033b7695448516a67690324a3bde048260'
 MOVIM_ADMIN_PASSWORD=
 MOVIM_DAEMON_PORT=8880
 
+MOVIM_SHORT_DESCRIPTION=$'xmpp based chat system'
+MOVIM_DESCRIPTION=$'xmpp based chat system'
+MOVIM_MOBILE_APP_URL='https://f-droid.org/packages/com.movim.movim'
+
 movim_variables=(ONION_ONLY
                  MOVIM_DOMAIN_NAME
                  MOVIM_CODE
@@ -79,7 +83,7 @@ function install_interactive_movim {
         while [ ! $MOVIM_DETAILS_COMPLETE ]
         do
             data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Movim Configuration" \
                        --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
@@ -106,7 +110,7 @@ function install_interactive_movim {
                     MOVIM_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                         MOVIM_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$MOVIM_CODE"
                         if [ ! "$VALID_CODE" ]; then

src/freedombone-app-mumble

@@ -40,6 +40,10 @@ MUMBLE_PORT=64738
 MUMBLE_DATABASE="mumble-server.sqlite"
 MUMBLE_CONFIG_FILE="mumble-server.ini"
 
+MUMBLE_SHORT_DESCRIPTION=$'Voice chat'
+MUMBLE_DESCRIPTION=$'Voice chat'
+MUMBLE_MOBILE_APP_URL='https://f-droid.org/packages/com.morlunk.mumbleclient'
+
 mumble_variables=(MY_USERNAME
                   DEFAULT_DOMAIN_NAME
                   MUMBLE_PORT

src/freedombone-app-nextcloud

@@ -38,8 +38,13 @@ NEXTCLOUD_CODE=
 NEXTCLOUD_ONION_PORT=8112
 NEXTCLOUD_REPO="https://github.com/nextcloud/server"
 # Stable 13 branch
-NEXTCLOUD_COMMIT='b16824db31cd00e26e72216bf995d52389b9c93c'
+NEXTCLOUD_COMMIT='edd5712c6ead5b09fa4f996cfda66fc4e18ba597'
 NEXTCLOUD_ADMIN_PASSWORD=
+NEXTCLOUD_SERVER_SIDE_ENCRYPTION=1
+
+NEXTCLOUD_SHORT_DESCRIPTION=$'File storage and sync'
+NEXTCLOUD_DESCRIPTION=$'File storage and sync'
+NEXTCLOUD_MOBILE_APP_URL='https://f-droid.org/packages/com.nextcloud.client'
 
 nextcloud_variables=(ONION_ONLY
                      NEXTCLOUD_DOMAIN_NAME
@@ -83,6 +88,16 @@ function install_interactive_nextcloud {
         ONION_ONLY='no'
     fi
 
+    dialog --title $"Enable NextCloud server side encryption" \
+           --backtitle $"Freedombone Configuration" \
+           --yesno $"\\nDo you want to enable server side encryption. On ARM or older x86 systems, especially without HRNG, this may make performance excessively slow?" 10 60
+    sel=$?
+    case $sel in
+        1) NEXTCLOUD_SERVER_SIDE_ENCRYPTION=
+           ;;
+        255) return;;
+    esac
+
     if [[ $ONION_ONLY != "no" ]]; then
         NEXTCLOUD_DOMAIN_NAME='nextcloud.local'
     else
@@ -90,7 +105,7 @@ function install_interactive_nextcloud {
         while [ ! $NEXTCLOUD_DETAILS_COMPLETE ]
         do
             data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"NextCloud Configuration" \
                        --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
@@ -119,7 +134,7 @@ function install_interactive_nextcloud {
                     NEXTCLOUD_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                         NEXTCLOUD_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$NEXTCLOUD_CODE"
                         if [ ! "$VALID_CODE" ]; then
@@ -668,12 +683,14 @@ function install_nextcloud_main {
     sudo -u www-data ./occ check
     sudo -u www-data ./occ status
     sudo -u www-data ./occ app:list
-    sudo -u www-data ./occ app:enable encryption
-    if ! sudo -u www-data ./occ encryption:enable; then
-        echo $'Encryption not enabled'
-        exit 73527
+    if [ $NEXTCLOUD_SERVER_SIDE_ENCRYPTION ]; then
+        sudo -u www-data ./occ app:enable encryption
+        if ! sudo -u www-data ./occ encryption:enable; then
+            echo $'Encryption not enabled'
+            exit 73527
+        fi
+        sudo -u www-data ./occ encryption:status
     fi
-    sudo -u www-data ./occ encryption:status
     sudo -u www-data ./occ config:system:set appstoreenabled --value=false
     chmod g+w "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"
     chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"

src/freedombone-app-peertube

@@ -33,6 +33,7 @@ VARIANTS="full full-vim media"
 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+NOT_ON_ONION=1
 
 PEERTUBE_DOMAIN_NAME=
 PEERTUBE_CODE=
@@ -43,6 +44,10 @@ PEERTUBE_PORT=9004
 MESH_PEERTUBE_PORT=8500
 PEERTUBE_DIR=/etc/peertube
 
+PEERTUBE_SHORT_DESCRIPTION=$'Video broadcast'
+PEERTUBE_DESCRIPTION=$'Video broadcast'
+PEERTUBE_MOBILE_APP_URL=
+
 peertube_variables=(PEERTUBE_DOMAIN_NAME
                     PEERTUBE_CODE
                     PEERTUBE_ADMIN_PASSWORD

src/freedombone-app-pelican

@@ -380,7 +380,7 @@ function install_interactive_pelican {
         while [ ! $PELICAN_DETAILS_COMPLETE ]
         do
             data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Pelican Blog Configuration" \
                        --form $"\\nPlease enter your blog details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
@@ -412,7 +412,7 @@ function install_interactive_pelican {
                     PELICAN_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                         PELICAN_BLOG_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$PELICAN_BLOG_CODE"
                         if [ ! "$VALID_CODE" ]; then

src/freedombone-app-pleroma

@@ -36,7 +36,7 @@ PLEROMA_CODE=
 PLEROMA_PORT=4000
 PLEROMA_ONION_PORT=8011
 PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
-PLEROMA_COMMIT='762f6edc29a7a48e3a663e9bedec58e0036ff363'
+PLEROMA_COMMIT='6b9a6838331210dd514d5ecda52783c183bd1bbf'
 PLEROMA_ADMIN_PASSWORD=
 PLEROMA_DIR=/etc/pleroma
 PLEROMA_SECRET_KEY=""
@@ -51,6 +51,10 @@ PLEROMA_EXPIRE_MONTHS=3
 pleroma_expire_posts_script=/usr/bin/pleroma-expire-posts
 blocking_script_file=/usr/bin/pleroma-blocking
 
+PLEROMA_SHORT_DESCRIPTION=$'Federated microblogging'
+PLEROMA_DESCRIPTION=$'Federated microblogging'
+PLEROMA_MOBILE_APP_URL='https://f-droid.org/packages/com.keylesspalace.tusky'
+
 pleroma_variables=(ONION_ONLY
                    PLEROMA_DOMAIN_NAME
                    PLEROMA_CODE
@@ -335,7 +339,7 @@ function install_interactive_pleroma {
         while [ ! $PLEROMA_DETAILS_COMPLETE ]
         do
             data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Pleroma Configuration" \
                        --form $"\\nPlease enter your Pleroma details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
@@ -379,7 +383,7 @@ function install_interactive_pleroma {
                     PLEROMA_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                         PLEROMA_CODE=$(sed -n 4p < "$data")
                         validate_freedns_code "$PLEROMA_CODE"
                         if [ ! "$VALID_CODE" ]; then

src/freedombone-app-postactiv

@@ -45,6 +45,10 @@ POSTACTIV_TITLE='PostActiv'
 # Number of months after which posts expire
 POSTACTIV_EXPIRE_MONTHS=3
 
+POSTACTIV_SHORT_DESCRIPTION=$'Federated microblogging'
+POSTACTIV_DESCRIPTION=$'Federated microblogging'
+POSTACTIV_MOBILE_APP_URL='https://f-droid.org/packages/org.mariotaku.twidere/'
+
 postactiv_variables=(ONION_ONLY
                      POSTACTIV_DOMAIN_NAME
                      POSTACTIV_CODE
@@ -118,7 +122,7 @@ function install_interactive_postactiv {
         while [ ! $POSTACTIV_DETAILS_COMPLETE ]
         do
             data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"PostActiv Configuration" \
                        --form $"\\nPlease enter your PostActiv details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
@@ -162,7 +166,7 @@ function install_interactive_postactiv {
                     POSTACTIV_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                         POSTACTIV_CODE=$(sed -n 4p < "$data")
                         validate_freedns_code "$POSTACTIV_CODE"
                         if [ ! "$VALID_CODE" ]; then

src/freedombone-app-privatebin

@@ -38,6 +38,10 @@ PRIVATEBIN_REPO="https://github.com/PrivateBin/PrivateBin"
 PRIVATEBIN_COMMIT='9c132cd839fd5e91da18e4a1e8ebef64fce605fb'
 PRIVATEBIN_ADMIN_PASSWORD=
 
+PRIVATEBIN_SHORT_DESCRIPTION=$'Zero knowledge pastebin'
+PRIVATEBIN_DESCRIPTION=$'Zero knowledge pastebin'
+PRIVATEBIN_MOBILE_APP_URL=
+
 privatebin_variables=(ONION_ONLY
                       PRIVATEBIN_DOMAIN_NAME
                       PRIVATEBIN_CODE
@@ -55,6 +59,7 @@ function secure_privatebin {
 
     chown -R ${rootuser}:${htgroup} "${pbpath}/"
     chown -R www-data:www-data "${pbdata}"
+    chmod 755 "${pbdata}"
 }
 
 function logging_on_privatebin {
@@ -89,7 +94,7 @@ function install_interactive_privatebin {
         while [ ! $PRIVATEBIN_DETAILS_COMPLETE ]
         do
             data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"PrivateBin Configuration" \
                        --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
@@ -121,7 +126,7 @@ function install_interactive_privatebin {
                     PRIVATEBIN_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                         PRIVATEBIN_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$PRIVATEBIN_CODE"
                         if [ ! "$VALID_CODE" ]; then
@@ -153,15 +158,16 @@ function reconfigure_privatebin {
 }
 
 function upgrade_privatebin {
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
+        PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
+    fi
+    chmod 755 "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data"
+
     CURR_PRIVATEBIN_COMMIT=$(get_completion_param "privatebin commit")
     if [[ "$CURR_PRIVATEBIN_COMMIT" == "$PRIVATEBIN_COMMIT" ]]; then
         return
     fi
 
-    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
-        PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
-    fi
-
     # update to the next commit
     function_check set_repo_commit
     set_repo_commit "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" "privatebin commit" "$PRIVATEBIN_COMMIT" "$PRIVATEBIN_REPO"
@@ -436,8 +442,6 @@ function install_privatebin {
     sed -i 's|; qrcode|qrcode|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
     sed -i 's|default =.*|default = "1day"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
     sed -i 's|languagedefault =.*|languagedefault = "en"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
-    sed -i 's|1week =|; 1week =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
-    sed -i 's|1month =|; 1month =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
     sed -i 's|1year =|; 1year =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
     sed -i 's|never =|; never =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
     sed -i 's|limit = 10|limit = 30|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"

src/freedombone-app-riot

@@ -32,9 +32,9 @@ IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
 NOT_ON_ONION=1
 
-RIOT_VERSION='0.13.3'
+RIOT_VERSION='0.15.3'
 RIOT_FILENAME="riot-v${RIOT_VERSION}"
-RIOT_HASH='bcd6c2f4be018612ac76a71b58749a5edab1e02de7d145a22d9b9aa6e6a89129'
+RIOT_HASH='0aecaa1c0d1e387c1730fea33cdb01b1a296e6146b7aef6a819fa90d9efc026e'
 RIOT_DOWNLOAD_URL="https://github.com/vector-im/riot-web/releases/download/v${RIOT_VERSION}"
 RIOT_ONION_PORT=8115
 RIOT_ONION_HOSTNAME=
@@ -76,7 +76,7 @@ function install_interactive_riot {
         while [ ! $RIOT_DETAILS_COMPLETE ]
         do
             data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Riot Web user interface for Matrix" \
                        --form $"\\nPlease enter your details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
@@ -105,7 +105,7 @@ function install_interactive_riot {
                     RIOT_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                         RIOT_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$RIOT_CODE"
                         if [ ! "$VALID_CODE" ]; then

src/freedombone-app-rocketchat

@@ -0,0 +1,343 @@
+#!/bin/bash
+#
+#  _____               _           _
+# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
+# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
+# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
+#
+#                              Freedom in the Cloud
+#
+# License
+# =======
+#
+# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+VARIANTS='full full-vim'
+
+IN_DEFAULT_INSTALL=0
+SHOW_ON_ABOUT=1
+NOT_ON_ARM=1
+
+ROCKETCHAT_DOMAIN_NAME=
+ROCKETCHAT_CODE=
+ROCKETCHAT_ONION_PORT=9722
+ROCKETCHAT_PORT_INTERNAL=3000
+
+ROCKETCHAT_SHORT_DESCRIPTION=$'Chat system'
+ROCKETCHAT_DESCRIPTION=$'Chat system'
+ROCKETCHAT_MOBILE_APP_URL=
+
+rocketchat_variables=(ONION_ONLY
+                      ROCKETCHAT_DOMAIN_NAME
+                      ROCKETCHAT_CODE
+                      DDNS_PROVIDER
+                      MY_USERNAME)
+
+function logging_on_rocketchat {
+    echo -n ''
+}
+
+function logging_off_rocketchat {
+    echo -n ''
+}
+
+function remove_user_rocketchat {
+    remove_username="$1"
+
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp rocketchat
+}
+
+function add_user_rocketchat {
+    new_username="$1"
+    new_user_password="$2"
+
+    "${PROJECT_NAME}-pass" -u "$new_username" -a rocketchat -p "$new_user_password"
+    echo '0'
+}
+
+function install_interactive_rocketchat {
+    if [ ! "$ONION_ONLY" ]; then
+        ONION_ONLY='no'
+    fi
+
+    if [[ "$ONION_ONLY" != "no" ]]; then
+        ROCKETCHAT_DOMAIN_NAME='rocketchat.local'
+        write_config_param "ROCKETCHAT_DOMAIN_NAME" "$ROCKETCHAT_DOMAIN_NAME"
+    else
+        interactive_site_details "rocketchat" "ROCKETCHAT_DOMAIN_NAME" "ROCKETCHAT_CODE"
+    fi
+    APP_INSTALLED=1
+}
+
+function change_password_rocketchat {
+    curr_username="$1"
+    new_user_password="$2"
+
+    read_config_param 'ROCKETCHAT_DOMAIN_NAME'
+
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a rocketchat -p "$new_user_password"
+}
+
+function reconfigure_rocketchat {
+    # This is used if you need to switch identity. Dump old keys and generate new ones
+    echo -n ''
+}
+
+function upgrade_rocketchat {
+    echo -n ''
+}
+
+function backup_local_rocketchat {
+    ROCKETCHAT_DOMAIN_NAME='rocketchat'
+    if grep -q "rocketchat domain" "$COMPLETION_FILE"; then
+        ROCKETCHAT_DOMAIN_NAME=$(get_completion_param "rocketchat domain")
+    fi
+
+    source_directory=/var/snap/rocketchat-server
+
+    suspend_site "${ROCKETCHAT_DOMAIN_NAME}"
+
+    systemctl stop rocketchat
+
+    dest_directory=rocketchat
+    backup_directory_to_usb "$source_directory" $dest_directory
+
+    restart_site
+    systemctl start rocketchat
+}
+
+function restore_local_rocketchat {
+    if ! grep -q "rocketchat domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    ROCKETCHAT_DOMAIN_NAME=$(get_completion_param "rocketchat domain")
+    if [ ! "$ROCKETCHAT_DOMAIN_NAME" ]; then
+        return
+    fi
+    suspend_site "${ROCKETCHAT_DOMAIN_NAME}"
+    systemctl stop rocketchat
+
+    temp_restore_dir=/root/temprocketchat
+    rocketchat_dir=/var/snap/rocketchat-server
+
+    restore_directory_from_usb $temp_restore_dir rocketchat
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$rocketchat_dir" ]; then
+            cp -rp "$temp_restore_dir$rocketchat_dir"/* "$rocketchat_dir"/
+        else
+            if [ ! -d "$rocketchat_dir" ]; then
+                mkdir "$rocketchat_dir"
+            fi
+            cp -rp "$temp_restore_dir"/* "$rocketchat_dir"/
+        fi
+        rm -rf $temp_restore_dir
+    fi
+    systemctl start rocketchat
+
+    restart_site
+}
+
+function backup_remote_rocketchat {
+    ROCKETCHAT_DOMAIN_NAME='rocketchat'
+    if grep -q "rocketchat domain" "$COMPLETION_FILE"; then
+        ROCKETCHAT_DOMAIN_NAME=$(get_completion_param "rocketchat domain")
+    fi
+
+    source_directory=/var/snap/rocketchat-server
+
+    suspend_site "${ROCKETCHAT_DOMAIN_NAME}"
+    systemctl stop rocketchat
+
+    dest_directory=rocketchat
+    backup_directory_to_friend "$source_directory" $dest_directory
+
+    systemctl start rocketchat
+
+    restart_site
+}
+
+function restore_remote_rocketchat {
+    if ! grep -q "rocketchat domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    ROCKETCHAT_DOMAIN_NAME=$(get_completion_param "rocketchat domain")
+    if [ ! "$ROCKETCHAT_DOMAIN_NAME" ]; then
+        return
+    fi
+    suspend_site "${ROCKETCHAT_DOMAIN_NAME}"
+    systemctl stop rocketchat
+
+    temp_restore_dir=/root/temprocketchat
+    rocketchat_dir=/var/snap/rocketchat-server
+
+    restore_directory_from_friend $temp_restore_dir rocketchat
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$rocketchat_dir" ]; then
+            cp -rp "$temp_restore_dir$rocketchat_dir"/* "$rocketchat_dir"/
+        else
+            if [ ! -d "$rocketchat_dir" ]; then
+                mkdir "$rocketchat_dir"
+            fi
+            cp -rp $temp_restore_dir/* "$rocketchat_dir"/
+        fi
+        rm -rf $temp_restore_dir
+    fi
+    systemctl start rocketchat
+
+    restart_site
+}
+
+function remove_rocketchat {
+    nginx_dissite "$ROCKETCHAT_DOMAIN_NAME"
+    remove_certs "$ROCKETCHAT_DOMAIN_NAME"
+
+    remove_nodejs rocketchat
+
+    if [ -d "/var/www/$ROCKETCHAT_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$ROCKETCHAT_DOMAIN_NAME"
+    fi
+    if [ -f "/etc/nginx/sites-available/$ROCKETCHAT_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$ROCKETCHAT_DOMAIN_NAME"
+    fi
+    remove_onion_service rocketchat "${ROCKETCHAT_ONION_PORT}"
+    if grep -q "rocketchat" /etc/crontab; then
+        sed -i "/rocketchat/d" /etc/crontab
+    fi
+    remove_app rocketchat
+    remove_completion_param install_rocketchat
+    sed -i '/rocketchat/d' "$COMPLETION_FILE"
+
+    remove_ddns_domain "$ROCKETCHAT_DOMAIN_NAME"
+
+    remove_snap rocketchat-server
+}
+
+function install_rocketchat {
+    install_snap rocketchat-server
+
+    install_nodejs rocketchat
+    if [ ! "$ROCKETCHAT_DOMAIN_NAME" ]; then
+        echo $'No domain name was given'
+        exit 3568356
+    fi
+
+    if [ -d "/var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs" ]; then
+        rm -rf "/var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs"
+    fi
+    mkdir -p "/var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs"
+
+    chmod g+w "/var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs"
+
+    add_ddns_domain "$ROCKETCHAT_DOMAIN_NAME"
+
+    ROCKETCHAT_ONION_HOSTNAME=$(add_onion_service rocketchat 80 "${ROCKETCHAT_ONION_PORT}")
+
+    rocketchat_nginx_site=/etc/nginx/sites-available/$ROCKETCHAT_DOMAIN_NAME
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        nginx_http_redirect "$ROCKETCHAT_DOMAIN_NAME" "index index.html"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $ROCKETCHAT_DOMAIN_NAME;";
+          echo ''; } >> "$rocketchat_nginx_site"
+        nginx_compress "$ROCKETCHAT_DOMAIN_NAME"
+        echo '' >> "$rocketchat_nginx_site"
+        echo '  # Security' >> "$rocketchat_nginx_site"
+        nginx_ssl "$ROCKETCHAT_DOMAIN_NAME"
+
+        nginx_security_options "$ROCKETCHAT_DOMAIN_NAME"
+
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.html;';
+          echo '  # Location';
+          echo '  location / {'; } >> "$rocketchat_nginx_site"
+        nginx_limits "$ROCKETCHAT_DOMAIN_NAME" '15m'
+        { echo "    proxy_pass http://localhost:$ROCKETCHAT_PORT_INTERNAL;";
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo "    proxy_set_header Connection \"upgrade\";"
+          echo "    proxy_set_header Host \$http_host;"
+          echo '';
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header X-Forward-For \$proxy_add_x_forwarded_for;";
+          echo '    proxy_set_header X-Forward-Proto http;';
+          echo '    proxy_set_header X-Nginx-Proxy true;';
+          echo '';
+          echo '    proxy_redirect off;';
+          echo '  }';
+          echo '}'; } >> "$rocketchat_nginx_site"
+    else
+        echo -n '' > "$rocketchat_nginx_site"
+    fi
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$ROCKETCHAT_ONION_PORT default_server;";
+      echo "    server_name $ROCKETCHAT_ONION_HOSTNAME;";
+      echo ''; } >> "$rocketchat_nginx_site"
+    nginx_compress "$ROCKETCHAT_DOMAIN_NAME"
+    echo '' >> "$rocketchat_nginx_site"
+    nginx_security_options "$ROCKETCHAT_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.html;';
+      echo '  # Location';
+      echo '  location / {'; } >> "$rocketchat_nginx_site"
+    nginx_limits "$ROCKETCHAT_DOMAIN_NAME" '15m'
+    { echo "    proxy_pass http://localhost:$ROCKETCHAT_PORT_INTERNAL;";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo "    proxy_set_header Connection \"upgrade\";"
+      echo "    proxy_set_header Host \$http_host;"
+      echo '';
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header X-Forward-For \$proxy_add_x_forwarded_for;";
+      echo '    proxy_set_header X-Forward-Proto http;';
+      echo '    proxy_set_header X-Nginx-Proxy true;';
+      echo '';
+      echo '    proxy_redirect off;';
+      echo '  }';
+      echo '}'; } >> "$rocketchat_nginx_site"
+
+    # If content security is enabled then the https site won't load
+    sed -i 's|add_header Content-Security-Policy|#add_header Content-Security-Policy|g' "$rocketchat_nginx_site"
+
+    create_site_certificate "$ROCKETCHAT_DOMAIN_NAME" 'yes'
+
+    nginx_ensite "$ROCKETCHAT_DOMAIN_NAME"
+
+    systemctl restart nginx
+
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a rocketchat -p "$ROCKETCHAT_ADMIN_PASSWORD"
+    set_completion_param "rocketchat domain" "$ROCKETCHAT_DOMAIN_NAME"
+
+    APP_INSTALLED=1
+}
+
+# NOTE: deliberately there is no "exit 0"

src/freedombone-app-smolrss

@@ -0,0 +1,409 @@
+#!/bin/bash
+#
+#  _____               _           _
+# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
+# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
+# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
+#
+#                              Freedom in the Cloud
+#
+# License
+# =======
+#
+# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+VARIANTS='full full-vim'
+
+IN_DEFAULT_INSTALL=0
+SHOW_ON_ABOUT=1
+SHOW_ICANN_ADDRESS_ON_ABOUT=0
+
+SMOLRSS_DOMAIN_NAME=
+SMOLRSS_CODE=
+SMOLRSS_ONION_PORT=8751
+SMOLRSS_REPO="https://github.com/bashrc/smolrss"
+SMOLRSS_COMMIT='d9fca3fd76b95c601553a1264ff500c287211105'
+
+smolrss_variables=(ONION_ONLY
+                   SMOLRSS_DOMAIN_NAME
+                   SMOLRSS_CODE
+                   DDNS_PROVIDER
+                   MY_USERNAME)
+
+function logging_on_smolrss {
+    echo -n ''
+}
+
+function logging_off_smolrss {
+    echo -n ''
+}
+
+function remove_user_smolrss {
+    #remove_username="$1"
+    echo -n ''
+}
+
+function add_user_smolrss {
+    #new_username="$1"
+    #new_user_password="$2"
+
+    echo '0'
+}
+
+function install_interactive_smolrss {
+    echo -n ''
+    APP_INSTALLED=1
+}
+
+function change_password_smolrss {
+    #curr_username="$1"
+    #new_user_password="$2"
+    echo -n ''
+}
+
+function reconfigure_smolrss {
+    # This is used if you need to switch identity. Dump old keys and generate new ones
+    echo -n ''
+}
+
+function smolrss_add_feed {
+    data=$(mktemp 2>/dev/null)
+    dialog --backtitle $"Smol RSS" \
+           --title $"Add an RSS feed" \
+           --form "\\n" 8 60 3 \
+           $"Title:" 1 1 "" 1 12 40 256 \
+           $"Feed URL:" 2 1 "" 2 12 40 10000 \
+           2> "$data"
+    sel=$?
+    case $sel in
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
+    esac
+    title=$(sed -n 1p < "$data")
+    url=$(sed -n 2p < "$data")
+    rm -f "$data"
+
+    if [ ! "$title" ]; then
+        return
+    fi
+
+    if [ ! "$url" ]; then
+        return
+    fi
+
+    if [[ "$url" == *','* ]]; then
+        return
+    fi
+    if [[ "$url" != *'.'* ]]; then
+        return
+    fi
+
+    cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || return
+
+    if grep -q "${title}," feeds.txt; then
+        sed -i "s|${title},.*|${title},${url}|g" feeds.txt
+    else
+        echo "${title},${url}" >> feeds.txt
+    fi
+
+    ./create_feeds feeds.txt > feeds.xml
+    chown www-data:www-data feeds.txt
+
+    dialog --title $"Add an RSS feed" \
+           --msgbox $"${title} has been added" 6 70
+}
+
+function smolrss_remove_feed {
+    data=$(mktemp 2>/dev/null)
+    dialog --title $"Remove an RSS feed" \
+           --backtitle $"Smol RSS" \
+           --inputbox $"Enter the title of the feed to remove" 8 60 2>"$data"
+    sel=$?
+    case $sel in
+        0)
+            title=$(<"$data")
+            if [ "$title" ]; then
+                cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || return
+                if grep -q "${title}," feeds.txt; then
+                    sed -i "/${title},/d" feeds.xml
+                    ./create_feeds feeds.txt > feeds.xml
+                    chown www-data:www-data feeds.txt
+                    dialog --title $"Remove an RSS feed" \
+                           --msgbox $"${title} has been removed" 6 70
+                fi
+            fi
+            ;;
+    esac
+    rm -f "$data"
+}
+
+function configure_interactive_smolrss {
+    W=(1 $"Add an RSS feed"
+       2 $"Remove an RSS feed"
+       3 $'Edit all feeds'
+       4 $'Light theme'
+       5 $'Dark theme')
+
+    read_config_param SMOLRSS_DOMAIN_NAME
+
+    while true
+    do
+
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Smol RSS" --menu $"Choose an operation, or ESC for main menu:" 14 70 5 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+        case $selection in
+            1) smolrss_add_feed
+               ;;
+            2) smolrss_remove_feed
+               ;;
+            3) editor "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs/feeds.txt"
+               cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || break
+               ./create_feeds feeds.txt > feeds.xml
+               chown www-data:www-data feeds.txt
+               ;;
+            4) cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || break
+               cp style.light.css style.css
+               chown www-data:www-data style.css
+               dialog --title $"Smol RSS theme" \
+                      --msgbox $"Switched theme to light" 6 50
+               ;;
+            5) cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || break
+               cp style.dark.css style.css
+               chown www-data:www-data style.css
+               dialog --title $"Smol RSS theme" \
+                      --msgbox $"Switched theme to dark" 6 50
+               ;;
+        esac
+    done
+}
+
+function upgrade_smolrss {
+    CURR_SMOLRSS_COMMIT=$(get_completion_param "smolrss commit")
+    if [[ "$CURR_SMOLRSS_COMMIT" == "$SMOLRSS_COMMIT" ]]; then
+        return
+    fi
+
+    if grep -q "smolrss domain" "$COMPLETION_FILE"; then
+        SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain")
+    fi
+
+    # update to the next commit
+    set_repo_commit "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" "smolrss commit" "$SMOLRSS_COMMIT" "$SMOLRSS_REPO"
+
+    cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || return
+    ./create_feeds feeds.txt > feeds.xml
+
+    chown -R www-data:www-data "/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs"
+}
+
+function backup_local_smolrss {
+    SMOLRSS_DOMAIN_NAME='smolrss'
+    if grep -q "smolrss domain" "$COMPLETION_FILE"; then
+        SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain")
+    fi
+
+    source_directory=/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs
+
+    suspend_site "${SMOLRSS_DOMAIN_NAME}"
+
+    dest_directory=smolrss
+    backup_directory_to_usb "$source_directory" $dest_directory
+
+    restart_site
+}
+
+function restore_local_smolrss {
+    if ! grep -q "smolrss domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain")
+    if [ ! "$SMOLRSS_DOMAIN_NAME" ]; then
+        return
+    fi
+    suspend_site "${SMOLRSS_DOMAIN_NAME}"
+    temp_restore_dir=/root/tempsmolrss
+    smolrss_dir=/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs
+
+    restore_directory_from_usb $temp_restore_dir smolrss
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$smolrss_dir" ]; then
+            cp -rp "$temp_restore_dir$smolrss_dir"/* "$smolrss_dir"/
+        else
+            if [ ! -d "$smolrss_dir" ]; then
+                mkdir "$smolrss_dir"
+            fi
+            cp -rp "$temp_restore_dir"/* "$smolrss_dir"/
+        fi
+        chown -R www-data:www-data "$smolrss_dir"
+        rm -rf $temp_restore_dir
+    fi
+    restart_site
+}
+
+function backup_remote_smolrss {
+    SMOLRSS_DOMAIN_NAME='smolrss'
+    if grep -q "smolrss domain" "$COMPLETION_FILE"; then
+        SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain")
+    fi
+
+    source_directory=/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs
+
+    suspend_site "${SMOLRSS_DOMAIN_NAME}"
+
+    dest_directory=smolrss
+    backup_directory_to_friend "$source_directory" $dest_directory
+
+    restart_site
+}
+
+function restore_remote_smolrss {
+    if ! grep -q "smolrss domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain")
+    if [ ! "$SMOLRSS_DOMAIN_NAME" ]; then
+        return
+    fi
+    suspend_site "${SMOLRSS_DOMAIN_NAME}"
+    temp_restore_dir=/root/tempsmolrss
+    smolrss_dir=/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs
+
+    restore_directory_from_friend $temp_restore_dir smolrss
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$smolrss_dir" ]; then
+            cp -rp "$temp_restore_dir$smolrss_dir"/* "$smolrss_dir"/
+        else
+            if [ ! -d "$smolrss_dir" ]; then
+                mkdir "$smolrss_dir"
+            fi
+            cp -rp $temp_restore_dir/* "$smolrss_dir"/
+        fi
+        chown -R www-data:www-data "$smolrss_dir"
+        rm -rf $temp_restore_dir
+    fi
+    restart_site
+}
+
+function remove_smolrss {
+    nginx_dissite "$SMOLRSS_DOMAIN_NAME"
+    remove_certs "$SMOLRSS_DOMAIN_NAME"
+
+
+    if [ -d "/var/www/$SMOLRSS_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$SMOLRSS_DOMAIN_NAME"
+    fi
+    if [ -f "/etc/nginx/sites-available/$SMOLRSS_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$SMOLRSS_DOMAIN_NAME"
+    fi
+    remove_onion_service smolrss "${SMOLRSS_ONION_PORT}"
+    if grep -q "smolrss" /etc/crontab; then
+        sed -i "/smolrss/d" /etc/crontab
+    fi
+    remove_app smolrss
+    remove_completion_param install_smolrss
+    sed -i '/smolrss/d' "$COMPLETION_FILE"
+
+    remove_ddns_domain "$SMOLRSS_DOMAIN_NAME"
+}
+
+function install_smolrss {
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
+    apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
+
+    SMOLRSS_DOMAIN_NAME='smolrss.local'
+
+    if [ -d "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" ]; then
+        rm -rf "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs"
+    fi
+    if [ -d /repos/smolrss ]; then
+        mkdir "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs"
+        cp -r -p /repos/smolrss/. "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs"
+        cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || exit 324687356
+        git pull
+    else
+        git_clone "$SMOLRSS_REPO" "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs"
+    fi
+
+    if [ ! -d "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" ]; then
+        echo $'Unable to clone smolrss repo'
+        exit 87525
+    fi
+
+    cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || exit 36587356
+    git checkout "$SMOLRSS_COMMIT" -b "$SMOLRSS_COMMIT"
+    set_completion_param "smolrss commit" "$SMOLRSS_COMMIT"
+
+    cp feeds.example.txt feeds.txt
+    ./create_feeds feeds.txt > feeds.xml
+
+    chmod g+w "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs"
+
+    add_ddns_domain "$SMOLRSS_DOMAIN_NAME"
+
+    SMOLRSS_ONION_HOSTNAME=$(add_onion_service smolrss 80 "${SMOLRSS_ONION_PORT}")
+
+    smolrss_nginx_site=/etc/nginx/sites-available/$SMOLRSS_DOMAIN_NAME
+    echo -n '' > "$smolrss_nginx_site"
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$SMOLRSS_ONION_PORT default_server;";
+      echo "    server_name $SMOLRSS_ONION_HOSTNAME;";
+      echo ''; } >> "$smolrss_nginx_site"
+    nginx_compress "$SMOLRSS_DOMAIN_NAME"
+    echo '' >> "$smolrss_nginx_site"
+    nginx_security_options "$SMOLRSS_DOMAIN_NAME"
+    { echo '';
+      echo '    access_log /dev/null;';
+      echo '    error_log /dev/null;';
+      echo '';
+      echo "    root /var/www/$SMOLRSS_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '    fastcgi_param HTTPS off;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$smolrss_nginx_site"
+    nginx_limits "$SMOLRSS_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ index.php?\$args;";
+      echo '  }';
+      echo '}'; } >> "$smolrss_nginx_site"
+
+    configure_php
+
+    nginx_ensite "$SMOLRSS_DOMAIN_NAME"
+
+    systemctl restart php7.0-fpm
+
+    systemctl restart nginx
+
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a smolrss -p "$SMOLRSS_ADMIN_PASSWORD"
+    set_completion_param "smolrss domain" "$SMOLRSS_DOMAIN_NAME"
+
+    APP_INSTALLED=1
+}
+
+# NOTE: deliberately there is no "exit 0"

src/freedombone-app-syncthing

@@ -40,6 +40,10 @@ SYNCTHING_PORT=22000
 SYNCTHING_SHARED_DATA=/var/lib/syncthing/SyncShared
 SYNCTHING_USER_IDS_FILE='.syncthingids'
 
+SYNCTHING_SHORT_DESCRIPTION=$'File synchronization'
+SYNCTHING_DESCRIPTION=$'File synchronization'
+SYNCTHING_MOBILE_APP_URL='https://f-droid.org/packages/com.nutomic.syncthingandroid'
+
 syncthing_variables=(SYNCTHING_ID
                      SYNCTHING_CONFIG_PATH
                      SYNCTHING_CONFIG_FILE
@@ -213,33 +217,26 @@ function run_client_syncthing {
     SYNCTHING_CONFIG_FILE=~/.syncthingids
     SYNCTHING_ID=$(cat ~/.syncthing-server-id)
 
+    W=(1 $"Show device ID for ${PROJECT_NAME}"
+       2 $"Add an ID for another machine or device"
+       3 $"Remove an ID for another machine or device"
+       4 $"Manually edit device IDs")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone User Control Panel" \
-               --title $"File Synchronization" \
-               --radiolist $"Choose an operation:" 12 70 6 \
-               1 $"Show device ID for ${PROJECT_NAME}" off \
-               2 $"Add an ID for another machine or device" off \
-               3 $"Remove an ID for another machine or device" off \
-               4 $"Manually edit device IDs" off \
-               5 $"Back to main menu" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               break;;
-            255) rm -f "$data"
-                 break;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone User Control Panel" --title $"File Synchronization" --menu $"Choose an operation, or ESC for main menu:" 12 70 6 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+           break
+        fi
+
+        case $selection in
             1) syncthing_show_id;;
             2) syncthing_add_id;;
             3) syncthing_remove_id;;
             4) syncthing_manual_edit;;
-            5) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 

src/freedombone-app-turtl

@@ -48,6 +48,10 @@ TURTL_BASE_DIR=/etc/turtl
 TURTL_SIGNUP_STRING='Signup a new user'
 turtl_users_file=$TURTL_BASE_DIR/api/controllers/users.lisp
 
+TURTL_SHORT_DESCRIPTION=$'Note taking'
+TURTL_DESCRIPTION=$'Note taking'
+TURTL_MOBILE_APP_URL=
+
 turtl_variables=(ONION_ONLY
                  DEFAULT_DOMAIN_NAME
                  TURTL_DOMAIN_NAME

src/freedombone-app-xmpp

@@ -43,8 +43,8 @@ XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+
 XMPP_ECC_CURVE='"secp384r1"'
 
 prosody_latest_version='0.10'
-prosody_nightly=468
-prosody_nightly_hash='c72aaab1182a86090188284f443d2f819889ca242d4e955258ef60f4c7c9a1ba'
+prosody_nightly=478
+prosody_nightly_hash='884e773920dbcd0a748d05391235df3ff2b82285357b13cb347c99564512593e'
 prosody_filename=prosody-${prosody_latest_version}-1nightly${prosody_nightly}
 prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest/${prosody_filename}.tar.gz"
 
@@ -53,6 +53,10 @@ prosody_modules_filename='prosody-modules-20180322.tar.gz'
 prosody_modules_hash='982d0dfcef98e9cb9cee4cc3801b8ce9a503a32e44c32b99df6fe94545b90072'
 xmpp_encryption_warning=$"For security reasons, OMEMO or PGP encryption is required for conversations on this server."
 
+XMPP_SHORT_DESCRIPTION=$'Chat system'
+XMPP_DESCRIPTION=$'Chat system'
+XMPP_MOBILE_APP_URL='https://f-droid.org/packages/eu.siacs.conversations'
+
 xmpp_variables=(ONION_ONLY
                 INSTALLED_WITHIN_DOCKER
                 XMPP_CIPHERS
@@ -644,7 +648,6 @@ function remove_xmpp {
 
     function_check remove_onion_service
     remove_onion_service xmpp 5222 5223 5269
-    sed -i '/HiddenServiceVersion 2/d' "$ONION_SERVICES_FILE"
 
     apt-mark -q unhold prosody
     apt-get -yq remove --purge prosody
@@ -1133,7 +1136,7 @@ function install_xmpp {
     fi
     if ! grep -q "hidden_service_xmpp" "$ONION_SERVICES_FILE"; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/';
-          echo 'HiddenServiceVersion 2';
+          echo 'HiddenServiceVersion 3';
           echo "HiddenServicePort 5222 127.0.0.1:5222";
           echo "HiddenServicePort 5269 127.0.0.1:5269"; } >> "$ONION_SERVICES_FILE"
         echo $'Added onion site for xmpp chat'

src/freedombone-base-email

@@ -1663,6 +1663,20 @@ function refresh_gpg_keys {
     fi
 }
 
+function prevent_mail_process_overrun {
+    # This prevents any large buildup of exim processes, perhaps due to
+    # Tor unavailability, from disabling the server
+    { echo '#!/bin/bash';
+      echo "exim_ctr=\$(pgrep \"exim4\" | wc -l)";
+      echo "if [ \"\$exim_ctr\" -gt 5 ]; then";
+      echo '    systemctl stop exim4';
+      echo '    exim -bp | exiqgrep -i | xargs exim -Mrm 2> /dev/null';
+      echo '    systemctl start exim4';
+      echo 'fi'; } > /usr/bin/exim_check
+    chmod +x /usr/bin/exim_check
+    cron_add_mins 5 '/usr/bin/exim_check'
+}
+
 function install_email {
     if [[ $SYSTEM_TYPE == "mesh"* ]]; then
         return
@@ -1675,8 +1689,39 @@ function install_email {
     check_email_address_exists
     install_email_basic
     configure_email_onion
+    prevent_mail_process_overrun
 
     mark_completed "${FUNCNAME[0]}"
 }
 
+function remove_ip_addresses_from_email_logs {
+    { echo '#!/bin/bash';
+      echo '';
+      echo 'if grep -q "= /dev/null" /etc/php/7.0/fpm/php-fpm.conf; then';
+      echo '    if [ -f /var/log/exim4/mainlog ]; then';
+      echo '        rm /var/log/exim4/mainlog';
+      echo '    fi';
+      echo '    if [ -f /var/log/exim4/rejectlog ]; then';
+      echo '        rm /var/log/exim4/rejectlog';
+      echo '    fi';
+      echo 'else';
+      echo '    if [ -f /var/log/exim4/mainlog ]; then';
+      echo "        if grep -q '\\[' /var/log/exim4/mainlog; then";
+      echo "            tail -n 50 /var/log/exim4/mainlog | sed 's/\\[[^][]*\\]//g' > /tmp/.exim4_mainlog";
+      echo '            chown Debian-exim:adm /tmp/.exim4_mainlog';
+      echo '            mv /tmp/.exim4_mainlog /var/log/exim4/mainlog';
+      echo '        fi';
+      echo '    fi';
+      echo '    if [ -f /var/log/exim4/rejectlog ]; then';
+      echo "        if grep -q '\\[' /var/log/exim4/rejectlog; then";
+      echo "            tail -n 50 /var/log/exim4/rejectlog | sed 's/\\[[^][]*\\]//g' > /tmp/.exim4_rejectlog";
+      echo '            chown Debian-exim:adm /tmp/.exim4_rejectlog';
+      echo '            mv /tmp/.exim4_rejectlog /var/log/exim4/rejectlog';
+      echo '        fi';
+      echo '    fi';
+      echo 'fi'; } > /usr/bin/exim_log_tidy
+    chmod +x /usr/bin/exim_log_tidy
+    cron_add_mins 1 '/usr/bin/exim_log_tidy'
+}
+
 # NOTE: deliberately no exit 0

src/freedombone-client

@@ -6,6 +6,14 @@
 #
 #                              Freedom in the Cloud
 #
+# This is an optional command for setting up a client machine
+# to then be able to log into a server. It installs a few packages
+# for things like IRC and twiddles crypto settings.
+#
+# It may not be necessary to run this on client machines, and
+# is provided for some extra convenience on a Debian or Arch
+# based system.
+#
 # License
 # =======
 #
@@ -34,7 +42,6 @@ CURR_GROUP=$USER
 if [ -f /usr/bin/pacman ]; then
     CURR_GROUP='users'
 fi
-ENABLE_MONKEYSPHERE=
 
 # setup for a specific app
 SETUP_CLIENT_APP_NAME=
@@ -177,20 +184,12 @@ function configure_ssh_client {
             { echo "# ${PROJECT_NAME} settings start";
               echo 'Host *.onion';
               echo '  ServerAliveInterval 60';
-              echo '  ServerAliveCountMax 3'; } >> ~/.ssh/config
-
-            if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
-                echo "  ProxyCommand sh -c 'monkeysphere ssh-proxycommand --no-connect %h %p ; $proxycmd'" >> ~/.ssh/config
-            else
-                echo "  ProxyCommand $proxycmd" >> ~/.ssh/config
-            fi
-            { echo 'Host *';
+              echo '  ServerAliveCountMax 3';
+              echo "  ProxyCommand $proxycmd";
+              echo 'Host *';
               echo '  ServerAliveInterval 60';
-              echo '  ServerAliveCountMax 3'; } >> ~/.ssh/config
-            if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
-                echo '  ProxyCommand monkeysphere ssh-proxycommand %h %p' >> ~/.ssh/config
-            fi
-            echo "# ${PROJECT_NAME} settings end" >> ~/.ssh/config
+              echo '  ServerAliveCountMax 3';
+              echo "# ${PROJECT_NAME} settings end"; } >> ~/.ssh/config
         fi
     fi
 
@@ -205,16 +204,9 @@ function configure_ssh_client {
     echo $'and set it to "no".'
 }
 
-function configure_monkeysphere {
-    if [ -f /usr/bin/pacman ]; then
-        return
-    fi
-    sudo apt-get -yq install monkeysphere
-}
-
 function show_help {
     echo ''
-    echo $"${PROJECT_NAME}-client --monkeysphere [yes|no]"
+    echo $"${PROJECT_NAME}-client"
     echo ''
     exit 0
 }
@@ -322,10 +314,6 @@ do
             verify_ssh_server_key
             exit 0
             ;;
-        --monkeysphere|--ms|--monkey)
-            shift
-            ENABLE_MONKEYSPHERE=${1}
-            ;;
         *)
             # unknown option
             ;;
@@ -339,7 +327,6 @@ setup_client_app
 refresh_gpg_keys
 configure_ssh_client
 global_rate_limit
-configure_monkeysphere
 remove_known_hosts_entries
 echo $'Configuration complete'
 exit 0