Tidying

src/freedombone-addcert

@@ -58,284 +58,284 @@ FRIENDS_MIRRORS_SSH_PORT=
 MY_MIRRORS_PASSWORD=
 
 function read_repo_servers {
-	if [ -f $CONFIGURATION_FILE ]; then
-		if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then
-			FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
-		fi
-		if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then
-			FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
-		fi
-		if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
-			MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
-		fi
-		if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
-			FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
-		fi
+    if [ -f $CONFIGURATION_FILE ]; then
+	if grep -q "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE; then
+	    FRIENDS_MIRRORS_SERVER=$(grep "FRIENDS_MIRRORS_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
 	fi
-
-	if [ ! $FRIENDS_MIRRORS_SERVER ]; then
-		return
+	if grep -q "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE; then
+	    FRIENDS_MIRRORS_SSH_PORT=$(grep "FRIENDS_MIRRORS_SSH_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
 	fi
-	if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then
-		return
+	if grep -q "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
+	    MY_MIRRORS_PASSWORD=$(grep "MY_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
 	fi
-
-	MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME}
-	if [ ! -f $MAIN_COMMAND ]; then
-		MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
+	if grep -q "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE; then
+	    FRIENDS_MIRRORS_PASSWORD=$(grep "FRIENDS_MIRRORS_PASSWORD" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
 	fi
-
-	REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
-
-	for line in "${REPOS[@]}"
-	do
-		repo_name=$(echo "$line" | awk -F '=' '{print $1}')
-		mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
-		friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
-		${repo_name}="${friends_repo_url}"
-	done
+    fi
+
+    if [ ! $FRIENDS_MIRRORS_SERVER ]; then
+	return
+    fi
+    if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then
+	return
+    fi
+
+    MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME}
+    if [ ! -f $MAIN_COMMAND ]; then
+	MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
+    fi
+
+    REPOS=($(cat ${MAIN_COMMAND} | grep "_REPO=\"" | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
+
+    for line in "${REPOS[@]}"
+    do
+	repo_name=$(echo "$line" | awk -F '=' '{print $1}')
+	mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
+	friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
+	${repo_name}="${friends_repo_url}"
+    done
 }
 
 function show_help {
-	echo ''
-	echo $"${PROJECT_NAME}-addcert -h [hostname] -c [country code] -a [area] -l [location]"
-	echo $'                    -o [organisation] -u [unit] --ca "" --nodh ""'
-	echo ''
-	echo $'Creates a self-signed certificate for the given hostname'
-	echo ''
-	echo $'     --help                   Show help'
-	echo $'  -h --hostname [name]        Hostname'
-	echo $'  -e --letsencrypt [hostname] Hostname to use with Lets Encrypt'
-	echo $'  -s --server [url]           Lets Encrypt server URL'
-	echo $'  -c --country [code]         Optional country code (eg. US, GB, etc)'
-	echo $'  -a --area [description]     Optional area description'
-	echo $'  -l --location [locn]        Optional location name'
-	echo $'  -o --organisation [name]    Optional organisation name'
-	echo $'  -u --unit [name]            Optional unit name'
-	echo $'     --email [address]        Email address for letsencrypt'
-	echo $'     --dhkey [bits]           DH key length in bits'
-	echo $'     --nodh ""                Do not calculate DH params'
-	echo $'     --ca ""                  Certificate authority cert'
-	echo ''
-	exit 0
+    echo ''
+    echo $"${PROJECT_NAME}-addcert -h [hostname] -c [country code] -a [area] -l [location]"
+    echo $'                    -o [organisation] -u [unit] --ca "" --nodh ""'
+    echo ''
+    echo $'Creates a self-signed certificate for the given hostname'
+    echo ''
+    echo $'     --help                   Show help'
+    echo $'  -h --hostname [name]        Hostname'
+    echo $'  -e --letsencrypt [hostname] Hostname to use with Lets Encrypt'
+    echo $'  -s --server [url]           Lets Encrypt server URL'
+    echo $'  -c --country [code]         Optional country code (eg. US, GB, etc)'
+    echo $'  -a --area [description]     Optional area description'
+    echo $'  -l --location [locn]        Optional location name'
+    echo $'  -o --organisation [name]    Optional organisation name'
+    echo $'  -u --unit [name]            Optional unit name'
+    echo $'     --email [address]        Email address for letsencrypt'
+    echo $'     --dhkey [bits]           DH key length in bits'
+    echo $'     --nodh ""                Do not calculate DH params'
+    echo $'     --ca ""                  Certificate authority cert'
+    echo ''
+    exit 0
 }
 
 while [[ $# > 1 ]]
 do
-key="$1"
+    key="$1"
 
-case $key in
+    case $key in
 	--help)
-	show_help
-	;;
+	    show_help
+	    ;;
 	-h|--hostname)
-	shift
-	HOSTNAME="$1"
-	;;
+	    shift
+	    HOSTNAME="$1"
+	    ;;
 	-e|--letsencrypt)
-	shift
-	LETSENCRYPT_HOSTNAME="$1"
-	;;
+	    shift
+	    LETSENCRYPT_HOSTNAME="$1"
+	    ;;
 	--email)
-	shift
-	MY_EMAIL_ADDRESS="$1"
-	;;
+	    shift
+	    MY_EMAIL_ADDRESS="$1"
+	    ;;
 	-s|--server)
-	shift
-	LETSENCRYPT_SERVER="$1"
-	;;
+	    shift
+	    LETSENCRYPT_SERVER="$1"
+	    ;;
 	-c|--country)
-	shift
-	COUNTRY_CODE="$1"
-	;;
+	    shift
+	    COUNTRY_CODE="$1"
+	    ;;
 	-a|--area)
-	shift
-	AREA="$1"
-	;;
+	    shift
+	    AREA="$1"
+	    ;;
 	-l|--location)
-	shift
-	LOCATION="$1"
-	;;
+	    shift
+	    LOCATION="$1"
+	    ;;
 	-o|--organisation)
-	shift
-	ORGANISATION="$1"
-	;;
+	    shift
+	    ORGANISATION="$1"
+	    ;;
 	-u|--unit)
-	shift
-	UNIT="$1"
-	;;
+	    shift
+	    UNIT="$1"
+	    ;;
 	--ca)
-	shift
-	EXTENSIONS="-extensions v3_ca"
-	ORGANISATION="Freedombone-CA"
-	;;
+	    shift
+	    EXTENSIONS="-extensions v3_ca"
+	    ORGANISATION="Freedombone-CA"
+	    ;;
 	--nodh)
-	shift
-	NODH="true"
-	;;
+	    shift
+	    NODH="true"
+	    ;;
 	--dhkey)
-	shift
-	DH_KEYLENGTH=${1}
-	;;
+	    shift
+	    DH_KEYLENGTH=${1}
+	    ;;
 	*)
-	# unknown option
-	;;
-esac
-shift
+	    # unknown option
+	    ;;
+    esac
+    shift
 done
 
 if [ ! $HOSTNAME ]; then
-	if [ ! $LETSENCRYPT_HOSTNAME ]; then
-		echo $'No hostname specified'
-		exit 5748
-	fi
+    if [ ! $LETSENCRYPT_HOSTNAME ]; then
+	echo $'No hostname specified'
+	exit 5748
+    fi
 fi
 
 if ! which openssl > /dev/null ;then
-	echo $"$0: openssl is not installed, exiting" 1>&2
-	exit 5689
+    echo $"$0: openssl is not installed, exiting" 1>&2
+    exit 5689
 fi
 
 if [ ! -d /etc/ssl/mycerts ]; then
-	mkdir /etc/ssl/mycerts
+    mkdir /etc/ssl/mycerts
 fi
 
 CERTFILE=$HOSTNAME
 
 function add_cert_letsencrypt {
-	CERTFILE=$LETSENCRYPT_HOSTNAME
-
-	# obtain the email address for the admin user
-	if [ ! $MY_EMAIL_ADDRESS ]; then
-		if [ -f $CONFIGURATION_FILE ]; then
-			if grep -q "MY_EMAIL_ADDRESS=" $CONFIGURATION_FILE; then
-				MY_EMAIL_ADDRESS=$(cat $CONFIGURATION_FILE | grep "MY_EMAIL_ADDRESS=" | awk -F '=' '{print $2}')
-			fi
-		fi
+    CERTFILE=$LETSENCRYPT_HOSTNAME
+
+    # obtain the email address for the admin user
+    if [ ! $MY_EMAIL_ADDRESS ]; then
+	if [ -f $CONFIGURATION_FILE ]; then
+	    if grep -q "MY_EMAIL_ADDRESS=" $CONFIGURATION_FILE; then
+		MY_EMAIL_ADDRESS=$(cat $CONFIGURATION_FILE | grep "MY_EMAIL_ADDRESS=" | awk -F '=' '{print $2}')
+	    fi
 	fi
-	if [ ! $MY_EMAIL_ADDRESS ]; then
-		if [ -f $COMPLETION_FILE ]; then
-			if grep -q "Admin user:" $COMPLETION_FILE; then
-				ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
-				MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME
-			fi
-		fi
+    fi
+    if [ ! $MY_EMAIL_ADDRESS ]; then
+	if [ -f $COMPLETION_FILE ]; then
+	    if grep -q "Admin user:" $COMPLETION_FILE; then
+		ADMIN_USER=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+		MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME
+	    fi
 	fi
+    fi
 
-	if [ ! -d $INSTALL_DIR ]; then
-		mkdir -p $INSTALL_DIR
-	fi
-	cd $INSTALL_DIR
+    if [ ! -d $INSTALL_DIR ]; then
+	mkdir -p $INSTALL_DIR
+    fi
+    cd $INSTALL_DIR
 
-	# obtain the repo
+    # obtain the repo
+    if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
+	git_clone $LETSENCRYPT_REPO ${INSTALL_DIR}/letsencrypt
 	if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
-		git_clone $LETSENCRYPT_REPO ${INSTALL_DIR}/letsencrypt
-		if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
-			exit 76283
-		fi
-	else
-		cd ${INSTALL_DIR}/letsencrypt
-		git_pull $LETSENCRYPT_REPO
+	    exit 76283
 	fi
+    else
+	cd ${INSTALL_DIR}/letsencrypt
+	git_pull $LETSENCRYPT_REPO
+    fi
 
-	# stop the web server
-	systemctl stop nginx
+    # stop the web server
+    systemctl stop nginx
 
-	cd ${INSTALL_DIR}/letsencrypt
-	./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS
-	if [ ! "$?" = "0" ]; then
-		echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
-		systemctl start nginx
-		exit 63216
+    cd ${INSTALL_DIR}/letsencrypt
+    ./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS
+    if [ ! "$?" = "0" ]; then
+	echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
+	systemctl start nginx
+	exit 63216
+    fi
+
+    # replace some legacy filenames
+    if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then
+	mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    fi
+    if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then
+	mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    fi
+    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
+    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
+
+    # link the private key
+    if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
+	if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
+	    mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
+	else
+	    rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
 	fi
+    fi
+    ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
 
-	# replace some legacy filenames
-	if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then
-		mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
-	fi
-	if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then
-		mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
-	fi
-	sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
-	sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
-
-	# link the private key
-	if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
-		if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
-			mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
-		else
-			rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
-		fi
-	fi
-	ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
-
-	# link the public key
-	if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
-		if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
-			mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
-		else
-			rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
-		fi
+    # link the public key
+    if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
+	if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
+	    mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
+	else
+	    rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
 	fi
-	ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    fi
+    ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
 
-	cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem
+    cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem
 
-	systemctl start nginx
+    systemctl start nginx
 
-	${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME
-	if [ ! "$?" = "0" ]; then
-		echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
-		exit 62878
-	fi
+    ${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME
+    if [ ! "$?" = "0" ]; then
+	echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
+	exit 62878
+    fi
 }
 
 function add_cert_selfsigned {
-	if [[ $ORGANISATION == "Freedombone-CA" ]]; then
-		CERTFILE="ca-$HOSTNAME"
-	fi
-
-	openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
-		-subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
-		-newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \
-		-out /etc/ssl/certs/${CERTFILE}.crt
-	chmod 400 /etc/ssl/private/${CERTFILE}.key
-	chmod 640 /etc/ssl/certs/${CERTFILE}.crt
-	cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts
-
-	${PROJECT_NAME}-pin-cert $CERTFILE
-	if [ ! "$?" = "0" ]; then
-		echo $"Certificate for $CERTFILE could not be pinned"
-		exit 62879
-	fi
+    if [[ $ORGANISATION == "Freedombone-CA" ]]; then
+	CERTFILE="ca-$HOSTNAME"
+    fi
+
+    openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
+	    -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
+	    -newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \
+	    -out /etc/ssl/certs/${CERTFILE}.crt
+    chmod 400 /etc/ssl/private/${CERTFILE}.key
+    chmod 640 /etc/ssl/certs/${CERTFILE}.crt
+    cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts
+
+    ${PROJECT_NAME}-pin-cert $CERTFILE
+    if [ ! "$?" = "0" ]; then
+	echo $"Certificate for $CERTFILE could not be pinned"
+	exit 62879
+    fi
 }
 
 function generate_dh_params {
-	if [ ! $NODH ]; then
-		if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
-			${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
-		fi
+    if [ ! $NODH ]; then
+	if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
+	    ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
 	fi
+    fi
 }
 
 function restart_web_server {
-	if [ -f /etc/init.d/nginx ]; then
-		/etc/init.d/nginx reload
-	fi
+    if [ -f /etc/init.d/nginx ]; then
+	/etc/init.d/nginx reload
+    fi
 }
 
 function make_cert_bundle {
-	# Create a bundle of your certificates
-	cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt
-	tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem
+    # Create a bundle of your certificates
+    cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt
+    tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem
 }
 
 function create_cert {
-	if [ $LETSENCRYPT_HOSTNAME ]; then
-		add_cert_letsencrypt
-	else
-		add_cert_selfsigned
-	fi
+    if [ $LETSENCRYPT_HOSTNAME ]; then
+	add_cert_letsencrypt
+    else
+	add_cert_selfsigned
+    fi
 }
 
 read_repo_servers

src/freedombone-addemail

@@ -49,37 +49,37 @@ function show_help {
 
 while [[ $# > 1 ]]
 do
-key="$1"
-
-case $key in
-    -h|--help)
-    show_help
-    ;;
-    -u|--user)
-    shift
-    MYUSERNAME="$1"
-    ;;
-    -e|--email)
-    shift
-    EMAILADDRESS="$1"
-    ;;
-    -s|--subject)
-    shift
-    SUBJECT_TEXT="$1"
-    ;;
-    -g|--group)
+    key="$1"
+
+    case $key in
+	-h|--help)
+	    show_help
+	    ;;
+	-u|--user)
+	    shift
+	    MYUSERNAME="$1"
+	    ;;
+	-e|--email)
+	    shift
+	    EMAILADDRESS="$1"
+	    ;;
+	-s|--subject)
+	    shift
+	    SUBJECT_TEXT="$1"
+	    ;;
+	-g|--group)
+	    shift
+	    GROUP_NAME="$1"
+	    ;;
+	-p|--public)
+	    shift
+	    PUBLIC="$1"
+	    ;;
+	*)
+	    # unknown option
+	    ;;
+    esac
     shift
-    GROUP_NAME="$1"
-    ;;
-    -p|--public)
-    shift
-    PUBLIC="$1"
-    ;;
-    *)
-    # unknown option
-    ;;
-esac
-shift
 done
 
 if ! [[ $MYUSERNAME && $GROUP_NAME ]]; then
@@ -88,7 +88,7 @@ fi
 
 if [ ${#EMAILADDRESS} -lt 2 ]; then
     if [ ${#SUBJECT_TEXT} -lt 2 ]; then
-        show_help
+	show_help
     fi
 fi
 
@@ -112,47 +112,47 @@ fi
 chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR
 if ! grep -q "$proc_comment" $PM; then
     if [[ $PUBLIC != "yes" ]]; then
-        # private emails go after the encryption stage
-        echo '' >> $PM
-        echo "$proc_comment" >> $PM
-        echo ":0" >> $PM
-        echo "$proc_rule" >> $PM
-        echo "$LISTDIR/new" >> $PM
-        echo "# End of rule" >> $PM
+	# private emails go after the encryption stage
+	echo '' >> $PM
+	echo "$proc_comment" >> $PM
+	echo ":0" >> $PM
+	echo "$proc_rule" >> $PM
+	echo "$LISTDIR/new" >> $PM
+	echo "# End of rule" >> $PM
     else
-        # public emails are copied before the encryption stage
-        if ! grep -q '# encrypt' $PM; then
-            echo '' >> $PM
-            echo "$proc_comment" >> $PM
-            echo ":0" >> $PM
-            echo "$proc_rule" >> $PM
-            echo "$LISTDIR/new" >> $PM
-            echo "# End of rule" >> $PM
-        else
-            filter=$(echo "$proc_comment\n:0\n${proc_rule}\n$LISTDIR/new\n# End of rule\n")
-            sed -i "/# encrypt/i ${filter}" $PM
-        fi
+	# public emails are copied before the encryption stage
+	if ! grep -q '# encrypt' $PM; then
+	    echo '' >> $PM
+	    echo "$proc_comment" >> $PM
+	    echo ":0" >> $PM
+	    echo "$proc_rule" >> $PM
+	    echo "$LISTDIR/new" >> $PM
+	    echo "# End of rule" >> $PM
+	else
+	    filter=$(echo "$proc_comment\n:0\n${proc_rule}\n$LISTDIR/new\n# End of rule\n")
+	    sed -i "/# encrypt/i ${filter}" $PM
+	fi
     fi
     chown $MYUSERNAME:$MYUSERNAME $PM
 fi
 
 if [ ! -f "$MUTTRC" ]; then
-  cp /etc/Muttrc $MUTTRC
-  chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+    cp /etc/Muttrc $MUTTRC
+    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
 fi
 
 PROCMAILLOG=/home/$MYUSERNAME/log
 if [ ! -d $PROCMAILLOG ]; then
-  mkdir $PROCMAILLOG
-  chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
+    mkdir $PROCMAILLOG
+    chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
 fi
 
 MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
 if [[ $MUTT_MAILBOXES != *$GROUP_NAME* ]]; then
-  if ! grep -q "=$GROUP_NAME" $MUTTRC; then
-    sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
-  fi
+    if ! grep -q "=$GROUP_NAME" $MUTTRC; then
+	sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" $MUTTRC
+	chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+    fi
 fi
 
 exit 0

src/freedombone-addlist

@@ -49,37 +49,37 @@ function show_help {
 
 while [[ $# > 1 ]]
 do
-key="$1"
-
-case $key in
-    -h|--help)
-    show_help
-    ;;
-    -u|--user)
-    shift
-    MYUSERNAME="$1"
-    ;;
-    -l|--list)
-    shift
-    MAILINGLIST="$1"
-    ;;
-    -s|--subject)
-    shift
-    SUBJECTTAG="$1"
-    ;;
-    -e|--email)
-    shift
-    LIST_ADDRESS="$1"
-    ;;
-    -p|--public)
+    key="$1"
+
+    case $key in
+	-h|--help)
+	    show_help
+	    ;;
+	-u|--user)
+	    shift
+	    MYUSERNAME="$1"
+	    ;;
+	-l|--list)
+	    shift
+	    MAILINGLIST="$1"
+	    ;;
+	-s|--subject)
+	    shift
+	    SUBJECTTAG="$1"
+	    ;;
+	-e|--email)
+	    shift
+	    LIST_ADDRESS="$1"
+	    ;;
+	-p|--public)
+	    shift
+	    PUBLIC="$1"
+	    ;;
+	*)
+	    # unknown option
+	    ;;
+    esac
     shift
-    PUBLIC="$1"
-    ;;
-    *)
-    # unknown option
-    ;;
-esac
-shift
 done
 
 if [ ! $MYUSERNAME ]; then
@@ -110,33 +110,33 @@ chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR
 if [ ${#SUBJECTTAG} -gt 0 ]; then
     # use the subject tag
     if ! grep -q "Subject:.*()\[$SUBJECTTAG\]" $PM; then
-        if [[ $PUBLIC != "yes" ]]; then
-            # private emails go after the encryption stage
-            filter="
+	if [[ $PUBLIC != "yes" ]]; then
+	    # private emails go after the encryption stage
+	    filter="
 # Email rule for $MAILINGLIST subject [$SUBJECTTAG]
 :0
   * ^Subject:.*()\[$SUBJECTTAG\]
 $LISTDIR/new
 # End of rule
 "
-            echo "$filter" >> $PM
-        else
-            # public emails are copied before hte encryption stage
-            if ! grep -q '# encrypt' $PM; then
-                filter="
+	    echo "$filter" >> $PM
+	else
+	    # public emails are copied before hte encryption stage
+	    if ! grep -q '# encrypt' $PM; then
+		filter="
 # Email rule for $MAILINGLIST subject [$SUBJECTTAG]
 :0
   * ^Subject:.*()\[$SUBJECTTAG\]
 $LISTDIR/new
 # End of rule
 "
-                echo "$filter" >> $PM
-            else
-                filter=$(echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]\n:0\n  * ^Subject:.*()\\\[$SUBJECTTAG\\\]\n$LISTDIR/new\n# End of rule\n")
-                sed -i "/# encrypt/i ${filter}" $PM
-            fi
-        fi
-        chown $MYUSERNAME:$MYUSERNAME $PM
+		echo "$filter" >> $PM
+	    else
+		filter=$(echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]\n:0\n  * ^Subject:.*()\\\[$SUBJECTTAG\\\]\n$LISTDIR/new\n# End of rule\n")
+		sed -i "/# encrypt/i ${filter}" $PM
+	    fi
+	fi
+	chown $MYUSERNAME:$MYUSERNAME $PM
     fi
 else
     exit $(${PROJECT_NAME}-addemail -u $MYUSERNAME -e $LIST_ADDRESS -g $MAILINGLIST --public $PUBLIC)
@@ -156,15 +156,15 @@ fi
 MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
 if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then
     if ! grep -q "=$MAILINGLIST" $MUTTRC; then
-        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC
-        chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+	sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC
+	chown $MYUSERNAME:$MYUSERNAME $MUTTRC
     fi
 fi
 
 if [ $LIST_ADDRESS ]; then
     sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" $MUTTRC
     if ! grep -q "subscribe $LIST_ADDRESS" $MUTTRC; then
-        echo "subscribe $LIST_ADDRESS" >> $MUTTRC
+	echo "subscribe $LIST_ADDRESS" >> $MUTTRC
     fi
 fi
 

src/freedombone-addsipuser

@@ -50,10 +50,10 @@ function show_help {
 function sip_user_exists {
     IFS=''
     while read line; do
-        if [[ "$line" == *"<user id=\"$MY_USERNAME\">" ]]; then
-            USER_EXISTS="yes"
-            return
-        fi
+	if [[ "$line" == *"<user id=\"$MY_USERNAME\">" ]]; then
+	    USER_EXISTS="yes"
+	    return
+	fi
     done < $CONFIG_FILE
 }
 
@@ -61,28 +61,28 @@ function update_sip_user {
     USER_FOUND=
     NEW_CONFIG_FILE="${CONFIG_FILE}.new"
     if [ -f $NEW_CONFIG_FILE ]; then
-        rm -f $NEW_CONFIG_FILE
+	rm -f $NEW_CONFIG_FILE
     fi
     touch $NEW_CONFIG_FILE
     IFS=''
     while read line; do
-        if [ ! $USER_FOUND ]; then
-            if [[ "$line" == *"<user id=\"$MY_USERNAME\">" ]]; then
-                USER_FOUND="yes"
-            fi
-        else
-            if [[ "$line" == *"<extension>"* ]]; then
-                line="      <extension>$EXTENSION</extension>"
-            fi
-            if [[ "$line" == *"<secret>"* ]]; then
-                line="      <secret>$PASSWORD</secret>"
-            fi
-            if [[ "$line" == *"<display>"* ]]; then
-                line="      <display>$MY_USERNAME $EXTENSION</display>"
-                USER_FOUND=
-            fi
-        fi
-        echo $line >> $NEW_CONFIG_FILE
+	if [ ! $USER_FOUND ]; then
+	    if [[ "$line" == *"<user id=\"$MY_USERNAME\">" ]]; then
+		USER_FOUND="yes"
+	    fi
+	else
+	    if [[ "$line" == *"<extension>"* ]]; then
+		line="      <extension>$EXTENSION</extension>"
+	    fi
+	    if [[ "$line" == *"<secret>"* ]]; then
+		line="      <secret>$PASSWORD</secret>"
+	    fi
+	    if [[ "$line" == *"<display>"* ]]; then
+		line="      <display>$MY_USERNAME $EXTENSION</display>"
+		USER_FOUND=
+	    fi
+	fi
+	echo $line >> $NEW_CONFIG_FILE
     done < $CONFIG_FILE
     mv $NEW_CONFIG_FILE $CONFIG_FILE
 }
@@ -90,19 +90,19 @@ function update_sip_user {
 function add_sip_user {
     NEW_CONFIG_FILE="${CONFIG_FILE}.new"
     if [ -f $NEW_CONFIG_FILE ]; then
-        rm -f $NEW_CONFIG_FILE
+	rm -f $NEW_CONFIG_FILE
     fi
     touch $NEW_CONFIG_FILE
     IFS=''
     while read line; do
-        if [[ "$line" == *'</provision>' ]]; then
-            echo "    <user id=\"$MY_USERNAME\">" >> $NEW_CONFIG_FILE
-            echo "      <extension>$EXTENSION</extension>" >> $NEW_CONFIG_FILE
-            echo "      <secret>$PASSWORD</secret>" >> $NEW_CONFIG_FILE
-            echo "      <display>$MY_USERNAME $EXTENSION</display>" >> $NEW_CONFIG_FILE
-            echo '    </user>' >> $NEW_CONFIG_FILE
-        fi
-        echo $line >> $NEW_CONFIG_FILE
+	if [[ "$line" == *'</provision>' ]]; then
+	    echo "    <user id=\"$MY_USERNAME\">" >> $NEW_CONFIG_FILE
+	    echo "      <extension>$EXTENSION</extension>" >> $NEW_CONFIG_FILE
+	    echo "      <secret>$PASSWORD</secret>" >> $NEW_CONFIG_FILE
+	    echo "      <display>$MY_USERNAME $EXTENSION</display>" >> $NEW_CONFIG_FILE
+	    echo '    </user>' >> $NEW_CONFIG_FILE
+	fi
+	echo $line >> $NEW_CONFIG_FILE
     done < $CONFIG_FILE
     mv $NEW_CONFIG_FILE $CONFIG_FILE
     usermod -aG sipwitch $MY_USERNAME
@@ -113,24 +113,24 @@ do
     key="$1"
 
     case $key in
-        -h|--help)
-            show_help
-            ;;
-        -u|--user)
-            shift
-            MY_USERNAME="$1"
-            ;;
-        -e|--extension)
-            shift
-            EXTENSION="$1"
-            ;;
-        -p|--password)
-            shift
-            PASSWORD="$1"
-            ;;
-        *)
-            # unknown option
-            ;;
+	-h|--help)
+	    show_help
+	    ;;
+	-u|--user)
+	    shift
+	    MY_USERNAME="$1"
+	    ;;
+	-e|--extension)
+	    shift
+	    EXTENSION="$1"
+	    ;;
+	-p|--password)
+	    shift
+	    PASSWORD="$1"
+	    ;;
+	*)
+	    # unknown option
+	    ;;
     esac
     shift
 done

src/freedombone-adduser

@@ -46,19 +46,19 @@ FULLBLOG_DOMAIN_NAME=
 DEFAULT_DOMAIN_NAME=
 
 if [ ! $MY_USERNAME ]; then
-	echo $'No username was given'
-	exit 1
+    echo $'No username was given'
+    exit 1
 fi
 
 if [ -d /home/$MY_USERNAME ]; then
-	echo $"The user $MY_USERNAME already exists"
-	exit 2
+    echo $"The user $MY_USERNAME already exists"
+    exit 2
 fi
 
 if [ ! -f $COMPLETION_FILE ]; then
-	echo $"$COMPLETION_FILE not found"
-	userdel -r $MY_USERNAME
-	exit 3
+    echo $"$COMPLETION_FILE not found"
+    userdel -r $MY_USERNAME
+    exit 3
 fi
 
 # Minimum number of characters in a password
@@ -69,40 +69,40 @@ useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $MY_USERNAME
 adduser $MY_USERNAME sasl
 
 if [ ! -d /home/$MY_USERNAME ]; then
-	echo $'Home directory was not created'
-	exit 4
+    echo $'Home directory was not created'
+    exit 4
 fi
 
 if [ "$SSH_PUBLIC_KEY" ]; then
-	if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
-		if [ -f "$SSH_PUBLIC_KEY" ]; then
-			mkdir /home/$MY_USERNAME/.ssh
-			cp $SSH_PUBLIC_KEY /home/$MY_USERNAME/.ssh/authorized_keys
-			chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
-			echo $'ssh public key installed'
-		else
-			if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
-				mkdir /home/$MY_USERNAME/.ssh
-				echo "$SSH_PUBLIC_KEY" > /home/$MY_USERNAME/.ssh/authorized_keys
-				chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
-				echo $'ssh public key installed'
-			else
-				echo $'The second parameter does not look like an ssh key'
-				exit 5
-			fi
-		fi
+    if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
+	if [ -f "$SSH_PUBLIC_KEY" ]; then
+	    mkdir /home/$MY_USERNAME/.ssh
+	    cp $SSH_PUBLIC_KEY /home/$MY_USERNAME/.ssh/authorized_keys
+	    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
+	    echo $'ssh public key installed'
+	else
+	    if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
+		mkdir /home/$MY_USERNAME/.ssh
+		echo "$SSH_PUBLIC_KEY" > /home/$MY_USERNAME/.ssh/authorized_keys
+		chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
+		echo $'ssh public key installed'
+	    else
+		echo $'The second parameter does not look like an ssh key'
+		exit 5
+	    fi
 	fi
+    fi
 fi
 
 if [ -d /home/$MY_USERNAME/Maildir ]; then
-	if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then
-		sed -i "s|set from=.*|set from='$MY_USERNAME <$MY_USERNAME@$HOSTNAME>'|g" /home/$MY_USERNAME/.muttrc
-	else
-		echo "set from='$MY_USERNAME <$MY_USERNAME@$HOSTNAME>'" >> /home/$MY_USERNAME/.muttrc
-	fi
-
-	USERN='$USER@'
-	sed -i "s|$USERN|$MY_USERNAME@|g" /home/$MY_USERNAME/.procmailrc
+    if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then
+	sed -i "s|set from=.*|set from='$MY_USERNAME <$MY_USERNAME@$HOSTNAME>'|g" /home/$MY_USERNAME/.muttrc
+    else
+	echo "set from='$MY_USERNAME <$MY_USERNAME@$HOSTNAME>'" >> /home/$MY_USERNAME/.muttrc
+    fi
+
+    USERN='$USER@'
+    sed -i "s|$USERN|$MY_USERNAME@|g" /home/$MY_USERNAME/.procmailrc
 fi
 
 # generate a gpg key
@@ -136,9 +136,9 @@ MY_GPG_PUBLIC_KEY=/home/$MY_USERNAME/public_key.gpg
 su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
 
 if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
-	echo "GPG public key was not generated for $MY_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
-	userdel -r $MY_USERNAME
-	exit 7
+    echo "GPG public key was not generated for $MY_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
+    userdel -r $MY_USERNAME
+    exit 7
 fi
 
 # add a monkeysphere subkey
@@ -152,47 +152,47 @@ chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.monkeysphere
 monkeysphere-authentication update-users
 
 if [ -f /home/$MY_USERNAME/.muttrc ]; then
-	# encrypt outgoing mail to the "sent" folder
-	if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then
-		echo '' >> /home/$MY_USERNAME/.muttrc
-		echo $'# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc
-		echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
-	else
-		sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
-	fi
-
-	if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then
-		echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
-	else
-		sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
-	fi
+    # encrypt outgoing mail to the "sent" folder
+    if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then
+	echo '' >> /home/$MY_USERNAME/.muttrc
+	echo $'# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc
+	echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
+    else
+	sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
+    fi
+
+    if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then
+	echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
+    else
+	sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
+    fi
 fi
 
 if ! grep -q "Change your GPG password" /home/$MY_USERNAME/README; then
-	echo '' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'Change your GPG password' >> /home/$MY_USERNAME/README
-	echo '========================' >> /home/$MY_USERNAME/README
-	echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
-	echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
-	echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
-	echo $'You can change the it with:' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
-	echo '  passwd' >> /home/$MY_USERNAME/README
-	echo '  save' >> /home/$MY_USERNAME/README
-	echo '  quit' >> /home/$MY_USERNAME/README
+    echo '' >> /home/$MY_USERNAME/README
+    echo '' >> /home/$MY_USERNAME/README
+    echo $'Change your GPG password' >> /home/$MY_USERNAME/README
+    echo '========================' >> /home/$MY_USERNAME/README
+    echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
+    echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
+    echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
+    echo $'You can change the it with:' >> /home/$MY_USERNAME/README
+    echo '' >> /home/$MY_USERNAME/README
+    echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
+    echo '  passwd' >> /home/$MY_USERNAME/README
+    echo '  save' >> /home/$MY_USERNAME/README
+    echo '  quit' >> /home/$MY_USERNAME/README
 fi
 
 if ! grep -q "Publish your GPG public key" /home/$MY_USERNAME/README; then
-	echo '' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'Publish your GPG public key' >> /home/$MY_USERNAME/README
-	echo '===========================' >> /home/$MY_USERNAME/README
-	echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
-	echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo "  gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
+    echo '' >> /home/$MY_USERNAME/README
+    echo '' >> /home/$MY_USERNAME/README
+    echo $'Publish your GPG public key' >> /home/$MY_USERNAME/README
+    echo '===========================' >> /home/$MY_USERNAME/README
+    echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
+    echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
+    echo '' >> /home/$MY_USERNAME/README
+    echo "  gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
 fi
 
 chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
@@ -200,201 +200,201 @@ chown $MY_USERNAME:$MY_USERNAME $MY_GPG_PUBLIC_KEY
 chmod 600 /home/$MY_USERNAME/README
 
 if grep -q "install_xmpp" $COMPLETION_FILE; then
-	echo $"Adding an XMPP account for $MY_USERNAME"
-	${PROJECT_NAME}-addxmpp -e "$MY_USERNAME@$HOSTNAME" -p "$NEW_USER_PASSWORD"
-	if [ ! "$?" = "0" ]; then
-		echo $"XMPP account not created"
-		userdel -r $MY_USERNAME
-		exit 8
-	fi
+    echo $"Adding an XMPP account for $MY_USERNAME"
+    ${PROJECT_NAME}-addxmpp -e "$MY_USERNAME@$HOSTNAME" -p "$NEW_USER_PASSWORD"
+    if [ ! "$?" = "0" ]; then
+	echo $"XMPP account not created"
+	userdel -r $MY_USERNAME
+	exit 8
+    fi
 fi
 
 if grep -q "install_xmpp_client" $COMPLETION_FILE; then
-	echo $"Adding XMPP client setup"
-	XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
-	XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
-	if [ ! -d $XMPP_CLIENT_DIR ]; then
-		mkdir -p $XMPP_CLIENT_DIR
-	fi
-	if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
-		mkdir -p /home/$MY_USERNAME/.config/profanity
-	fi
-	echo "[${MY_USERNAME}@${HOSTNAME}]" > $XMPP_CLIENT_ACCOUNTS
-	echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
-	echo "jid=${MY_USERNAME}@${HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-	echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-	echo "muc.service=conference.${HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-	echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
-	echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
-
-	echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
-	echo "account=${MY_USERNAME}@${HOSTNAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
-
-	chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
-	chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    echo $"Adding XMPP client setup"
+    XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
+    XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
+    if [ ! -d $XMPP_CLIENT_DIR ]; then
+	mkdir -p $XMPP_CLIENT_DIR
+    fi
+    if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
+	mkdir -p /home/$MY_USERNAME/.config/profanity
+    fi
+    echo "[${MY_USERNAME}@${HOSTNAME}]" > $XMPP_CLIENT_ACCOUNTS
+    echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
+    echo "jid=${MY_USERNAME}@${HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
+    echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
+    echo "muc.service=conference.${HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
+    echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
+    echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
+    echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
+    echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
+    echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
+    echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
+    echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
+    echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+
+    echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
+    echo "account=${MY_USERNAME}@${HOSTNAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
+
+    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
+    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
 fi
 
 if grep -q "Blog domain" $COMPLETION_FILE; then
-	FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')
-	if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users ]; then
-		echo $'Blog users directory not found'
-		if grep -q "install_xmpp" $COMPLETION_FILE; then
-			${PROJECT_NAME}-rmxmpp -e "$MY_USERNAME@$HOSTNAME"
-		fi
-		userdel -r $MY_USERNAME
-		exit 9
+    FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')
+    if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users ]; then
+	echo $'Blog users directory not found'
+	if grep -q "install_xmpp" $COMPLETION_FILE; then
+	    ${PROJECT_NAME}-rmxmpp -e "$MY_USERNAME@$HOSTNAME"
 	fi
-	NEW_USER_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$NEW_USER_PASSWORD")
-	if [ ${#NEW_USER_PASSWORD_HASH} -lt 8 ]; then
-		echo $'Blog admin password could not be hashed'
-		exit 783528
-	fi
-	echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-	echo "password = $NEW_USER_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-	echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-	echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-	echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-	echo "$MY_USERNAME added as a blog user"
+	userdel -r $MY_USERNAME
+	exit 9
+    fi
+    NEW_USER_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$NEW_USER_PASSWORD")
+    if [ ${#NEW_USER_PASSWORD_HASH} -lt 8 ]; then
+	echo $'Blog admin password could not be hashed'
+	exit 783528
+    fi
+    echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+    echo "password = $NEW_USER_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+    echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+    echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+    echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+    echo "$MY_USERNAME added as a blog user"
 fi
 
 if grep -q "install_sip" $COMPLETION_FILE; then
-	SIP_EXTENSION=$(${PROJECT_NAME}-sipfreeext)
-	${PROJECT_NAME}-addsipuser -u $MY_USERNAME -e $SIP_EXTENSION -p "$NEW_USER_PASSWORD"
-	if [ ! "$?" = "0" ]; then
-		echo $'SIP user could not be added. Ensure that extension numbers are in order and do no exceed 299'
-		if grep -q "install_xmpp" $COMPLETION_FILE; then
-			${PROJECT_NAME}-rmxmpp -e "$MY_USERNAME@$HOSTNAME"
-		fi
-		if grep -q "Blog domain" $COMPLETION_FILE; then
-			if [ -f /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini ]; then
-				rm /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-			fi
-		fi
-		userdel -r $MY_USERNAME
-		exit 10
+    SIP_EXTENSION=$(${PROJECT_NAME}-sipfreeext)
+    ${PROJECT_NAME}-addsipuser -u $MY_USERNAME -e $SIP_EXTENSION -p "$NEW_USER_PASSWORD"
+    if [ ! "$?" = "0" ]; then
+	echo $'SIP user could not be added. Ensure that extension numbers are in order and do no exceed 299'
+	if grep -q "install_xmpp" $COMPLETION_FILE; then
+	    ${PROJECT_NAME}-rmxmpp -e "$MY_USERNAME@$HOSTNAME"
 	fi
+	if grep -q "Blog domain" $COMPLETION_FILE; then
+	    if [ -f /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini ]; then
+		rm /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+	    fi
+	fi
+	userdel -r $MY_USERNAME
+	exit 10
+    fi
 fi
 
 if grep -q "install_gnusocial" $COMPLETION_FILE; then
-	MICROBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "GNU Social domain" | awk -F ':' '{print $2}')
-	if [ -d /var/www/$MICROBLOG_DOMAIN_NAME ]; then
-		cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
-		php scripts/registeruser.php -n $MY_USERNAME -w "$NEW_USER_PASSWORD" -e "$MY_USERNAME@$HOSTNAME"
-		${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$MICROBLOG_DOMAIN_NAME" -g gnusocial --public no
-		echo $'Created GNU Social user'
-	else
-		echo $"Unable to find GNU Social installation at /var/www/$MICROBLOG_DOMAIN_NAME/htdocs"
-		userdel -r $MY_USERNAME
-		exit 11
-	fi
+    MICROBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "GNU Social domain" | awk -F ':' '{print $2}')
+    if [ -d /var/www/$MICROBLOG_DOMAIN_NAME ]; then
+	cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
+	php scripts/registeruser.php -n $MY_USERNAME -w "$NEW_USER_PASSWORD" -e "$MY_USERNAME@$HOSTNAME"
+	${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$MICROBLOG_DOMAIN_NAME" -g gnusocial --public no
+	echo $'Created GNU Social user'
+    else
+	echo $"Unable to find GNU Social installation at /var/www/$MICROBLOG_DOMAIN_NAME/htdocs"
+	userdel -r $MY_USERNAME
+	exit 11
+    fi
 fi
 
 if grep -q "install_irc_client" $COMPLETION_FILE; then
-	IRC_PORT=6697
-	if grep -q "IRC_PORT" $CONFIGURATION_FILE; then
-		IRC_PORT=$(grep "IRC_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
-	fi
-	IRC_PASSWORD=$(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}')
-	if [ ${#IRC_PASSWORD} -lt 2 ]; then
-		IRC_PASSWORD=
-	fi
-
-	if [ ! -d /home/$MY_USERNAME/.irssi ]; then
-		mkdir /home/$MY_USERNAME/.irssi
-	fi
-
-	echo 'servers = (' > /home/$MY_USERNAME/.irssi/config
-	echo '  {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  },' >> /home/$MY_USERNAME/.irssi/config
-	echo '  {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  },' >> /home/$MY_USERNAME/.irssi/config
-	echo '  {' >> /home/$MY_USERNAME/.irssi/config
-	echo "    address = \"${HOSTNAME}\";" >> /home/$MY_USERNAME/.irssi/config
-	echo '    chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config
-	echo "    port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
-	echo '    use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
-
-	echo '  }' >> /home/$MY_USERNAME/.irssi/config
-	echo ');' >> /home/$MY_USERNAME/.irssi/config
-	echo '' >> /home/$MY_USERNAME/.irssi/config
-	echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config
-	echo '  Freedombone = {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  };' >> /home/$MY_USERNAME/.irssi/config
-	echo '  Freenode = {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  };' >> /home/$MY_USERNAME/.irssi/config
-	echo '  OFTC = {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  };' >> /home/$MY_USERNAME/.irssi/config
-	echo '};' >> /home/$MY_USERNAME/.irssi/config
-	echo '' >> /home/$MY_USERNAME/.irssi/config
-	echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config
-	echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config
-	echo ');' >> /home/$MY_USERNAME/.irssi/config
-	echo '' >> /home/$MY_USERNAME/.irssi/config
-	echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config
-	echo "  core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config
-	echo '  "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config
-	echo '};' >> /home/$MY_USERNAME/.irssi/config
-	echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config
-
-	chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi
+    IRC_PORT=6697
+    if grep -q "IRC_PORT" $CONFIGURATION_FILE; then
+	IRC_PORT=$(grep "IRC_PORT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+    fi
+    IRC_PASSWORD=$(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}')
+    if [ ${#IRC_PASSWORD} -lt 2 ]; then
+	IRC_PASSWORD=
+    fi
+
+    if [ ! -d /home/$MY_USERNAME/.irssi ]; then
+	mkdir /home/$MY_USERNAME/.irssi
+    fi
+
+    echo 'servers = (' > /home/$MY_USERNAME/.irssi/config
+    echo '  {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  },' >> /home/$MY_USERNAME/.irssi/config
+    echo '  {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  },' >> /home/$MY_USERNAME/.irssi/config
+    echo '  {' >> /home/$MY_USERNAME/.irssi/config
+    echo "    address = \"${HOSTNAME}\";" >> /home/$MY_USERNAME/.irssi/config
+    echo '    chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config
+    echo "    port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
+    echo '    use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
+
+    echo '  }' >> /home/$MY_USERNAME/.irssi/config
+    echo ');' >> /home/$MY_USERNAME/.irssi/config
+    echo '' >> /home/$MY_USERNAME/.irssi/config
+    echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config
+    echo '  Freedombone = {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  };' >> /home/$MY_USERNAME/.irssi/config
+    echo '  Freenode = {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  };' >> /home/$MY_USERNAME/.irssi/config
+    echo '  OFTC = {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  };' >> /home/$MY_USERNAME/.irssi/config
+    echo '};' >> /home/$MY_USERNAME/.irssi/config
+    echo '' >> /home/$MY_USERNAME/.irssi/config
+    echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config
+    echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config
+    echo ');' >> /home/$MY_USERNAME/.irssi/config
+    echo '' >> /home/$MY_USERNAME/.irssi/config
+    echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config
+    echo "  core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config
+    echo '  "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config
+    echo '};' >> /home/$MY_USERNAME/.irssi/config
+    echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config
+
+    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi
 fi
 
 if [ -f /etc/nginx/.htpasswd ]; then
-	if ! grep "${MY_USERNAME}:" /etc/nginx/.htpasswd; then
-		echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $MY_USERNAME
-	fi
+    if ! grep "${MY_USERNAME}:" /etc/nginx/.htpasswd; then
+	echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $MY_USERNAME
+    fi
 fi
 
 # add user to the sipwitch group
 if [ -f /etc/sipwitch.conf ]; then
-	usermod -aG sipwitch $MY_USERNAME
+    usermod -aG sipwitch $MY_USERNAME
 fi
 
 # add user for SIP STUN/TURN
 if [ -d /etc/turnserver ]; then
-	if grep -q "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE; then
-		DEFAULT_DOMAIN_NAME=$(grep "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
-		echo "${MY_USERNAME}:${NEW_USER_PASSWORD}:${DEFAULT_DOMAIN_NAME}:authorized" >> /etc/turnserver/turnusers.txt
-	fi
+    if grep -q "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE; then
+	DEFAULT_DOMAIN_NAME=$(grep "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+	echo "${MY_USERNAME}:${NEW_USER_PASSWORD}:${DEFAULT_DOMAIN_NAME}:authorized" >> /etc/turnserver/turnusers.txt
+    fi
 fi
 
 # add user menu on ssh login
 if ! grep -q 'control' /home/$MY_USERNAME/.bashrc; then
-	echo 'control' >> /home/$MY_USERNAME/.bashrc
+    echo 'control' >> /home/$MY_USERNAME/.bashrc
 fi
 
 clear
 echo $"New user $MY_USERNAME was created"
 if [ $SIP_EXTENSION ]; then
-	echo $"Their SIP phone extension is $SIP_EXTENSION"
+    echo $"Their SIP phone extension is $SIP_EXTENSION"
 fi
 echo $"Their login password is $NEW_USER_PASSWORD"
 echo ''

src/freedombone-addxmpp

@@ -46,25 +46,25 @@ function show_help {
 
 while [[ $# > 1 ]]
 do
-key="$1"
+    key="$1"
 
-case $key in
-    -h|--help)
-    show_help
-    ;;
-    -e|--email)
-    shift
-    EMAIL_ADDRESS="$1"
-    ;;
-    -p|--password|--passphrase)
+    case $key in
+	-h|--help)
+	    show_help
+	    ;;
+	-e|--email)
+	    shift
+	    EMAIL_ADDRESS="$1"
+	    ;;
+	-p|--password|--passphrase)
+	    shift
+	    NEW_USER_PASSWORD="$1"
+	    ;;
+	*)
+	    # unknown option
+	    ;;
+    esac
     shift
-    NEW_USER_PASSWORD="$1"
-    ;;
-    *)
-    # unknown option
-    ;;
-esac
-shift
 done
 
 if [ ! -d /etc/prosody ]; then
@@ -84,7 +84,7 @@ else
     DOMAIN_NAME=$(echo $EMAIL_ADDRESS | awk -F '@' '{print $2}')
     prosodyctl register $USERNAME $DOMAIN_NAME "$NEW_USER_PASSWORD"
     if [ ! "$?" = "0" ]; then
-        exit 2
+	exit 2
     fi
 fi
 

src/freedombone-app-batman

@@ -34,16 +34,16 @@ ENABLE_BATMAN="no"
 BATMAN_CELLID='any'
 
 function configure_firewall_for_batma {
-	if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $ENABLE_BATMAN != "yes" ]]; then
-		return
-	fi
-
-	function_check save_firewall_settings
-	save_firewall_settings
-	echo 'configure_firewall_for_batman' >> $COMPLETION_FILE
+    if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then
+	return
+    fi
+    if [[ $ENABLE_BATMAN != "yes" ]]; then
+	return
+    fi
+
+    function_check save_firewall_settings
+    save_firewall_settings
+    echo 'configure_firewall_for_batman' >> $COMPLETION_FILE
 }
 
 function reconfigure_batman {
@@ -71,90 +71,90 @@ function restore_remote_batman {
 }
 
 function remove_batman {
-	if ! grep -Fxq "install_batman" $COMPLETION_FILE; then
-		return
-	fi
-
-	${PROJECT_NAME}-mesh-install -f batman --remove yes
-	if [ ! "$?" = "0" ]; then
-		echo $'Failed to remove batman'
-		exit 79353
-	fi
-	sed -i '/install_batman/d' $COMPLETION_FILE
-	sed -i '/configure_firewall_for_batman/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_batman" $COMPLETION_FILE; then
+	return
+    fi
+
+    ${PROJECT_NAME}-mesh-install -f batman --remove yes
+    if [ ! "$?" = "0" ]; then
+	echo $'Failed to remove batman'
+	exit 79353
+    fi
+    sed -i '/install_batman/d' $COMPLETION_FILE
+    sed -i '/configure_firewall_for_batman/d' $COMPLETION_FILE
 }
 
 function mesh_install_batman {
-	chroot "$rootdir" apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
-	chroot "$rootdir" apt-get -y install python-dev libevent-dev ebtables python-pip git
-	chroot "$rootdir" apt-get -y install wireless-tools rfkill
-
-	if ! grep -q "batman_adv" $rootdir/etc/modules; then
-		echo 'batman_adv' >> $rootdir/etc/modules
-	fi
-
-	BATMAN_SCRIPT=$rootdir/var/lib/batman
-
-	if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
-		cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
-	else
-		cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
-	fi
-
-	BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
-	echo '[Unit]' > $BATMAN_DAEMON
-	echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
-	echo 'After=network.target' >> $BATMAN_DAEMON
-	echo '' >> $BATMAN_DAEMON
-	echo '[Service]' >> $BATMAN_DAEMON
-	echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
-	echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
-	echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
-	echo 'Restart=on-failure' >> $BATMAN_DAEMON
-	echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
-	echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
-	echo '' >> $BATMAN_DAEMON
-	echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
-	echo 'TimeoutSec=300' >> $BATMAN_DAEMON
-	echo '' >> $BATMAN_DAEMON
-	echo '[Install]' >> $BATMAN_DAEMON
-	echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
-	chroot "$rootdir" systemctl enable batman
+    chroot "$rootdir" apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
+    chroot "$rootdir" apt-get -y install python-dev libevent-dev ebtables python-pip git
+    chroot "$rootdir" apt-get -y install wireless-tools rfkill
+
+    if ! grep -q "batman_adv" $rootdir/etc/modules; then
+	echo 'batman_adv' >> $rootdir/etc/modules
+    fi
+
+    BATMAN_SCRIPT=$rootdir/var/lib/batman
+
+    if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
+	cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+    else
+	cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+    fi
+
+    BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
+    echo '[Unit]' > $BATMAN_DAEMON
+    echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
+    echo 'After=network.target' >> $BATMAN_DAEMON
+    echo '' >> $BATMAN_DAEMON
+    echo '[Service]' >> $BATMAN_DAEMON
+    echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
+    echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
+    echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
+    echo 'Restart=on-failure' >> $BATMAN_DAEMON
+    echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
+    echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
+    echo '' >> $BATMAN_DAEMON
+    echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
+    echo 'TimeoutSec=300' >> $BATMAN_DAEMON
+    echo '' >> $BATMAN_DAEMON
+    echo '[Install]' >> $BATMAN_DAEMON
+    echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
+    chroot "$rootdir" systemctl enable batman
 }
 
 function install_batman {
-	if [ $INSTALLING_MESH ]; then
-		mesh_install_batman
-		return
-	fi
-	if grep -Fxq "install_batman" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $ENABLE_BATMAN != "yes" ]]; then
-		return
-	fi
-
-	${PROJECT_NAME}-mesh-install -f batman
-	if [ ! "$?" = "0" ]; then
-		echo $'Failed to install batman'
-		exit 72524
-	fi
-
-	if ! grep -q "Mesh Networking (B.A.T.M.A.N)" /home/$MY_USERNAME/README; then
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README
-		echo '=============================' >> /home/$MY_USERNAME/README
-		echo "Mesh ESSID: $WIFI_SSID" >> /home/$MY_USERNAME/README
-		echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README
-		echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
-
-	function_check configure_firewall_for_batman
-	configure_firewall_for_batman
-	echo 'install_batman' >> $COMPLETION_FILE
+    if [ $INSTALLING_MESH ]; then
+	mesh_install_batman
+	return
+    fi
+    if grep -Fxq "install_batman" $COMPLETION_FILE; then
+	return
+    fi
+    if [[ $ENABLE_BATMAN != "yes" ]]; then
+	return
+    fi
+
+    ${PROJECT_NAME}-mesh-install -f batman
+    if [ ! "$?" = "0" ]; then
+	echo $'Failed to install batman'
+	exit 72524
+    fi
+
+    if ! grep -q "Mesh Networking (B.A.T.M.A.N)" /home/$MY_USERNAME/README; then
+	echo '' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README
+	echo '=============================' >> /home/$MY_USERNAME/README
+	echo "Mesh ESSID: $WIFI_SSID" >> /home/$MY_USERNAME/README
+	echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README
+	echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README
+	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+	chmod 600 /home/$MY_USERNAME/README
+    fi
+
+    function_check configure_firewall_for_batman
+    configure_firewall_for_batman
+    echo 'install_batman' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-cjdns

@@ -42,498 +42,498 @@ CJDCMD_REPO="https://github.com/inhies/cjdcmd"
 CJDCMD_COMMIT='973cca6ed0eecf9041c3403a40193c0b1291b808'
 
 function reconfigure_cjdns {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_cjdns {
-	if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then
-		return
-	fi
-	function_check set_repo_commit
-	set_repo_commit /etc/cjdns "cjdns commit" "$CJDNS_COMMIT" $CJDNS_REPO
+    if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then
+	return
+    fi
+    function_check set_repo_commit
+    set_repo_commit /etc/cjdns "cjdns commit" "$CJDNS_COMMIT" $CJDNS_REPO
 }
 
 function configure_firewall_for_cjdns {
-	if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $ENABLE_CJDNS != "yes" ]]; then
-		return
-	fi
-	ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
-	ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-	ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
-	ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
-
-	function_check save_firewall_settings
-	save_firewall_settings
-	echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
+    if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
+	return
+    fi
+    if [[ $ENABLE_CJDNS != "yes" ]]; then
+	return
+    fi
+    ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
+    ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+    ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
+
+    function_check save_firewall_settings
+    save_firewall_settings
+    echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
 }
 
 function get_cjdns_public_key {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
-			if [ ! $CJDNS_PUBLIC_KEY ]; then
-				CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//')
-			fi
-		fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+	if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
+	    if [ ! $CJDNS_PUBLIC_KEY ]; then
+		CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//')
+	    fi
 	fi
+    fi
 }
 
 function get_cjdns_private_key {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "cjdns private key" /home/$MY_USERNAME/README; then
-			if [ ! $CJDNS_PRIVATE_KEY ]; then
-				CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//')
-			fi
-		fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+	if grep -q "cjdns private key" /home/$MY_USERNAME/README; then
+	    if [ ! $CJDNS_PRIVATE_KEY ]; then
+		CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//')
+	    fi
 	fi
+    fi
 }
 
 function get_cjdns_ipv6_address {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then
-			if [ ! $CJDNS_IPV6 ]; then
-				CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//')
-			fi
-		fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+	if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then
+	    if [ ! $CJDNS_IPV6 ]; then
+		CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//')
+	    fi
 	fi
+    fi
 }
 
 function get_cjdns_port {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "cjdns port" /home/$MY_USERNAME/README; then
-			if [ ! $CJDNS_PORT ]; then
-				CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//')
-			fi
-		fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+	if grep -q "cjdns port" /home/$MY_USERNAME/README; then
+	    if [ ! $CJDNS_PORT ]; then
+		CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//')
+	    fi
 	fi
+    fi
 }
 
 function get_cjdns_password {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "cjdns password" /home/$MY_USERNAME/README; then
-			if [ ! $CJDNS_PASSWORD ]; then
-				CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
-			fi
-		fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+	if grep -q "cjdns password" /home/$MY_USERNAME/README; then
+	    if [ ! $CJDNS_PASSWORD ]; then
+		CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+	    fi
 	fi
+    fi
 }
 
 function backup_local_cjdns {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_local_cjdns {
-	if [ -d $USB_MOUNT/backup/cjdns ]; then
-		echo $"Restoring cjdns installation"
-		temp_restore_dir=/root/tempcjdns
-		function_check restore_directory_from_usb
-		restore_directory_from_usb $temp_restore_dir cjdns
-		rm -rf /etc/cjdns
-		cp -r $temp_restore_dir/etc/cjdns /etc/
-		if [ ! "$?" = "0" ]; then
-			function_check set_user_permissions
-			set_user_permissions
-			function_check backup_unmount_drive
-			backup_unmount_drive
-			exit 8472
-		fi
-		rm -rf $temp_restore_dir
-	fi
+    if [ -d $USB_MOUNT/backup/cjdns ]; then
+	echo $"Restoring cjdns installation"
+	temp_restore_dir=/root/tempcjdns
+	function_check restore_directory_from_usb
+	restore_directory_from_usb $temp_restore_dir cjdns
+	rm -rf /etc/cjdns
+	cp -r $temp_restore_dir/etc/cjdns /etc/
+	if [ ! "$?" = "0" ]; then
+	    function_check set_user_permissions
+	    set_user_permissions
+	    function_check backup_unmount_drive
+	    backup_unmount_drive
+	    exit 8472
+	fi
+	rm -rf $temp_restore_dir
+    fi
 }
 
 function backup_remote_cjdns {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_remote_cjdns {
-	if [ -d $SERVER_DIRECTORY/backup/cjdns ]; then
-		echo $"Restoring cjdns installation"
-		temp_restore_dir=/root/tempcjdns
-		function_check restore_directory_from_friend
-		restore_directory_from_friend $temp_restore_dir cjdns
-		rm -rf /etc/cjdns
-		cp -r $temp_restore_dir/etc/cjdns /etc/
-		if [ ! "$?" = "0" ]; then
-			exit 7438
-		fi
-		rm -rf $temp_restore_dir
+    if [ -d $SERVER_DIRECTORY/backup/cjdns ]; then
+	echo $"Restoring cjdns installation"
+	temp_restore_dir=/root/tempcjdns
+	function_check restore_directory_from_friend
+	restore_directory_from_friend $temp_restore_dir cjdns
+	rm -rf /etc/cjdns
+	cp -r $temp_restore_dir/etc/cjdns /etc/
+	if [ ! "$?" = "0" ]; then
+	    exit 7438
 	fi
+	rm -rf $temp_restore_dir
+    fi
 }
 
 function remove_cjdns {
-	if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then
-		return
-	fi
-	service cjdns stop
-	ip6tables -D nat -D POSTROUTING -o tun0 -j MASQUERADE
-	ip6tables -D FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-	ip6tables -D INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
-	ip6tables -D INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	rm -rf /etc/cjdns
-	sed -i '/install_cjdns/d' $COMPLETION_FILE
-	sed -i '/cjdns /d' $COMPLETION_FILE
-	sed -i '/configure_firewall_for_cjdns/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then
+	return
+    fi
+    service cjdns stop
+    ip6tables -D nat -D POSTROUTING -o tun0 -j MASQUERADE
+    ip6tables -D FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+    ip6tables -D INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    rm -rf /etc/cjdns
+    sed -i '/install_cjdns/d' $COMPLETION_FILE
+    sed -i '/cjdns /d' $COMPLETION_FILE
+    sed -i '/configure_firewall_for_cjdns/d' $COMPLETION_FILE
 }
 
 function install_cjdns_main {
-	if [[ $ENABLE_CJDNS != "yes" ]]; then
-		return
-	fi
-
-	if grep -Fxq "install_cjdns_main" $COMPLETION_FILE; then
-		return
-	fi
+    if [[ $ENABLE_CJDNS != "yes" ]]; then
+	return
+    fi
 
-	apt-get -y install nodejs git build-essential nmap
+    if grep -Fxq "install_cjdns_main" $COMPLETION_FILE; then
+	return
+    fi
 
-	# if a README exists then obtain the cjdns parameters
-	function_check get_cjdns_ipv6_address
-	get_cjdns_ipv6_address
+    apt-get -y install nodejs git build-essential nmap
 
-	function_check get_cjdns_public_key
-	get_cjdns_public_key
+    # if a README exists then obtain the cjdns parameters
+    function_check get_cjdns_ipv6_address
+    get_cjdns_ipv6_address
 
-	function_check get_cjdns_private_key
-	get_cjdns_private_key
+    function_check get_cjdns_public_key
+    get_cjdns_public_key
 
-	function_check get_cjdns_port
-	get_cjdns_port
+    function_check get_cjdns_private_key
+    get_cjdns_private_key
 
-	function_check get_cjdns_password
-	get_cjdns_password
+    function_check get_cjdns_port
+    get_cjdns_port
 
-	# special compile settings for running ./do on the Beaglebone Black
-	if [[ $INSTALLING_ON_BBB == "yes" ]]; then
-		CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized"
-		export LDFLAGS="$CFLAGS"
-	fi
+    function_check get_cjdns_password
+    get_cjdns_password
 
-	if [ ! -d /etc/cjdns ]; then
-		function_check git_pull
-		git_clone $CJDNS_REPO /etc/cjdns
-		cd /etc/cjdns
-
-		git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT
-		if ! grep -q "cjdns commit" $COMPLETION_FILE; then
-			echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE
-		else
-			sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
-		fi
-
-		./do
-		if [ ! "$?" = "0" ]; then
-			exit 7439
-		fi
-		# create a configuration
-		if [ ! -f /etc/cjdns/cjdroute.conf ]; then
-			./cjdroute --genconf > /etc/cjdns/cjdroute.conf
-			if [ ! "$?" = "0" ]; then
-				exit 5922
-			fi
-		fi
-		# create a user to run as
-		useradd cjdns
-	else
-		cd /etc/cjdns
-		function_check git_pull
-		git_pull $CJDNS_REPO
-		./do
-		if [ ! "$?" = "0" ]; then
-			exit 9926
-		fi
-	fi
+    # special compile settings for running ./do on the Beaglebone Black
+    if [[ $INSTALLING_ON_BBB == "yes" ]]; then
+	CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized"
+	export LDFLAGS="$CFLAGS"
+    fi
 
-	# set permissions
-	chown -R cjdns:cjdns /etc/cjdns
-	chmod 600 /etc/cjdns/cjdroute.conf
+    if [ ! -d /etc/cjdns ]; then
+	function_check git_pull
+	git_clone $CJDNS_REPO /etc/cjdns
+	cd /etc/cjdns
 
-	/sbin/ip tuntap add mode tun user cjdns dev cjdroute0
-
-	# insert values into the configuration file
-	if [ $CJDNS_PRIVATE_KEY ]; then
-		sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf
-	else
-		CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p)
-	fi
-	if [ $CJDNS_PUBLIC_KEY ]; then
-		sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf
-	else
-		CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p)
-	fi
-	if [ $CJDNS_IPV6 ]; then
-		sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf
-	else
-		CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p)
-	fi
-	if [ $CJDNS_PASSWORD ]; then
-		sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf
-	else
-		CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p)
-	fi
-	if [ $CJDNS_PORT ]; then
-		sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf
+	git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT
+	if ! grep -q "cjdns commit" $COMPLETION_FILE; then
+	    echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE
 	else
-		CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p)
+	    sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
 	fi
 
-	function_check enable_ipv6
-	enable_ipv6
-
-	echo '#!/bin/sh -e' > /etc/init.d/cjdns
-	echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns
-	echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns
-	echo '# Provides:          cjdroute' >> /etc/init.d/cjdns
-	echo '# Required-Start:    $remote_fs $network' >> /etc/init.d/cjdns
-	echo '# Required-Stop:     $remote_fs $network' >> /etc/init.d/cjdns
-	echo '# Default-Start:     2 3 4 5' >> /etc/init.d/cjdns
-	echo '# Default-Stop:      0 1 6' >> /etc/init.d/cjdns
-	echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns
-	echo '# Description:       A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns
-	echo '# cjdns git repo:    https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns
-	echo '### END INIT INFO' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo 'PROG="cjdroute"' >> /etc/init.d/cjdns
-	echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
-	echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
-	echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns
-	echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns
-	echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo 'start() {' >> /etc/init.d/cjdns
-	echo '     # Start it up with the user cjdns' >> /etc/init.d/cjdns
-	echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
-	echo '     then' >> /etc/init.d/cjdns
-	echo '         echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns
-	echo '     else' >> /etc/init.d/cjdns
-	echo '         echo " * Starting cjdroute"' >> /etc/init.d/cjdns
-	echo '         su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns
-	echo '         /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns
-	echo '         /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns
-	echo '         /sbin/ip link set tun0 up' >> /etc/init.d/cjdns
-	echo '         /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns
-	echo '     fi' >> /etc/init.d/cjdns
-	echo '}' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo 'stop() {' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo '     if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns
-	echo '     then' >> /etc/init.d/cjdns
-	echo '         echo "cjdns isnt running."' >> /etc/init.d/cjdns
-	echo '     else' >> /etc/init.d/cjdns
-	echo '         echo "Killing cjdroute"' >> /etc/init.d/cjdns
-	echo '         killall cjdroute' >> /etc/init.d/cjdns
-	echo '     fi' >> /etc/init.d/cjdns
-	echo '}' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo 'status() {' >> /etc/init.d/cjdns
-	echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
-	echo '     then' >> /etc/init.d/cjdns
-	echo '         echo "Cjdns is running"' >> /etc/init.d/cjdns
-	echo '     else' >> /etc/init.d/cjdns
-	echo '         echo "Cjdns is not running"' >> /etc/init.d/cjdns
-	echo '     fi' >> /etc/init.d/cjdns
-	echo '}' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo ' update() {' >> /etc/init.d/cjdns
-	echo '     cd $GIT_PATH' >> /etc/init.d/cjdns
-	echo '     echo "Updating..."' >> /etc/init.d/cjdns
-	echo '     git pull' >> /etc/init.d/cjdns
-	echo '     ./do' >> /etc/init.d/cjdns
-	echo '}' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns
-	echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns
-	echo '    echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns
-	echo '    exit 1' >> /etc/init.d/cjdns
-	echo 'fi' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo 'case $1 in' >> /etc/init.d/cjdns
-	echo '     start)' >> /etc/init.d/cjdns
-	echo '         start' >> /etc/init.d/cjdns
-	echo '         exit 0' >> /etc/init.d/cjdns
-	echo '     ;;' >> /etc/init.d/cjdns
-	echo '     stop)' >> /etc/init.d/cjdns
-	echo '         stop' >> /etc/init.d/cjdns
-	echo '         exit 0' >> /etc/init.d/cjdns
-	echo '     ;;' >> /etc/init.d/cjdns
-	echo '     reload|restart|force-reload)' >> /etc/init.d/cjdns
-	echo '         stop' >> /etc/init.d/cjdns
-	echo '         sleep 1' >> /etc/init.d/cjdns
-	echo '         start' >> /etc/init.d/cjdns
-	echo '         exit 0' >> /etc/init.d/cjdns
-	echo '     ;;' >> /etc/init.d/cjdns
-	echo '     status)' >> /etc/init.d/cjdns
-	echo '         status' >> /etc/init.d/cjdns
-	echo '         exit 0' >> /etc/init.d/cjdns
-	echo '     ;;' >> /etc/init.d/cjdns
-	echo '     update|upgrade)' >> /etc/init.d/cjdns
-	echo '         update' >> /etc/init.d/cjdns
-	echo '         stop' >> /etc/init.d/cjdns
-	echo '         sleep 2' >> /etc/init.d/cjdns
-	echo '         start' >> /etc/init.d/cjdns
-	echo '         exit 0' >> /etc/init.d/cjdns
-	echo '     ;;' >> /etc/init.d/cjdns
-	echo '     **)' >> /etc/init.d/cjdns
-	echo '         echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns
-	echo '         exit 1' >> /etc/init.d/cjdns
-	echo '     ;;' >> /etc/init.d/cjdns
-	echo 'esac' >> /etc/init.d/cjdns
-	chmod +x /etc/init.d/cjdns
-	update-rc.d cjdns defaults
-	service cjdns start
+	./do
 	if [ ! "$?" = "0" ]; then
-		systemctl status cjdns.service
-		exit 8260
-	fi
-
-	apt-get -y install radvd
-	echo 'interface eth0' > /etc/radvd.conf
-	echo '{' >> /etc/radvd.conf
-	echo '    AdvSendAdvert on;' >> /etc/radvd.conf
-	echo '    prefix fdfc::1/64' >> /etc/radvd.conf
-	echo '    {' >> /etc/radvd.conf
-	echo '        AdvRouterAddr on;' >> /etc/radvd.conf
-	echo '    };' >> /etc/radvd.conf
-	echo '};' >> /etc/radvd.conf
-	systemctl restart radvd
+	    exit 7439
+	fi
+	# create a configuration
+	if [ ! -f /etc/cjdns/cjdroute.conf ]; then
+	    ./cjdroute --genconf > /etc/cjdns/cjdroute.conf
+	    if [ ! "$?" = "0" ]; then
+		exit 5922
+	    fi
+	fi
+	# create a user to run as
+	useradd cjdns
+    else
+	cd /etc/cjdns
+	function_check git_pull
+	git_pull $CJDNS_REPO
+	./do
 	if [ ! "$?" = "0" ]; then
-		systemctl status radvd.service
-		exit 4395
-	fi
-
-	if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then
-		echo '' >> /etc/network/interfaces
-		echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces
-		echo 'iface eth0 inet6 static' >> /etc/network/interfaces
-		echo '    pre-up modprobe ipv6' >> /etc/network/interfaces
-		echo '    address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces
-		echo '    netmask 64' >> /etc/network/interfaces
-		service network-manager restart
-		if [ ! "$?" = "0" ]; then
-			systemctl status networking.service
-			exit 6949
-		fi
-	fi
-
-	if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
-		CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}')
-
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README
-		echo '=======================' >> /home/$MY_USERNAME/README
-		echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README
-		echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README
-		echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README
-		echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README
-		echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README
-		echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README
-		echo $'to you using your default password' >> /home/$MY_USERNAME/README
-		echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README
-		echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README
-		echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README
-		echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README
-		echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README
-		echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README
-		echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README
-		echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README
-		echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README
-		echo $'each password is for.' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README
-		echo '    http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README
-		echo '    http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
-
-	function_check configure_firewall_for_cjdns
-	configure_firewall_for_cjdns
-
-	echo 'install_cjdns_main' >> $COMPLETION_FILE
+	    exit 9926
+	fi
+    fi
+
+    # set permissions
+    chown -R cjdns:cjdns /etc/cjdns
+    chmod 600 /etc/cjdns/cjdroute.conf
+
+    /sbin/ip tuntap add mode tun user cjdns dev cjdroute0
+
+    # insert values into the configuration file
+    if [ $CJDNS_PRIVATE_KEY ]; then
+	sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf
+    else
+	CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p)
+    fi
+    if [ $CJDNS_PUBLIC_KEY ]; then
+	sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf
+    else
+	CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p)
+    fi
+    if [ $CJDNS_IPV6 ]; then
+	sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf
+    else
+	CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p)
+    fi
+    if [ $CJDNS_PASSWORD ]; then
+	sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf
+    else
+	CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p)
+    fi
+    if [ $CJDNS_PORT ]; then
+	sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf
+    else
+	CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p)
+    fi
+
+    function_check enable_ipv6
+    enable_ipv6
+
+    echo '#!/bin/sh -e' > /etc/init.d/cjdns
+    echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns
+    echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns
+    echo '# Provides:          cjdroute' >> /etc/init.d/cjdns
+    echo '# Required-Start:    $remote_fs $network' >> /etc/init.d/cjdns
+    echo '# Required-Stop:     $remote_fs $network' >> /etc/init.d/cjdns
+    echo '# Default-Start:     2 3 4 5' >> /etc/init.d/cjdns
+    echo '# Default-Stop:      0 1 6' >> /etc/init.d/cjdns
+    echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns
+    echo '# Description:       A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns
+    echo '# cjdns git repo:    https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns
+    echo '### END INIT INFO' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo 'PROG="cjdroute"' >> /etc/init.d/cjdns
+    echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
+    echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
+    echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns
+    echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns
+    echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo 'start() {' >> /etc/init.d/cjdns
+    echo '     # Start it up with the user cjdns' >> /etc/init.d/cjdns
+    echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
+    echo '     then' >> /etc/init.d/cjdns
+    echo '         echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns
+    echo '     else' >> /etc/init.d/cjdns
+    echo '         echo " * Starting cjdroute"' >> /etc/init.d/cjdns
+    echo '         su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns
+    echo '         /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns
+    echo '         /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns
+    echo '         /sbin/ip link set tun0 up' >> /etc/init.d/cjdns
+    echo '         /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns
+    echo '     fi' >> /etc/init.d/cjdns
+    echo '}' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo 'stop() {' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo '     if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns
+    echo '     then' >> /etc/init.d/cjdns
+    echo '         echo "cjdns isnt running."' >> /etc/init.d/cjdns
+    echo '     else' >> /etc/init.d/cjdns
+    echo '         echo "Killing cjdroute"' >> /etc/init.d/cjdns
+    echo '         killall cjdroute' >> /etc/init.d/cjdns
+    echo '     fi' >> /etc/init.d/cjdns
+    echo '}' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo 'status() {' >> /etc/init.d/cjdns
+    echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
+    echo '     then' >> /etc/init.d/cjdns
+    echo '         echo "Cjdns is running"' >> /etc/init.d/cjdns
+    echo '     else' >> /etc/init.d/cjdns
+    echo '         echo "Cjdns is not running"' >> /etc/init.d/cjdns
+    echo '     fi' >> /etc/init.d/cjdns
+    echo '}' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo ' update() {' >> /etc/init.d/cjdns
+    echo '     cd $GIT_PATH' >> /etc/init.d/cjdns
+    echo '     echo "Updating..."' >> /etc/init.d/cjdns
+    echo '     git pull' >> /etc/init.d/cjdns
+    echo '     ./do' >> /etc/init.d/cjdns
+    echo '}' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns
+    echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns
+    echo '    echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns
+    echo '    exit 1' >> /etc/init.d/cjdns
+    echo 'fi' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo 'case $1 in' >> /etc/init.d/cjdns
+    echo '     start)' >> /etc/init.d/cjdns
+    echo '         start' >> /etc/init.d/cjdns
+    echo '         exit 0' >> /etc/init.d/cjdns
+    echo '     ;;' >> /etc/init.d/cjdns
+    echo '     stop)' >> /etc/init.d/cjdns
+    echo '         stop' >> /etc/init.d/cjdns
+    echo '         exit 0' >> /etc/init.d/cjdns
+    echo '     ;;' >> /etc/init.d/cjdns
+    echo '     reload|restart|force-reload)' >> /etc/init.d/cjdns
+    echo '         stop' >> /etc/init.d/cjdns
+    echo '         sleep 1' >> /etc/init.d/cjdns
+    echo '         start' >> /etc/init.d/cjdns
+    echo '         exit 0' >> /etc/init.d/cjdns
+    echo '     ;;' >> /etc/init.d/cjdns
+    echo '     status)' >> /etc/init.d/cjdns
+    echo '         status' >> /etc/init.d/cjdns
+    echo '         exit 0' >> /etc/init.d/cjdns
+    echo '     ;;' >> /etc/init.d/cjdns
+    echo '     update|upgrade)' >> /etc/init.d/cjdns
+    echo '         update' >> /etc/init.d/cjdns
+    echo '         stop' >> /etc/init.d/cjdns
+    echo '         sleep 2' >> /etc/init.d/cjdns
+    echo '         start' >> /etc/init.d/cjdns
+    echo '         exit 0' >> /etc/init.d/cjdns
+    echo '     ;;' >> /etc/init.d/cjdns
+    echo '     **)' >> /etc/init.d/cjdns
+    echo '         echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns
+    echo '         exit 1' >> /etc/init.d/cjdns
+    echo '     ;;' >> /etc/init.d/cjdns
+    echo 'esac' >> /etc/init.d/cjdns
+    chmod +x /etc/init.d/cjdns
+    update-rc.d cjdns defaults
+    service cjdns start
+    if [ ! "$?" = "0" ]; then
+	systemctl status cjdns.service
+	exit 8260
+    fi
+
+    apt-get -y install radvd
+    echo 'interface eth0' > /etc/radvd.conf
+    echo '{' >> /etc/radvd.conf
+    echo '    AdvSendAdvert on;' >> /etc/radvd.conf
+    echo '    prefix fdfc::1/64' >> /etc/radvd.conf
+    echo '    {' >> /etc/radvd.conf
+    echo '        AdvRouterAddr on;' >> /etc/radvd.conf
+    echo '    };' >> /etc/radvd.conf
+    echo '};' >> /etc/radvd.conf
+    systemctl restart radvd
+    if [ ! "$?" = "0" ]; then
+	systemctl status radvd.service
+	exit 4395
+    fi
+
+    if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then
+	echo '' >> /etc/network/interfaces
+	echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces
+	echo 'iface eth0 inet6 static' >> /etc/network/interfaces
+	echo '    pre-up modprobe ipv6' >> /etc/network/interfaces
+	echo '    address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces
+	echo '    netmask 64' >> /etc/network/interfaces
+	service network-manager restart
+	if [ ! "$?" = "0" ]; then
+	    systemctl status networking.service
+	    exit 6949
+	fi
+    fi
+
+    if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
+	CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}')
+
+	echo '' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README
+	echo '=======================' >> /home/$MY_USERNAME/README
+	echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README
+	echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README
+	echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README
+	echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README
+	echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README
+	echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README
+	echo $'to you using your default password' >> /home/$MY_USERNAME/README
+	echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README
+	echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README
+	echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README
+	echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README
+	echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README
+	echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README
+	echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README
+	echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README
+	echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README
+	echo $'each password is for.' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README
+	echo '    http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README
+	echo '    http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README
+	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+	chmod 600 /home/$MY_USERNAME/README
+    fi
+
+    function_check configure_firewall_for_cjdns
+    configure_firewall_for_cjdns
+
+    echo 'install_cjdns_main' >> $COMPLETION_FILE
 }
 
 function install_cjdns_tools {
-	if grep -Fxq "install_cjdns_tools" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $ENABLE_CJDNS != "yes" ]]; then
-		return
-	fi
-	if [ ! -d /etc/cjdns ]; then
-		install_cjdns
-	fi
-
-	function_check select_go_version
-	select_go_version
-
-	apt-get -y install golang mercurial
-	if [ ! -f ~/.bashrc ]; then
-		touch ~/.bashrc
-	fi
-
-	if [ ! -d /home/git ]; then
-		# add a gogs user account
-		adduser --disabled-login --gecos 'Gogs' git
-
-		# install Go
-		if ! grep -q "export GOPATH=" ~/.bashrc; then
-			echo "export GOPATH=$GOPATH" >> ~/.bashrc
-		fi
-		systemctl set-environment GOPATH=$GOPATH
-		if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
-			echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
-		fi
-		if [ ! -d $GOPATH ]; then
-			mkdir -p $GOPATH
-		fi
-	fi
-
+    if grep -Fxq "install_cjdns_tools" $COMPLETION_FILE; then
+	return
+    fi
+    if [[ $ENABLE_CJDNS != "yes" ]]; then
+	return
+    fi
+    if [ ! -d /etc/cjdns ]; then
+	install_cjdns
+    fi
+
+    function_check select_go_version
+    select_go_version
+
+    apt-get -y install golang mercurial
+    if [ ! -f ~/.bashrc ]; then
+	touch ~/.bashrc
+    fi
+
+    if [ ! -d /home/git ]; then
+	# add a gogs user account
+	adduser --disabled-login --gecos 'Gogs' git
+
+	# install Go
 	if ! grep -q "export GOPATH=" ~/.bashrc; then
-		echo "export GOPATH=$GOPATH" >> ~/.bashrc
-	fi
-	expected_go_path='export PATH=$PATH:'${GOPATH}'/bin'
-	export PATH=$PATH:${GOPATH}/bin
-	if ! grep -q "$expected_go_path" ~/.bashrc; then
-		echo "$expected_go_path" >> ~/.bashrc
-	fi
-	export PATH=$PATH:$GOPATH/bin
-	CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g')
-	go get $CJDCMD_REPO2
-	if [ ! -f $GOPATH/bin/cjdcmd ]; then
-		echo $'cjdcmd was not compiled. Check your golang installation'
-		exit 7439
-	fi
-	cp $GOPATH/bin/cjdcmd /usr/bin
-
-	# initialise from the cjdns config
-	/usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf
-
-	echo 'install_cjdns_tools' >> $COMPLETION_FILE
+	    echo "export GOPATH=$GOPATH" >> ~/.bashrc
+	fi
+	systemctl set-environment GOPATH=$GOPATH
+	if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
+	    echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
+	fi
+	if [ ! -d $GOPATH ]; then
+	    mkdir -p $GOPATH
+	fi
+    fi
+
+    if ! grep -q "export GOPATH=" ~/.bashrc; then
+	echo "export GOPATH=$GOPATH" >> ~/.bashrc
+    fi
+    expected_go_path='export PATH=$PATH:'${GOPATH}'/bin'
+    export PATH=$PATH:${GOPATH}/bin
+    if ! grep -q "$expected_go_path" ~/.bashrc; then
+	echo "$expected_go_path" >> ~/.bashrc
+    fi
+    export PATH=$PATH:$GOPATH/bin
+    CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g')
+    go get $CJDCMD_REPO2
+    if [ ! -f $GOPATH/bin/cjdcmd ]; then
+	echo $'cjdcmd was not compiled. Check your golang installation'
+	exit 7439
+    fi
+    cp $GOPATH/bin/cjdcmd /usr/bin
+
+    # initialise from the cjdns config
+    /usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf
+
+    echo 'install_cjdns_tools' >> $COMPLETION_FILE
 }
 
 function install_cjdns {
-	if grep -Fxq "install_cjdns" $COMPLETION_FILE; then
-		return
-	fi
-	install_cjdns_main
-	install_cjdns_tools
-	echo 'install_cjdns' >> $COMPLETION_FILE
+    if grep -Fxq "install_cjdns" $COMPLETION_FILE; then
+	return
+    fi
+    install_cjdns_main
+    install_cjdns_tools
+    echo 'install_cjdns' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-dlna

@@ -31,205 +31,205 @@
 VARIANTS='full media'
 
 function reconfigure_dlna {
-	echo ''
+    echo ''
 }
 
 function upgrade_dlna {
-	echo ''
+    echo ''
 }
 
 function configure_firewall_for_dlna {
-	if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-		# docker does its own firewalling
-		return
-	fi
-	iptables -A INPUT -p udp --dport 1900 -j ACCEPT
-	iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	OPEN_PORTS+=('DLNA     1900')
-	OPEN_PORTS+=('DLNA     8200')
-	echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
+    if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
+	return
+    fi
+    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+	# docker does its own firewalling
+	return
+    fi
+    iptables -A INPUT -p udp --dport 1900 -j ACCEPT
+    iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    OPEN_PORTS+=('DLNA     1900')
+    OPEN_PORTS+=('DLNA     8200')
+    echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
 }
 
 function backup_local_dlna {
-	source_directory=/var/cache/minidlna
-	if [ -d $source_directory ]; then
-		dest_directory=dlna
-		echo $"Backing up $source_directory to $dest_directory"
+    source_directory=/var/cache/minidlna
+    if [ -d $source_directory ]; then
+	dest_directory=dlna
+	echo $"Backing up $source_directory to $dest_directory"
 
-		function_check backup_directory_to_usb
-		backup_directory_to_usb $source_directory $dest_directory
+	function_check backup_directory_to_usb
+	backup_directory_to_usb $source_directory $dest_directory
 
-		echo $"Backup to $dest_directory complete"
-	fi
+	echo $"Backup to $dest_directory complete"
+    fi
 }
 
 function restore_local_dlna {
-	if [ -d /var/cache/minidlna ]; then
-		if [ -d $USB_MOUNT/backup/dlna ]; then
-			echo $"Restoring DLNA cache"
-			temp_restore_dir=/root/tempdlna
-			function_check restore_directory_from_usb
-			restore_directory_from_usb $temp_restore_dir dlna
-			cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/
-			if [ ! "$?" = "0" ]; then
-				rm -rf $temp_restore_dir
-				function_check set_user_permissions
-				set_user_permissions
-				function_check backup_unmount_drive
-				backup_unmount_drive
-				exit 982572
-			fi
-			rm -rf $temp_restore_dir
-		fi
-	fi
+    if [ -d /var/cache/minidlna ]; then
+	if [ -d $USB_MOUNT/backup/dlna ]; then
+	    echo $"Restoring DLNA cache"
+	    temp_restore_dir=/root/tempdlna
+	    function_check restore_directory_from_usb
+	    restore_directory_from_usb $temp_restore_dir dlna
+	    cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/
+	    if [ ! "$?" = "0" ]; then
+		rm -rf $temp_restore_dir
+		function_check set_user_permissions
+		set_user_permissions
+		function_check backup_unmount_drive
+		backup_unmount_drive
+		exit 982572
+	    fi
+	    rm -rf $temp_restore_dir
+	fi
+    fi
 }
 
 function backup_remote_dlna {
-	if [ -d /var/cache/minidlna ]; then
-		echo $"Backing up DLNA cache"
-		backup_directory_to_friend /var/cache/minidlna dlna
-		echo $"Backup of DLNA cache complete"
-	fi
+    if [ -d /var/cache/minidlna ]; then
+	echo $"Backing up DLNA cache"
+	backup_directory_to_friend /var/cache/minidlna dlna
+	echo $"Backup of DLNA cache complete"
+    fi
 }
 
 function restore_remote_dlna {
-	if [ -d /var/cache/minidlna ]; then
-		if [ -d $SERVER_DIRECTORY/backup/dlna ]; then
-			echo $"Restoring DLNA cache"
-			temp_restore_dir=/root/tempdlna
-			function_check restore_directory_from_friend
-			restore_directory_from_friend $temp_restore_dir dlna
-			cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/
-			if [ ! "$?" = "0" ]; then
-				exit 982
-			fi
-			rm -rf $temp_restore_dir
-			echo $"Restore of DLNA complete"
-		fi
-	fi
+    if [ -d /var/cache/minidlna ]; then
+	if [ -d $SERVER_DIRECTORY/backup/dlna ]; then
+	    echo $"Restoring DLNA cache"
+	    temp_restore_dir=/root/tempdlna
+	    function_check restore_directory_from_friend
+	    restore_directory_from_friend $temp_restore_dir dlna
+	    cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/
+	    if [ ! "$?" = "0" ]; then
+		exit 982
+	    fi
+	    rm -rf $temp_restore_dir
+	    echo $"Restore of DLNA complete"
+	fi
+    fi
 }
 
 function remove_dlna {
-	if ! grep -Fxq "install_dlna" $COMPLETION_FILE; then
-		return
-	fi
-	service minidlna stop
-	apt-get -y remove --purge minidlna
-	if [ -f /etc/minidlna.conf ]; then
-		rm /etc/minidlna.conf
-	fi
-	iptables -D INPUT -p udp --dport 1900 -j ACCEPT
-	iptables -D INPUT -p tcp --dport 8200 -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-	sed -i '/install_dlna/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_dlna" $COMPLETION_FILE; then
+	return
+    fi
+    service minidlna stop
+    apt-get -y remove --purge minidlna
+    if [ -f /etc/minidlna.conf ]; then
+	rm /etc/minidlna.conf
+    fi
+    iptables -D INPUT -p udp --dport 1900 -j ACCEPT
+    iptables -D INPUT -p tcp --dport 8200 -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+    sed -i '/install_dlna/d' $COMPLETION_FILE
 }
 
 function install_dlna_main {
-	if grep -Fxq "install_dlna_main" $COMPLETION_FILE; then
-		return
-	fi
-
-	apt-get -y install minidlna
-
-	if [ ! -f /etc/minidlna.conf ]; then
-		echo $"ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE"
-		exit 55
-	fi
-
-	sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf
-	if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then
-		echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf
-	fi
-	if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then
-		echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf
-	fi
-	if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then
-		echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf
-	fi
-	if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then
-		echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf
-	fi
-	if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then
-		echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf
-	fi
-	sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
-	if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
-		sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
-	else
-		sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf
-	fi
-	sed -i "s/#friendly_name=/friendly_name=\"${PROJECT_NAME} Media\"/g" /etc/minidlna.conf
-	sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
-	sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
-	sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf
-	sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
-	service minidlna force-reload
-	service minidlna reload
-
-	sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
-	if ! grep -q "max_user_watches" $COMPLETION_FILE; then
-		echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
-	fi
-	/sbin/sysctl -p
-
-	function_check configure_firewall_for_dlna
-	configure_firewall_for_dlna
-	echo 'install_dlna_main' >> $COMPLETION_FILE
+    if grep -Fxq "install_dlna_main" $COMPLETION_FILE; then
+	return
+    fi
+
+    apt-get -y install minidlna
+
+    if [ ! -f /etc/minidlna.conf ]; then
+	echo $"ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE"
+	exit 55
+    fi
+
+    sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf
+    if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then
+	echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf
+    fi
+    if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then
+	echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf
+    fi
+    if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then
+	echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf
+    fi
+    if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then
+	echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf
+    fi
+    if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then
+	echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf
+    fi
+    sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
+    if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+	sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
+    else
+	sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf
+    fi
+    sed -i "s/#friendly_name=/friendly_name=\"${PROJECT_NAME} Media\"/g" /etc/minidlna.conf
+    sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
+    sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
+    sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf
+    sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
+    service minidlna force-reload
+    service minidlna reload
+
+    sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
+    if ! grep -q "max_user_watches" $COMPLETION_FILE; then
+	echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
+    fi
+    /sbin/sysctl -p
+
+    function_check configure_firewall_for_dlna
+    configure_firewall_for_dlna
+    echo 'install_dlna_main' >> $COMPLETION_FILE
 }
 
 function script_for_attaching_usb_drive {
-	if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
-		return
-	fi
-	echo '#!/bin/bash' > /usr/bin/attach-music
-	echo 'remove-music' >> /usr/bin/attach-music
-	echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
-	echo "  mkdir $USB_MOUNT" >> /usr/bin/attach-music
-	echo 'fi' >> /usr/bin/attach-music
-	echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music
-	echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music
-	echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music
-	echo 'service minidlna restart' >> /usr/bin/attach-music
-	echo 'minidlnad -R' >> /usr/bin/attach-music
-	chmod +x /usr/bin/attach-music
-	ln -s /usr/bin/attach-music /usr/bin/attach-usb
-	ln -s /usr/bin/attach-music /usr/bin/attach-videos
-	ln -s /usr/bin/attach-music /usr/bin/attach-pictures
-	ln -s /usr/bin/attach-music /usr/bin/attach-media
-
-	echo '#!/bin/bash' > /usr/bin/remove-music
-	echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music
-	echo "  umount $USB_MOUNT" >> /usr/bin/remove-music
-	echo "  rm -rf $USB_MOUNT" >> /usr/bin/remove-music
-	echo 'fi' >> /usr/bin/remove-music
-	chmod +x /usr/bin/remove-music
-	ln -s /usr/bin/remove-music /usr/bin/detach-music
-	ln -s /usr/bin/remove-music /usr/bin/detach-usb
-	ln -s /usr/bin/remove-music /usr/bin/remove-usb
-	ln -s /usr/bin/remove-music /usr/bin/detach-media
-	ln -s /usr/bin/remove-music /usr/bin/remove-media
-	ln -s /usr/bin/remove-music /usr/bin/detach-videos
-	ln -s /usr/bin/remove-music /usr/bin/remove-videos
-	ln -s /usr/bin/remove-music /usr/bin/detach-pictures
-	ln -s /usr/bin/remove-music /usr/bin/remove-pictures
-
-	echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
+    if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
+	return
+    fi
+    echo '#!/bin/bash' > /usr/bin/attach-music
+    echo 'remove-music' >> /usr/bin/attach-music
+    echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
+    echo "  mkdir $USB_MOUNT" >> /usr/bin/attach-music
+    echo 'fi' >> /usr/bin/attach-music
+    echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music
+    echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music
+    echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music
+    echo 'service minidlna restart' >> /usr/bin/attach-music
+    echo 'minidlnad -R' >> /usr/bin/attach-music
+    chmod +x /usr/bin/attach-music
+    ln -s /usr/bin/attach-music /usr/bin/attach-usb
+    ln -s /usr/bin/attach-music /usr/bin/attach-videos
+    ln -s /usr/bin/attach-music /usr/bin/attach-pictures
+    ln -s /usr/bin/attach-music /usr/bin/attach-media
+
+    echo '#!/bin/bash' > /usr/bin/remove-music
+    echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music
+    echo "  umount $USB_MOUNT" >> /usr/bin/remove-music
+    echo "  rm -rf $USB_MOUNT" >> /usr/bin/remove-music
+    echo 'fi' >> /usr/bin/remove-music
+    chmod +x /usr/bin/remove-music
+    ln -s /usr/bin/remove-music /usr/bin/detach-music
+    ln -s /usr/bin/remove-music /usr/bin/detach-usb
+    ln -s /usr/bin/remove-music /usr/bin/remove-usb
+    ln -s /usr/bin/remove-music /usr/bin/detach-media
+    ln -s /usr/bin/remove-music /usr/bin/remove-media
+    ln -s /usr/bin/remove-music /usr/bin/detach-videos
+    ln -s /usr/bin/remove-music /usr/bin/remove-videos
+    ln -s /usr/bin/remove-music /usr/bin/detach-pictures
+    ln -s /usr/bin/remove-music /usr/bin/remove-pictures
+
+    echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
 }
 
 function install_dlna {
-	if grep -Fxq "install_dlna" $COMPLETION_FILE; then
-		return
-	fi
-	install_dlna_main
-	script_for_attaching_usb_drive
-	echo 'install_dlna' >> $COMPLETION_FILE
+    if grep -Fxq "install_dlna" $COMPLETION_FILE; then
+	return
+    fi
+    install_dlna_main
+    script_for_attaching_usb_drive
+    echo 'install_dlna' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-emacs

@@ -31,154 +31,154 @@
 VARIANTS='all'
 
 function reconfigure_emacs {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_emacs {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_local_emacs {
-	for d in /home/*/ ; do
-		USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-		if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
-			if [ -d /home/$USERNAME/.emacs.d ]; then
-				echo $"Backing up Emacs config for $USERNAME"
-				if [ -f /home/$USERNAME/.emacs ]; then
-					cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
-				fi
-				function_check backup_directory_to_usb
-				backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME
-			fi
+    for d in /home/*/ ; do
+	USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
+	if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
+	    if [ -d /home/$USERNAME/.emacs.d ]; then
+		echo $"Backing up Emacs config for $USERNAME"
+		if [ -f /home/$USERNAME/.emacs ]; then
+		    cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
 		fi
-	done
+		function_check backup_directory_to_usb
+		backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME
+	    fi
+	fi
+    done
 }
 
 function restore_local_emacs {
-	temp_restore_dir=/root/tempemacs
-	if [ -d $USB_MOUNT/backup/emacs ]; then
-		for d in $USB_MOUNT/backup/emacs/*/ ; do
-			USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
-			if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
-				if [ ! -d /home/$USERNAME ]; then
-					${PROJECT_NAME}-adduser $USERNAME
-				fi
-				echo $"Restoring Emacs config for $USERNAME"
-				function_check restore_directory_from_usb
-				restore_directory_from_usb $temp_restore_dir emacs/$USERNAME
-				cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/
-				if [ ! "$?" = "0" ]; then
-					rm -rf $temp_restore_dir
-					function_check set_user_permissions
-					set_user_permissions
-					function_check backup_unmount_drive
-					backup_unmount_drive
-					exit 664
-				fi
-				cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs
-				rm -rf $temp_restore_dir
-			fi
-		done
-	fi
+    temp_restore_dir=/root/tempemacs
+    if [ -d $USB_MOUNT/backup/emacs ]; then
+	for d in $USB_MOUNT/backup/emacs/*/ ; do
+	    USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
+	    if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
+		if [ ! -d /home/$USERNAME ]; then
+		    ${PROJECT_NAME}-adduser $USERNAME
+		fi
+		echo $"Restoring Emacs config for $USERNAME"
+		function_check restore_directory_from_usb
+		restore_directory_from_usb $temp_restore_dir emacs/$USERNAME
+		cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/
+		if [ ! "$?" = "0" ]; then
+		    rm -rf $temp_restore_dir
+		    function_check set_user_permissions
+		    set_user_permissions
+		    function_check backup_unmount_drive
+		    backup_unmount_drive
+		    exit 664
+		fi
+		cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs
+		rm -rf $temp_restore_dir
+	    fi
+	done
+    fi
 }
 
 function backup_remote_emacs {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_remote_emacs {
-	echo -n ''
+    echo -n ''
 }
 
 function remove_emacs {
-	if ! grep -Fxq "install_emacs" $COMPLETION_FILE; then
-		return
-	fi
-	apt-get -y remove --purge emacs24
-	update-alternatives --set editor /usr/bin/nano
-	sed -i '/install_emacs/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_emacs" $COMPLETION_FILE; then
+	return
+    fi
+    apt-get -y remove --purge emacs24
+    update-alternatives --set editor /usr/bin/nano
+    sed -i '/install_emacs/d' $COMPLETION_FILE
 }
 
 function install_emacs {
-	if grep -Fxq "install_emacs" $COMPLETION_FILE; then
-		return
-	fi
-	update-alternatives --set editor /usr/bin/emacs24
+    if grep -Fxq "install_emacs" $COMPLETION_FILE; then
+	return
+    fi
+    update-alternatives --set editor /usr/bin/emacs24
 
-	# A minimal emacs configuration
-	#echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
-	#echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
-	#echo '' >> /home/$MY_USERNAME/.emacs
-	echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
-	echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
-	echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
-	echo "           '(lambda ()" >> /home/$MY_USERNAME/.emacs
-	echo "              (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
-	echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
-	echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
-	echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
-	echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
-	echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
-	echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
-	echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
-	echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
-	echo '' >> /home/$MY_USERNAME/.emacs
-	echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
-	echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
-	cp /home/$MY_USERNAME/.emacs /root/.emacs
-	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
+    # A minimal emacs configuration
+    #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
+    #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
+    #echo '' >> /home/$MY_USERNAME/.emacs
+    echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
+    echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
+    echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
+    echo "           '(lambda ()" >> /home/$MY_USERNAME/.emacs
+    echo "              (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
+    echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
+    echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
+    echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
+    echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
+    echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
+    echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
+    echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
+    echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
+    echo '' >> /home/$MY_USERNAME/.emacs
+    echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
+    echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
+    cp /home/$MY_USERNAME/.emacs /root/.emacs
+    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
 
-	echo 'install_emacs' >> $COMPLETION_FILE
+    echo 'install_emacs' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-hubzilla

@@ -41,461 +41,461 @@ HUBZILLA_COMMIT='2d79e75788aa71664a379c4cea0b6bfe3ab87ad0'
 HUBZILLA_ADDONS_COMMIT='67b40c7a40f328a93ee030eb15e9e1261f3cba64'
 
 function reconfigure_hubzilla {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_hubzilla {
-	if ! grep -Fxq "install_hubzilla" $COMPLETION_FILE; then
-		return
-	fi
-	HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
-
-	function_check set_repo_commit
-	set_repo_commit $HUBZILLA_PATH "Hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO
-	set_repo_commit $HUBZILLA_PATH/addon "Hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO
-	if [ -d $HUBZILLA_PATH/redmatrix-themes1 ]; then
-		cd $HUBZILLA_PATH/redmatrix-themes1
-		git stash
-		git pull
-		cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
-		chown -R www-data:www-data $HUBZILLA_PATH
-	fi
+    if ! grep -Fxq "install_hubzilla" $COMPLETION_FILE; then
+	return
+    fi
+    HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
+
+    function_check set_repo_commit
+    set_repo_commit $HUBZILLA_PATH "Hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO
+    set_repo_commit $HUBZILLA_PATH/addon "Hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO
+    if [ -d $HUBZILLA_PATH/redmatrix-themes1 ]; then
+	cd $HUBZILLA_PATH/redmatrix-themes1
+	git stash
+	git pull
+	cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
+	chown -R www-data:www-data $HUBZILLA_PATH
+    fi
 }
 
 function backup_local_hubzilla {
-	if grep -q "Hubzilla domain" $COMPLETION_FILE; then
-		HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}')
-		hubzilla_path=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
-		if [ -d $hubzilla_path ]; then
-			echo $"Backing up Hubzilla"
-			function_check backup_database_to_usb
-			backup_database_to_usb hubzilla
-
-			backup_directory_to_usb $hubzilla_path hubzilla
-
-			echo $"Hubzilla backup complete"
-		fi
+    if grep -q "Hubzilla domain" $COMPLETION_FILE; then
+	HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}')
+	hubzilla_path=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
+	if [ -d $hubzilla_path ]; then
+	    echo $"Backing up Hubzilla"
+	    function_check backup_database_to_usb
+	    backup_database_to_usb hubzilla
+
+	    backup_directory_to_usb $hubzilla_path hubzilla
+
+	    echo $"Hubzilla backup complete"
 	fi
+    fi
 }
 
 function restore_local_hubzilla {
-	if ! grep -q "Hubzilla domain" $COMPLETION_FILE; then
-		return
-	fi
-	HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}')
-	if [ $HUBZILLA_DOMAIN_NAME ]; then
-		echo $"Restoring Hubzilla"
-		temp_restore_dir=/root/temphubzilla
-		hubzilla_dir=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
-		restore_database hubzilla ${HUBZILLA_DOMAIN_NAME}
-		if [ -d $USB_MOUNT/backup/hubzilla ]; then
-			if [ ! -d $hubzilla_dir/store/[data]/smarty3 ]; then
-				mkdir -p $hubzilla_dir/store/[data]/smarty3
-			fi
-			chmod 777 $hubzilla_dir/store/[data]/smarty3
-			chown -R www-data:www-data $hubzilla_dir/*
-			if [ -d $temp_restore_dir ]; then
-				rm -rf $temp_restore_dir
-			fi
-		fi
-		echo $"Restore of Hubzilla complete"
+    if ! grep -q "Hubzilla domain" $COMPLETION_FILE; then
+	return
+    fi
+    HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}')
+    if [ $HUBZILLA_DOMAIN_NAME ]; then
+	echo $"Restoring Hubzilla"
+	temp_restore_dir=/root/temphubzilla
+	hubzilla_dir=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
+	restore_database hubzilla ${HUBZILLA_DOMAIN_NAME}
+	if [ -d $USB_MOUNT/backup/hubzilla ]; then
+	    if [ ! -d $hubzilla_dir/store/[data]/smarty3 ]; then
+		mkdir -p $hubzilla_dir/store/[data]/smarty3
+	    fi
+	    chmod 777 $hubzilla_dir/store/[data]/smarty3
+	    chown -R www-data:www-data $hubzilla_dir/*
+	    if [ -d $temp_restore_dir ]; then
+		rm -rf $temp_restore_dir
+	    fi
 	fi
+	echo $"Restore of Hubzilla complete"
+    fi
 }
 
 function backup_remote_hubzilla {
-	if grep -q "Hubzilla domain" $COMPLETION_FILE; then
-		HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}')
-		temp_backup_dir=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
-		if [ -d $temp_backup_dir ]; then
-			suspend_site ${HUBZILLA_DOMAIN_NAME}
-			backup_database_to_friend hubzilla
-			echo "Backing up Hubzilla installation"
-			backup_directory_to_friend $temp_backup_dir hubzilla
-			restart_site
-			echo "Backup of Hubzilla complete"
-		else
-			echo $"Hubzilla domain specified but not found in /var/www/${HUBZILLA_DOMAIN_NAME}"
-			exit 2578
-		fi
+    if grep -q "Hubzilla domain" $COMPLETION_FILE; then
+	HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}')
+	temp_backup_dir=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
+	if [ -d $temp_backup_dir ]; then
+	    suspend_site ${HUBZILLA_DOMAIN_NAME}
+	    backup_database_to_friend hubzilla
+	    echo "Backing up Hubzilla installation"
+	    backup_directory_to_friend $temp_backup_dir hubzilla
+	    restart_site
+	    echo "Backup of Hubzilla complete"
+	else
+	    echo $"Hubzilla domain specified but not found in /var/www/${HUBZILLA_DOMAIN_NAME}"
+	    exit 2578
 	fi
+    fi
 }
 
 function restore_remote_hubzilla {
-	if grep -q "Hubzilla domain" $COMPLETION_FILE; then
-		echo $"Restoring Hubzilla"
-		HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}')
-		function_check restore_database_from_friend
-		restore_database_from_friend hubzilla ${HUBZILLA_DOMAIN_NAME}
-		if [ -d $SERVER_DIRECTORY/backup/hubzilla ]; then
-			if [ ! -d /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then
-				mkdir -p /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
-			fi
-			chmod 777 /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
-			chown -R www-data:www-data /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/*
-		fi
-		if [ -d /root/temphubzilla ]; then
-			rm -rf /root/temphubzilla
-		fi
-		echo $"Restore of Hubzilla complete"
+    if grep -q "Hubzilla domain" $COMPLETION_FILE; then
+	echo $"Restoring Hubzilla"
+	HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}')
+	function_check restore_database_from_friend
+	restore_database_from_friend hubzilla ${HUBZILLA_DOMAIN_NAME}
+	if [ -d $SERVER_DIRECTORY/backup/hubzilla ]; then
+	    if [ ! -d /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then
+		mkdir -p /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
+	    fi
+	    chmod 777 /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
+	    chown -R www-data:www-data /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/*
+	fi
+	if [ -d /root/temphubzilla ]; then
+	    rm -rf /root/temphubzilla
 	fi
+	echo $"Restore of Hubzilla complete"
+    fi
 }
 
 function remove_hubzilla {
-	if ! grep -Fxq "Hubzilla domain" $COMPLETION_FILE; then
-		return
-	fi
-	echo $'Removing Hubzilla'
-	HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}')
-	nginx_dissite $HUBZILLA_DOMAIN_NAME
-	if [ -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
-		rm -rf /var/www/$HUBZILLA_DOMAIN_NAME
-	fi
-	if [ -f /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME ]; then
-		rm /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-	fi
-	function_check drop_database
-	drop_database hubzilla
-	function_check remove_onion_service
-	remove_onion_service hubzilla ${HUBZILLA_ONION_PORT}
-	sed -i '/install_hubzilla/d' $COMPLETION_FILE
-	sed -i '/Hubzilla /d' $COMPLETION_FILE
-	echo $'Hubzilla was removed'
+    if ! grep -Fxq "Hubzilla domain" $COMPLETION_FILE; then
+	return
+    fi
+    echo $'Removing Hubzilla'
+    HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}')
+    nginx_dissite $HUBZILLA_DOMAIN_NAME
+    if [ -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
+	rm -rf /var/www/$HUBZILLA_DOMAIN_NAME
+    fi
+    if [ -f /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME ]; then
+	rm /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+    fi
+    function_check drop_database
+    drop_database hubzilla
+    function_check remove_onion_service
+    remove_onion_service hubzilla ${HUBZILLA_ONION_PORT}
+    sed -i '/install_hubzilla/d' $COMPLETION_FILE
+    sed -i '/Hubzilla /d' $COMPLETION_FILE
+    echo $'Hubzilla was removed'
 }
 
 function install_hubzilla {
-	if [ ! $HUBZILLA_DOMAIN_NAME ]; then
-		return
-	fi
-
-	if [[ $ONION_ONLY != "no" ]]; then
-		return
-	fi
-
-	if grep -Fxq "install_hubzilla" $COMPLETION_FILE; then
-		return
-	fi
-
-	HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
-
-	function_check install_mariadb
-	install_mariadb
-
-	function_check get_mariadb_password
-	get_mariadb_password
-
-	function_check repair_databases_script
-	repair_databases_script
-
-	apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
-	apt-get -y install php5-dev imagemagick php5-imagick
-	apt-get -y install php5-memcached
-
-	if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
-		mkdir /var/www/$HUBZILLA_DOMAIN_NAME
-	fi
-	if [ ! -d $HUBZILLA_PATH ]; then
-		mkdir $HUBZILLA_PATH
-	fi
-
-	if [ ! -f $HUBZILLA_PATH/index.php ]; then
-		cd $INSTALL_DIR
-		function_check git_clone
-		git_clone $HUBZILLA_REPO hubzilla
-		git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
-		if ! grep -q "Hubzilla commit" $COMPLETION_FILE; then
-			echo "Hubzilla commit:$HUBZILLA_COMMIT" >> $COMPLETION_FILE
-		else
-			sed -i "s/Hubzilla commit.*/Hubzilla commit:$HUBZILLA_COMMIT/g" $COMPLETION_FILE
-		fi
-
-		rm -rf $HUBZILLA_PATH
-		mv hubzilla $HUBZILLA_PATH
-
-		git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
-		cd $HUBZILLA_PATH/addon
-		git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
-		if ! grep -q "Hubzilla addons commit" $COMPLETION_FILE; then
-			echo "Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT" >> $COMPLETION_FILE
-		else
-			sed -i "s/Hubzilla addons commit.*/Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT/g" $COMPLETION_FILE
-		fi
-
-		# some extra themes
-		git_clone $HUBZILLA_THEMES_REPO $HUBZILLA_PATH/redmatrix-themes1
-		cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
-
-		chown -R www-data:www-data $HUBZILLA_PATH
-	fi
-
-	HUBZILLA_ONION_HOSTNAME=
-	if [[ $ONION_ONLY != "no" ]]; then
-		HUBZILLA_ONION_HOSTNAME=$(add_onion_service hubzilla 80 ${HUBZILLA_ONION_PORT})
-		echo "Hubzilla onion domain:${HUBZILLA_ONION_HOSTNAME}" >> $COMPLETION_FILE
-	fi
-
-	function_check get_mariadb_hubzilla_admin_password
-	get_mariadb_hubzilla_admin_password
-	if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
-		if [ -f $IMAGE_PASSWORD_FILE ]; then
-			HUBZILLA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-		else
-			HUBZILLA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-		fi
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo 'Hubzilla' >> /home/$MY_USERNAME/README
-		echo '========' >> /home/$MY_USERNAME/README
-		if [[ $ONION_ONLY == 'no' ]]; then
-			echo $"Open https://$HUBZILLA_DOMAIN_NAME and register a new user" >> /home/$MY_USERNAME/README
-		else
-			echo $"Open http://$HUBZILLA_ONION_HOSTNAME and register a new user" >> /home/$MY_USERNAME/README
-		fi
-		echo $"Your MariaDB Hubzilla admin password is: $HUBZILLA_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
-
-	function_check create_database
-	create_database hubzilla "$HUBZILLA_ADMIN_PASSWORD"
-
-	if ! grep -q "$HUBZILLA_PATH" /etc/crontab; then
-		echo "12,22,32,42,52 * *   *   *   root cd $HUBZILLA_PATH; /usr/bin/timeout 500 /usr/bin/php include/poller.php" >> /etc/crontab
-	fi
-
-	function_check add_ddns_domain
-	add_ddns_domain $HUBZILLA_DOMAIN_NAME
-
-	if [[ $ONION_ONLY == "no" ]]; then
-		function_check nginx_http_redirect
-		nginx_http_redirect $HUBZILLA_DOMAIN_NAME
-		echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "    root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "    server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "    error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		function_check nginx_limits
-		nginx_limits $HUBZILLA_DOMAIN_NAME
-		function_check nginx_ssl
-		nginx_ssl $HUBZILLA_DOMAIN_NAME
-		function_check nginx_disable_sniffing
-		nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
-		echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '      deny  all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+    if [ ! $HUBZILLA_DOMAIN_NAME ]; then
+	return
+    fi
+
+    if [[ $ONION_ONLY != "no" ]]; then
+	return
+    fi
+
+    if grep -Fxq "install_hubzilla" $COMPLETION_FILE; then
+	return
+    fi
+
+    HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
+
+    function_check install_mariadb
+    install_mariadb
+
+    function_check get_mariadb_password
+    get_mariadb_password
+
+    function_check repair_databases_script
+    repair_databases_script
+
+    apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
+    apt-get -y install php5-dev imagemagick php5-imagick
+    apt-get -y install php5-memcached
+
+    if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
+	mkdir /var/www/$HUBZILLA_DOMAIN_NAME
+    fi
+    if [ ! -d $HUBZILLA_PATH ]; then
+	mkdir $HUBZILLA_PATH
+    fi
+
+    if [ ! -f $HUBZILLA_PATH/index.php ]; then
+	cd $INSTALL_DIR
+	function_check git_clone
+	git_clone $HUBZILLA_REPO hubzilla
+	git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
+	if ! grep -q "Hubzilla commit" $COMPLETION_FILE; then
+	    echo "Hubzilla commit:$HUBZILLA_COMMIT" >> $COMPLETION_FILE
 	else
-		echo 'server {' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "    listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "    root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "    server_name $HUBZILLA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "    error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		nginx_limits $HUBZILLA_DOMAIN_NAME
-		nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
-		echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '      deny  all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-		echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	    sed -i "s/Hubzilla commit.*/Hubzilla commit:$HUBZILLA_COMMIT/g" $COMPLETION_FILE
 	fi
 
-	function_check configure_php
-	configure_php
+	rm -rf $HUBZILLA_PATH
+	mv hubzilla $HUBZILLA_PATH
 
-	function_check create_site_certificate
-	create_site_certificate $HUBZILLA_DOMAIN_NAME 'yes'
-
-	if [ ! -d $HUBZILLA_PATH/view/tpl/smarty3 ]; then
-		mkdir $HUBZILLA_PATH/view/tpl/smarty3
-	fi
-	if [ ! -d "$HUBZILLA_PATH/store" ]; then
-		mkdir "$HUBZILLA_PATH/store"
-	fi
-	if [ ! -d "$HUBZILLA_PATH/store/[data]" ]; then
-		mkdir "$HUBZILLA_PATH/store/[data]"
-	fi
-	if [ ! -d "$HUBZILLA_PATH/store/[data]/smarty3" ]; then
-		mkdir "$HUBZILLA_PATH/store/[data]/smarty3"
-		chmod 777 "$HUBZILLA_PATH/store/[data]/smarty3"
+	git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
+	cd $HUBZILLA_PATH/addon
+	git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
+	if ! grep -q "Hubzilla addons commit" $COMPLETION_FILE; then
+	    echo "Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT" >> $COMPLETION_FILE
+	else
+	    sed -i "s/Hubzilla addons commit.*/Hubzilla addons commit:$HUBZILLA_ADDONS_COMMIT/g" $COMPLETION_FILE
 	fi
-	chmod 777 $HUBZILLA_PATH/view/tpl
-	chown -R www-data:www-data "$HUBZILLA_PATH/store"
-	chmod 777 $HUBZILLA_PATH/view/tpl/smarty3
-
-	# Ensure that the database gets backed up locally, if remote
-	# backups are not being used
-	function_check backup_databases_script_header
-	backup_databases_script_header
 
-	function_check backup_database_local
-	backup_database_local hubzilla
+	# some extra themes
+	git_clone $HUBZILLA_THEMES_REPO $HUBZILLA_PATH/redmatrix-themes1
+	cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
 
 	chown -R www-data:www-data $HUBZILLA_PATH
-
-	function_check nginx_ensite
-	nginx_ensite $HUBZILLA_DOMAIN_NAME
-
-	# initialize the database
-	if [ ! -f $HUBZILLA_PATH/install/schema_mysql.sql ]; then
-		echo $'No database schema found for hubzilla'
-		exit 252782
+    fi
+
+    HUBZILLA_ONION_HOSTNAME=
+    if [[ $ONION_ONLY != "no" ]]; then
+	HUBZILLA_ONION_HOSTNAME=$(add_onion_service hubzilla 80 ${HUBZILLA_ONION_PORT})
+	echo "Hubzilla onion domain:${HUBZILLA_ONION_HOSTNAME}" >> $COMPLETION_FILE
+    fi
+
+    function_check get_mariadb_hubzilla_admin_password
+    get_mariadb_hubzilla_admin_password
+    if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
+	if [ -f $IMAGE_PASSWORD_FILE ]; then
+	    HUBZILLA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+	else
+	    HUBZILLA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
 	fi
-	function_check initialise_database
-	initialise_database hubzilla $HUBZILLA_PATH/install/schema_mysql.sql
-
-	# create the config file
-	echo '<?php' > $HUBZILLA_PATH/.htconfig.php
-	echo "\$db_host = 'localhost';" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$db_port = '0';" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$db_user = 'root';" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$db_data = 'hubzilla';" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$db_type = '0';" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$default_timezone = 'Europe/London';" >> $HUBZILLA_PATH/.htconfig.php
+	echo '' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo 'Hubzilla' >> /home/$MY_USERNAME/README
+	echo '========' >> /home/$MY_USERNAME/README
 	if [[ $ONION_ONLY == 'no' ]]; then
-		echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> $HUBZILLA_PATH/.htconfig.php
+	    echo $"Open https://$HUBZILLA_DOMAIN_NAME and register a new user" >> /home/$MY_USERNAME/README
 	else
-		echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> $HUBZILLA_PATH/.htconfig.php
+	    echo $"Open http://$HUBZILLA_ONION_HOSTNAME and register a new user" >> /home/$MY_USERNAME/README
 	fi
-	echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> $HUBZILLA_PATH/.htconfig.php
-	HUBZILLA_LOCATION_HASH="$(create_password 30)"
-	echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$a->config['system']['register_text'] = '';" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$a->config['system']['verify_email'] = 1;" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$a->config['system']['sellpage'] = '';" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$a->config['system']['max_import_size'] = 200000;" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$a->config['system']['php_path'] = '/usr/bin/php';" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$a->config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;" >> $HUBZILLA_PATH/.htconfig.php
-	echo "\$a->config['system']['theme'] = 'redbasic';" >> $HUBZILLA_PATH/.htconfig.php
-	chown www-data:www-data $HUBZILLA_PATH/.htconfig.php
-	chmod 755 $HUBZILLA_PATH/.htconfig.php
-
-	systemctl restart php5-fpm
-	systemctl restart nginx
-	systemctl restart cron
-
-	${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
-
-	echo "Hubzilla domain:${HUBZILLA_DOMAIN_NAME}" >> $COMPLETION_FILE
-	echo 'install_hubzilla' >> $COMPLETION_FILE
+	echo $"Your MariaDB Hubzilla admin password is: $HUBZILLA_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+	chmod 600 /home/$MY_USERNAME/README
+    fi
+
+    function_check create_database
+    create_database hubzilla "$HUBZILLA_ADMIN_PASSWORD"
+
+    if ! grep -q "$HUBZILLA_PATH" /etc/crontab; then
+	echo "12,22,32,42,52 * *   *   *   root cd $HUBZILLA_PATH; /usr/bin/timeout 500 /usr/bin/php include/poller.php" >> /etc/crontab
+    fi
+
+    function_check add_ddns_domain
+    add_ddns_domain $HUBZILLA_DOMAIN_NAME
+
+    if [[ $ONION_ONLY == "no" ]]; then
+	function_check nginx_http_redirect
+	nginx_http_redirect $HUBZILLA_DOMAIN_NAME
+	echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "    root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "    server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "    error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	function_check nginx_limits
+	nginx_limits $HUBZILLA_DOMAIN_NAME
+	function_check nginx_ssl
+	nginx_ssl $HUBZILLA_DOMAIN_NAME
+	function_check nginx_disable_sniffing
+	nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
+	echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '      deny  all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+    else
+	echo 'server {' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "    listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "    root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "    server_name $HUBZILLA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "    error_log /var/log/nginx/${HUBZILLA_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    access_log off;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	nginx_limits $HUBZILLA_DOMAIN_NAME
+	nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
+	echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '      deny  all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+	echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+    fi
+
+    function_check configure_php
+    configure_php
+
+    function_check create_site_certificate
+    create_site_certificate $HUBZILLA_DOMAIN_NAME 'yes'
+
+    if [ ! -d $HUBZILLA_PATH/view/tpl/smarty3 ]; then
+	mkdir $HUBZILLA_PATH/view/tpl/smarty3
+    fi
+    if [ ! -d "$HUBZILLA_PATH/store" ]; then
+	mkdir "$HUBZILLA_PATH/store"
+    fi
+    if [ ! -d "$HUBZILLA_PATH/store/[data]" ]; then
+	mkdir "$HUBZILLA_PATH/store/[data]"
+    fi
+    if [ ! -d "$HUBZILLA_PATH/store/[data]/smarty3" ]; then
+	mkdir "$HUBZILLA_PATH/store/[data]/smarty3"
+	chmod 777 "$HUBZILLA_PATH/store/[data]/smarty3"
+    fi
+    chmod 777 $HUBZILLA_PATH/view/tpl
+    chown -R www-data:www-data "$HUBZILLA_PATH/store"
+    chmod 777 $HUBZILLA_PATH/view/tpl/smarty3
+
+    # Ensure that the database gets backed up locally, if remote
+    # backups are not being used
+    function_check backup_databases_script_header
+    backup_databases_script_header
+
+    function_check backup_database_local
+    backup_database_local hubzilla
+
+    chown -R www-data:www-data $HUBZILLA_PATH
+
+    function_check nginx_ensite
+    nginx_ensite $HUBZILLA_DOMAIN_NAME
+
+    # initialize the database
+    if [ ! -f $HUBZILLA_PATH/install/schema_mysql.sql ]; then
+	echo $'No database schema found for hubzilla'
+	exit 252782
+    fi
+    function_check initialise_database
+    initialise_database hubzilla $HUBZILLA_PATH/install/schema_mysql.sql
+
+    # create the config file
+    echo '<?php' > $HUBZILLA_PATH/.htconfig.php
+    echo "\$db_host = 'localhost';" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$db_port = '0';" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$db_user = 'root';" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$db_data = 'hubzilla';" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$db_type = '0';" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$default_timezone = 'Europe/London';" >> $HUBZILLA_PATH/.htconfig.php
+    if [[ $ONION_ONLY == 'no' ]]; then
+	echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> $HUBZILLA_PATH/.htconfig.php
+    else
+	echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> $HUBZILLA_PATH/.htconfig.php
+    fi
+    echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> $HUBZILLA_PATH/.htconfig.php
+    HUBZILLA_LOCATION_HASH="$(create_password 30)"
+    echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$a->config['system']['register_text'] = '';" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$a->config['system']['verify_email'] = 1;" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$a->config['system']['sellpage'] = '';" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$a->config['system']['max_import_size'] = 200000;" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$a->config['system']['php_path'] = '/usr/bin/php';" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$a->config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$a->config['system']['theme'] = 'redbasic';" >> $HUBZILLA_PATH/.htconfig.php
+    chown www-data:www-data $HUBZILLA_PATH/.htconfig.php
+    chmod 755 $HUBZILLA_PATH/.htconfig.php
+
+    systemctl restart php5-fpm
+    systemctl restart nginx
+    systemctl restart cron
+
+    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
+
+    echo "Hubzilla domain:${HUBZILLA_DOMAIN_NAME}" >> $COMPLETION_FILE
+    echo 'install_hubzilla' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately there is no "exit 0"

src/freedombone-app-ipfs

@@ -35,251 +35,251 @@ IPFS_COMMIT='20b06a4cbce8884f5b194da6e98cb11f2c77f166'
 IPFS_PORT=4001
 
 function reconfigure_ipfs {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_ipfs {
-	if ! grep -Fxq "install_ipfs" $COMPLETION_FILE; then
-		return
-	fi
+    if ! grep -Fxq "install_ipfs" $COMPLETION_FILE; then
+	return
+    fi
 
-	function_check select_go_version
-	select_go_version
+    function_check select_go_version
+    select_go_version
 
-	function_check set_repo_commit
-	set_repo_commit $GOPATH/src/github.com/ipfs/go-ipfs "ipfs commit" "$IPFS_COMMIT" $IPFS_REPO
+    function_check set_repo_commit
+    set_repo_commit $GOPATH/src/github.com/ipfs/go-ipfs "ipfs commit" "$IPFS_COMMIT" $IPFS_REPO
 }
 
 function backup_local_ipfs {
-	if ! grep -q "Admin user" $COMPLETION_FILE; then
-		return
-	fi
-	ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
-	source_directory=/home/$ADMIN_USERNAME/.ipfs
-	if [ -d $source_directory ]; then
-		dest_directory=ipfs
-		echo $"Backing up $source_directory to $dest_directory"
-
-		function_check backup_directory_to_usb
-		backup_directory_to_usb $source_directory $dest_directory
-
-		echo $"Backup to $dest_directory complete"
-	fi
+    if ! grep -q "Admin user" $COMPLETION_FILE; then
+	return
+    fi
+    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+    source_directory=/home/$ADMIN_USERNAME/.ipfs
+    if [ -d $source_directory ]; then
+	dest_directory=ipfs
+	echo $"Backing up $source_directory to $dest_directory"
+
+	function_check backup_directory_to_usb
+	backup_directory_to_usb $source_directory $dest_directory
+
+	echo $"Backup to $dest_directory complete"
+    fi
 }
 
 function restore_local_ipfs {
-	if ! grep -q "Admin user" $COMPLETION_FILE; then
-		return
-	fi
-	if [ -d $USB_MOUNT/backup/ipfs ]; then
-		echo $"Restoring IPFS"
-		temp_restore_dir=/root/tempipfs
-		function_check restore_directory_from_usb
-		restore_directory_from_usb $temp_restore_dir ipfs
-		ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
-		cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
-		if [ ! "$?" = "0" ]; then
-			rm -rf $temp_restore_dir
-			function_check set_user_permissions
-			set_user_permissions
-			function_check backup_unmount_drive
-			backup_unmount_drive
-			exit 27627
-		fi
-		rm -rf $temp_restore_dir
-		echo $"Restore of IPFS complete"
+    if ! grep -q "Admin user" $COMPLETION_FILE; then
+	return
+    fi
+    if [ -d $USB_MOUNT/backup/ipfs ]; then
+	echo $"Restoring IPFS"
+	temp_restore_dir=/root/tempipfs
+	function_check restore_directory_from_usb
+	restore_directory_from_usb $temp_restore_dir ipfs
+	ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+	cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
+	if [ ! "$?" = "0" ]; then
+	    rm -rf $temp_restore_dir
+	    function_check set_user_permissions
+	    set_user_permissions
+	    function_check backup_unmount_drive
+	    backup_unmount_drive
+	    exit 27627
 	fi
+	rm -rf $temp_restore_dir
+	echo $"Restore of IPFS complete"
+    fi
 }
 
 function backup_remote_ipfs {
-	if ! grep -q "Admin user" $COMPLETION_FILE; then
-		return
-	fi
-	ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
-	if [ -d /home/$ADMIN_USERNAME/.ipfs ]; then
-		echo $"Backing up IPFS"
-		backup_directory_to_friend /home/$ADMIN_USERNAME/.ipfs ipfs
-		echo $"Backup of IPFS complete"
-	fi
+    if ! grep -q "Admin user" $COMPLETION_FILE; then
+	return
+    fi
+    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+    if [ -d /home/$ADMIN_USERNAME/.ipfs ]; then
+	echo $"Backing up IPFS"
+	backup_directory_to_friend /home/$ADMIN_USERNAME/.ipfs ipfs
+	echo $"Backup of IPFS complete"
+    fi
 }
 
 function restore_remote_ipfs {
-	if [ -d $SERVER_DIRECTORY/backup/ipfs ]; then
-		echo $"Restoring IPFS"
-		temp_restore_dir=/root/tempipfs
-		function_check restore_directory_from_friend
-		restore_directory_from_friend $temp_restore_dir ipfs
-		cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
-		if [ ! "$?" = "0" ]; then
-			function_check set_user_permissions
-			set_user_permissions
-			rm -rf $temp_restore_dir
-			exit 276357
-		fi
-		rm -rf $temp_restore_dir
-		echo $"Restore of IPFS complete"
+    if [ -d $SERVER_DIRECTORY/backup/ipfs ]; then
+	echo $"Restoring IPFS"
+	temp_restore_dir=/root/tempipfs
+	function_check restore_directory_from_friend
+	restore_directory_from_friend $temp_restore_dir ipfs
+	cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
+	if [ ! "$?" = "0" ]; then
+	    function_check set_user_permissions
+	    set_user_permissions
+	    rm -rf $temp_restore_dir
+	    exit 276357
 	fi
+	rm -rf $temp_restore_dir
+	echo $"Restore of IPFS complete"
+    fi
 }
 
 function remove_ipfs {
-	if ! grep -Fxq "install_ipfs" $COMPLETION_FILE; then
-		return
-	fi
-	function_check select_go_version
-	select_go_version
-	systemctl stop ipfs
-	systemctl disable ipfs
-	systemctl daemon-reload
-	rm /etc/systemd/system/ipfs.service
-	rm -rf $GOPATH/src/github.com/ipfs
-	iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-	sed -i '/install_ipfs/d' $COMPLETION_FILE
-	sed -i '/ipfs /d' $COMPLETION_FILE
-	sed -i '/configure_firewall_for_ipfs/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_ipfs" $COMPLETION_FILE; then
+	return
+    fi
+    function_check select_go_version
+    select_go_version
+    systemctl stop ipfs
+    systemctl disable ipfs
+    systemctl daemon-reload
+    rm /etc/systemd/system/ipfs.service
+    rm -rf $GOPATH/src/github.com/ipfs
+    iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+    sed -i '/install_ipfs/d' $COMPLETION_FILE
+    sed -i '/ipfs /d' $COMPLETION_FILE
+    sed -i '/configure_firewall_for_ipfs/d' $COMPLETION_FILE
 }
 
 function configure_firewall_for_ipfs {
-	if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $ONION_ONLY != "no" ]]; then
-		return
-	fi
-	iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	OPEN_PORTS+=("IPFS     $IPFS_PORT")
-	echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
+    if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
+	return
+    fi
+    if [[ $ONION_ONLY != "no" ]]; then
+	return
+    fi
+    iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    OPEN_PORTS+=("IPFS     $IPFS_PORT")
+    echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
 }
 
 function install_ipfs {
-	if grep -Fxq "install_ipfs" $COMPLETION_FILE; then
-		return
-	fi
-
-	function_check select_go_version
-	select_go_version
-
-	apt-get -y install golang libpam0g-dev fuse
-
-	if [ ! -d /home/git ]; then
-		# add a gogs user account
-		adduser --disabled-login --gecos 'Gogs' git
-
-		# install Go
-		if ! grep -q "export GOPATH=" ~/.bashrc; then
-			echo "export GOPATH=$GOPATH" >> ~/.bashrc
-		else
-			sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc
-		fi
-		systemctl set-environment GOPATH=$GOPATH
-		if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
-			echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
-		else
-			sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
-		fi
-		if [ ! -d $GOPATH ]; then
-			mkdir -p $GOPATH
-		fi
-	fi
+    if grep -Fxq "install_ipfs" $COMPLETION_FILE; then
+	return
+    fi
 
-	IPFS_PATH=$GOPATH/bin
-	export PATH="$GOPATH/bin:$PATH:"
-	if ! grep -q 'GOPATH/bin' ~/.bashrc; then
-		echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc
-	else
-		sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
-	fi
+    function_check select_go_version
+    select_go_version
 
-	# set gopath for the user
-	if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then
-		echo "export GOPATH=$GOPATH" >> /home/$MY_USERNAME/.bashrc
-		echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc
-	else
-		sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" /home/$MY_USERNAME/.bashrc
-	fi
-	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc
+    apt-get -y install golang libpam0g-dev fuse
 
-	IPFS_GO_REPO2=$(echo "$IPFS_GO_REPO" | sed 's|https://||g')
-	go get -u ${IPFS_GO_REPO2}/cmd/ipfs
-	if [ ! "$?" = "0" ]; then
-		exit 8242
-	fi
+    if [ ! -d /home/git ]; then
+	# add a gogs user account
+	adduser --disabled-login --gecos 'Gogs' git
 
-	cd $GOPATH/src/$IPFS_GO_REPO2
-	git checkout $IPFS_COMMIT -b $IPFS_COMMIT
-	if ! grep -q "ipfs commit" $COMPLETION_FILE; then
-		echo "ipfs commit:$IPFS_COMMIT" >> $COMPLETION_FILE
+	# install Go
+	if ! grep -q "export GOPATH=" ~/.bashrc; then
+	    echo "export GOPATH=$GOPATH" >> ~/.bashrc
 	else
-		sed -i "s/ipfs commit.*/ipfs commit:$IPFS_COMMIT/g" $COMPLETION_FILE
-	fi
-
-	# initialise
-	su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME
-	if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
-		echo "IPFS could not be initialised for user $MY_USERNAME"
-		exit 7358
+	    sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc
 	fi
-
-	# directories to mount to
-	if [ ! -d /ipfs ]; then
-		mkdir /ipfs
-		mkdir /ipns
-		chown $MY_USERNAME:$MY_USERNAME /ipfs
-		chown $MY_USERNAME:$MY_USERNAME /ipns
+	systemctl set-environment GOPATH=$GOPATH
+	if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
+	    echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
+	else
+	    sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
 	fi
-
-	if [ -f /etc/fuse.conf ]; then
-		chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
+	if [ ! -d $GOPATH ]; then
+	    mkdir -p $GOPATH
 	fi
-	if [ -f /dev/fuse ]; then
-		chown $MY_USERNAME:$MY_USERNAME /dev/fuse
+    fi
+
+    IPFS_PATH=$GOPATH/bin
+    export PATH="$GOPATH/bin:$PATH:"
+    if ! grep -q 'GOPATH/bin' ~/.bashrc; then
+	echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc
+    else
+	sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
+    fi
+
+    # set gopath for the user
+    if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then
+	echo "export GOPATH=$GOPATH" >> /home/$MY_USERNAME/.bashrc
+	echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc
+    else
+	sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" /home/$MY_USERNAME/.bashrc
+    fi
+    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc
+
+    IPFS_GO_REPO2=$(echo "$IPFS_GO_REPO" | sed 's|https://||g')
+    go get -u ${IPFS_GO_REPO2}/cmd/ipfs
+    if [ ! "$?" = "0" ]; then
+	exit 8242
+    fi
+
+    cd $GOPATH/src/$IPFS_GO_REPO2
+    git checkout $IPFS_COMMIT -b $IPFS_COMMIT
+    if ! grep -q "ipfs commit" $COMPLETION_FILE; then
+	echo "ipfs commit:$IPFS_COMMIT" >> $COMPLETION_FILE
+    else
+	sed -i "s/ipfs commit.*/ipfs commit:$IPFS_COMMIT/g" $COMPLETION_FILE
+    fi
+
+    # initialise
+    su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME
+    if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
+	echo "IPFS could not be initialised for user $MY_USERNAME"
+	exit 7358
+    fi
+
+    # directories to mount to
+    if [ ! -d /ipfs ]; then
+	mkdir /ipfs
+	mkdir /ipns
+	chown $MY_USERNAME:$MY_USERNAME /ipfs
+	chown $MY_USERNAME:$MY_USERNAME /ipns
+    fi
+
+    if [ -f /etc/fuse.conf ]; then
+	chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
+    fi
+    if [ -f /dev/fuse ]; then
+	chown $MY_USERNAME:$MY_USERNAME /dev/fuse
+    fi
+
+    echo '[Unit]' > /etc/systemd/system/ipfs.service
+    echo 'Description=IPFS daemon' >> /etc/systemd/system/ipfs.service
+    echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service
+    echo 'After=network.target' >> /etc/systemd/system/ipfs.service
+    echo '' >> /etc/systemd/system/ipfs.service
+    echo '[Service]' >> /etc/systemd/system/ipfs.service
+    echo 'Type=simple' >> /etc/systemd/system/ipfs.service
+    echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
+    echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
+    echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service
+    echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service
+    echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service
+    echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"" >> /etc/systemd/system/ipfs.service
+    echo '' >> /etc/systemd/system/ipfs.service
+    echo '[Install]' >> /etc/systemd/system/ipfs.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service
+
+    systemctl enable ipfs
+    systemctl daemon-reload
+    systemctl restart ipfs
+
+    if [ -d /etc/avahi ]; then
+	su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME
+	if [ ! -f /tmp/ipfsid ]; then
+	    echo 'No IPFS identity was created'
+	    exit 37895
 	fi
-
-	echo '[Unit]' > /etc/systemd/system/ipfs.service
-	echo 'Description=IPFS daemon' >> /etc/systemd/system/ipfs.service
-	echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service
-	echo 'After=network.target' >> /etc/systemd/system/ipfs.service
-	echo '' >> /etc/systemd/system/ipfs.service
-	echo '[Service]' >> /etc/systemd/system/ipfs.service
-	echo 'Type=simple' >> /etc/systemd/system/ipfs.service
-	echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-	echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-	echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-	echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service
-	echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service
-	echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"" >> /etc/systemd/system/ipfs.service
-	echo '' >> /etc/systemd/system/ipfs.service
-	echo '[Install]' >> /etc/systemd/system/ipfs.service
-	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service
-
-	systemctl enable ipfs
-	systemctl daemon-reload
-	systemctl restart ipfs
-
-	if [ -d /etc/avahi ]; then
-		su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME
-		if [ ! -f /tmp/ipfsid ]; then
-			echo 'No IPFS identity was created'
-			exit 37895
-		fi
-		IPFS_PEER_ID=$(cat /tmp/ipfsid)
-		if [ ${#IPFS_PEER_ID} -lt 10 ]; then
-			echo 'Invalid IPFS peer ID'
-			echo "$IPFS_PEER_ID"
-			exit 74782
-		fi
-		# Add an avahi service
-		function_check create_avahi_service
-		create_avahi_service ipfs "ipfs" udp $IPFS_PORT "$IPFS_PEER_ID"
-		rm /tmp/ipfsid
+	IPFS_PEER_ID=$(cat /tmp/ipfsid)
+	if [ ${#IPFS_PEER_ID} -lt 10 ]; then
+	    echo 'Invalid IPFS peer ID'
+	    echo "$IPFS_PEER_ID"
+	    exit 74782
 	fi
+	# Add an avahi service
+	function_check create_avahi_service
+	create_avahi_service ipfs "ipfs" udp $IPFS_PORT "$IPFS_PEER_ID"
+	rm /tmp/ipfsid
+    fi
 
-	function_check configure_firewall_for_ipfs
-	configure_firewall_for_ipfs
+    function_check configure_firewall_for_ipfs
+    configure_firewall_for_ipfs
 
-	echo 'install_ipfs' >> $COMPLETION_FILE
+    echo 'install_ipfs' >> $COMPLETION_FILE
 }

src/freedombone-app-irc

@@ -45,268 +45,268 @@ function upgrade_irc {
 }
 
 function backup_local_irc {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_local_irc {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_remote_irc {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_remote_irc {
-	echo -n ''
+    echo -n ''
 }
 
 function remove_irc {
-	if ! grep -Fxq "install_irc" $COMPLETION_FILE; then
-		return
-	fi
-	systemctl stop ngircd
-	apt-get -y remove --purge ngircd
-	apt-get -y remove --purge irssi
-	if [ -d /etc/ngircd ]; then
-		rm -rf /etc/ngircd
-	fi
-	iptables -D INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
-	iptables -D INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-	function_check remove_onion_service
-	remove_onion_service irc ${IRC_ONION_PORT}
-	sed -i '/install_irc/d' $COMPLETION_FILE
-	sed -i '/IRC /d' $COMPLETION_FILE
-	sed -i '/configure_firewall_for_irc/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_irc" $COMPLETION_FILE; then
+	return
+    fi
+    systemctl stop ngircd
+    apt-get -y remove --purge ngircd
+    apt-get -y remove --purge irssi
+    if [ -d /etc/ngircd ]; then
+	rm -rf /etc/ngircd
+    fi
+    iptables -D INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
+    iptables -D INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+    function_check remove_onion_service
+    remove_onion_service irc ${IRC_ONION_PORT}
+    sed -i '/install_irc/d' $COMPLETION_FILE
+    sed -i '/IRC /d' $COMPLETION_FILE
+    sed -i '/configure_firewall_for_irc/d' $COMPLETION_FILE
 }
 
 function configure_firewall_for_irc {
-	if [ ! -d /etc/ngircd ]; then
-		return
-	fi
-	if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-		# docker does its own firewalling
-		return
-	fi
-	if [[ $ONION_ONLY != "no" ]]; then
-		return
-	fi
-	iptables -A INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
-	iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
+    if [ ! -d /etc/ngircd ]; then
+	return
+    fi
+    if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
+	return
+    fi
+    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+	# docker does its own firewalling
+	return
+    fi
+    if [[ $ONION_ONLY != "no" ]]; then
+	return
+    fi
+    iptables -A INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
+    iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
 
-	OPEN_PORTS+=("IRC      $IRC_PORT")
-	echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
+    OPEN_PORTS+=("IRC      $IRC_PORT")
+    echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
 }
 
 function install_irc_server {
-	if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
-		return
-	fi
-	apt-get -y install ngircd
+    if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
+	return
+    fi
+    apt-get -y install ngircd
 
-	if [ ! -d /etc/ngircd ]; then
-		echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
-		exit 53
-	fi
+    if [ ! -d /etc/ngircd ]; then
+	echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
+	exit 53
+    fi
 
-	if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
-		${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH
-		function_check check_certificates
-		check_certificates ngircd
-	fi
+    if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
+	${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH
+	function_check check_certificates
+	check_certificates ngircd
+    fi
 
-	DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME
-	if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
-		DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local"
-	fi
+    DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME
+    if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+	DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local"
+    fi
 
-	# create a login password if needed
-	if [ ! $IRC_PASSWORD ]; then
-		IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-	fi
+    # create a login password if needed
+    if [ ! $IRC_PASSWORD ]; then
+	IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    fi
 
-	echo '**************************************************' > /etc/ngircd/motd
-	echo $'*           F R E E D O M B O N E   I R C        *' >> /etc/ngircd/motd
-	echo '*                                                *' >> /etc/ngircd/motd
-	echo $'*               Freedom in the Cloud             *' >> /etc/ngircd/motd
-	echo '**************************************************' >> /etc/ngircd/motd
-	sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
-	sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
-	sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
-	sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf
-	sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
-	sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
-	sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
-	sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
-	sed -i "s/;Ports =.*/Ports = $IRC_PORT/1" /etc/ngircd/ngircd.conf
-	sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf
-	sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
-	sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf
-	sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
-	sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
-	sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
-	IRC_SALT="$(create_password 30)"
-	if [ -f $IMAGE_PASSWORD_FILE ]; then
-		IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-	else
-		IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-	fi
-	sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
-	sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
-	sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
-	sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
-	sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
-	sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
-	sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
-	if [ $IRC_PASSWORD ]; then
-		sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf
-	fi
-	# If we are on a mesh then DNS is not available
-	if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
-		sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf
-	fi
-	# upgrade a cypher
-	sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf
-	mkdir /var/run/ircd
-	chown -R irc:irc /var/run/ircd
-	mkdir /var/run/ngircd
-	touch /var/run/ngircd/ngircd.pid
-	chown -R irc:irc /var/run/ngircd
+    echo '**************************************************' > /etc/ngircd/motd
+    echo $'*           F R E E D O M B O N E   I R C        *' >> /etc/ngircd/motd
+    echo '*                                                *' >> /etc/ngircd/motd
+    echo $'*               Freedom in the Cloud             *' >> /etc/ngircd/motd
+    echo '**************************************************' >> /etc/ngircd/motd
+    sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
+    sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
+    sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
+    sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf
+    sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
+    sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
+    sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
+    sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
+    sed -i "s/;Ports =.*/Ports = $IRC_PORT/1" /etc/ngircd/ngircd.conf
+    sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf
+    sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
+    sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf
+    sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
+    sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
+    sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
+    IRC_SALT="$(create_password 30)"
+    if [ -f $IMAGE_PASSWORD_FILE ]; then
+	IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    else
+	IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    fi
+    sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
+    sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
+    sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
+    sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
+    sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
+    sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
+    sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
+    if [ $IRC_PASSWORD ]; then
+	sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf
+    fi
+    # If we are on a mesh then DNS is not available
+    if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+	sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf
+    fi
+    # upgrade a cypher
+    sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf
+    mkdir /var/run/ircd
+    chown -R irc:irc /var/run/ircd
+    mkdir /var/run/ngircd
+    touch /var/run/ngircd/ngircd.pid
+    chown -R irc:irc /var/run/ngircd
 
-	IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT})
-	if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then
-		echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE
-	fi
+    IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT})
+    if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then
+	echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE
+    fi
 
-	systemctl restart ngircd
+    systemctl restart ngircd
 
-	# keep the daemon running
-	echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo '  systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo '  echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    # keep the daemon running
+    echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo '  systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo '  echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
 
-	if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'IRC Server' >> /home/$MY_USERNAME/README
-		echo '==========' >> /home/$MY_USERNAME/README
-		echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		if [[ $ONION_ONLY != 'yes' ]]; then
-			echo "  irssi" >> /home/$MY_USERNAME/README
-			echo "  /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README
-			echo "  /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
-		else
-			echo "  usetorwith irssi" >> /home/$MY_USERNAME/README
-			echo "  /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README
-			echo "  /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
-		fi
-		echo "  /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
+    if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then
+	echo '' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo $'IRC Server' >> /home/$MY_USERNAME/README
+	echo '==========' >> /home/$MY_USERNAME/README
+	echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	if [[ $ONION_ONLY != 'yes' ]]; then
+	    echo "  irssi" >> /home/$MY_USERNAME/README
+	    echo "  /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README
+	    echo "  /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
+	else
+	    echo "  usetorwith irssi" >> /home/$MY_USERNAME/README
+	    echo "  /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README
+	    echo "  /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
 	fi
+	echo "  /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README
+	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+	chmod 600 /home/$MY_USERNAME/README
+    fi
 
-	function_check configure_firewall_for_irc
-	configure_firewall_for_irc
-	echo 'install_irc_server' >> $COMPLETION_FILE
+    function_check configure_firewall_for_irc
+    configure_firewall_for_irc
+    echo 'install_irc_server' >> $COMPLETION_FILE
 }
 
 function install_irc_client {
-	if grep -Fxq "install_irc_client" $COMPLETION_FILE; then
-		return
-	fi
-	apt-get -y install irssi
+    if grep -Fxq "install_irc_client" $COMPLETION_FILE; then
+	return
+    fi
+    apt-get -y install irssi
 
-	if [ ! -d /home/$MY_USERNAME/.irssi ]; then
-		mkdir /home/$MY_USERNAME/.irssi
-	fi
+    if [ ! -d /home/$MY_USERNAME/.irssi ]; then
+	mkdir /home/$MY_USERNAME/.irssi
+    fi
 
-	echo 'servers = (' > /home/$MY_USERNAME/.irssi/config
-	echo '  {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  },' >> /home/$MY_USERNAME/.irssi/config
-	echo '  {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  },' >> /home/$MY_USERNAME/.irssi/config
-	echo '  {' >> /home/$MY_USERNAME/.irssi/config
-	echo "    address = \"127.0.0.1\";" >> /home/$MY_USERNAME/.irssi/config
-	if [[ $ONION_ONLY == 'no' ]]; then
-		echo "    port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
-		echo '    use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config
-	else
-		IRC_ONION_HOSTNAME=$(cat $COMPLETION_FILE | grep "IRC onion domain" | awk -F ':' '{print $2}')
-		echo "    port = \"${IRC_ONION_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
-		echo '    use_ssl = "no";' >> /home/$MY_USERNAME/.irssi/config
-	fi
-	echo '    chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
-	if [ $IRC_PASSWORD ]; then
-		echo "    password = \"${IRC_PASSWORD}\";" >> /home/$MY_USERNAME/.irssi/config
-	fi
-	echo '  }' >> /home/$MY_USERNAME/.irssi/config
-	echo ');' >> /home/$MY_USERNAME/.irssi/config
-	echo '' >> /home/$MY_USERNAME/.irssi/config
-	echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config
-	echo '  Freedombone = {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  };' >> /home/$MY_USERNAME/.irssi/config
-	echo '  Freenode = {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  };' >> /home/$MY_USERNAME/.irssi/config
-	echo '  OFTC = {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  };' >> /home/$MY_USERNAME/.irssi/config
-	echo '};' >> /home/$MY_USERNAME/.irssi/config
-	echo '' >> /home/$MY_USERNAME/.irssi/config
-	echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config
-	echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config
-	echo ');' >> /home/$MY_USERNAME/.irssi/config
-	echo '' >> /home/$MY_USERNAME/.irssi/config
-	echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config
-	echo "  core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config
-	echo '  "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config
-	echo '};' >> /home/$MY_USERNAME/.irssi/config
-	echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config
+    echo 'servers = (' > /home/$MY_USERNAME/.irssi/config
+    echo '  {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  },' >> /home/$MY_USERNAME/.irssi/config
+    echo '  {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  },' >> /home/$MY_USERNAME/.irssi/config
+    echo '  {' >> /home/$MY_USERNAME/.irssi/config
+    echo "    address = \"127.0.0.1\";" >> /home/$MY_USERNAME/.irssi/config
+    if [[ $ONION_ONLY == 'no' ]]; then
+	echo "    port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
+	echo '    use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config
+    else
+	IRC_ONION_HOSTNAME=$(cat $COMPLETION_FILE | grep "IRC onion domain" | awk -F ':' '{print $2}')
+	echo "    port = \"${IRC_ONION_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
+	echo '    use_ssl = "no";' >> /home/$MY_USERNAME/.irssi/config
+    fi
+    echo '    chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
+    if [ $IRC_PASSWORD ]; then
+	echo "    password = \"${IRC_PASSWORD}\";" >> /home/$MY_USERNAME/.irssi/config
+    fi
+    echo '  }' >> /home/$MY_USERNAME/.irssi/config
+    echo ');' >> /home/$MY_USERNAME/.irssi/config
+    echo '' >> /home/$MY_USERNAME/.irssi/config
+    echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config
+    echo '  Freedombone = {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  };' >> /home/$MY_USERNAME/.irssi/config
+    echo '  Freenode = {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  };' >> /home/$MY_USERNAME/.irssi/config
+    echo '  OFTC = {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  };' >> /home/$MY_USERNAME/.irssi/config
+    echo '};' >> /home/$MY_USERNAME/.irssi/config
+    echo '' >> /home/$MY_USERNAME/.irssi/config
+    echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config
+    echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config
+    echo ');' >> /home/$MY_USERNAME/.irssi/config
+    echo '' >> /home/$MY_USERNAME/.irssi/config
+    echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config
+    echo "  core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config
+    echo '  "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config
+    echo '};' >> /home/$MY_USERNAME/.irssi/config
+    echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config
 
-	chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi
+    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi
 
-	echo 'install_irc_client' >> $COMPLETION_FILE
+    echo 'install_irc_client' >> $COMPLETION_FILE
 }
 
 function install_irc {
-	if grep -Fxq "install_irc" $COMPLETION_FILE; then
-		return
-	fi
-	install_irc_server
-	install_irc_client
-	echo 'install_irc' >> $COMPLETION_FILE
+    if grep -Fxq "install_irc" $COMPLETION_FILE; then
+	return
+    fi
+    install_irc_server
+    install_irc_client
+    echo 'install_irc' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-mediagoblin

@@ -38,311 +38,242 @@ MEDIAGOBLIN_ADMIN_PASSWORD=
 MEDIAGOBLIN_ONION_PORT=8096
 
 function reconfigure_mediagoblin {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_mediagoblin {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_local_mediagoblin {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_local_mediagoblin {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_remote_mediagoblin {
-	if grep -q "Mediagoblin domain" $COMPLETION_FILE; then
-		MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}')
-		function_check suspend_site
-		suspend_site ${MEDIAGOBLIN_DOMAIN_NAME}
+    if grep -q "Mediagoblin domain" $COMPLETION_FILE; then
+	MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}')
+	function_check suspend_site
+	suspend_site ${MEDIAGOBLIN_DOMAIN_NAME}
 
-		echo $"Backing up Mediagoblin"
+	echo $"Backing up Mediagoblin"
 
-		backup_directory_to_friend /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs mediagoblin
+	backup_directory_to_friend /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs mediagoblin
 
-		function_check restart_site
-		restart_site
+	function_check restart_site
+	restart_site
 
-		echo $"Backup of Mediagoblin complete"
-	fi
+	echo $"Backup of Mediagoblin complete"
+    fi
 }
 
 function restore_remote_mediagoblin {
-	if grep -q "Mediagoblin domain" $COMPLETION_FILE; then
-		MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}')
-		if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then
-			echo $"Restoring Mediagoblin installation"
-			temp_restore_dir=/root/tempmediagoblin
-			function_check restore_directory_from_friend
-			restore_directory_from_friend $temp_restore_dir mediagoblin
-			cp -r $temp_restore_dir/* /
-			if [ ! "$?" = "0" ]; then
-				exit 5626
-			fi
-			rm -rf $temp_restore_dir
-			echo $"Restore of Mediagoblin complete"
-		fi
-		chown -hR mediagoblin:www-data /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
+    if grep -q "Mediagoblin domain" $COMPLETION_FILE; then
+	MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}')
+	if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then
+	    echo $"Restoring Mediagoblin installation"
+	    temp_restore_dir=/root/tempmediagoblin
+	    function_check restore_directory_from_friend
+	    restore_directory_from_friend $temp_restore_dir mediagoblin
+	    cp -r $temp_restore_dir/* /
+	    if [ ! "$?" = "0" ]; then
+		exit 5626
+	    fi
+	    rm -rf $temp_restore_dir
+	    echo $"Restore of Mediagoblin complete"
 	fi
+	chown -hR mediagoblin:www-data /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
+    fi
 }
 
 function remove_mediagoblin {
-	echo -n ''
+    echo -n ''
 }
 
 function install_mediagoblin {
-	if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
-		return
-	fi
-
-	MEDIAGOBLIN_WORKING_DIRECTORY=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
-
-	# update to a new commit if needed
-	function_check set_repo_commit
-	set_repo_commit $MEDIAGOBLIN_WORKING_DIRECTORY "Mediagoblin commit" "$MEDIAGOBLIN_COMMIT" $MEDIAGOBLIN_REPO
-	if [ -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
-		chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
-	fi
-
-	if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then
-		return
-	fi
-
-	apt-get -y install git-core python python-dev python-lxml python-pil
-	apt-get -y install python-virtualenv npm nodejs-legacy automake
-	apt-get -y install fcgiwrap
-
-	#apt-get -y install postgresql postgresql-client python-psycopg2
-	#apt-get -y install python-gst-1.0 libjpeg62-turbo-dev gstreamer1.0-plugins-base python-gobject
-	#apt-get -y install gstreamer1.0-plugins-good gstreamer1.0-libav libav-tools gstreamer0.10-tools
-	#apt-get -y install python-numpy python-scipy libsndfile1-dev python-gst0.10-dev
-	#apt-get -y install gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer1.0-tools
-	#su -c "createuser -A -D mediagoblin" - postgres
-	#su -c "createdb -E UNICODE -O mediagoblin mediagoblin" - postgres
-
-	useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin
-	groupadd mediagoblin
-	usermod --append -G mediagoblin mediagoblin
-
-	if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
-		mkdir -p $MEDIAGOBLIN_WORKING_DIRECTORY
-	fi
-
-	function_check git_clone
-	git_clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_WORKING_DIRECTORY
-	cd $MEDIAGOBLIN_WORKING_DIRECTORY
-	git checkout $MEDIAGOBLIN_COMMIT -b $MEDIAGOBLIN_COMMIT
-	git submodule init
-	git submodule update
-
-	if ! grep -q "Mediagoblin commit" $COMPLETION_FILE; then
-		echo "Mediagoblin commit:$MEDIAGOBLIN_COMMIT" >> $COMPLETION_FILE
-	else
-		sed -i "s/Mediagoblin commit.*/Mediagoblin commit:$MEDIAGOBLIN_COMMIT/g" $COMPLETION_FILE
-	fi
-
-	chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bootstrap.sh" - mediagoblin
-	if [ ! "$?" = "0" ]; then
-		exit 278826
-	fi
-
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./configure" - mediagoblin
-	if [ ! "$?" = "0" ]; then
-		exit 462826
-	fi
+    if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
+	return
+    fi
 
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && make" - mediagoblin
-	if [ ! "$?" = "0" ]; then
-		exit 738229
-	fi
-
-	if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev ]; then
-		mkdir $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
-	fi
-	chmod 750 $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install flup==1.0.3.dev-20110405" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade billiard" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Paste" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade amqp" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade anyjson" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py-bcrypt" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade wtforms" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade python-dateutil" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alembic" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade waitress" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade imagesize" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alabaster" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade snowballstemmer" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade docutils" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Pygments" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade beautifulsoup4" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade WebOb" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade execnet" - mediagoblin
-
-	# create some directories
-	mkdir /var/log/mediagoblin
-	chown -hR mediagoblin:www-data /var/log/mediagoblin
-	mkdir /var/run/mediagoblin
-	chown -hR mediagoblin:www-data /var/run/mediagoblin
-
-	if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin.ini ]; then
-		echo $'mediagoblin.ini not found'
-		exit 737529
-	fi
-	if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/paste.ini ]; then
-		echo $'paste.ini not found'
-		exit 52762
-	fi
-
-	cp -av mediagoblin.ini mediagoblin_local.ini
-	cp -av paste.ini paste_local.ini
+    MEDIAGOBLIN_WORKING_DIRECTORY=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
 
+    # update to a new commit if needed
+    function_check set_repo_commit
+    set_repo_commit $MEDIAGOBLIN_WORKING_DIRECTORY "Mediagoblin commit" "$MEDIAGOBLIN_COMMIT" $MEDIAGOBLIN_REPO
+    if [ -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
 	chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
-
-	# init with systemd
-	echo '[Unit]' > /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'After=network.target' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '[Service]' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'Type=simple' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin_local.ini \\" >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '    CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/celery worker \\" >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '    --logfile=/var/log/mediagoblin/celery.log \' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '    --loglevel=INFO' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '[Install]' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-celeryd.service
-
-	echo '[Unit]' > /etc/systemd/system/mediagoblin-paster.service
-	echo 'Description=Mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'After=network.target' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '[Service]' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'Type=forking' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/mediagoblin-paster.service
-	echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-paster.service
-	echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
-	echo "    $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini \\" >> /etc/systemd/system/mediagoblin-paster.service
-	echo '    --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '    --log-file=/var/log/mediagoblin/mediagoblin.log \' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '    --daemon \' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '    --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543' >> /etc/systemd/system/mediagoblin-paster.service
-	echo "ExecStop=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
-	echo '    --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
-	echo "    $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini stop" >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '[Install]' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-paster.service
-	systemctl daemon-reload
-	systemctl enable mediagoblin-celeryd
-	systemctl enable mediagoblin-paster
-	systemctl daemon-reload
-	systemctl start mediagoblin-celeryd
-	systemctl start mediagoblin-paster
-
-	MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT})
-	if ! grep -q "Mediagoblin onion domain" $COMPLETION_FILE; then
-		echo "Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}" >> $COMPLETION_FILE
-	else
-		sed -i "s|Mediagoblin onion domain.*|Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}|g" $COMPLETION_FILE
-	fi
-	if [[ $MEDIAGOBLIN_ONION_HOSTNAME == *"not found"* ]]; then
-		echo $'Problem creating onion address for mediagoblin'
-		exit 672652
-	fi
-
-	# web config
-	MEDIAGOBLIN_VIRTUAL_HOST=/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-	function_check nginx_http_redirect
-	nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME
-	if [[ $ONION_ONLY == 'no' ]]; then
-		echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  listen 443 ssl;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  default_type  application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		function_check nginx_limits
-		nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
-		function_check nginx_ssl
-		nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
-		function_check nginx_disable_sniffing
-		nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo "  server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '    fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '    include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '    # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '      # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '    fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '    fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	else
-		echo -n '' > $MEDIAGOBLIN_VIRTUAL_HOST
-	fi
-
+    fi
+
+    if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then
+	return
+    fi
+
+    apt-get -y install git-core python python-dev python-lxml python-pil
+    apt-get -y install python-virtualenv npm nodejs-legacy automake
+    apt-get -y install fcgiwrap
+
+    #apt-get -y install postgresql postgresql-client python-psycopg2
+    #apt-get -y install python-gst-1.0 libjpeg62-turbo-dev gstreamer1.0-plugins-base python-gobject
+    #apt-get -y install gstreamer1.0-plugins-good gstreamer1.0-libav libav-tools gstreamer0.10-tools
+    #apt-get -y install python-numpy python-scipy libsndfile1-dev python-gst0.10-dev
+    #apt-get -y install gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer1.0-tools
+    #su -c "createuser -A -D mediagoblin" - postgres
+    #su -c "createdb -E UNICODE -O mediagoblin mediagoblin" - postgres
+
+    useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin
+    groupadd mediagoblin
+    usermod --append -G mediagoblin mediagoblin
+
+    if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
+	mkdir -p $MEDIAGOBLIN_WORKING_DIRECTORY
+    fi
+
+    function_check git_clone
+    git_clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_WORKING_DIRECTORY
+    cd $MEDIAGOBLIN_WORKING_DIRECTORY
+    git checkout $MEDIAGOBLIN_COMMIT -b $MEDIAGOBLIN_COMMIT
+    git submodule init
+    git submodule update
+
+    if ! grep -q "Mediagoblin commit" $COMPLETION_FILE; then
+	echo "Mediagoblin commit:$MEDIAGOBLIN_COMMIT" >> $COMPLETION_FILE
+    else
+	sed -i "s/Mediagoblin commit.*/Mediagoblin commit:$MEDIAGOBLIN_COMMIT/g" $COMPLETION_FILE
+    fi
+
+    chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bootstrap.sh" - mediagoblin
+    if [ ! "$?" = "0" ]; then
+	exit 278826
+    fi
+
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./configure" - mediagoblin
+    if [ ! "$?" = "0" ]; then
+	exit 462826
+    fi
+
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && make" - mediagoblin
+    if [ ! "$?" = "0" ]; then
+	exit 738229
+    fi
+
+    if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev ]; then
+	mkdir $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
+    fi
+    chmod 750 $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install flup==1.0.3.dev-20110405" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade billiard" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Paste" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade amqp" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade anyjson" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py-bcrypt" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade wtforms" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade python-dateutil" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alembic" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade waitress" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade imagesize" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alabaster" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade snowballstemmer" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade docutils" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Pygments" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade beautifulsoup4" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade WebOb" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade execnet" - mediagoblin
+
+    # create some directories
+    mkdir /var/log/mediagoblin
+    chown -hR mediagoblin:www-data /var/log/mediagoblin
+    mkdir /var/run/mediagoblin
+    chown -hR mediagoblin:www-data /var/run/mediagoblin
+
+    if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin.ini ]; then
+	echo $'mediagoblin.ini not found'
+	exit 737529
+    fi
+    if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/paste.ini ]; then
+	echo $'paste.ini not found'
+	exit 52762
+    fi
+
+    cp -av mediagoblin.ini mediagoblin_local.ini
+    cp -av paste.ini paste_local.ini
+
+    chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
+
+    # init with systemd
+    echo '[Unit]' > /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'After=network.target' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '[Service]' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'Type=simple' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin_local.ini \\" >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '    CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/celery worker \\" >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '    --logfile=/var/log/mediagoblin/celery.log \' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '    --loglevel=INFO' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '[Install]' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-celeryd.service
+
+    echo '[Unit]' > /etc/systemd/system/mediagoblin-paster.service
+    echo 'Description=Mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'After=network.target' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '[Service]' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'Type=forking' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/mediagoblin-paster.service
+    echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-paster.service
+    echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
+    echo "    $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini \\" >> /etc/systemd/system/mediagoblin-paster.service
+    echo '    --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '    --log-file=/var/log/mediagoblin/mediagoblin.log \' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '    --daemon \' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '    --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543' >> /etc/systemd/system/mediagoblin-paster.service
+    echo "ExecStop=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
+    echo '    --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
+    echo "    $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini stop" >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '[Install]' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-paster.service
+    systemctl daemon-reload
+    systemctl enable mediagoblin-celeryd
+    systemctl enable mediagoblin-paster
+    systemctl daemon-reload
+    systemctl start mediagoblin-celeryd
+    systemctl start mediagoblin-paster
+
+    MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT})
+    if ! grep -q "Mediagoblin onion domain" $COMPLETION_FILE; then
+	echo "Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}" >> $COMPLETION_FILE
+    else
+	sed -i "s|Mediagoblin onion domain.*|Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}|g" $COMPLETION_FILE
+    fi
+    if [[ $MEDIAGOBLIN_ONION_HOSTNAME == *"not found"* ]]; then
+	echo $'Problem creating onion address for mediagoblin'
+	exit 672652
+    fi
+
+    # web config
+    MEDIAGOBLIN_VIRTUAL_HOST=/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+    function_check nginx_http_redirect
+    nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME
+    if [[ $ONION_ONLY == 'no' ]]; then
 	echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo "  listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+	echo '  listen 443 ssl;' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
@@ -354,6 +285,8 @@ function install_mediagoblin {
 	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	function_check nginx_limits
 	nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
+	function_check nginx_ssl
+	nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
 	function_check nginx_disable_sniffing
 	nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
 	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
@@ -368,7 +301,7 @@ function install_mediagoblin {
 	echo '  # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo "  server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+	echo "  server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
@@ -403,23 +336,90 @@ function install_mediagoblin {
 	echo '    fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
-
-	function_check create_site_certificate
-	create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME
-
-	nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
-	systemctl restart php5-fpm
-	systemctl restart nginx
-
-	add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
-
-	if ! grep -q "Mediagoblin domain" $COMPLETION_FILE; then
-		echo "Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME" >> $COMPLETION_FILE
-	else
-		sed -i "s/Mediagoblin domain.*/Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME/g" $COMPLETION_FILE
-	fi
-
-	echo 'install_mediagoblin' >> $COMPLETION_FILE
+	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    else
+	echo -n '' > $MEDIAGOBLIN_VIRTUAL_HOST
+    fi
+
+    echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo "  listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  default_type  application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    function_check nginx_limits
+    nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
+    function_check nginx_disable_sniffing
+    nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo "  server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '    fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '    include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '    # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '      # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '    fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '    fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
+
+    function_check create_site_certificate
+    create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME
+
+    nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
+    systemctl restart php5-fpm
+    systemctl restart nginx
+
+    add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
+
+    if ! grep -q "Mediagoblin domain" $COMPLETION_FILE; then
+	echo "Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME" >> $COMPLETION_FILE
+    else
+	sed -i "s/Mediagoblin domain.*/Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME/g" $COMPLETION_FILE
+    fi
+
+    echo 'install_mediagoblin' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-rss

@@ -43,508 +43,508 @@ RSS_READER_GNUSOCIAL_REPO="https://github.com/bashrc/ttrss-gnusocial"
 RSS_READER_GNUSOCIAL_COMMIT='8b92b8f5db7b0d12459c7bd86a50f48815efe642'
 
 function reconfigure_rss {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_rss {
-	if grep -Fxq "install_rss" $COMPLETION_FILE; then
-		function_check set_repo_commit
-		set_repo_commit $RSS_READER_PATH "RSS reader commit" "$RSS_READER_COMMIT" $RSS_READER_REPO
+    if grep -Fxq "install_rss" $COMPLETION_FILE; then
+	function_check set_repo_commit
+	set_repo_commit $RSS_READER_PATH "RSS reader commit" "$RSS_READER_COMMIT" $RSS_READER_REPO
+    fi
+
+    if grep -Fxq "install_rss_mobile_reader" $COMPLETION_FILE; then
+	if [ ! $RSS_READER_PATH ]; then
+	    RSS_READER_PATH=/etc/share/tt-rss
 	fi
 
-	if grep -Fxq "install_rss_mobile_reader" $COMPLETION_FILE; then
-		if [ ! $RSS_READER_PATH ]; then
-			RSS_READER_PATH=/etc/share/tt-rss
-		fi
-
-		if [ ! -d $RSS_READER_PATH ]; then
-			echo $'tt-rss is not installed, so the mobile version cannot be installed'
-			exit 63452
-		fi
-
-		RSS_MOBILE_READER_PATH=/etc/share/ttrss-mobile
-
-		# remove any previous install
-		if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
-			if grep -Fxq "install_rss_mobile_reader" $COMPLETION_FILE; then
-				sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
-				sed -i '/RSS mobile reader commit/d' $COMPLETION_FILE
-				rm -rf $RSS_READER_PATH/g2ttree-mobile
-			fi
-		fi
-
-		# update to the next commit
-		function_check set_repo_commit
-		set_repo_commit $RSS_MOBILE_READER_PATH "RSS mobile reader commit" "$RSS_MOBILE_READER_COMMIT" $RSS_MOBILE_READER_REPO
+	if [ ! -d $RSS_READER_PATH ]; then
+	    echo $'tt-rss is not installed, so the mobile version cannot be installed'
+	    exit 63452
+	fi
+
+	RSS_MOBILE_READER_PATH=/etc/share/ttrss-mobile
+
+	# remove any previous install
+	if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
+	    if grep -Fxq "install_rss_mobile_reader" $COMPLETION_FILE; then
+		sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
+		sed -i '/RSS mobile reader commit/d' $COMPLETION_FILE
+		rm -rf $RSS_READER_PATH/g2ttree-mobile
+	    fi
 	fi
+
+	# update to the next commit
+	function_check set_repo_commit
+	set_repo_commit $RSS_MOBILE_READER_PATH "RSS mobile reader commit" "$RSS_MOBILE_READER_COMMIT" $RSS_MOBILE_READER_REPO
+    fi
 }
 
 function backup_local_rss {
-	RSS_READER_DOMAIN_NAME='ttrss'
-	if grep -q "RSS reader domain" $COMPLETION_FILE; then
-		RSS_READER_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "RSS reader domain" | awk -F ':' '{print $2}')
-	fi
+    RSS_READER_DOMAIN_NAME='ttrss'
+    if grep -q "RSS reader domain" $COMPLETION_FILE; then
+	RSS_READER_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "RSS reader domain" | awk -F ':' '{print $2}')
+    fi
 
-	if grep -q "RSS reader domain" $COMPLETION_FILE; then
-		if [ -d /etc/share/tt-rss ]; then
-			RSS_READER_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "RSS reader domain" | awk -F ':' '{print $2}')
+    if grep -q "RSS reader domain" $COMPLETION_FILE; then
+	if [ -d /etc/share/tt-rss ]; then
+	    RSS_READER_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "RSS reader domain" | awk -F ':' '{print $2}')
 
-			echo $"Backing up ttrss"
+	    echo $"Backing up ttrss"
 
-			function_check backup_database_to_usb
-			backup_database_to_usb ttrss
+	    function_check backup_database_to_usb
+	    backup_database_to_usb ttrss
 
-			backup_directory_to_usb /etc/share/tt-rss ttrss
+	    backup_directory_to_usb /etc/share/tt-rss ttrss
 
-			echo $"ttrss backup complete"
-		fi
+	    echo $"ttrss backup complete"
 	fi
+    fi
 }
 
 function restore_local_rss {
-	if ! grep -q "RSS reader domain" $COMPLETION_FILE; then
-		return
-	fi
-	RSS_READER_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "RSS reader domain" | awk -F ':' '{print $2}')
-	if [ $RSS_READER_DOMAIN_NAME ]; then
-		echo $"Restoring ttrss"
-		temp_restore_dir=/root/tempttrss
-		restore_database ttrss ${RSS_READER_DOMAIN_NAME}
-		if [ -d $USB_MOUNT/backup/ttrss ]; then
-			chown -R www-data:www-data /etc/share/tt-rss
-			if [ -d $temp_restore_dir ]; then
-				rm -rf $temp_restore_dir
-			fi
-		fi
-		echo $"Restore of ttrss complete"
-	fi
+    if ! grep -q "RSS reader domain" $COMPLETION_FILE; then
+	return
+    fi
+    RSS_READER_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "RSS reader domain" | awk -F ':' '{print $2}')
+    if [ $RSS_READER_DOMAIN_NAME ]; then
+	echo $"Restoring ttrss"
+	temp_restore_dir=/root/tempttrss
+	restore_database ttrss ${RSS_READER_DOMAIN_NAME}
+	if [ -d $USB_MOUNT/backup/ttrss ]; then
+	    chown -R www-data:www-data /etc/share/tt-rss
+	    if [ -d $temp_restore_dir ]; then
+		rm -rf $temp_restore_dir
+	    fi
+	fi
+	echo $"Restore of ttrss complete"
+    fi
 }
 
 function backup_remote_rss {
-	if grep -q "RSS reader domain" $COMPLETION_FILE; then
-		RSS_READER_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "RSS reader domain" | awk -F ':' '{print $2}')
-		if [ -d /etc/share/tt-rss ]; then
-			function_check suspend_site
-			suspend_site ${RSS_READER_DOMAIN_NAME}
+    if grep -q "RSS reader domain" $COMPLETION_FILE; then
+	RSS_READER_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "RSS reader domain" | awk -F ':' '{print $2}')
+	if [ -d /etc/share/tt-rss ]; then
+	    function_check suspend_site
+	    suspend_site ${RSS_READER_DOMAIN_NAME}
 
-			function_check backup_database_to_friend
-			backup_database_to_friend ttrss
+	    function_check backup_database_to_friend
+	    backup_database_to_friend ttrss
 
-			echo $"Backing up RSS reader installation"
+	    echo $"Backing up RSS reader installation"
 
-			function_check backup_directory_to_friend
-			backup_directory_to_friend /etc/share/tt-rss ttrss
+	    function_check backup_directory_to_friend
+	    backup_directory_to_friend /etc/share/tt-rss ttrss
 
-			function_check restart_site
-			restart_site
-		else
-			echo $"RSS reader domain specified but not found in /etc/share/ttrss}"
-		fi
+	    function_check restart_site
+	    restart_site
+	else
+	    echo $"RSS reader domain specified but not found in /etc/share/ttrss}"
 	fi
+    fi
 }
 
 function restore_remote_rss {
-	if grep -q "RSS reader domain" $COMPLETION_FILE; then
-		echo $"Restoring ttrss"
-		RSS_READER_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "RSS reader domain" | awk -F ':' '{print $2}')
-		function_check restore_database_from_friend
-		restore_database_from_friend ttrss ${RSS_READER_DOMAIN_NAME}
-		if [ -d $SERVER_DIRECTORY/backup/ttrss ]; then
-			chown -R www-data:www-data /etc/share/tt-rss
-		fi
-		if [ -d /root/tempttrss ]; then
-			rm -rf /root/tempttrss
-		fi
-		echo $"Restore of ttrss complete"
+    if grep -q "RSS reader domain" $COMPLETION_FILE; then
+	echo $"Restoring ttrss"
+	RSS_READER_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "RSS reader domain" | awk -F ':' '{print $2}')
+	function_check restore_database_from_friend
+	restore_database_from_friend ttrss ${RSS_READER_DOMAIN_NAME}
+	if [ -d $SERVER_DIRECTORY/backup/ttrss ]; then
+	    chown -R www-data:www-data /etc/share/tt-rss
 	fi
+	if [ -d /root/tempttrss ]; then
+	    rm -rf /root/tempttrss
+	fi
+	echo $"Restore of ttrss complete"
+    fi
 }
 
 function remove_rss {
-	if ! grep -Fxq "install_rss" $COMPLETION_FILE; then
-		return
-	fi
-	nginx_dissite $RSS_READER_DOMAIN_NAME
-	function_check remove_onion_service
-	remove_onion_service ttrss ${RSS_READER_ONION_PORT} ${RSS_MOBILE_READER_ONION_PORT}
-	if [ -f /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME ]; then
-		rm /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	fi
-	if [ -d $RSS_READER_PATH ]; then
-		rm -rf $RSS_READER_PATH
-	fi
-	function_check drop_database
-	drop_database ttrss
-	sed -i '/install_rss/d' $COMPLETION_FILE
-	sed -i '/RSS /d' $COMPLETION_FILE
+    if ! grep -Fxq "install_rss" $COMPLETION_FILE; then
+	return
+    fi
+    nginx_dissite $RSS_READER_DOMAIN_NAME
+    function_check remove_onion_service
+    remove_onion_service ttrss ${RSS_READER_ONION_PORT} ${RSS_MOBILE_READER_ONION_PORT}
+    if [ -f /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME ]; then
+	rm /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    fi
+    if [ -d $RSS_READER_PATH ]; then
+	rm -rf $RSS_READER_PATH
+    fi
+    function_check drop_database
+    drop_database ttrss
+    sed -i '/install_rss/d' $COMPLETION_FILE
+    sed -i '/RSS /d' $COMPLETION_FILE
 }
 
 function rss_modifications {
-	# modify the rss reader to use a socks5 proxy rather than a http proxy
-	if [ ! -d $RSS_READER_PATH ]; then
-		return
-	fi
-
-	# ensure that socks5 proxy is used
-	if ! grep -q "CURLOPT_PROXYTYPE" $RSS_READER_PATH/plugins/af_unburn/init.php; then
-		sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/plugins/af_unburn/init.php
-	fi
-	if ! grep -q "CURLOPT_PROXYTYPE" $RSS_READER_PATH/include/functions.php; then
-		sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/include/functions.php
-	fi
-	chown -R www-data:www-data $RSS_READER_PATH
-	chmod a+x $RSS_READER_PATH
+    # modify the rss reader to use a socks5 proxy rather than a http proxy
+    if [ ! -d $RSS_READER_PATH ]; then
+	return
+    fi
+
+    # ensure that socks5 proxy is used
+    if ! grep -q "CURLOPT_PROXYTYPE" $RSS_READER_PATH/plugins/af_unburn/init.php; then
+	sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/plugins/af_unburn/init.php
+    fi
+    if ! grep -q "CURLOPT_PROXYTYPE" $RSS_READER_PATH/include/functions.php; then
+	sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/include/functions.php
+    fi
+    chown -R www-data:www-data $RSS_READER_PATH
+    chmod a+x $RSS_READER_PATH
 }
 
 function install_rss_main {
-	if grep -Fxq "install_rss_main" $COMPLETION_FILE; then
-		return
-	fi
-
-	apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
-
-	if [ ! -d /etc/share ]; then
-		mkdir /etc/share
-	fi
-	cd /etc/share
-	function_check git_clone
-	git_clone $RSS_READER_REPO tt-rss
-	if [ ! -d $RSS_READER_PATH ]; then
-		echo $'Could not clone RSS reader repo'
-		exit 52925
-	fi
-	cd $RSS_READER_PATH
-	git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
-	if ! grep -q "RSS reader commit" $COMPLETION_FILE; then
-		echo "RSS reader commit:$RSS_READER_COMMIT" >> $COMPLETION_FILE
-	fi
-
-	function_check install_mariadb
-	install_mariadb
-
-	function_check get_mariadb_password
-	get_mariadb_password
-
-	function_check repair_databases_script
-	repair_databases_script
-
-	function_check get_mariadb_rss_admin_password
-	get_mariadb_rss_admin_password
-	if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
-		if [ -f $IMAGE_PASSWORD_FILE ]; then
-			RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-		else
-			RSS_READER_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-		fi
-	fi
-
-	function_check create_database
-	create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME
-
-	RSS_READER_ONION_HOSTNAME=$(add_onion_service ttrss 80 ${RSS_READER_ONION_PORT})
-	RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service ttrss 80 ${RSS_MOBILE_READER_ONION_PORT})
-
-	echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo "  listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo "  server_name $RSS_MOBILE_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  access_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  error_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  root /etc/share/ttrss-mobile;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  index index.html index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  location /tt-rss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    try_files $uri $uri/ @ttrss_base;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    rewrite ^(.*)$ /index.html?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  location @ttrss_base {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo 'server {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo "  listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo "  server_name $RSS_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  access_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  error_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  root /etc/share/tt-rss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  if ($mobile_rewrite = perform) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo "    rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    break;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '    deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-	echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-
-	if [ ! -f $RSS_READER_PATH/config.php ]; then
-		# generate a config file
-		RSS_FEED_CRYPT_KEY="$(create_password 24)"
-		echo '<?php' > $RSS_READER_PATH/config.php
-		echo "  define ('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
-		echo "  define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php
-		echo "  define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php
-		echo "  define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php
-		echo "  define('DB_NAME', 'ttrss');" >> $RSS_READER_PATH/config.php
-		echo "  define('DB_PASS', '${MARIADB_PASSWORD}');" >> $RSS_READER_PATH/config.php
-		echo "  define('DB_PORT', '3306');" >> $RSS_READER_PATH/config.php
-		echo "  define('MYSQL_CHARSET', 'UTF8');" >> $RSS_READER_PATH/config.php
-		echo "  define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');" >> $RSS_READER_PATH/config.php
-		echo "  define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');" >> $RSS_READER_PATH/config.php
-		echo "  define('SINGLE_USER_MODE', false);" >> $RSS_READER_PATH/config.php
-		echo "  define('SIMPLE_UPDATE_MODE', false);" >> $RSS_READER_PATH/config.php
-		echo "  define('PHP_EXECUTABLE', '/usr/bin/php');" >> $RSS_READER_PATH/config.php
-		echo "  define('LOCK_DIRECTORY', 'lock');" >> $RSS_READER_PATH/config.php
-		echo "  define('CACHE_DIR', 'cache');" >> $RSS_READER_PATH/config.php
-		echo "  define('ICONS_DIR', \"feed-icons\");" >> $RSS_READER_PATH/config.php
-		echo "  define('ICONS_URL', \"feed-icons\");" >> $RSS_READER_PATH/config.php
-		echo "  define('AUTH_AUTO_CREATE', true);" >> $RSS_READER_PATH/config.php
-		echo "  define('AUTH_AUTO_LOGIN', true);" >> $RSS_READER_PATH/config.php
-		echo "  define('FORCE_ARTICLE_PURGE', 0);" >> $RSS_READER_PATH/config.php
-		echo "  define('PUBSUBHUBBUB_HUB', '');" >> $RSS_READER_PATH/config.php
-		echo "  define('PUBSUBHUBBUB_ENABLED', false);" >> $RSS_READER_PATH/config.php
-		echo "  define('SPHINX_SERVER', 'localhost:9312');" >> $RSS_READER_PATH/config.php
-		echo "  define('SPHINX_INDEX', 'ttrss, delta');" >> $RSS_READER_PATH/config.php
-		echo "  define('ENABLE_REGISTRATION', false);" >> $RSS_READER_PATH/config.php
-		echo "  define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');" >> $RSS_READER_PATH/config.php
-		echo "  define('REG_MAX_USERS', 10);" >> $RSS_READER_PATH/config.php
-		echo "  define('SESSION_COOKIE_LIFETIME', 86400);" >> $RSS_READER_PATH/config.php
-		echo "  define('SMTP_FROM_NAME', 'Tiny Tiny RSS');" >> $RSS_READER_PATH/config.php
-		echo "  define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');" >> $RSS_READER_PATH/config.php
-		echo "  define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');" >> $RSS_READER_PATH/config.php
-		echo "  define('SMTP_SERVER', '');" >> $RSS_READER_PATH/config.php
-		echo "  define('SMTP_LOGIN', '');" >> $RSS_READER_PATH/config.php
-		echo "  define('SMTP_PASSWORD', '');" >> $RSS_READER_PATH/config.php
-		echo "  define('SMTP_SECURE', '');" >> $RSS_READER_PATH/config.php
-		echo "  define('CHECK_FOR_UPDATES', false);" >> $RSS_READER_PATH/config.php
-		echo "  define('ENABLE_GZIP_OUTPUT', false);" >> $RSS_READER_PATH/config.php
-		echo "  define('PLUGINS', 'auth_internal, note, gnusocial');" >> $RSS_READER_PATH/config.php
-		echo "  define('LOG_DESTINATION', 'sql');" >> $RSS_READER_PATH/config.php
-		echo "  define('CONFIG_VERSION', 26);" >> $RSS_READER_PATH/config.php
-	fi
-
-	# initialize the database
-	if [ ! -f $RSS_READER_PATH/schema/ttrss_schema_mysql.sql ]; then
-		echo $'No database schema found for rss reader'
-		exit 52926
-	fi
-	initialise_database ttrss $RSS_READER_PATH/schema/ttrss_schema_mysql.sql
-
-	# change the password from the default
-	RSS_READER_ADMIN_PASSWORD_HASH=$(echo -n "${RSS_READER_ADMIN_PASSWORD}" | sha1sum | awk -F ' ' '{print $1}')
-
-	function_check run_query
-	run_query ttrss "update ttrss_users set pwd_hash = 'SHA1:${RSS_READER_ADMIN_PASSWORD_HASH}', salt= '' WHERE login = 'admin';"
-
-	function_check rss_modifications
-	rss_modifications
-
-	function_check configure_php
-	configure_php
-
-	nginx_ensite $RSS_READER_DOMAIN_NAME
-	systemctl restart php5-fpm
-	systemctl restart nginx
-
-	if ! grep -q "RSS reader onion domain" $COMPLETION_FILE; then
-		echo "RSS reader onion domain:${RSS_READER_ONION_HOSTNAME}" >> $COMPLETION_FILE
-	fi
-	if ! grep -q "RSS reader domain" $COMPLETION_FILE; then
-		echo "RSS reader domain:${RSS_READER_DOMAIN_NAME}" >> $COMPLETION_FILE
-	fi
-
-	# daemon to update feeds
-	echo '[Unit]' > /etc/systemd/system/ttrss.service
-	echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service
-	echo 'After=network.target mysql.service' >> /etc/systemd/system/ttrss.service
-	echo 'After=tor.service' >> /etc/systemd/system/ttrss.service
-	echo '' >> /etc/systemd/system/ttrss.service
-	echo '[Service]' >> /etc/systemd/system/ttrss.service
-	echo 'User=www-data' >> /etc/systemd/system/ttrss.service
-	echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon" >> /etc/systemd/system/ttrss.service
-	echo '' >> /etc/systemd/system/ttrss.service
-	echo '[Install]' >> /etc/systemd/system/ttrss.service
-	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ttrss.service
-	systemctl enable ttrss
-	systemctl daemon-reload
-	systemctl start ttrss
-
-	# some post-install instructions for the user
-	if ! grep -q $"RSS Reader" /home/$MY_USERNAME/README; then
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'RSS Reader' >> /home/$MY_USERNAME/README
-		echo '==========' >> /home/$MY_USERNAME/README
-		echo $"RSS reader domain: ${RSS_READER_DOMAIN_NAME}" >> /home/$MY_USERNAME/README
-		echo $"RSS reader onion domain: ${RSS_READER_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
-		echo $"RSS reader admin username: admin" >> /home/$MY_USERNAME/README
-		echo $"RSS reader admin password: ${RSS_READER_ADMIN_PASSWORD}" >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
-
-	echo 'install_rss_main' >> $COMPLETION_FILE
+    if grep -Fxq "install_rss_main" $COMPLETION_FILE; then
+	return
+    fi
+
+    apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
+
+    if [ ! -d /etc/share ]; then
+	mkdir /etc/share
+    fi
+    cd /etc/share
+    function_check git_clone
+    git_clone $RSS_READER_REPO tt-rss
+    if [ ! -d $RSS_READER_PATH ]; then
+	echo $'Could not clone RSS reader repo'
+	exit 52925
+    fi
+    cd $RSS_READER_PATH
+    git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
+    if ! grep -q "RSS reader commit" $COMPLETION_FILE; then
+	echo "RSS reader commit:$RSS_READER_COMMIT" >> $COMPLETION_FILE
+    fi
+
+    function_check install_mariadb
+    install_mariadb
+
+    function_check get_mariadb_password
+    get_mariadb_password
+
+    function_check repair_databases_script
+    repair_databases_script
+
+    function_check get_mariadb_rss_admin_password
+    get_mariadb_rss_admin_password
+    if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
+	if [ -f $IMAGE_PASSWORD_FILE ]; then
+	    RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+	else
+	    RSS_READER_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+	fi
+    fi
+
+    function_check create_database
+    create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME
+
+    RSS_READER_ONION_HOSTNAME=$(add_onion_service ttrss 80 ${RSS_READER_ONION_PORT})
+    RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service ttrss 80 ${RSS_MOBILE_READER_ONION_PORT})
+
+    echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo "  listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo "  server_name $RSS_MOBILE_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  access_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  error_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  root /etc/share/ttrss-mobile;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  index index.html index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  location /tt-rss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    try_files $uri $uri/ @ttrss_base;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    rewrite ^(.*)$ /index.html?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  location @ttrss_base {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo 'server {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo "  listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo "  server_name $RSS_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  access_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  error_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  root /etc/share/tt-rss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  if ($mobile_rewrite = perform) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo "    rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    break;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+
+    if [ ! -f $RSS_READER_PATH/config.php ]; then
+	# generate a config file
+	RSS_FEED_CRYPT_KEY="$(create_password 24)"
+	echo '<?php' > $RSS_READER_PATH/config.php
+	echo "  define ('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
+	echo "  define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php
+	echo "  define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php
+	echo "  define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php
+	echo "  define('DB_NAME', 'ttrss');" >> $RSS_READER_PATH/config.php
+	echo "  define('DB_PASS', '${MARIADB_PASSWORD}');" >> $RSS_READER_PATH/config.php
+	echo "  define('DB_PORT', '3306');" >> $RSS_READER_PATH/config.php
+	echo "  define('MYSQL_CHARSET', 'UTF8');" >> $RSS_READER_PATH/config.php
+	echo "  define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');" >> $RSS_READER_PATH/config.php
+	echo "  define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');" >> $RSS_READER_PATH/config.php
+	echo "  define('SINGLE_USER_MODE', false);" >> $RSS_READER_PATH/config.php
+	echo "  define('SIMPLE_UPDATE_MODE', false);" >> $RSS_READER_PATH/config.php
+	echo "  define('PHP_EXECUTABLE', '/usr/bin/php');" >> $RSS_READER_PATH/config.php
+	echo "  define('LOCK_DIRECTORY', 'lock');" >> $RSS_READER_PATH/config.php
+	echo "  define('CACHE_DIR', 'cache');" >> $RSS_READER_PATH/config.php
+	echo "  define('ICONS_DIR', \"feed-icons\");" >> $RSS_READER_PATH/config.php
+	echo "  define('ICONS_URL', \"feed-icons\");" >> $RSS_READER_PATH/config.php
+	echo "  define('AUTH_AUTO_CREATE', true);" >> $RSS_READER_PATH/config.php
+	echo "  define('AUTH_AUTO_LOGIN', true);" >> $RSS_READER_PATH/config.php
+	echo "  define('FORCE_ARTICLE_PURGE', 0);" >> $RSS_READER_PATH/config.php
+	echo "  define('PUBSUBHUBBUB_HUB', '');" >> $RSS_READER_PATH/config.php
+	echo "  define('PUBSUBHUBBUB_ENABLED', false);" >> $RSS_READER_PATH/config.php
+	echo "  define('SPHINX_SERVER', 'localhost:9312');" >> $RSS_READER_PATH/config.php
+	echo "  define('SPHINX_INDEX', 'ttrss, delta');" >> $RSS_READER_PATH/config.php
+	echo "  define('ENABLE_REGISTRATION', false);" >> $RSS_READER_PATH/config.php
+	echo "  define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');" >> $RSS_READER_PATH/config.php
+	echo "  define('REG_MAX_USERS', 10);" >> $RSS_READER_PATH/config.php
+	echo "  define('SESSION_COOKIE_LIFETIME', 86400);" >> $RSS_READER_PATH/config.php
+	echo "  define('SMTP_FROM_NAME', 'Tiny Tiny RSS');" >> $RSS_READER_PATH/config.php
+	echo "  define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');" >> $RSS_READER_PATH/config.php
+	echo "  define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');" >> $RSS_READER_PATH/config.php
+	echo "  define('SMTP_SERVER', '');" >> $RSS_READER_PATH/config.php
+	echo "  define('SMTP_LOGIN', '');" >> $RSS_READER_PATH/config.php
+	echo "  define('SMTP_PASSWORD', '');" >> $RSS_READER_PATH/config.php
+	echo "  define('SMTP_SECURE', '');" >> $RSS_READER_PATH/config.php
+	echo "  define('CHECK_FOR_UPDATES', false);" >> $RSS_READER_PATH/config.php
+	echo "  define('ENABLE_GZIP_OUTPUT', false);" >> $RSS_READER_PATH/config.php
+	echo "  define('PLUGINS', 'auth_internal, note, gnusocial');" >> $RSS_READER_PATH/config.php
+	echo "  define('LOG_DESTINATION', 'sql');" >> $RSS_READER_PATH/config.php
+	echo "  define('CONFIG_VERSION', 26);" >> $RSS_READER_PATH/config.php
+    fi
+
+    # initialize the database
+    if [ ! -f $RSS_READER_PATH/schema/ttrss_schema_mysql.sql ]; then
+	echo $'No database schema found for rss reader'
+	exit 52926
+    fi
+    initialise_database ttrss $RSS_READER_PATH/schema/ttrss_schema_mysql.sql
+
+    # change the password from the default
+    RSS_READER_ADMIN_PASSWORD_HASH=$(echo -n "${RSS_READER_ADMIN_PASSWORD}" | sha1sum | awk -F ' ' '{print $1}')
+
+    function_check run_query
+    run_query ttrss "update ttrss_users set pwd_hash = 'SHA1:${RSS_READER_ADMIN_PASSWORD_HASH}', salt= '' WHERE login = 'admin';"
+
+    function_check rss_modifications
+    rss_modifications
+
+    function_check configure_php
+    configure_php
+
+    nginx_ensite $RSS_READER_DOMAIN_NAME
+    systemctl restart php5-fpm
+    systemctl restart nginx
+
+    if ! grep -q "RSS reader onion domain" $COMPLETION_FILE; then
+	echo "RSS reader onion domain:${RSS_READER_ONION_HOSTNAME}" >> $COMPLETION_FILE
+    fi
+    if ! grep -q "RSS reader domain" $COMPLETION_FILE; then
+	echo "RSS reader domain:${RSS_READER_DOMAIN_NAME}" >> $COMPLETION_FILE
+    fi
+
+    # daemon to update feeds
+    echo '[Unit]' > /etc/systemd/system/ttrss.service
+    echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service
+    echo 'After=network.target mysql.service' >> /etc/systemd/system/ttrss.service
+    echo 'After=tor.service' >> /etc/systemd/system/ttrss.service
+    echo '' >> /etc/systemd/system/ttrss.service
+    echo '[Service]' >> /etc/systemd/system/ttrss.service
+    echo 'User=www-data' >> /etc/systemd/system/ttrss.service
+    echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon" >> /etc/systemd/system/ttrss.service
+    echo '' >> /etc/systemd/system/ttrss.service
+    echo '[Install]' >> /etc/systemd/system/ttrss.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ttrss.service
+    systemctl enable ttrss
+    systemctl daemon-reload
+    systemctl start ttrss
+
+    # some post-install instructions for the user
+    if ! grep -q $"RSS Reader" /home/$MY_USERNAME/README; then
+	echo '' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo $'RSS Reader' >> /home/$MY_USERNAME/README
+	echo '==========' >> /home/$MY_USERNAME/README
+	echo $"RSS reader domain: ${RSS_READER_DOMAIN_NAME}" >> /home/$MY_USERNAME/README
+	echo $"RSS reader onion domain: ${RSS_READER_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+	echo $"RSS reader admin username: admin" >> /home/$MY_USERNAME/README
+	echo $"RSS reader admin password: ${RSS_READER_ADMIN_PASSWORD}" >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+	chmod 600 /home/$MY_USERNAME/README
+    fi
+
+    echo 'install_rss_main' >> $COMPLETION_FILE
 }
 
 function install_rss_gnusocial {
-	if [ ! $MICROBLOG_DOMAIN_NAME ]; then
-		return
-	fi
-
-	if [ ! $RSS_READER_PATH ]; then
-		RSS_READER_PATH=/etc/share/tt-rss
-	fi
-	RSS_READER_GNUSOCIAL_PATH=${RSS_READER_PATH}/plugins/gnusocial
-
-	# update to the next commit
-	function_check set_repo_commit
-	set_repo_commit $RSS_READER_GNUSOCIAL_PATH "RSS reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT" $RSS_READER_GNUSOCIAL_REPO
-	chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
-
-	if grep -Fxq "install_rss_gnusocial" $COMPLETION_FILE; then
-		return
-	fi
-
-	if [ ! -d $INSTALL_DIR ]; then
-		mkdir -p $INSTALL_DIR
-	fi
-
-	cd $INSTALL_DIR
-	function_check git_clone
-	git_clone $RSS_READER_GNUSOCIAL_REPO ttrss-gnusocial
-	if [ ! -d $INSTALL_DIR/ttrss-gnusocial ]; then
-		echo $'Could not clone repo for RSS reader GNU Social plugin'
-		exit 52838
-	fi
-	cp -r $INSTALL_DIR/ttrss-gnusocial $RSS_READER_GNUSOCIAL_PATH
-	cd $RSS_READER_GNUSOCIAL_PATH
-	git checkout $RSS_READER_GNUSOCIAL_COMMIT -b $RSS_READER_GNUSOCIAL_COMMIT
-	if ! grep -q "RSS reader gnusocial commit" $COMPLETION_FILE; then
-		echo "RSS reader gnusocial commit:$RSS_READER_GNUSOCIAL_COMMIT" >> $COMPLETION_FILE
-	fi
-	chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
-
-	echo 'install_rss_gnusocial' >> $COMPLETION_FILE
+    if [ ! $MICROBLOG_DOMAIN_NAME ]; then
+	return
+    fi
+
+    if [ ! $RSS_READER_PATH ]; then
+	RSS_READER_PATH=/etc/share/tt-rss
+    fi
+    RSS_READER_GNUSOCIAL_PATH=${RSS_READER_PATH}/plugins/gnusocial
+
+    # update to the next commit
+    function_check set_repo_commit
+    set_repo_commit $RSS_READER_GNUSOCIAL_PATH "RSS reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT" $RSS_READER_GNUSOCIAL_REPO
+    chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
+
+    if grep -Fxq "install_rss_gnusocial" $COMPLETION_FILE; then
+	return
+    fi
+
+    if [ ! -d $INSTALL_DIR ]; then
+	mkdir -p $INSTALL_DIR
+    fi
+
+    cd $INSTALL_DIR
+    function_check git_clone
+    git_clone $RSS_READER_GNUSOCIAL_REPO ttrss-gnusocial
+    if [ ! -d $INSTALL_DIR/ttrss-gnusocial ]; then
+	echo $'Could not clone repo for RSS reader GNU Social plugin'
+	exit 52838
+    fi
+    cp -r $INSTALL_DIR/ttrss-gnusocial $RSS_READER_GNUSOCIAL_PATH
+    cd $RSS_READER_GNUSOCIAL_PATH
+    git checkout $RSS_READER_GNUSOCIAL_COMMIT -b $RSS_READER_GNUSOCIAL_COMMIT
+    if ! grep -q "RSS reader gnusocial commit" $COMPLETION_FILE; then
+	echo "RSS reader gnusocial commit:$RSS_READER_GNUSOCIAL_COMMIT" >> $COMPLETION_FILE
+    fi
+    chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
+
+    echo 'install_rss_gnusocial' >> $COMPLETION_FILE
 }
 
 function install_rss_mobile_reader {
-	if [ ! $RSS_READER_PATH ]; then
-		RSS_READER_PATH=/etc/share/tt-rss
-	fi
+    if [ ! $RSS_READER_PATH ]; then
+	RSS_READER_PATH=/etc/share/tt-rss
+    fi
 
-	if [ ! -d $RSS_READER_PATH ]; then
-		echo $'tt-rss is not installed, so the mobile version cannot be installed'
-		exit 63452
-	fi
+    if [ ! -d $RSS_READER_PATH ]; then
+	echo $'tt-rss is not installed, so the mobile version cannot be installed'
+	exit 63452
+    fi
 
-	RSS_MOBILE_READER_PATH=/etc/share/ttrss-mobile
-
-	# remove any previous install
-	if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
-		if grep -Fxq "install_rss_mobile_reader" $COMPLETION_FILE; then
-			sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
-			sed -i '/RSS mobile reader commit/d' $COMPLETION_FILE
-			rm -rf $RSS_READER_PATH/g2ttree-mobile
-		fi
-	fi
+    RSS_MOBILE_READER_PATH=/etc/share/ttrss-mobile
 
+    # remove any previous install
+    if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
 	if grep -Fxq "install_rss_mobile_reader" $COMPLETION_FILE; then
-		return
-	fi
-
-	cd /etc/share
-	function_check git_clone
-	git_clone $RSS_MOBILE_READER_REPO ttrss-mobile
-	if [ ! -d $RSS_MOBILE_READER_PATH ]; then
-		echo $'Could not clone RSS mobile reader repo'
-		exit 24816
-	fi
-	cd $RSS_MOBILE_READER_PATH
-	git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT
-	if ! grep -q "RSS mobile reader commit" $COMPLETION_FILE; then
-		echo "RSS mobile reader commit:$RSS_MOBILE_READER_COMMIT" >> $COMPLETION_FILE
-	fi
-
-	echo 'define({' > $RSS_MOBILE_READER_PATH/scripts/conf.js
-	echo '  apiPath: "/tt-rss/"' >> $RSS_MOBILE_READER_PATH/scripts/conf.js
-	echo '});' >> $RSS_MOBILE_READER_PATH/scripts/conf.js
-
-	# link to the main site
-	ln -s $RSS_READER_PATH $RSS_MOBILE_READER_PATH/tt-rss
-
-	chown -R www-data:www-data $RSS_MOBILE_READER_PATH
-	chown -R www-data:www-data $RSS_READER_PATH
-	chmod a+x $RSS_MOBILE_READER_PATH
-
-	echo 'install_rss_mobile_reader' >> $COMPLETION_FILE
+	    sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
+	    sed -i '/RSS mobile reader commit/d' $COMPLETION_FILE
+	    rm -rf $RSS_READER_PATH/g2ttree-mobile
+	fi
+    fi
+
+    if grep -Fxq "install_rss_mobile_reader" $COMPLETION_FILE; then
+	return
+    fi
+
+    cd /etc/share
+    function_check git_clone
+    git_clone $RSS_MOBILE_READER_REPO ttrss-mobile
+    if [ ! -d $RSS_MOBILE_READER_PATH ]; then
+	echo $'Could not clone RSS mobile reader repo'
+	exit 24816
+    fi
+    cd $RSS_MOBILE_READER_PATH
+    git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT
+    if ! grep -q "RSS mobile reader commit" $COMPLETION_FILE; then
+	echo "RSS mobile reader commit:$RSS_MOBILE_READER_COMMIT" >> $COMPLETION_FILE
+    fi
+
+    echo 'define({' > $RSS_MOBILE_READER_PATH/scripts/conf.js
+    echo '  apiPath: "/tt-rss/"' >> $RSS_MOBILE_READER_PATH/scripts/conf.js
+    echo '});' >> $RSS_MOBILE_READER_PATH/scripts/conf.js
+
+    # link to the main site
+    ln -s $RSS_READER_PATH $RSS_MOBILE_READER_PATH/tt-rss
+
+    chown -R www-data:www-data $RSS_MOBILE_READER_PATH
+    chown -R www-data:www-data $RSS_READER_PATH
+    chmod a+x $RSS_MOBILE_READER_PATH
+
+    echo 'install_rss_mobile_reader' >> $COMPLETION_FILE
 }
 
 function install_rss {
-	if grep -Fxq "install_rss" $COMPLETION_FILE; then
-		return
-	fi
-	install_rss_main
-	install_rss_gnusocial
-	install_rss_mobile_reader
-	echo 'install_rss' >> $COMPLETION_FILE
+    if grep -Fxq "install_rss" $COMPLETION_FILE; then
+	return
+    fi
+    install_rss_main
+    install_rss_gnusocial
+    install_rss_mobile_reader
+    echo 'install_rss' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-searx

@@ -43,254 +43,254 @@ function reconfigure_searx {
 }
 
 function upgrade_searx {
-	if ! grep -Fxq "install_searx" $COMPLETION_FILE; then
-		return
-	fi
-
-	set_repo_commit $SEARX_PATH/searx "Search engine commit" "$SEARX_COMMIT" $SEARX_REPO
-	if grep "Search engine key" $COMPLETION_FILE; then
-		if [ -f ${SEARX_PATH}/searx/searx/settings.yml ]; then
-			# note: this might change to a --tor option in a later version
-			if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
-				echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
-				echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
-				echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
-				echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
-			fi
-			SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
-			sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
-			if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then
-				SEARX_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname)
-				sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
-			fi
-		fi
+    if ! grep -Fxq "install_searx" $COMPLETION_FILE; then
+	return
+    fi
+
+    set_repo_commit $SEARX_PATH/searx "Search engine commit" "$SEARX_COMMIT" $SEARX_REPO
+    if grep "Search engine key" $COMPLETION_FILE; then
+	if [ -f ${SEARX_PATH}/searx/searx/settings.yml ]; then
+	    # note: this might change to a --tor option in a later version
+	    if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
+		echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
+		echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
+		echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
+		echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
+	    fi
+	    SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
+	    sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
+	    if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then
+		SEARX_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname)
+		sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
+	    fi
 	fi
+    fi
 }
 
 function backup_local_searx {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_local_searx {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_remote_searx {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_remote_searx {
-	echo -n ''
+    echo -n ''
 }
 
 function remove_searx {
-	if ! grep -Fxq "install_searx" $COMPLETION_FILE; then
-		return
-	fi
-	systemctl stop searx
-	systemctl disable searx
-	rm /etc/systemd/system/searx.service
-	function_check remove_onion_service
-	remove_onion_service searx ${SEARX_ONION_PORT}
-	userdel -r searx
-	nginx_dissite searx
-	if [ -f /etc/nginx/sites-available/searx ]; then
-		rm /etc/nginx/sites-available/searx
-	fi
-	if [ -d ${SEARX_PATH}/searx ]; then
-		rm -rf ${SEARX_PATH}/searx
-	fi
-	sed -i '/install_searx/d' $COMPLETION_FILE
-	sed -i '/Search engine /d' $COMPLETION_FILE
+    if ! grep -Fxq "install_searx" $COMPLETION_FILE; then
+	return
+    fi
+    systemctl stop searx
+    systemctl disable searx
+    rm /etc/systemd/system/searx.service
+    function_check remove_onion_service
+    remove_onion_service searx ${SEARX_ONION_PORT}
+    userdel -r searx
+    nginx_dissite searx
+    if [ -f /etc/nginx/sites-available/searx ]; then
+	rm /etc/nginx/sites-available/searx
+    fi
+    if [ -d ${SEARX_PATH}/searx ]; then
+	rm -rf ${SEARX_PATH}/searx
+    fi
+    sed -i '/install_searx/d' $COMPLETION_FILE
+    sed -i '/Search engine /d' $COMPLETION_FILE
 }
 
 function install_searx {
-	# Note: currently socks5 outgoing proxies to other search engines does not work
-	if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
-		return
-	fi
-	if [ ! -d /etc/nginx ]; then
-		echo $'Webserver is not installed'
-		exit 62429
-	fi
-
-	if grep -Fxq "install_searx" $COMPLETION_FILE; then
-		return
+    # Note: currently socks5 outgoing proxies to other search engines does not work
+    if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+	return
+    fi
+    if [ ! -d /etc/nginx ]; then
+	echo $'Webserver is not installed'
+	exit 62429
+    fi
+
+    if grep -Fxq "install_searx" $COMPLETION_FILE; then
+	return
+    fi
+
+    apt-get -y install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils
+    apt-get -y install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi
+
+    pip install --upgrade pip
+
+    pip install certifi
+    if [ ! "$?" = "0" ]; then
+	echo $'Failed to install certifi'
+	exit 737692
+    fi
+
+    pip install pyyaml
+    if [ ! "$?" = "0" ]; then
+	echo $'Failed to install pyyaml'
+	exit 469242
+    fi
+
+    pip install flask --upgrade
+    if [ ! "$?" = "0" ]; then
+	echo $'Failed to install flask'
+	exit 888575
+    fi
+
+    pip install flask_restless --upgrade
+    if [ ! "$?" = "0" ]; then
+	echo $'Failed to install flask_restless'
+	exit 54835
+    fi
+
+    pip install flask_babel --upgrade
+    if [ ! "$?" = "0" ]; then
+	echo $'Failed to install flask_babel'
+	exit 63738
+    fi
+
+    if [ ! -d $SEARX_PATH ]; then
+	mkdir -p $SEARX_PATH
+    fi
+
+    # clone the repo
+    cd $SEARX_PATH
+    function_check git_clone
+    git_clone $SEARX_REPO searx
+    git checkout $SEARX_COMMIT -b $SEARX_COMMIT
+    if ! grep -q "Search engine commit" $COMPLETION_FILE; then
+	echo "Search engine commit:$SEARX_COMMIT" >> $COMPLETION_FILE
+    else
+	sed -i "s/Search engine commit.*/Search engine commit:$SEARX_COMMIT/g" $COMPLETION_FILE
+    fi
+
+    # create an onion service
+    SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT})
+    if ! grep "Search engine onion domain" $COMPLETION_FILE; then
+	echo "Search engine onion domain:${SEARX_ONION_HOSTNAME}" >> $COMPLETION_FILE
+    else
+	sed -i "s|Search engine onion domain.*|Search engine onion domain:${SEARX_ONION_HOSTNAME}|g" $COMPLETION_FILE
+    fi
+
+    # an unprivileged user to run as
+    useradd -d ${SEARX_PATH}/searx/ -s /bin/false searx
+    adduser searx debian-tor
+
+    # daemon
+    echo '[Unit]' > /etc/systemd/system/searx.service
+    echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service
+    echo 'After=syslog.target' >> /etc/systemd/system/searx.service
+    echo 'After=network.target' >> /etc/systemd/system/searx.service
+    echo '' >> /etc/systemd/system/searx.service
+    echo '[Service]' >> /etc/systemd/system/searx.service
+    echo 'Type=simple' >> /etc/systemd/system/searx.service
+    echo 'User=searx' >> /etc/systemd/system/searx.service
+    echo 'Group=searx' >> /etc/systemd/system/searx.service
+    echo "WorkingDirectory=${SEARX_PATH}/searx" >> /etc/systemd/system/searx.service
+    echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service
+    echo 'Restart=always' >> /etc/systemd/system/searx.service
+    echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service
+    echo '' >> /etc/systemd/system/searx.service
+    echo '[Install]' >> /etc/systemd/system/searx.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service
+
+    # create a webserver file
+    echo 'server {' > /etc/nginx/sites-available/searx
+    echo "    listen 127.0.0.1:${SEARX_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx
+    echo "    root ${SEARX_PATH}/searx;" >> /etc/nginx/sites-available/searx
+    echo "    server_name ${SEARX_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx
+    echo '    access_log off;' >> /etc/nginx/sites-available/searx
+    echo "    error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx
+    echo '' >> /etc/nginx/sites-available/searx
+    function_check nginx_limits
+    nginx_limits searx '1M'
+    function_check nginx_disable_sniffing
+    nginx_disable_sniffing searx
+    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx
+    echo '' >> /etc/nginx/sites-available/searx
+    echo '    location / {' >> /etc/nginx/sites-available/searx
+    echo '        proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx
+    echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/searx
+    echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/searx
+    echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/searx
+    echo '        proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx
+    echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx
+    echo '        proxy_redirect off;' >> /etc/nginx/sites-available/searx
+
+    echo "        auth_basic \"${SEARX_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
+    echo '        auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx
+    echo '    }' >> /etc/nginx/sites-available/searx
+    echo '' >> /etc/nginx/sites-available/searx
+    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
+    echo '' >> /etc/nginx/sites-available/searx
+    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx
+    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx
+    echo '' >> /etc/nginx/sites-available/searx
+    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/searx
+    echo '        allow all;' >> /etc/nginx/sites-available/searx
+    echo '        log_not_found off;' >> /etc/nginx/sites-available/searx
+    echo '        access_log off;' >> /etc/nginx/sites-available/searx
+    echo '    }' >> /etc/nginx/sites-available/searx
+    echo '}' >> /etc/nginx/sites-available/searx
+
+    # replace the secret key
+    if ! grep "Search engine key" $COMPLETION_FILE; then
+	SEARX_SECRET_KEY="$(create_password 30)"
+	echo "Search engine key:${SEARX_SECRET_KEY}" >> $COMPLETION_FILE
+    else
+	SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
+    fi
+    sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
+    sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings_robot.yml
+    sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
+    sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings_robot.yml
+
+    # note: this might change to a --tor option in a later version
+    if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
+	echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
+	echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
+	echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
+	echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
+    fi
+
+    chown -R searx:searx ${SEARX_PATH}/searx
+
+    # enable the site
+    nginx_ensite searx
+
+    # restart the web server
+    systemctl restart php5-fpm
+    systemctl restart nginx
+
+    # start the daemon
+    systemctl enable searx.service
+    systemctl daemon-reload
+    systemctl start searx.service
+
+    if ! grep -q "Your search engine password is" /home/$MY_USERNAME/README; then
+	if [ ${#SEARX_PASSWORD} -lt 8 ]; then
+	    if [ -f $IMAGE_PASSWORD_FILE ]; then
+		SEARX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+	    else
+		SEARX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+	    fi
 	fi
-
-	apt-get -y install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils
-	apt-get -y install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi
-
-	pip install --upgrade pip
-
-	pip install certifi
-	if [ ! "$?" = "0" ]; then
-		echo $'Failed to install certifi'
-		exit 737692
-	fi
-
-	pip install pyyaml
-	if [ ! "$?" = "0" ]; then
-		echo $'Failed to install pyyaml'
-		exit 469242
-	fi
-
-	pip install flask --upgrade
-	if [ ! "$?" = "0" ]; then
-		echo $'Failed to install flask'
-		exit 888575
-	fi
-
-	pip install flask_restless --upgrade
-	if [ ! "$?" = "0" ]; then
-		echo $'Failed to install flask_restless'
-		exit 54835
-	fi
-
-	pip install flask_babel --upgrade
-	if [ ! "$?" = "0" ]; then
-		echo $'Failed to install flask_babel'
-		exit 63738
-	fi
-
-	if [ ! -d $SEARX_PATH ]; then
-		mkdir -p $SEARX_PATH
-	fi
-
-	# clone the repo
-	cd $SEARX_PATH
-	function_check git_clone
-	git_clone $SEARX_REPO searx
-	git checkout $SEARX_COMMIT -b $SEARX_COMMIT
-	if ! grep -q "Search engine commit" $COMPLETION_FILE; then
-		echo "Search engine commit:$SEARX_COMMIT" >> $COMPLETION_FILE
-	else
-		sed -i "s/Search engine commit.*/Search engine commit:$SEARX_COMMIT/g" $COMPLETION_FILE
-	fi
-
-	# create an onion service
-	SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT})
-	if ! grep "Search engine onion domain" $COMPLETION_FILE; then
-		echo "Search engine onion domain:${SEARX_ONION_HOSTNAME}" >> $COMPLETION_FILE
-	else
-		sed -i "s|Search engine onion domain.*|Search engine onion domain:${SEARX_ONION_HOSTNAME}|g" $COMPLETION_FILE
-	fi
-
-	# an unprivileged user to run as
-	useradd -d ${SEARX_PATH}/searx/ -s /bin/false searx
-	adduser searx debian-tor
-
-	# daemon
-	echo '[Unit]' > /etc/systemd/system/searx.service
-	echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service
-	echo 'After=syslog.target' >> /etc/systemd/system/searx.service
-	echo 'After=network.target' >> /etc/systemd/system/searx.service
-	echo '' >> /etc/systemd/system/searx.service
-	echo '[Service]' >> /etc/systemd/system/searx.service
-	echo 'Type=simple' >> /etc/systemd/system/searx.service
-	echo 'User=searx' >> /etc/systemd/system/searx.service
-	echo 'Group=searx' >> /etc/systemd/system/searx.service
-	echo "WorkingDirectory=${SEARX_PATH}/searx" >> /etc/systemd/system/searx.service
-	echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service
-	echo 'Restart=always' >> /etc/systemd/system/searx.service
-	echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service
-	echo '' >> /etc/systemd/system/searx.service
-	echo '[Install]' >> /etc/systemd/system/searx.service
-	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service
-
-	# create a webserver file
-	echo 'server {' > /etc/nginx/sites-available/searx
-	echo "    listen 127.0.0.1:${SEARX_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx
-	echo "    root ${SEARX_PATH}/searx;" >> /etc/nginx/sites-available/searx
-	echo "    server_name ${SEARX_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx
-	echo '    access_log off;' >> /etc/nginx/sites-available/searx
-	echo "    error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx
-	echo '' >> /etc/nginx/sites-available/searx
-	function_check nginx_limits
-	nginx_limits searx '1M'
-	function_check nginx_disable_sniffing
-	nginx_disable_sniffing searx
-	echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx
-	echo '' >> /etc/nginx/sites-available/searx
-	echo '    location / {' >> /etc/nginx/sites-available/searx
-	echo '        proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx
-	echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/searx
-	echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/searx
-	echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/searx
-	echo '        proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx
-	echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx
-	echo '        proxy_redirect off;' >> /etc/nginx/sites-available/searx
-
-	echo "        auth_basic \"${SEARX_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
-	echo '        auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx
-	echo '    }' >> /etc/nginx/sites-available/searx
-	echo '' >> /etc/nginx/sites-available/searx
-	echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
-	echo '' >> /etc/nginx/sites-available/searx
-	echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx
-	echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx
-	echo '' >> /etc/nginx/sites-available/searx
-	echo '    location = /robots.txt {' >> /etc/nginx/sites-available/searx
-	echo '        allow all;' >> /etc/nginx/sites-available/searx
-	echo '        log_not_found off;' >> /etc/nginx/sites-available/searx
-	echo '        access_log off;' >> /etc/nginx/sites-available/searx
-	echo '    }' >> /etc/nginx/sites-available/searx
-	echo '}' >> /etc/nginx/sites-available/searx
-
-	# replace the secret key
-	if ! grep "Search engine key" $COMPLETION_FILE; then
-		SEARX_SECRET_KEY="$(create_password 30)"
-		echo "Search engine key:${SEARX_SECRET_KEY}" >> $COMPLETION_FILE
-	else
-		SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
-	fi
-	sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
-	sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings_robot.yml
-	sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
-	sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings_robot.yml
-
-	# note: this might change to a --tor option in a later version
-	if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
-		echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
-		echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
-		echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
-		echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
-	fi
-
-	chown -R searx:searx ${SEARX_PATH}/searx
-
-	# enable the site
-	nginx_ensite searx
-
-	# restart the web server
-	systemctl restart php5-fpm
-	systemctl restart nginx
-
-	# start the daemon
-	systemctl enable searx.service
-	systemctl daemon-reload
-	systemctl start searx.service
-
-	if ! grep -q "Your search engine password is" /home/$MY_USERNAME/README; then
-		if [ ${#SEARX_PASSWORD} -lt 8 ]; then
-			if [ -f $IMAGE_PASSWORD_FILE ]; then
-				SEARX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-			else
-				SEARX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-			fi
-		fi
-		echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'Search Engine' >> /home/$MY_USERNAME/README
-		echo '=============' >> /home/$MY_USERNAME/README
-		echo $"Search engine onion domain: ${SEARX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
-		echo $"Your search engine password is: $SEARX_PASSWORD" >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
-
-	echo 'install_searx' >> $COMPLETION_FILE
+	echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME
+	echo '' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo $'Search Engine' >> /home/$MY_USERNAME/README
+	echo '=============' >> /home/$MY_USERNAME/README
+	echo $"Search engine onion domain: ${SEARX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+	echo $"Your search engine password is: $SEARX_PASSWORD" >> /home/$MY_USERNAME/README
+	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+	chmod 600 /home/$MY_USERNAME/README
+    fi
+
+    echo 'install_searx' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-sip

@@ -38,415 +38,415 @@ VOIP_TURN_TLS_PORT=5349
 VOIP_TURN_NONCE=
 
 function reconfigure_sip {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_sip {
-	# remove the original sipwitch daemon if it exists
-	if [ -f /etc/init.d/sipwitch ]; then
-		rm -f /etc/init.d/sipwitch
-	fi
+    # remove the original sipwitch daemon if it exists
+    if [ -f /etc/init.d/sipwitch ]; then
+	rm -f /etc/init.d/sipwitch
+    fi
 }
 
 function backup_local_sip {
-	if [ -f /etc/sipwitch.conf ]; then
-		echo $"Backing up SIP settings"
-		temp_backup_dir=/root/tempsipbackup
-		if [ ! -d $temp_backup_dir ]; then
-			mkdir -p $temp_backup_dir
-		fi
-		cp -f /etc/sipwitch.conf $temp_backup_dir
-		backup_directory_to_usb $temp_backup_dir sip
-		echo $"SIP settings backup complete"
+    if [ -f /etc/sipwitch.conf ]; then
+	echo $"Backing up SIP settings"
+	temp_backup_dir=/root/tempsipbackup
+	if [ ! -d $temp_backup_dir ]; then
+	    mkdir -p $temp_backup_dir
 	fi
+	cp -f /etc/sipwitch.conf $temp_backup_dir
+	backup_directory_to_usb $temp_backup_dir sip
+	echo $"SIP settings backup complete"
+    fi
 }
 
 function restore_local_sip {
-	if [ -d $USB_MOUNT/backup/sip ]; then
-		echo $"Restoring SIP settings"
-		temp_restore_dir=/root/tempsip
-		function_check restore_directory_from_usb
-		restore_directory_from_usb $temp_restore_dir sip
-		cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
-		if [ ! "$?" = "0" ]; then
-			rm -rf $temp_restore_dir
-			function_check set_user_permissions
-			set_user_permissions
-			backup_unmount_drive
-			exit 3679
-		fi
-		rm -rf $temp_restore_dir
-		service sipwitch restart
-		echo $"Restore of SIP settings complete"
+    if [ -d $USB_MOUNT/backup/sip ]; then
+	echo $"Restoring SIP settings"
+	temp_restore_dir=/root/tempsip
+	function_check restore_directory_from_usb
+	restore_directory_from_usb $temp_restore_dir sip
+	cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
+	if [ ! "$?" = "0" ]; then
+	    rm -rf $temp_restore_dir
+	    function_check set_user_permissions
+	    set_user_permissions
+	    backup_unmount_drive
+	    exit 3679
 	fi
+	rm -rf $temp_restore_dir
+	service sipwitch restart
+	echo $"Restore of SIP settings complete"
+    fi
 }
 
 function backup_remote_sip {
-	if [ -f /etc/sipwitch.conf ]; then
-		echo $"Backing up SIP settings"
-		temp_backup_dir=/root/tempsipbackup
-		if [ ! -d $temp_backup_dir ]; then
-			mkdir -p $temp_backup_dir
-		fi
-		cp -f /etc/sipwitch.conf $temp_backup_dir
-		backup_directory_to_friend $temp_backup_dir sip
-		echo $"Backup SIP settings complete"
+    if [ -f /etc/sipwitch.conf ]; then
+	echo $"Backing up SIP settings"
+	temp_backup_dir=/root/tempsipbackup
+	if [ ! -d $temp_backup_dir ]; then
+	    mkdir -p $temp_backup_dir
 	fi
+	cp -f /etc/sipwitch.conf $temp_backup_dir
+	backup_directory_to_friend $temp_backup_dir sip
+	echo $"Backup SIP settings complete"
+    fi
 }
 
 function restore_remote_sip {
-	echo -n ''
+    echo -n ''
 }
 
 function remove_sip {
-	if ! grep -Fxq "install_sip" $COMPLETION_FILE; then
-		return
-	fi
-	iptables -D INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
-	iptables -D INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
-	iptables -D INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
-	iptables -D INPUT -p udp --dport $SIP_PORT -j ACCEPT
-	iptables -D INPUT -p tcp --dport $SIP_PORT -j ACCEPT
-	iptables -D INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
-	iptables -D INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	function_check remove_onion_service
-	remove_onion_service sip ${SIP_PORT}
-
-	apt-get -y remove --purge sipwitch
-	apt-get -y remove --purge turnserver
-	if [ -f /etc/sipwitch.conf ]; then
-		rm /etc/sipwitch.conf
-	fi
-	if [ -d /etc/turnserver ]; then
-		rm -rf /etc/turnserver
-	fi
-	sed -i '/install_sip/d' $COMPLETION_FILE
-	sed -i '/configure_firewall_for_voip_turn/d' $COMPLETION_FILE
-	sed -i '/configure_firewall_for_sip4/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_sip" $COMPLETION_FILE; then
+	return
+    fi
+    iptables -D INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
+    iptables -D INPUT -p udp --dport $SIP_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport $SIP_PORT -j ACCEPT
+    iptables -D INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    function_check remove_onion_service
+    remove_onion_service sip ${SIP_PORT}
+
+    apt-get -y remove --purge sipwitch
+    apt-get -y remove --purge turnserver
+    if [ -f /etc/sipwitch.conf ]; then
+	rm /etc/sipwitch.conf
+    fi
+    if [ -d /etc/turnserver ]; then
+	rm -rf /etc/turnserver
+    fi
+    sed -i '/install_sip/d' $COMPLETION_FILE
+    sed -i '/configure_firewall_for_voip_turn/d' $COMPLETION_FILE
+    sed -i '/configure_firewall_for_sip4/d' $COMPLETION_FILE
 }
 
 function configure_firewall_for_voip_turn {
-	if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $ONION_ONLY != "no" ]]; then
-		return
-	fi
-	iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
-	iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
-	iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	OPEN_PORTS+=("TURN     $VOIP_TURN_PORT")
-	OPEN_PORTS+=("TURN TLS $VOIP_TURN_TLS_PORT")
-	echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE
+    if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then
+	return
+    fi
+    if [[ $ONION_ONLY != "no" ]]; then
+	return
+    fi
+    iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    OPEN_PORTS+=("TURN     $VOIP_TURN_PORT")
+    OPEN_PORTS+=("TURN TLS $VOIP_TURN_TLS_PORT")
+    echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE
 }
 
 
 function configure_firewall_for_sip4 {
-	if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $ONION_ONLY != "no" ]]; then
-		return
-	fi
-	iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
-	iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
-	iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
-	iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	OPEN_PORTS+=("SIP      $SIP_PORT")
-	OPEN_PORTS+=("SIP TLS  $SIP_TLS_PORT")
-	echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
+    if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
+	return
+    fi
+    if [[ $ONION_ONLY != "no" ]]; then
+	return
+    fi
+    iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
+    iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    OPEN_PORTS+=("SIP      $SIP_PORT")
+    OPEN_PORTS+=("SIP TLS  $SIP_TLS_PORT")
+    echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
 }
 
 function get_sip_server_password {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "SIP server password" /home/$MY_USERNAME/README; then
-			if [ ! $SIP_SERVER_PASSWORD ]; then
-				SIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "SIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
-			fi
-		fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+	if grep -q "SIP server password" /home/$MY_USERNAME/README; then
+	    if [ ! $SIP_SERVER_PASSWORD ]; then
+		SIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "SIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+	    fi
 	fi
+    fi
 }
 
 function update_sipwitch_daemon {
-	if [ ! -f /etc/init.d/sipwitch ]; then
-		return
-	fi
-	service sipwitch stop
-
-	# remove the original sipwitch daemon if it exists
-	if [ -f /etc/init.d/sipwitch ]; then
-		rm -f /etc/init.d/sipwitch
-	fi
-
-	# daemon
-	echo '[Unit]' > /etc/systemd/system/sipwitch.service
-	echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service
-	echo 'After=network.target' >> /etc/systemd/system/sipwitch.service
-	echo '' >> /etc/systemd/system/sipwitch.service
-	echo '[Service]' >> /etc/systemd/system/sipwitch.service
-	echo 'Type=simple' >> /etc/systemd/system/sipwitch.service
-	echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service
-	echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service
-	echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service
-	echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service
-	echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service
-	echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service
-	echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service
-	echo 'Restart=always' >> /etc/systemd/system/sipwitch.service
-	echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service
-	echo '' >> /etc/systemd/system/sipwitch.service
-	echo '[Install]' >> /etc/systemd/system/sipwitch.service
-	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service
-
-	systemctl enable sipwitch
-	systemctl daemon-reload
-	systemctl start sipwitch
+    if [ ! -f /etc/init.d/sipwitch ]; then
+	return
+    fi
+    service sipwitch stop
+
+    # remove the original sipwitch daemon if it exists
+    if [ -f /etc/init.d/sipwitch ]; then
+	rm -f /etc/init.d/sipwitch
+    fi
+
+    # daemon
+    echo '[Unit]' > /etc/systemd/system/sipwitch.service
+    echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service
+    echo 'After=network.target' >> /etc/systemd/system/sipwitch.service
+    echo '' >> /etc/systemd/system/sipwitch.service
+    echo '[Service]' >> /etc/systemd/system/sipwitch.service
+    echo 'Type=simple' >> /etc/systemd/system/sipwitch.service
+    echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service
+    echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service
+    echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service
+    echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service
+    echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service
+    echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service
+    echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service
+    echo 'Restart=always' >> /etc/systemd/system/sipwitch.service
+    echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service
+    echo '' >> /etc/systemd/system/sipwitch.service
+    echo '[Install]' >> /etc/systemd/system/sipwitch.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service
+
+    systemctl enable sipwitch
+    systemctl daemon-reload
+    systemctl start sipwitch
 }
 
 function install_sip_main {
-	if grep -Fxq "install_sip_main" $COMPLETION_FILE; then
-		return
-	fi
+    if grep -Fxq "install_sip_main" $COMPLETION_FILE; then
+	return
+    fi
 
-	apt-get -y install sipwitch
+    apt-get -y install sipwitch
 
-	function_check get_sip_server_password
-	get_sip_server_password
-	if [ ! $SIP_SERVER_PASSWORD ]; then
-		if [ -f $IMAGE_PASSWORD_FILE ]; then
-			SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-		else
-			SIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-		fi
-	fi
-
-	echo '<?xml version="1.0"?>' > /etc/sipwitch.conf
-	echo '<sipwitch>' >> /etc/sipwitch.conf
-	echo '<provision>' >> /etc/sipwitch.conf
-
-	echo "<user id=\"$MY_USERNAME\">" >> /etc/sipwitch.conf
-	echo '<extension>201</extension>' >> /etc/sipwitch.conf
-	echo "<secret>$SIP_SERVER_PASSWORD</secret>" >> /etc/sipwitch.conf
-	echo "<display>$MY_USERNAME 201</display>" >> /etc/sipwitch.conf
-	echo '</user>' >> /etc/sipwitch.conf
-
-	echo '</provision>' >> /etc/sipwitch.conf
-	echo '<access>' >> /etc/sipwitch.conf
-	echo '</access>' >> /etc/sipwitch.conf
-	echo '<stack>' >> /etc/sipwitch.conf
-	echo "  <localnames>$DEFAULT_DOMAIN_NAME</localnames>" >> /etc/sipwitch.conf
-	echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
-	echo '  <threading>2</threading>' >> /etc/sipwitch.conf
-	echo '  <interface>*</interface>' >> /etc/sipwitch.conf
-	echo '  <dumping>false</dumping>' >> /etc/sipwitch.conf
-	echo '  <system>system</system>' >> /etc/sipwitch.conf
-	echo '  <anon>anonymous</anon>' >> /etc/sipwitch.conf
-	echo '</stack>' >> /etc/sipwitch.conf
-	echo '<timers>' >> /etc/sipwitch.conf
-	echo '  <!-- ring every 4 seconds -->' >> /etc/sipwitch.conf
-	echo '  <ring>4</ring>' >> /etc/sipwitch.conf
-	echo '  <!-- call forward no answer after x rings -->' >> /etc/sipwitch.conf
-	echo '  <cfna>4</cfna>' >> /etc/sipwitch.conf
-	echo '  <!-- call reset to clear cid in stack, 6 seconds -->' >> /etc/sipwitch.conf
-	echo '  <reset>6</reset>' >> /etc/sipwitch.conf
-	echo '</timers>' >> /etc/sipwitch.conf
-	echo '<!-- we have 2xx numbers plus space for external users -->' >> /etc/sipwitch.conf
-	echo '<registry>' >> /etc/sipwitch.conf
-	echo '  <prefix>200</prefix>' >> /etc/sipwitch.conf
-	echo '  <range>100</range>' >> /etc/sipwitch.conf
-	echo '  <keysize>77</keysize>' >> /etc/sipwitch.conf
-	echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
-	echo '  <!-- <realm>GNU Telephony</realm> -->' >> /etc/sipwitch.conf
-	echo '</registry>' >> /etc/sipwitch.conf
-	echo '<routing>' >> /etc/sipwitch.conf
-	echo '</routing>' >> /etc/sipwitch.conf
-	echo '</sipwitch>' >> /etc/sipwitch.conf
-
-	sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
-	sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch
-	groupadd sipwitch
-	usermod -aG sipwitch $MY_USERNAME
-
-	SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
-	if ! grep -q $"SIP onion domain" $COMPLETION_FILE; then
-		echo "SIP onion domain:$SIP_ONION_HOSTNAME" >> $COMPLETION_FILE
-	fi
-
-	if ! grep -q $"SIP Server" /home/$MY_USERNAME/README; then
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'SIP Server' >> /home/$MY_USERNAME/README
-		echo '==========' >> /home/$MY_USERNAME/README
-		echo $"SIP onion_domain: $SIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
-		echo $"SIP server username: $MY_USERNAME" >> /home/$MY_USERNAME/README
-		echo $"SIP server extension: 201" >> /home/$MY_USERNAME/README
-		echo $"SIP server password: $SIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
+    function_check get_sip_server_password
+    get_sip_server_password
+    if [ ! $SIP_SERVER_PASSWORD ]; then
+	if [ -f $IMAGE_PASSWORD_FILE ]; then
+	    SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+	else
+	    SIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
 	fi
-
-	function_check configure_firewall_for_sip4
-	configure_firewall_for_sip4
-	echo 'install_sip_main' >> $COMPLETION_FILE
+    fi
+
+    echo '<?xml version="1.0"?>' > /etc/sipwitch.conf
+    echo '<sipwitch>' >> /etc/sipwitch.conf
+    echo '<provision>' >> /etc/sipwitch.conf
+
+    echo "<user id=\"$MY_USERNAME\">" >> /etc/sipwitch.conf
+    echo '<extension>201</extension>' >> /etc/sipwitch.conf
+    echo "<secret>$SIP_SERVER_PASSWORD</secret>" >> /etc/sipwitch.conf
+    echo "<display>$MY_USERNAME 201</display>" >> /etc/sipwitch.conf
+    echo '</user>' >> /etc/sipwitch.conf
+
+    echo '</provision>' >> /etc/sipwitch.conf
+    echo '<access>' >> /etc/sipwitch.conf
+    echo '</access>' >> /etc/sipwitch.conf
+    echo '<stack>' >> /etc/sipwitch.conf
+    echo "  <localnames>$DEFAULT_DOMAIN_NAME</localnames>" >> /etc/sipwitch.conf
+    echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
+    echo '  <threading>2</threading>' >> /etc/sipwitch.conf
+    echo '  <interface>*</interface>' >> /etc/sipwitch.conf
+    echo '  <dumping>false</dumping>' >> /etc/sipwitch.conf
+    echo '  <system>system</system>' >> /etc/sipwitch.conf
+    echo '  <anon>anonymous</anon>' >> /etc/sipwitch.conf
+    echo '</stack>' >> /etc/sipwitch.conf
+    echo '<timers>' >> /etc/sipwitch.conf
+    echo '  <!-- ring every 4 seconds -->' >> /etc/sipwitch.conf
+    echo '  <ring>4</ring>' >> /etc/sipwitch.conf
+    echo '  <!-- call forward no answer after x rings -->' >> /etc/sipwitch.conf
+    echo '  <cfna>4</cfna>' >> /etc/sipwitch.conf
+    echo '  <!-- call reset to clear cid in stack, 6 seconds -->' >> /etc/sipwitch.conf
+    echo '  <reset>6</reset>' >> /etc/sipwitch.conf
+    echo '</timers>' >> /etc/sipwitch.conf
+    echo '<!-- we have 2xx numbers plus space for external users -->' >> /etc/sipwitch.conf
+    echo '<registry>' >> /etc/sipwitch.conf
+    echo '  <prefix>200</prefix>' >> /etc/sipwitch.conf
+    echo '  <range>100</range>' >> /etc/sipwitch.conf
+    echo '  <keysize>77</keysize>' >> /etc/sipwitch.conf
+    echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
+    echo '  <!-- <realm>GNU Telephony</realm> -->' >> /etc/sipwitch.conf
+    echo '</registry>' >> /etc/sipwitch.conf
+    echo '<routing>' >> /etc/sipwitch.conf
+    echo '</routing>' >> /etc/sipwitch.conf
+    echo '</sipwitch>' >> /etc/sipwitch.conf
+
+    sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
+    sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch
+    groupadd sipwitch
+    usermod -aG sipwitch $MY_USERNAME
+
+    SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
+    if ! grep -q $"SIP onion domain" $COMPLETION_FILE; then
+	echo "SIP onion domain:$SIP_ONION_HOSTNAME" >> $COMPLETION_FILE
+    fi
+
+    if ! grep -q $"SIP Server" /home/$MY_USERNAME/README; then
+	echo '' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo $'SIP Server' >> /home/$MY_USERNAME/README
+	echo '==========' >> /home/$MY_USERNAME/README
+	echo $"SIP onion_domain: $SIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
+	echo $"SIP server username: $MY_USERNAME" >> /home/$MY_USERNAME/README
+	echo $"SIP server extension: 201" >> /home/$MY_USERNAME/README
+	echo $"SIP server password: $SIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
+	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+	chmod 600 /home/$MY_USERNAME/README
+    fi
+
+    function_check configure_firewall_for_sip4
+    configure_firewall_for_sip4
+    echo 'install_sip_main' >> $COMPLETION_FILE
 }
 
 function install_sip_turn {
-	if grep -Fxq "install_sip_turn" $COMPLETION_FILE; then
-		return
+    if grep -Fxq "install_sip_turn" $COMPLETION_FILE; then
+	return
+    fi
+
+    apt-get -y install turnserver
+
+    # create a nonce if needed
+    if [ ! $VOIP_TURN_NONCE ]; then
+	VOIP_TURN_NONCE="$(create_password 30)"
+    fi
+
+    function_check create_site_certificate
+    create_site_certificate $DEFAULT_DOMAIN_NAME
+
+    echo '##' > /etc/turnserver/turnserver.conf
+    echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf
+    echo '#' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf
+    echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf
+    echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf
+    echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf
+    echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf
+    echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf
+    echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf
+    echo "udp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf
+    echo "tcp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf
+    echo "tls_port = $VOIP_TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## TLS support.' >> /etc/turnserver/turnserver.conf
+    echo 'tls = true' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf
+    echo '## standard.' >> /etc/turnserver/turnserver.conf
+    echo 'dtls = false' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf
+    echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf
+    echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf
+    echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf
+    echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf
+    echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf
+    echo 'daemon = true' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf
+    echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf
+    echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf
+    echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Realm value.' >> /etc/turnserver/turnserver.conf
+    echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Nonce key.' >> /etc/turnserver/turnserver.conf
+    echo "nonce_key = \"$VOIP_TURN_NONCE\"" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf
+    echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf
+    echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf
+    echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf
+    echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf
+    echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf
+    echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf
+    echo 'denied_address {' >> /etc/turnserver/turnserver.conf
+    echo '  address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf
+    echo '  mask = "8"' >> /etc/turnserver/turnserver.conf
+    echo '  port = 0' >> /etc/turnserver/turnserver.conf
+    echo '}' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf
+    echo 'denied_address {' >> /etc/turnserver/turnserver.conf
+    echo '  address = "::1"' >> /etc/turnserver/turnserver.conf
+    echo '  mask = "128"' >> /etc/turnserver/turnserver.conf
+    echo '  port = 0' >> /etc/turnserver/turnserver.conf
+    echo '}' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf
+    echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf
+    if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then
+	echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf
+    else
+	if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then
+	    echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf
 	fi
-
-	apt-get -y install turnserver
-
-	# create a nonce if needed
-	if [ ! $VOIP_TURN_NONCE ]; then
-		VOIP_TURN_NONCE="$(create_password 30)"
-	fi
-
-	function_check create_site_certificate
-	create_site_certificate $DEFAULT_DOMAIN_NAME
-
-	echo '##' > /etc/turnserver/turnserver.conf
-	echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf
-	echo '#' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf
-	echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf
-	echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf
-	echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf
-	echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf
-	echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf
-	echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf
-	echo "udp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf
-	echo "tcp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf
-	echo "tls_port = $VOIP_TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## TLS support.' >> /etc/turnserver/turnserver.conf
-	echo 'tls = true' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf
-	echo '## standard.' >> /etc/turnserver/turnserver.conf
-	echo 'dtls = false' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf
-	echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf
-	echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf
-	echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf
-	echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf
-	echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf
-	echo 'daemon = true' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf
-	echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf
-	echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf
-	echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Realm value.' >> /etc/turnserver/turnserver.conf
-	echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Nonce key.' >> /etc/turnserver/turnserver.conf
-	echo "nonce_key = \"$VOIP_TURN_NONCE\"" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf
-	echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf
-	echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf
-	echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf
-	echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf
-	echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf
-	echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf
-	echo 'denied_address {' >> /etc/turnserver/turnserver.conf
-	echo '  address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf
-	echo '  mask = "8"' >> /etc/turnserver/turnserver.conf
-	echo '  port = 0' >> /etc/turnserver/turnserver.conf
-	echo '}' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf
-	echo 'denied_address {' >> /etc/turnserver/turnserver.conf
-	echo '  address = "::1"' >> /etc/turnserver/turnserver.conf
-	echo '  mask = "128"' >> /etc/turnserver/turnserver.conf
-	echo '  port = 0' >> /etc/turnserver/turnserver.conf
-	echo '}' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf
-	echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf
-	if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then
-		echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf
-	else
-		if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then
-			echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf
-		fi
-	fi
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Private key file.' >> /etc/turnserver/turnserver.conf
-	echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Account method.' >> /etc/turnserver/turnserver.conf
-	echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf
-	echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf
-	echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf
-
-	echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt
-
-	systemctl restart turnserver
-
-	function_check configure_firewall_for_voip_turn
-	configure_firewall_for_voip_turn
-	echo 'install_sip_turn' >> $COMPLETION_FILE
+    fi
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Private key file.' >> /etc/turnserver/turnserver.conf
+    echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Account method.' >> /etc/turnserver/turnserver.conf
+    echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf
+    echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf
+    echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf
+
+    echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt
+
+    systemctl restart turnserver
+
+    function_check configure_firewall_for_voip_turn
+    configure_firewall_for_voip_turn
+    echo 'install_sip_turn' >> $COMPLETION_FILE
 }
 
 function install_sip {
-	if grep -Fxq "install_sip" $COMPLETION_FILE; then
-		return
-	fi
-	install_sip_main
-	update_sipwitch_daemon
-	echo 'install_sip' >> $COMPLETION_FILE
+    if grep -Fxq "install_sip" $COMPLETION_FILE; then
+	return
+    fi
+    install_sip_main
+    update_sipwitch_daemon
+    echo 'install_sip' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-syncthing

@@ -40,300 +40,300 @@ SYNCTHING_SHARED_DATA=/var/lib/syncthing/SyncShared
 SYNCTHING_USER_IDS_FILE='.syncthingids'
 
 function reconfigure_syncthing {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_syncthing {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_local_syncthing {
-	if [ -d /var/lib/syncthing/SyncShared ]; then
-		echo $"Backing up syncthing"
+    if [ -d /var/lib/syncthing/SyncShared ]; then
+	echo $"Backing up syncthing"
 
-		function_check backup_directory_to_usb
-		backup_directory_to_usb /var/lib/syncthing/SyncShared syncthingshared
-		backup_directory_to_usb /root/.config/syncthing syncthingconfig
+	function_check backup_directory_to_usb
+	backup_directory_to_usb /var/lib/syncthing/SyncShared syncthingshared
+	backup_directory_to_usb /root/.config/syncthing syncthingconfig
 
-		echo $"Backup to syncthing complete"
-	fi
+	echo $"Backup to syncthing complete"
+    fi
 }
 
 function restore_local_syncthing {
-	if [ -f /etc/systemd/system/syncthing.service ]; then
-		systemctl stop syncthing
-		systemctl stop cron
+    if [ -f /etc/systemd/system/syncthing.service ]; then
+	systemctl stop syncthing
+	systemctl stop cron
+    fi
+
+    temp_restore_dir=/root/tempsyncthing
+    if [ -d $USB_MOUNT/backup/syncthingconfig ]; then
+	echo $"Restoring syncthing configuration"
+	function_check restore_directory_from_usb
+	restore_directory_from_usb ${temp_restore_dir}config syncthingconfig
+	cp -r ${temp_restore_dir}config/* /
+	if [ ! "$?" = "0" ]; then
+	    set_user_permissions
+	    backup_unmount_drive
+	    systemctl start syncthing
+	    systemctl start cron
+	    exit 6833
 	fi
-
-	temp_restore_dir=/root/tempsyncthing
-	if [ -d $USB_MOUNT/backup/syncthingconfig ]; then
-		echo $"Restoring syncthing configuration"
-		function_check restore_directory_from_usb
-		restore_directory_from_usb ${temp_restore_dir}config syncthingconfig
-		cp -r ${temp_restore_dir}config/* /
-		if [ ! "$?" = "0" ]; then
-			set_user_permissions
-			backup_unmount_drive
-			systemctl start syncthing
-			systemctl start cron
-			exit 6833
-		fi
-		rm -rf ${temp_restore_dir}config
+	rm -rf ${temp_restore_dir}config
+    fi
+
+    if [ -d $USB_MOUNT/backup/syncthingshared ]; then
+	echo $"Restoring syncthing shared files"
+	restore_directory_from_usb ${temp_restore_dir}shared syncthingshared
+	cp -r ${temp_restore_dir}shared/* /
+	if [ ! "$?" = "0" ]; then
+	    set_user_permissions
+	    backup_unmount_drive
+	    systemctl start syncthing
+	    systemctl start cron
+	    exit 37904
 	fi
-
-	if [ -d $USB_MOUNT/backup/syncthingshared ]; then
-		echo $"Restoring syncthing shared files"
-		restore_directory_from_usb ${temp_restore_dir}shared syncthingshared
-		cp -r ${temp_restore_dir}shared/* /
+	rm -rf ${temp_restore_dir}shared
+    fi
+
+    if [ -d $USB_MOUNT/backup/syncthing ]; then
+	for d in $USB_MOUNT/backup/syncthing/*/ ; do
+	    USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
+	    if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
+		if [ ! -d /home/$USERNAME ]; then
+		    ${PROJECT_NAME}-adduser $USERNAME
+		fi
+		echo $"Restoring syncthing files for $USERNAME"
+		restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME
+		cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/
 		if [ ! "$?" = "0" ]; then
-			set_user_permissions
-			backup_unmount_drive
-			systemctl start syncthing
-			systemctl start cron
-			exit 37904
+		    rm -rf ${temp_restore_dir}
+		    set_user_permissions
+		    backup_unmount_drive
+		    systemctl start syncthing
+		    systemctl start cron
+		    exit 68438
 		fi
-		rm -rf ${temp_restore_dir}shared
-	fi
+		rm -rf ${temp_restore_dir}
 
-	if [ -d $USB_MOUNT/backup/syncthing ]; then
-		for d in $USB_MOUNT/backup/syncthing/*/ ; do
-			USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
-			if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
-				if [ ! -d /home/$USERNAME ]; then
-					${PROJECT_NAME}-adduser $USERNAME
-				fi
-				echo $"Restoring syncthing files for $USERNAME"
-				restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME
-				cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/
-				if [ ! "$?" = "0" ]; then
-					rm -rf ${temp_restore_dir}
-					set_user_permissions
-					backup_unmount_drive
-					systemctl start syncthing
-					systemctl start cron
-					exit 68438
-				fi
-				rm -rf ${temp_restore_dir}
-
-				# restore device IDs from config settings
-				if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
-					cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
-					chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
-				fi
-				if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
-					cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
-					chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
-				fi
-			fi
-		done
-	fi
+		# restore device IDs from config settings
+		if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
+		    cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
+		    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+		fi
+		if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
+		    cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
+		    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+		fi
+	    fi
+	done
+    fi
 
-	if [ -f /etc/systemd/system/syncthing.service ]; then
-		systemctl start syncthing
-		systemctl start cron
-	fi
+    if [ -f /etc/systemd/system/syncthing.service ]; then
+	systemctl start syncthing
+	systemctl start cron
+    fi
 }
 
 function backup_remote_syncthing {
-	if [ -d /root/.config/syncthing ]; then
-		echo $"Backing up syncthing configuration"
-		function_check backup_directory_to_friend
-		backup_directory_to_friend /root/.config/syncthing syncthingconfig
-		echo $"Backup of syncthing configuration complete"
-	fi
-	if [ -d /var/lib/syncthing/SyncShared ]; then
-		echo $"Backing up syncthing shared files"
-		function_check backup_directory_to_friend
-		backup_directory_to_friend /var/lib/syncthing/SyncShared syncthingshared
-		echo $"Backup of syncthing shared files complete"
-	fi
+    if [ -d /root/.config/syncthing ]; then
+	echo $"Backing up syncthing configuration"
+	function_check backup_directory_to_friend
+	backup_directory_to_friend /root/.config/syncthing syncthingconfig
+	echo $"Backup of syncthing configuration complete"
+    fi
+    if [ -d /var/lib/syncthing/SyncShared ]; then
+	echo $"Backing up syncthing shared files"
+	function_check backup_directory_to_friend
+	backup_directory_to_friend /var/lib/syncthing/SyncShared syncthingshared
+	echo $"Backup of syncthing shared files complete"
+    fi
 }
 
 function restore_remote_syncthing {
-	if [ -f /etc/systemd/system/syncthing.service ]; then
-		systemctl stop syncthing
-		systemctl stop cron
+    if [ -f /etc/systemd/system/syncthing.service ]; then
+	systemctl stop syncthing
+	systemctl stop cron
+    fi
+
+    if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then
+	echo $"Restoring syncthing configuration"
+	temp_restore_dir=/root/tempsyncthingconfig
+	function_check restore_directory_from_friend
+	restore_directory_from_friend $temp_restore_dir syncthingconfig
+	cp -r $temp_restore_dir/* /
+	if [ ! "$?" = "0" ]; then
+	    systemctl start syncthing
+	    systemctl start cron
+	    exit 6833
 	fi
-
-	if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then
-		echo $"Restoring syncthing configuration"
-		temp_restore_dir=/root/tempsyncthingconfig
-		function_check restore_directory_from_friend
-		restore_directory_from_friend $temp_restore_dir syncthingconfig
-		cp -r $temp_restore_dir/* /
-		if [ ! "$?" = "0" ]; then
-			systemctl start syncthing
-			systemctl start cron
-			exit 6833
-		fi
-		rm -rf $temp_restore_dir
+	rm -rf $temp_restore_dir
+    fi
+
+    if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then
+	echo $"Restoring syncthing shared files"
+	temp_restore_dir=/root/tempsyncthingshared
+	function_check restore_directory_from_friend
+	restore_directory_from_friend $temp_restore_dir syncthingshared
+	cp -r $temp_restore_dir/* /
+	if [ ! "$?" = "0" ]; then
+	    systemctl start syncthing
+	    systemctl start cron
+	    exit 37904
 	fi
-
-	if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then
-		echo $"Restoring syncthing shared files"
-		temp_restore_dir=/root/tempsyncthingshared
+	rm -rf $temp_restore_dir
+    fi
+
+    if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then
+	for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do
+	    USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
+	    if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
+		if [ ! -d /home/$USERNAME ]; then
+		    ${PROJECT_NAME}-adduser $USERNAME
+		fi
+		echo $"Restoring syncthing files for $USERNAME"
+		temp_restore_dir=/root/tempsyncthing
 		function_check restore_directory_from_friend
-		restore_directory_from_friend $temp_restore_dir syncthingshared
-		cp -r $temp_restore_dir/* /
+		restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME
+		cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/
 		if [ ! "$?" = "0" ]; then
-			systemctl start syncthing
-			systemctl start cron
-			exit 37904
+		    rm -rf $temp_restore_dir
+		    systemctl start syncthing
+		    systemctl start cron
+		    exit 68438
 		fi
 		rm -rf $temp_restore_dir
-	fi
 
-	if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then
-		for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do
-			USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
-			if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
-				if [ ! -d /home/$USERNAME ]; then
-					${PROJECT_NAME}-adduser $USERNAME
-				fi
-				echo $"Restoring syncthing files for $USERNAME"
-				temp_restore_dir=/root/tempsyncthing
-				function_check restore_directory_from_friend
-				restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME
-				cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/
-				if [ ! "$?" = "0" ]; then
-					rm -rf $temp_restore_dir
-					systemctl start syncthing
-					systemctl start cron
-					exit 68438
-				fi
-				rm -rf $temp_restore_dir
-
-				# restore device IDs from config settings
-				if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
-					cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
-					chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
-				fi
-				if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
-					cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
-					chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
-				fi
-				echo $"Restore of syncthing files for $USERNAME complete"
-			fi
-		done
-	fi
+		# restore device IDs from config settings
+		if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
+		    cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
+		    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+		fi
+		if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
+		    cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
+		    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+		fi
+		echo $"Restore of syncthing files for $USERNAME complete"
+	    fi
+	done
+    fi
 
-	if [ -f /etc/systemd/system/syncthing.service ]; then
-		systemctl start syncthing
-		systemctl start cron
-	fi
+    if [ -f /etc/systemd/system/syncthing.service ]; then
+	systemctl start syncthing
+	systemctl start cron
+    fi
 }
 
 function remove_syncthing {
-	if ! grep -Fxq "install_syncthing" $COMPLETION_FILE; then
-		return
-	fi
-	iptables -D INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
-	iptables -D INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	systemctl stop syncthing
-	systemctl disable syncthing
-	apt-get -y remove --purge syncthing
-	rm /etc/systemd/system/syncthing.service
-	sed -i "/${PROJECT_NAME}-syncthing/d" /etc/crontab
-	sed -i '/install_syncthing/d' $COMPLETION_FILE
-	sed -i '/configure_firewall_for_syncthing/d' $COMPLETION_FILE
-	systemctl restart cron
+    if ! grep -Fxq "install_syncthing" $COMPLETION_FILE; then
+	return
+    fi
+    iptables -D INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    systemctl stop syncthing
+    systemctl disable syncthing
+    apt-get -y remove --purge syncthing
+    rm /etc/systemd/system/syncthing.service
+    sed -i "/${PROJECT_NAME}-syncthing/d" /etc/crontab
+    sed -i '/install_syncthing/d' $COMPLETION_FILE
+    sed -i '/configure_firewall_for_syncthing/d' $COMPLETION_FILE
+    systemctl restart cron
 }
 
 function configure_firewall_for_syncthing {
-	if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then
-		return
-	fi
-	iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
-	iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	OPEN_PORTS+=("Syncthing $SYNCTHING_PORT")
-	echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE
+    if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then
+	return
+    fi
+    iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    OPEN_PORTS+=("Syncthing $SYNCTHING_PORT")
+    echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE
 }
 
 function mesh_install_syncthing {
-	chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add -
-
-	echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list
-	chroot "$rootdir" apt-get update
-	chroot "$rootdir" apt-get -y --force-yes install syncthing
-
-	# This probably does need to run as root so that it can access the Sync directories
-	# in each user's home directory
-	echo '[Unit]' > $rootdir/etc/systemd/system/syncthing.service
-	echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> $rootdir/etc/systemd/system/syncthing.service
-	echo 'Documentation=man:syncthing(1)' >> $rootdir/etc/systemd/system/syncthing.service
-	echo 'After=network.target' >> $rootdir/etc/systemd/system/syncthing.service
-	echo 'Wants=syncthing-inotify@.service' >> $rootdir/etc/systemd/system/syncthing.service
-	echo '' >> $rootdir/etc/systemd/system/syncthing.service
-	echo '[Service]' >> $rootdir/etc/systemd/system/syncthing.service
-	echo 'User=root' >> $rootdir/etc/systemd/system/syncthing.service
-	echo "Environment='all_proxy=socks5://localhost:9050'" >> $rootdir/etc/systemd/system/syncthing.service
-	echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> $rootdir/etc/systemd/system/syncthing.service
-	echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/syncthing.service
-	echo 'SuccessExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service
-	echo 'RestartForceExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service
-	echo '' >> $rootdir/etc/systemd/system/syncthing.service
-	echo '[Install]' >> $rootdir/etc/systemd/system/syncthing.service
-	echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/syncthing.service
-	chroot "$rootdir" systemctl enable syncthing
-
-	if ! grep -q "syncthing" $rootdir/etc/crontab; then
-		echo "*/1            * *   *   *   root /usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" >> $rootdir/etc/crontab
-	fi
-
-	echo 'mesh_install_syncthing'
+    chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add -
+
+    echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list
+    chroot "$rootdir" apt-get update
+    chroot "$rootdir" apt-get -y --force-yes install syncthing
+
+    # This probably does need to run as root so that it can access the Sync directories
+    # in each user's home directory
+    echo '[Unit]' > $rootdir/etc/systemd/system/syncthing.service
+    echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> $rootdir/etc/systemd/system/syncthing.service
+    echo 'Documentation=man:syncthing(1)' >> $rootdir/etc/systemd/system/syncthing.service
+    echo 'After=network.target' >> $rootdir/etc/systemd/system/syncthing.service
+    echo 'Wants=syncthing-inotify@.service' >> $rootdir/etc/systemd/system/syncthing.service
+    echo '' >> $rootdir/etc/systemd/system/syncthing.service
+    echo '[Service]' >> $rootdir/etc/systemd/system/syncthing.service
+    echo 'User=root' >> $rootdir/etc/systemd/system/syncthing.service
+    echo "Environment='all_proxy=socks5://localhost:9050'" >> $rootdir/etc/systemd/system/syncthing.service
+    echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> $rootdir/etc/systemd/system/syncthing.service
+    echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/syncthing.service
+    echo 'SuccessExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service
+    echo 'RestartForceExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service
+    echo '' >> $rootdir/etc/systemd/system/syncthing.service
+    echo '[Install]' >> $rootdir/etc/systemd/system/syncthing.service
+    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/syncthing.service
+    chroot "$rootdir" systemctl enable syncthing
+
+    if ! grep -q "syncthing" $rootdir/etc/crontab; then
+	echo "*/1            * *   *   *   root /usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" >> $rootdir/etc/crontab
+    fi
+
+    echo 'mesh_install_syncthing'
 }
 
 function install_syncthing {
-	if [ $INSTALLING_MESH ]; then
-		mesh_install_syncthing
-		return
-	fi
-
-	if grep -Fxq "install_syncthing" $COMPLETION_FILE; then
-		return
-	fi
-
-	apt-get -y install curl
-
-	curl -s https://syncthing.net/release-key.txt | apt-key add -
-	echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list
-	apt-get update
-	apt-get -y install syncthing
-
-	# This probably does need to run as root so that it can access the Sync directories
-	# in each user's home directory
-	echo '[Unit]' > /etc/systemd/system/syncthing.service
-	echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service
-	echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service
-	echo 'After=network.target' >> /etc/systemd/system/syncthing.service
-	echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service
-	echo '' >> /etc/systemd/system/syncthing.service
-	echo '[Service]' >> /etc/systemd/system/syncthing.service
-	echo 'User=root' >> /etc/systemd/system/syncthing.service
-	echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service
-	echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service
-	echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service
-	echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service
-	echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service
-	echo '' >> /etc/systemd/system/syncthing.service
-	echo '[Install]' >> /etc/systemd/system/syncthing.service
-	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service
-	systemctl enable syncthing
-	systemctl daemon-reload
-	systemctl start syncthing
-
-	function_check cron_add_mins
-	cron_add_mins 1 "/usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null"
-
-	function_check configure_firewall_for_syncthing
-	configure_firewall_for_syncthing
-	echo 'install_syncthing' >> $COMPLETION_FILE
+    if [ $INSTALLING_MESH ]; then
+	mesh_install_syncthing
+	return
+    fi
+
+    if grep -Fxq "install_syncthing" $COMPLETION_FILE; then
+	return
+    fi
+
+    apt-get -y install curl
+
+    curl -s https://syncthing.net/release-key.txt | apt-key add -
+    echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list
+    apt-get update
+    apt-get -y install syncthing
+
+    # This probably does need to run as root so that it can access the Sync directories
+    # in each user's home directory
+    echo '[Unit]' > /etc/systemd/system/syncthing.service
+    echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service
+    echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service
+    echo 'After=network.target' >> /etc/systemd/system/syncthing.service
+    echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service
+    echo '' >> /etc/systemd/system/syncthing.service
+    echo '[Service]' >> /etc/systemd/system/syncthing.service
+    echo 'User=root' >> /etc/systemd/system/syncthing.service
+    echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service
+    echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service
+    echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service
+    echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service
+    echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service
+    echo '' >> /etc/systemd/system/syncthing.service
+    echo '[Install]' >> /etc/systemd/system/syncthing.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service
+    systemctl enable syncthing
+    systemctl daemon-reload
+    systemctl start syncthing
+
+    function_check cron_add_mins
+    cron_add_mins 1 "/usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null"
+
+    function_check configure_firewall_for_syncthing
+    configure_firewall_for_syncthing
+    echo 'install_syncthing' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-vpn

@@ -39,44 +39,44 @@ function upgrade_vpn {
 }
 
 function backup_local_vpn {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_local_vpn {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_remote_vpn {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_remote_vpn {
-	echo -n ''
+    echo -n ''
 }
 
 function remove_vpn {
-	apt-get -y remove --purge fastd
-	sed -i '/install_vpn/d' $COMPLETION_FILE
+    apt-get -y remove --purge fastd
+    sed -i '/install_vpn/d' $COMPLETION_FILE
 }
 
 function install_vpn {
-	if grep -Fxq "install_vpn" $COMPLETION_FILE; then
-		return
+    if grep -Fxq "install_vpn" $COMPLETION_FILE; then
+	return
+    fi
+    if ! grep -q "repo.universe-factory.net" /etc/apt/sources.list; then
+	echo 'deb http://repo.universe-factory.net/debian/ sid main' >> /etc/apt/sources.list
+	gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C
+	if [ ! "$?" = "0" ]; then
+	    exit 76272
 	fi
-	if ! grep -q "repo.universe-factory.net" /etc/apt/sources.list; then
-		echo 'deb http://repo.universe-factory.net/debian/ sid main' >> /etc/apt/sources.list
-		gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C
-		if [ ! "$?" = "0" ]; then
-			exit 76272
-		fi
-		gpg -a --export 16EF3F64CB201D9C | sudo apt-key add -
-		apt-get update
-		apt-get -y install fastd
-		if [ ! "$?" = "0" ]; then
-			exit 52026
-		fi
+	gpg -a --export 16EF3F64CB201D9C | sudo apt-key add -
+	apt-get update
+	apt-get -y install fastd
+	if [ ! "$?" = "0" ]; then
+	    exit 52026
 	fi
-	echo 'install_vpn' >> $COMPLETION_FILE
+    fi
+    echo 'install_vpn' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately there is no "exit 0"

src/freedombone-app-webmail

@@ -43,198 +43,198 @@ function reconfigure_webmail {
 }
 
 function upgrade_webmail {
-	if ! grep -Fxq "install_webmail" $COMPLETION_FILE; then
-		return
-	fi
-	function_check set_repo_commit
-	set_repo_commit $WEBMAIL_PATH "Webmail commit" "$WEBMAIL_COMMIT" $WEBMAIL_REPO
+    if ! grep -Fxq "install_webmail" $COMPLETION_FILE; then
+	return
+    fi
+    function_check set_repo_commit
+    set_repo_commit $WEBMAIL_PATH "Webmail commit" "$WEBMAIL_COMMIT" $WEBMAIL_REPO
 }
 
 function backup_local_webmail {
-	if ! grep -q "install_webmail" $COMPLETION_FILE; then
-		return
-	fi
-	echo $"Backing up webmail"
+    if ! grep -q "install_webmail" $COMPLETION_FILE; then
+	return
+    fi
+    echo $"Backing up webmail"
 
-	function_check backup_database_to_usb
-	backup_database_to_usb webmail
+    function_check backup_database_to_usb
+    backup_database_to_usb webmail
 
-	echo $"Backing up webmail complete"
+    echo $"Backing up webmail complete"
 }
 
 function restore_local_webmail {
-	if ! grep -q "install_webmail" $COMPLETION_FILE; then
-		return
-	fi
-	echo $"Restoring webmail"
+    if ! grep -q "install_webmail" $COMPLETION_FILE; then
+	return
+    fi
+    echo $"Restoring webmail"
 
-	function_check restore_database
-	restore_database webmail
+    function_check restore_database
+    restore_database webmail
 
-	echo $"Restore of webmail complete"
+    echo $"Restore of webmail complete"
 }
 
 function backup_remote_webmail {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_remote_webmail {
-	echo -n ''
+    echo -n ''
 }
 
 function remove_webmail {
-	if ! grep -Fxq "install_webmail" $COMPLETION_FILE; then
-		return
-	fi
-	nginx_dissite webmail
-	if [ -f /etc/nginx/sites-available/webmail ]; then
-		rm /etc/nginx/sites-available/webmail
-	fi
-	function_check remove_onion_service
-	remove_onion_service webmail ${WEBMAIL_ONION_PORT}
-	function_check drop_database
-	drop_database webmail
-	if [ -d $WEB_PATH/webmail ]; then
-		rm -rf $WEB_PATH/webmail
-	fi
-	sed -i '/Webmail /d' $COMPLETION_FILE
-	sed -i '/install_webmail/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_webmail" $COMPLETION_FILE; then
+	return
+    fi
+    nginx_dissite webmail
+    if [ -f /etc/nginx/sites-available/webmail ]; then
+	rm /etc/nginx/sites-available/webmail
+    fi
+    function_check remove_onion_service
+    remove_onion_service webmail ${WEBMAIL_ONION_PORT}
+    function_check drop_database
+    drop_database webmail
+    if [ -d $WEB_PATH/webmail ]; then
+	rm -rf $WEB_PATH/webmail
+    fi
+    sed -i '/Webmail /d' $COMPLETION_FILE
+    sed -i '/install_webmail/d' $COMPLETION_FILE
 }
 
 function install_webmail {
-	if grep -Fxq "install_webmail" $COMPLETION_FILE; then
-		return
+    if grep -Fxq "install_webmail" $COMPLETION_FILE; then
+	return
+    fi
+    if [ -d /etc/apache2 ]; then
+	rm -rf /etc/apache2
+	echo $'Removed Apache installation after Dokuwiki install'
+    fi
+
+    function_check install_mariadb
+    install_mariadb
+
+    function_check get_mariadb_password
+    get_mariadb_password
+
+    function_check repair_databases_script
+    repair_databases_script
+
+    apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
+    apt-get -y install php5-dev imagemagick php5-imagick php5-sqlite php-auth-sasl php-net-smtp php-mime-type
+    apt-get -y install php-mail-mime php-mail-mimedecode php-net-ldap3 php5-pspell
+    pear install Net_IDNA2
+
+    if [ ! -f $WEBMAIL_PATH/index.php ]; then
+	cd $WEB_PATH
+	git_clone $WEBMAIL_REPO webmail
+	cd $WEBMAIL_PATH
+	git checkout $WEBMAIL_COMMIT -b $WEBMAIL_COMMIT
+	if ! grep -q "Webmail commit" $COMPLETION_FILE; then
+	    echo "Webmail commit:$WEBMAIL_COMMIT" >> $COMPLETION_FILE
+	else
+	    sed -i "s/Webmail commit.*/Webmail commit:$WEBMAIL_COMMIT/g" $COMPLETION_FILE
 	fi
-	if [ -d /etc/apache2 ]; then
-		rm -rf /etc/apache2
-		echo $'Removed Apache installation after Dokuwiki install'
+    fi
+    if [ ! -f $WEBMAIL_PATH/index.php ]; then
+	echo $'Did not clone webmail repo'
+	exit 52825
+    fi
+
+    WEBMAIL_ONION_HOSTNAME=$(add_onion_service webmail 80 ${WEBMAIL_ONION_PORT})
+    echo "Webmail onion domain:${WEBMAIL_ONION_HOSTNAME}" >> $COMPLETION_FILE
+
+    function_check get_mariadb_webmail_admin_password
+    get_mariadb_webmail_admin_password
+    if [ ! $WEBMAIL_ADMIN_PASSWORD ]; then
+	if [ -f $IMAGE_PASSWORD_FILE ]; then
+	    WEBMAIL_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+	else
+	    WEBMAIL_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
 	fi
-
-	function_check install_mariadb
-	install_mariadb
-
-	function_check get_mariadb_password
-	get_mariadb_password
-
-	function_check repair_databases_script
-	repair_databases_script
-
-	apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
-	apt-get -y install php5-dev imagemagick php5-imagick php5-sqlite php-auth-sasl php-net-smtp php-mime-type
-	apt-get -y install php-mail-mime php-mail-mimedecode php-net-ldap3 php5-pspell
-	pear install Net_IDNA2
-
-	if [ ! -f $WEBMAIL_PATH/index.php ]; then
-		cd $WEB_PATH
-		git_clone $WEBMAIL_REPO webmail
-		cd $WEBMAIL_PATH
-		git checkout $WEBMAIL_COMMIT -b $WEBMAIL_COMMIT
-		if ! grep -q "Webmail commit" $COMPLETION_FILE; then
-			echo "Webmail commit:$WEBMAIL_COMMIT" >> $COMPLETION_FILE
-		else
-			sed -i "s/Webmail commit.*/Webmail commit:$WEBMAIL_COMMIT/g" $COMPLETION_FILE
-		fi
-	fi
-	if [ ! -f $WEBMAIL_PATH/index.php ]; then
-		echo $'Did not clone webmail repo'
-		exit 52825
-	fi
-
-	WEBMAIL_ONION_HOSTNAME=$(add_onion_service webmail 80 ${WEBMAIL_ONION_PORT})
-	echo "Webmail onion domain:${WEBMAIL_ONION_HOSTNAME}" >> $COMPLETION_FILE
-
-	function_check get_mariadb_webmail_admin_password
-	get_mariadb_webmail_admin_password
-	if [ ! $WEBMAIL_ADMIN_PASSWORD ]; then
-		if [ -f $IMAGE_PASSWORD_FILE ]; then
-			WEBMAIL_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-		else
-			WEBMAIL_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-		fi
-	fi
-	function_check create_database
-	create_database webmail "$WEBMAIL_ADMIN_PASSWORD"
-	mysql -u root --password="$MARIADB_PASSWORD" -D webmail < $WEBMAIL_PATH/SQL/mysql.initial.sql
-
-	if [ ! -d /var/www/$DEFAULT_DOMAIN_NAME/htdocs ]; then
-		mkdir -p /var/www/$DEFAULT_DOMAIN_NAME/htdocs
-	fi
-	ln -s $WEBMAIL_PATH /var/www/$DEFAULT_DOMAIN_NAME/htdocs/webmail
-
-	if [ ! -f /var/www/webmail/config/config.inc.php ]; then
-		# generate the configuration
-		echo '<?php' > /var/www/webmail/config/config.inc.php
-		echo "\$config['db_dsnw'] = 'mysql://root:${MARIADB_PASSWORD}@localhost/webmail';" >> /var/www/webmail/config/config.inc.php
-		echo "\$config['default_host'] = 'localhost';" >> /var/www/webmail/config/config.inc.php
-		echo "\$config['support_url'] = '';" >> /var/www/webmail/config/config.inc.php
-		WEBMAIL_DES_KEY="$(create_password 25)"
-		echo "\$config['des_key'] = '${WEBMAIL_DES_KEY}';" >> /var/www/webmail/config/config.inc.php
-		echo "\$config['product_name'] = '${PROJECT_NAME}';" >> /var/www/webmail/config/config.inc.php
-		echo "\$config['plugins'] = array('enigma');" >> /var/www/webmail/config/config.inc.php
-		echo "\$config['mime_param_folding'] = 0;" >> /var/www/webmail/config/config.inc.php
-		echo "\$config['enable_installer'] = false;" >> /var/www/webmail/config/config.inc.php
-	fi
-
-	chown -R www-data:www-data $WEBMAIL_PATH
-
-	echo 'server {' > /etc/nginx/sites-available/webmail
-	echo "  listen 127.0.0.1:$WEBMAIL_ONION_PORT default_server;" >> /etc/nginx/sites-available/webmail
-	echo "  server_name $WEBMAIL_ONION_HOSTNAME;" >> /etc/nginx/sites-available/webmail
-	echo "  root ${WEBMAIL_PATH};" >> /etc/nginx/sites-available/webmail
-	echo '  index index.php index.html index.htm;' >> /etc/nginx/sites-available/webmail
-	echo '  access_log off;' >> /etc/nginx/sites-available/webmail
-	echo '  error_log off;' >> /etc/nginx/sites-available/webmail
-	echo '  location / {' >> /etc/nginx/sites-available/webmail
-	echo '    try_files $uri $uri/ /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/webmail
-	echo '  }' >> /etc/nginx/sites-available/webmail
-	echo '  error_page 404 /404.html;' >> /etc/nginx/sites-available/webmail
-	echo '  error_page 500 502 503 504 /50x.html;' >> /etc/nginx/sites-available/webmail
-	echo '  location = /50x.html {' >> /etc/nginx/sites-available/webmail
-	echo "    root ${WEBMAIL_PATH};" >> /etc/nginx/sites-available/webmail
-	echo '  }' >> /etc/nginx/sites-available/webmail
-	echo '  location ~ ^/(README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {' >> /etc/nginx/sites-available/webmail
-	echo '    deny all;' >> /etc/nginx/sites-available/webmail
-	echo '  }' >> /etc/nginx/sites-available/webmail
-	echo '  location ~ ^/(config|temp|logs)/ {' >> /etc/nginx/sites-available/webmail
-	echo '    deny all;' >> /etc/nginx/sites-available/webmail
-	echo '  }' >> /etc/nginx/sites-available/webmail
-	echo '  location ~ /\. {' >> /etc/nginx/sites-available/webmail
-	echo '    deny all;' >> /etc/nginx/sites-available/webmail
-	echo '    access_log off;' >> /etc/nginx/sites-available/webmail
-	echo '    log_not_found off;' >> /etc/nginx/sites-available/webmail
-	echo '  }' >> /etc/nginx/sites-available/webmail
-	echo '  location ~ \.php$ {' >> /etc/nginx/sites-available/webmail
-	echo '    try_files $uri =404;' >> /etc/nginx/sites-available/webmail
-	echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/webmail
-	echo '    fastcgi_index index.php;' >> /etc/nginx/sites-available/webmail
-	echo '    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/webmail
-	echo '    include fastcgi_params;' >> /etc/nginx/sites-available/webmail
-	echo '  }' >> /etc/nginx/sites-available/webmail
-	echo '  add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/webmail
-	echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/webmail
-	echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/webmail
-	echo '}' >> /etc/nginx/sites-available/webmail
-
-	nginx_ensite webmail
-	systemctl restart php5-fpm
-	systemctl restart nginx
-
-	if ! grep -q "Webmail" /home/$MY_USERNAME/README; then
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo 'Webmail' >> /home/$MY_USERNAME/README
-		echo '=======' >> /home/$MY_USERNAME/README
-		if [[ $ONION_ONLY == 'no' ]]; then
-			echo $"Open https://$DEFAULT_DOMAIN_NAME/webmail/index.php" >> /home/$MY_USERNAME/README
-		else
-			echo $"Open http://$WEBMAIL_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
-		fi
-		echo $"MariaDB webmail admin password: $WEBMAIL_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
+    fi
+    function_check create_database
+    create_database webmail "$WEBMAIL_ADMIN_PASSWORD"
+    mysql -u root --password="$MARIADB_PASSWORD" -D webmail < $WEBMAIL_PATH/SQL/mysql.initial.sql
+
+    if [ ! -d /var/www/$DEFAULT_DOMAIN_NAME/htdocs ]; then
+	mkdir -p /var/www/$DEFAULT_DOMAIN_NAME/htdocs
+    fi
+    ln -s $WEBMAIL_PATH /var/www/$DEFAULT_DOMAIN_NAME/htdocs/webmail
+
+    if [ ! -f /var/www/webmail/config/config.inc.php ]; then
+	# generate the configuration
+	echo '<?php' > /var/www/webmail/config/config.inc.php
+	echo "\$config['db_dsnw'] = 'mysql://root:${MARIADB_PASSWORD}@localhost/webmail';" >> /var/www/webmail/config/config.inc.php
+	echo "\$config['default_host'] = 'localhost';" >> /var/www/webmail/config/config.inc.php
+	echo "\$config['support_url'] = '';" >> /var/www/webmail/config/config.inc.php
+	WEBMAIL_DES_KEY="$(create_password 25)"
+	echo "\$config['des_key'] = '${WEBMAIL_DES_KEY}';" >> /var/www/webmail/config/config.inc.php
+	echo "\$config['product_name'] = '${PROJECT_NAME}';" >> /var/www/webmail/config/config.inc.php
+	echo "\$config['plugins'] = array('enigma');" >> /var/www/webmail/config/config.inc.php
+	echo "\$config['mime_param_folding'] = 0;" >> /var/www/webmail/config/config.inc.php
+	echo "\$config['enable_installer'] = false;" >> /var/www/webmail/config/config.inc.php
+    fi
+
+    chown -R www-data:www-data $WEBMAIL_PATH
+
+    echo 'server {' > /etc/nginx/sites-available/webmail
+    echo "  listen 127.0.0.1:$WEBMAIL_ONION_PORT default_server;" >> /etc/nginx/sites-available/webmail
+    echo "  server_name $WEBMAIL_ONION_HOSTNAME;" >> /etc/nginx/sites-available/webmail
+    echo "  root ${WEBMAIL_PATH};" >> /etc/nginx/sites-available/webmail
+    echo '  index index.php index.html index.htm;' >> /etc/nginx/sites-available/webmail
+    echo '  access_log off;' >> /etc/nginx/sites-available/webmail
+    echo '  error_log off;' >> /etc/nginx/sites-available/webmail
+    echo '  location / {' >> /etc/nginx/sites-available/webmail
+    echo '    try_files $uri $uri/ /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/webmail
+    echo '  }' >> /etc/nginx/sites-available/webmail
+    echo '  error_page 404 /404.html;' >> /etc/nginx/sites-available/webmail
+    echo '  error_page 500 502 503 504 /50x.html;' >> /etc/nginx/sites-available/webmail
+    echo '  location = /50x.html {' >> /etc/nginx/sites-available/webmail
+    echo "    root ${WEBMAIL_PATH};" >> /etc/nginx/sites-available/webmail
+    echo '  }' >> /etc/nginx/sites-available/webmail
+    echo '  location ~ ^/(README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {' >> /etc/nginx/sites-available/webmail
+    echo '    deny all;' >> /etc/nginx/sites-available/webmail
+    echo '  }' >> /etc/nginx/sites-available/webmail
+    echo '  location ~ ^/(config|temp|logs)/ {' >> /etc/nginx/sites-available/webmail
+    echo '    deny all;' >> /etc/nginx/sites-available/webmail
+    echo '  }' >> /etc/nginx/sites-available/webmail
+    echo '  location ~ /\. {' >> /etc/nginx/sites-available/webmail
+    echo '    deny all;' >> /etc/nginx/sites-available/webmail
+    echo '    access_log off;' >> /etc/nginx/sites-available/webmail
+    echo '    log_not_found off;' >> /etc/nginx/sites-available/webmail
+    echo '  }' >> /etc/nginx/sites-available/webmail
+    echo '  location ~ \.php$ {' >> /etc/nginx/sites-available/webmail
+    echo '    try_files $uri =404;' >> /etc/nginx/sites-available/webmail
+    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/webmail
+    echo '    fastcgi_index index.php;' >> /etc/nginx/sites-available/webmail
+    echo '    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/webmail
+    echo '    include fastcgi_params;' >> /etc/nginx/sites-available/webmail
+    echo '  }' >> /etc/nginx/sites-available/webmail
+    echo '  add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/webmail
+    echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/webmail
+    echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/webmail
+    echo '}' >> /etc/nginx/sites-available/webmail
+
+    nginx_ensite webmail
+    systemctl restart php5-fpm
+    systemctl restart nginx
+
+    if ! grep -q "Webmail" /home/$MY_USERNAME/README; then
+	echo '' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo 'Webmail' >> /home/$MY_USERNAME/README
+	echo '=======' >> /home/$MY_USERNAME/README
+	if [[ $ONION_ONLY == 'no' ]]; then
+	    echo $"Open https://$DEFAULT_DOMAIN_NAME/webmail/index.php" >> /home/$MY_USERNAME/README
+	else
+	    echo $"Open http://$WEBMAIL_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
 	fi
+	echo $"MariaDB webmail admin password: $WEBMAIL_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+	chmod 600 /home/$MY_USERNAME/README
+    fi
 
-	echo 'install_webmail' >> $COMPLETION_FILE
+    echo 'install_webmail' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-wiki

@@ -37,391 +37,302 @@ WIKI_CODE=
 WIKI_ONION_PORT=8089
 
 function reconfigure_wiki {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_wiki {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_local_wiki {
-	source_directory=/var/lib/dokuwiki
-	if [ -d $source_directory ]; then
-		dest_directory=wiki
-		echo $"Backing up $source_directory to $dest_directory"
+    source_directory=/var/lib/dokuwiki
+    if [ -d $source_directory ]; then
+	dest_directory=wiki
+	echo $"Backing up $source_directory to $dest_directory"
 
-		function_check backup_directory_to_usb
-		backup_directory_to_usb $source_directory $dest_directory
-		backup_directory_to_usb /etc/dokuwiki wiki2
+	function_check backup_directory_to_usb
+	backup_directory_to_usb $source_directory $dest_directory
+	backup_directory_to_usb /etc/dokuwiki wiki2
 
-		echo $"Backup to $dest_directory complete"
-	fi
+	echo $"Backup to $dest_directory complete"
+    fi
 }
 
 function restore_local_wiki {
-	if [ -d /var/lib/dokuwiki ]; then
-		echo $"Restoring Wiki installation"
-		WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}')
-		temp_restore_dir=/root/tempwiki
-		function_check restore_directory_from_usb
-		restore_directory_from_usb $temp_restore_dir wiki
-		cp -r $temp_restore_dir/var/lib/dokuwiki/* /var/lib/dokuwiki/
-		if [ ! "$?" = "0" ]; then
-			function_check restore_directory_from_usb
-			set_user_permissions
-			function_check backup_unmount_drive
-			backup_unmount_drive
-			exit 868
-		fi
-		restore_directory_from_usb ${temp_restore_dir}2 wiki2
-		cp -r ${temp_restore_dir}2/etc/dokuwiki/* /etc/dokuwiki/
-		if [ ! "$?" = "0" ]; then
-			function_check set_user_permissions
-			set_user_permissions
-			function_check backup_unmount_drive
-			backup_unmount_drive
-			exit 869
-		fi
-		rm -rf $temp_restore_dir
-		rm -rf ${temp_restore_dir}2
-		chown -R www-data:www-data /var/lib/dokuwiki/*
-		# Ensure that the bundled SSL cert is being used
-		if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then
-			sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME}
-		fi
-		if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then
-			ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key
-			ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem
-		fi
-		echo $"Restore of Wiki complete"
+    if [ -d /var/lib/dokuwiki ]; then
+	echo $"Restoring Wiki installation"
+	WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}')
+	temp_restore_dir=/root/tempwiki
+	function_check restore_directory_from_usb
+	restore_directory_from_usb $temp_restore_dir wiki
+	cp -r $temp_restore_dir/var/lib/dokuwiki/* /var/lib/dokuwiki/
+	if [ ! "$?" = "0" ]; then
+	    function_check restore_directory_from_usb
+	    set_user_permissions
+	    function_check backup_unmount_drive
+	    backup_unmount_drive
+	    exit 868
+	fi
+	restore_directory_from_usb ${temp_restore_dir}2 wiki2
+	cp -r ${temp_restore_dir}2/etc/dokuwiki/* /etc/dokuwiki/
+	if [ ! "$?" = "0" ]; then
+	    function_check set_user_permissions
+	    set_user_permissions
+	    function_check backup_unmount_drive
+	    backup_unmount_drive
+	    exit 869
+	fi
+	rm -rf $temp_restore_dir
+	rm -rf ${temp_restore_dir}2
+	chown -R www-data:www-data /var/lib/dokuwiki/*
+	# Ensure that the bundled SSL cert is being used
+	if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then
+	    sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME}
+	fi
+	if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then
+	    ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key
+	    ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem
 	fi
+	echo $"Restore of Wiki complete"
+    fi
 }
 
 function backup_remote_wiki {
-	if [ -d /etc/dokuwiki ]; then
-		echo $"Backing up wiki"
-		backup_directory_to_friend /var/lib/dokuwiki wiki
-		backup_directory_to_friend /etc/dokuwiki wiki2
-	fi
+    if [ -d /etc/dokuwiki ]; then
+	echo $"Backing up wiki"
+	backup_directory_to_friend /var/lib/dokuwiki wiki
+	backup_directory_to_friend /etc/dokuwiki wiki2
+    fi
 }
 
 function restore_remote_wiki {
-	if [ -d $SERVER_DIRECTORY/backup/wiki ]; then
-		WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}')
-		echo $"Restoring Wiki installation $WIKI_DOMAIN_NAME"
-		function_check restore_directory_from_friend
-		restore_directory_from_friend /root/tempwiki wiki
-		cp -r /root/tempwiki/var/lib/dokuwiki/* /var/lib/dokuwiki/
-		if [ ! "$?" = "0" ]; then
-			exit 868
-		fi
-		restore_directory_from_friend /root/tempwiki2 wiki2
-		cp -r /root/tempwiki2/etc/dokuwiki/* /etc/dokuwiki/
-		if [ ! "$?" = "0" ]; then
-			exit 869
-		fi
-		rm -rf /root/tempwiki
-		rm -rf /root/tempwiki2
-		chown -R www-data:www-data /var/lib/dokuwiki/*
-		# Ensure that the bundled SSL cert is being used
-		if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then
-			sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME}
-		fi
-		if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then
-			ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key
-			ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem
-		fi
-		echo $"Restore of Wiki complete"
+    if [ -d $SERVER_DIRECTORY/backup/wiki ]; then
+	WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}')
+	echo $"Restoring Wiki installation $WIKI_DOMAIN_NAME"
+	function_check restore_directory_from_friend
+	restore_directory_from_friend /root/tempwiki wiki
+	cp -r /root/tempwiki/var/lib/dokuwiki/* /var/lib/dokuwiki/
+	if [ ! "$?" = "0" ]; then
+	    exit 868
 	fi
-}
-
-function remove_wiki {
-	if ! grep -Fxq "install_wiki" $COMPLETION_FILE; then
-		return
+	restore_directory_from_friend /root/tempwiki2 wiki2
+	cp -r /root/tempwiki2/etc/dokuwiki/* /etc/dokuwiki/
+	if [ ! "$?" = "0" ]; then
+	    exit 869
 	fi
-	function_check remove_onion_service
-	remove_onion_service wiki ${WIKI_ONION_PORT}
-	nginx_dissite $WIKI_DOMAIN_NAME
-	if [ -f /etc/nginx/sites-available/$WIKI_DOMAIN_NAME ]; then
-		rm /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	rm -rf /root/tempwiki
+	rm -rf /root/tempwiki2
+	chown -R www-data:www-data /var/lib/dokuwiki/*
+	# Ensure that the bundled SSL cert is being used
+	if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then
+	    sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME}
 	fi
-	apt-get -y remove --purge dokuwiki
-	if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
-		rm -rf /var/www/$WIKI_DOMAIN_NAME
+	if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then
+	    ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key
+	    ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem
 	fi
-	if [ -d /var/lib/dokuwiki ]; then
-		rm -rf /var/lib/dokuwiki
-	fi
-	if [ -d /etc/dokuwiki ]; then
-		rm -rf /etc/dokuwiki
-	fi
-	if [ -d /usr/share/dokuwiki ]; then
-		rm -rf /usr/share/dokuwiki
-	fi
-	sed -i '/install_wiki/d' $COMPLETION_FILE
+	echo $"Restore of Wiki complete"
+    fi
+}
+
+function remove_wiki {
+    if ! grep -Fxq "install_wiki" $COMPLETION_FILE; then
+	return
+    fi
+    function_check remove_onion_service
+    remove_onion_service wiki ${WIKI_ONION_PORT}
+    nginx_dissite $WIKI_DOMAIN_NAME
+    if [ -f /etc/nginx/sites-available/$WIKI_DOMAIN_NAME ]; then
+	rm /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    fi
+    apt-get -y remove --purge dokuwiki
+    if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
+	rm -rf /var/www/$WIKI_DOMAIN_NAME
+    fi
+    if [ -d /var/lib/dokuwiki ]; then
+	rm -rf /var/lib/dokuwiki
+    fi
+    if [ -d /etc/dokuwiki ]; then
+	rm -rf /etc/dokuwiki
+    fi
+    if [ -d /usr/share/dokuwiki ]; then
+	rm -rf /usr/share/dokuwiki
+    fi
+    sed -i '/install_wiki/d' $COMPLETION_FILE
 }
 
 function get_wiki_admin_password {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "Wiki password" /home/$MY_USERNAME/README; then
-			WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
-		fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+	if grep -q "Wiki password" /home/$MY_USERNAME/README; then
+	    WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
 	fi
+    fi
 }
 
 function install_wiki {
-	if grep -Fxq "install_wiki" $COMPLETION_FILE; then
-		return
-	fi
-	if [ ! $WIKI_DOMAIN_NAME ]; then
-		return
-	fi
-	apt-get -y install dokuwiki
-	apt-get -y remove --purge apache*
-	if [ -d /etc/apache2 ]; then
-		rm -rf /etc/apache2
-		echo $'Removed Apache installation after Dokuwiki install'
-	fi
-
-	if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
-		mkdir /var/www/$WIKI_DOMAIN_NAME
-	fi
-	if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
-		rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
-	fi
-
-	ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
-
-	mkdir /var/lib/dokuwiki/custom
-	cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
-	ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
-
-	chown www-data /var/lib/dokuwiki/custom
-	chown www-data /var/lib/dokuwiki/custom/local.php
-	chown -R www-data /etc/dokuwiki
-	chown -R www-data /usr/share/dokuwiki/lib/
-	chmod 600 /var/lib/dokuwiki/custom/local.php
-	chmod -R 755 /usr/share/dokuwiki/lib
-
-	sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
-	sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
-
-	sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php
-
-	# set the admin user
-	sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
-
-	# disallow registration of new users
-	if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
-		echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
-	fi
-	if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
-		echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
-	fi
-
-	if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
-		echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
-	fi
-	if ! grep -q "authtype" /etc/dokuwiki/local.php; then
-		echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
-	fi
-
-	function_check get_wiki_admin_password
-	get_wiki_admin_password
-	if [ ! $WIKI_ADMIN_PASSWORD ]; then
-		if [ -f $IMAGE_PASSWORD_FILE ]; then
-			WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-		else
-			WIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-		fi
-	fi
-	HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
-	echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
-	chmod 640 /var/lib/dokuwiki/acl/users.auth.php
-
-	if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
-		echo 'ogv     video/ogg' >> /etc/dokuwiki/mime.conf
-	fi
-	if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
-		echo 'mp4     video/mp4' >> /etc/dokuwiki/mime.conf
-	fi
-	if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
-		echo 'webm    video/webm' >> /etc/dokuwiki/mime.conf
-	fi
-
-	WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT})
-
-	if [[ $ONION_ONLY == "no" ]]; then
-		echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		function_check nginx_disable_sniffing
-		nginx_disable_sniffing $WIKI_DOMAIN_NAME
-		function_check nginx_limits
-		nginx_limits $WIKI_DOMAIN_NAME
-		echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		function_check nginx_limits
-		nginx_limits $WIKI_DOMAIN_NAME
-		function_check nginx_ssl
-		nginx_ssl $WIKI_DOMAIN_NAME
-		function_check nginx_disable_sniffing
-		nginx_disable_sniffing $WIKI_DOMAIN_NAME
-		echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # webmail' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location /webmail {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        rewrite ^/(.*) /webmail/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        rewrite ^/(.*) /webmail/installer/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    if grep -Fxq "install_wiki" $COMPLETION_FILE; then
+	return
+    fi
+    if [ ! $WIKI_DOMAIN_NAME ]; then
+	return
+    fi
+    apt-get -y install dokuwiki
+    apt-get -y remove --purge apache*
+    if [ -d /etc/apache2 ]; then
+	rm -rf /etc/apache2
+	echo $'Removed Apache installation after Dokuwiki install'
+    fi
+
+    if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
+	mkdir /var/www/$WIKI_DOMAIN_NAME
+    fi
+    if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
+	rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
+    fi
+
+    ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
+
+    mkdir /var/lib/dokuwiki/custom
+    cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
+    ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
+
+    chown www-data /var/lib/dokuwiki/custom
+    chown www-data /var/lib/dokuwiki/custom/local.php
+    chown -R www-data /etc/dokuwiki
+    chown -R www-data /usr/share/dokuwiki/lib/
+    chmod 600 /var/lib/dokuwiki/custom/local.php
+    chmod -R 755 /usr/share/dokuwiki/lib
+
+    sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
+    sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
+
+    sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php
+
+    # set the admin user
+    sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
+
+    # disallow registration of new users
+    if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
+	echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
+    fi
+    if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
+	echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
+    fi
+
+    if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
+	echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
+    fi
+    if ! grep -q "authtype" /etc/dokuwiki/local.php; then
+	echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
+    fi
+
+    function_check get_wiki_admin_password
+    get_wiki_admin_password
+    if [ ! $WIKI_ADMIN_PASSWORD ]; then
+	if [ -f $IMAGE_PASSWORD_FILE ]; then
+	    WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
 	else
-		echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	    WIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
 	fi
+    fi
+    HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
+    echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
+    chmod 640 /var/lib/dokuwiki/acl/users.auth.php
+
+    if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
+	echo 'ogv     video/ogg' >> /etc/dokuwiki/mime.conf
+    fi
+    if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
+	echo 'mp4     video/mp4' >> /etc/dokuwiki/mime.conf
+    fi
+    if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
+	echo 'webm    video/webm' >> /etc/dokuwiki/mime.conf
+    fi
+
+    WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT})
+
+    if [[ $ONION_ONLY == "no" ]]; then
+	echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	function_check nginx_disable_sniffing
+	nginx_disable_sniffing $WIKI_DOMAIN_NAME
+	function_check nginx_limits
+	nginx_limits $WIKI_DOMAIN_NAME
+	echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "    listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "    server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
@@ -429,10 +340,18 @@ function install_wiki {
 	echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	function_check nginx_limits
 	nginx_limits $WIKI_DOMAIN_NAME
+	function_check nginx_ssl
+	nginx_ssl $WIKI_DOMAIN_NAME
 	function_check nginx_disable_sniffing
 	nginx_disable_sniffing $WIKI_DOMAIN_NAME
 	echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    # webmail' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    location /webmail {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        rewrite ^/(.*) /webmail/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '        rewrite ^/(.*) /webmail/installer/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
@@ -495,43 +414,124 @@ function install_wiki {
 	echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-
-	function_check create_site_certificate
-	create_site_certificate $WIKI_DOMAIN_NAME
-
-	function_check configure_php
-	configure_php
-
-	nginx_ensite $WIKI_DOMAIN_NAME
-
-	systemctl restart php5-fpm
-	systemctl restart nginx
-
-	echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE
-
-	function_check add_ddns_domain
-	add_ddns_domain $WIKI_DOMAIN_NAME
-
-	# add some post-install instructions
-	if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'Wiki' >> /home/$MY_USERNAME/README
-		echo '====' >> /home/$MY_USERNAME/README
-		echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
-		echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README
-		echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo "  rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
-
-	echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE
-	echo 'install_wiki' >> $COMPLETION_FILE
+	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    else
+	echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    fi
+    echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "    listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "    server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    function_check nginx_limits
+    nginx_limits $WIKI_DOMAIN_NAME
+    function_check nginx_disable_sniffing
+    nginx_disable_sniffing $WIKI_DOMAIN_NAME
+    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+
+    function_check create_site_certificate
+    create_site_certificate $WIKI_DOMAIN_NAME
+
+    function_check configure_php
+    configure_php
+
+    nginx_ensite $WIKI_DOMAIN_NAME
+
+    systemctl restart php5-fpm
+    systemctl restart nginx
+
+    echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE
+
+    function_check add_ddns_domain
+    add_ddns_domain $WIKI_DOMAIN_NAME
+
+    # add some post-install instructions
+    if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then
+	echo '' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo $'Wiki' >> /home/$MY_USERNAME/README
+	echo '====' >> /home/$MY_USERNAME/README
+	echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+	echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README
+	echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo "  rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+	chmod 600 /home/$MY_USERNAME/README
+    fi
+
+    echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE
+    echo 'install_wiki' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-xmpp

@@ -38,444 +38,444 @@ XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+
 XMPP_ECC_CURVE='"secp384r1"'
 
 function reconfigure_xmpp {
-	echo -n ''
+    echo -n ''
 }
 
 function update_prosody_modules {
-	if [ ! -d $INSTALL_DIR/prosody-modules ]; then
-		return
-	fi
-	if [ ! -d /usr/lib/prosody ]; then
-		return
-	fi
-
-	cd $INSTALL_DIR/prosody-modules
-	hg pull
-	hg update
-
-	# support onion addresses
-	if [ -f $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua ]; then
-		cp $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua /usr/lib/prosody/modules/mod_onions.lua
-	fi
-
-	# XEP-0313 message archive management
-	# https://modules.prosody.im/mod_mam.html
-	# Allows you to download your previous messages onto a new client
-	# This only applies if you are not using forward secret crypto
-	# such as OTR or OMEMO (eg. OpenPGP)
-	if [ -d $INSTALL_DIR/prosody-modules/mod_mam ]; then
-		cp $INSTALL_DIR/prosody-modules/mod_mam/*.lua /usr/lib/prosody/modules
-	fi
-
-	# XEP-0352 Client State Indication
-	# Notifies the server if the app is in the background or not
-	if [ -d $INSTALL_DIR/prosody-modules/mod_csi ]; then
-		cp $INSTALL_DIR/prosody-modules/mod_csi/*.lua /usr/lib/prosody/modules
-	fi
-
-	# XEP-0280 Message Carbons
-	# Ensures all messages get delivered to all clients (if you have a mobile and desktop client)
-	if [ -d $INSTALL_DIR/prosody-modules/mod_carbons ]; then
-		cp $INSTALL_DIR/prosody-modules/mod_carbons/*.lua /usr/lib/prosody/modules
-	fi
-
-	# XEP-0198 Stream management
-	# Helps mobile apps recover when a device switches networks.
-	if [ -d $INSTALL_DIR/prosody-modules/mod_smacks ]; then
-		cp $INSTALL_DIR/prosody-modules/mod_smacks/*.lua /usr/lib/prosody/modules
-	fi
-	if [ -d $INSTALL_DIR/prosody-modules/mod_smacks_offline ]; then
-		cp $INSTALL_DIR/prosody-modules/mod_smacks_offline/*.lua /usr/lib/prosody/modules
-	fi
-
-	# XEP-0191: blocking
-	if [ -d $INSTALL_DIR/prosody-modules/mod_blocking ]; then
-		cp $INSTALL_DIR/prosody-modules/mod_blocking/*.lua /usr/lib/prosody/modules
-	fi
-
-	# XEP-0016 Privacy lists
-	if [ -d $INSTALL_DIR/prosody-modules/mod_privacy_lists ]; then
-		cp $INSTALL_DIR/prosody-modules/mod_privacy_lists/*.lua /usr/lib/prosody/modules
-	fi
+    if [ ! -d $INSTALL_DIR/prosody-modules ]; then
+	return
+    fi
+    if [ ! -d /usr/lib/prosody ]; then
+	return
+    fi
+
+    cd $INSTALL_DIR/prosody-modules
+    hg pull
+    hg update
+
+    # support onion addresses
+    if [ -f $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua ]; then
+	cp $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua /usr/lib/prosody/modules/mod_onions.lua
+    fi
+
+    # XEP-0313 message archive management
+    # https://modules.prosody.im/mod_mam.html
+    # Allows you to download your previous messages onto a new client
+    # This only applies if you are not using forward secret crypto
+    # such as OTR or OMEMO (eg. OpenPGP)
+    if [ -d $INSTALL_DIR/prosody-modules/mod_mam ]; then
+	cp $INSTALL_DIR/prosody-modules/mod_mam/*.lua /usr/lib/prosody/modules
+    fi
+
+    # XEP-0352 Client State Indication
+    # Notifies the server if the app is in the background or not
+    if [ -d $INSTALL_DIR/prosody-modules/mod_csi ]; then
+	cp $INSTALL_DIR/prosody-modules/mod_csi/*.lua /usr/lib/prosody/modules
+    fi
+
+    # XEP-0280 Message Carbons
+    # Ensures all messages get delivered to all clients (if you have a mobile and desktop client)
+    if [ -d $INSTALL_DIR/prosody-modules/mod_carbons ]; then
+	cp $INSTALL_DIR/prosody-modules/mod_carbons/*.lua /usr/lib/prosody/modules
+    fi
+
+    # XEP-0198 Stream management
+    # Helps mobile apps recover when a device switches networks.
+    if [ -d $INSTALL_DIR/prosody-modules/mod_smacks ]; then
+	cp $INSTALL_DIR/prosody-modules/mod_smacks/*.lua /usr/lib/prosody/modules
+    fi
+    if [ -d $INSTALL_DIR/prosody-modules/mod_smacks_offline ]; then
+	cp $INSTALL_DIR/prosody-modules/mod_smacks_offline/*.lua /usr/lib/prosody/modules
+    fi
+
+    # XEP-0191: blocking
+    if [ -d $INSTALL_DIR/prosody-modules/mod_blocking ]; then
+	cp $INSTALL_DIR/prosody-modules/mod_blocking/*.lua /usr/lib/prosody/modules
+    fi
+
+    # XEP-0016 Privacy lists
+    if [ -d $INSTALL_DIR/prosody-modules/mod_privacy_lists ]; then
+	cp $INSTALL_DIR/prosody-modules/mod_privacy_lists/*.lua /usr/lib/prosody/modules
+    fi
 }
 
 function upgrade_xmpp {
-	if ! grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then
-		return
-	fi
-	function_check update_prosody_modules
-	update_prosody_modules
+    if ! grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then
+	return
+    fi
+    function_check update_prosody_modules
+    update_prosody_modules
 }
 
 function backup_local_xmpp {
-	source_directory=/var/lib/prosody xmpp
-	if [ -d $source_directory ]; then
-		dest_directory=xmpp
-		echo $"Backing up $source_directory to $dest_directory"
+    source_directory=/var/lib/prosody xmpp
+    if [ -d $source_directory ]; then
+	dest_directory=xmpp
+	echo $"Backing up $source_directory to $dest_directory"
 
-		function_check backup_directory_to_usb
-		backup_directory_to_usb $source_directory $dest_directory
+	function_check backup_directory_to_usb
+	backup_directory_to_usb $source_directory $dest_directory
 
-		echo $"Backup to $dest_directory complete"
-	fi
+	echo $"Backup to $dest_directory complete"
+    fi
 }
 
 function restore_local_xmpp {
-	if [ -d /var/lib/prosody ]; then
-		echo $"Restoring XMPP settings"
-		temp_restore_dir=/root/tempxmpp
-		function_check restore_directory_from_usb
-		restore_directory_from_usb $temp_restore_dir xmpp
-		cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
-		if [ ! "$?" = "0" ]; then
-			function_check set_user_permissions
-			set_user_permissions
-			function_check backup_unmount_drive
-			backup_unmount_drive
-			exit 725
-		fi
-		rm -rf $temp_restore_dir
-		service prosody restart
-		chown -R prosody:prosody /var/lib/prosody/*
-		echo $"Restore of XMPP settings complete"
-	fi
+    if [ -d /var/lib/prosody ]; then
+	echo $"Restoring XMPP settings"
+	temp_restore_dir=/root/tempxmpp
+	function_check restore_directory_from_usb
+	restore_directory_from_usb $temp_restore_dir xmpp
+	cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
+	if [ ! "$?" = "0" ]; then
+	    function_check set_user_permissions
+	    set_user_permissions
+	    function_check backup_unmount_drive
+	    backup_unmount_drive
+	    exit 725
+	fi
+	rm -rf $temp_restore_dir
+	service prosody restart
+	chown -R prosody:prosody /var/lib/prosody/*
+	echo $"Restore of XMPP settings complete"
+    fi
 }
 
 function backup_remote_xmpp {
-	if [ -d /var/lib/prosody ]; then
-		echo $"Backing up the XMPP settings"
-		backup_directory_to_friend /var/lib/prosody xmpp
-		echo $"Backup of XMPP settings complete"
-	fi
+    if [ -d /var/lib/prosody ]; then
+	echo $"Backing up the XMPP settings"
+	backup_directory_to_friend /var/lib/prosody xmpp
+	echo $"Backup of XMPP settings complete"
+    fi
 }
 
 function restore_remote_xmpp {
-	if [ -d /var/lib/prosody ]; then
-		echo $"Restoring XMPP settings"
-		temp_restore_dir=/root/tempxmpp
-		function_check restore_directory_from_friend
-		restore_directory_from_friend $temp_restore_dir xmpp
-		cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
-		if [ ! "$?" = "0" ]; then
-			exit 725
-		fi
-		rm -rf $temp_restore_dir
-		service prosody restart
-		chown -R prosody:prosody /var/lib/prosody/*
-		echo $"Restore of XMPP settings complete"
-	fi
+    if [ -d /var/lib/prosody ]; then
+	echo $"Restoring XMPP settings"
+	temp_restore_dir=/root/tempxmpp
+	function_check restore_directory_from_friend
+	restore_directory_from_friend $temp_restore_dir xmpp
+	cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
+	if [ ! "$?" = "0" ]; then
+	    exit 725
+	fi
+	rm -rf $temp_restore_dir
+	service prosody restart
+	chown -R prosody:prosody /var/lib/prosody/*
+	echo $"Restore of XMPP settings complete"
+    fi
 }
 
 function configure_firewall_for_xmpp {
-	if [ ! -d /etc/prosody ]; then
-		return
-	fi
-	if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-		# docker does its own firewalling
-		return
-	fi
-	if [[ $ONION_ONLY != "no" ]]; then
-		return
-	fi
-	iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
-	iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
-	iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	OPEN_PORTS+=('XMPP     5222-5223')
-	OPEN_PORTS+=('XMPP     5269')
-	OPEN_PORTS+=('XMPP     5280-5281')
-	echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
+    if [ ! -d /etc/prosody ]; then
+	return
+    fi
+    if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
+	return
+    fi
+    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+	# docker does its own firewalling
+	return
+    fi
+    if [[ $ONION_ONLY != "no" ]]; then
+	return
+    fi
+    iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
+    iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
+    iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    OPEN_PORTS+=('XMPP     5222-5223')
+    OPEN_PORTS+=('XMPP     5269')
+    OPEN_PORTS+=('XMPP     5280-5281')
+    echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
 }
 
 function remove_xmpp_client {
-	if ! grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
-		return
-	fi
-	apt-get -y remove --purge profanity
-	sed '/install_xmpp_client/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
+	return
+    fi
+    apt-get -y remove --purge profanity
+    sed '/install_xmpp_client/d' $COMPLETION_FILE
 }
 
 function remove_xmpp {
-	remove_xmpp_client
-	if ! grep -Fxq "install_xmpp" $COMPLETION_FILE; then
-		return
-	fi
-	iptables -D INPUT -p tcp --dport 5222:5223 -j ACCEPT
-	iptables -D INPUT -p tcp --dport 5269 -j ACCEPT
-	iptables -D INPUT -p tcp --dport 5280:5281 -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	function_check remove_onion_service
-	remove_onion_service xmpp 5222 5223 5269
-
-	apt-get -y remove --purge prosody prosody-modules
-	if [ -d $INSTALL_DIR/prosody-modules ]; then
-		rm -rf $INSTALL_DIR/prosody-modules
-	fi
-	if [ -d /etc/prosody ]; then
-		rm -rf /etc/prosody
-	fi
-
-	sed '/install_xmpp/d' $COMPLETION_FILE
-	sed '/XMPP /d' $COMPLETION_FILE
+    remove_xmpp_client
+    if ! grep -Fxq "install_xmpp" $COMPLETION_FILE; then
+	return
+    fi
+    iptables -D INPUT -p tcp --dport 5222:5223 -j ACCEPT
+    iptables -D INPUT -p tcp --dport 5269 -j ACCEPT
+    iptables -D INPUT -p tcp --dport 5280:5281 -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    function_check remove_onion_service
+    remove_onion_service xmpp 5222 5223 5269
+
+    apt-get -y remove --purge prosody prosody-modules
+    if [ -d $INSTALL_DIR/prosody-modules ]; then
+	rm -rf $INSTALL_DIR/prosody-modules
+    fi
+    if [ -d /etc/prosody ]; then
+	rm -rf /etc/prosody
+    fi
+
+    sed '/install_xmpp/d' $COMPLETION_FILE
+    sed '/XMPP /d' $COMPLETION_FILE
 }
 
 function install_xmpp_main {
-	update_prosody_modules
-
-	if grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then
-		return
-	fi
-	apt-get -y install lua-sec lua-bitop
-	apt-get -y install prosody prosody-modules mercurial
-
-	if [ ! -d /etc/prosody ]; then
-		echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
-		exit 52
-	fi
-
-	# obtain the prosody modules
-	cd $INSTALL_DIR
-	hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
-	if [ ! -d $INSTALL_DIR/prosody-modules/mod_onions ]; then
-		echo $'mod_onions prosody module could not be found'
-		exit 73254
-	fi
-
-	# install the onions module
-	update_prosody_modules
-	if [ ! -f /usr/lib/prosody/modules/mod_onions.lua ]; then
-		echo $'mod_onions.lua could not be copied to the prosody modules directory'
-		exit 63952
-	fi
-
-	# create a certificate
-	if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
-		${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
-		check_certificates xmpp
-	fi
-	chown prosody:prosody /etc/ssl/private/xmpp.key
-	chown prosody:prosody /etc/ssl/certs/xmpp.*
-	cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
-
-	sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
-	sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
-	if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-		sed -i '/certificate =/a\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
-	fi
-	if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
-		sed -i '/certificate =/a\        options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
-	fi
-	if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
-		sed -i "/certificate =/a\        ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
-	fi
-	if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
-		sed -i '/certificate =/a\        depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua
-	fi
-	if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
-		sed -i "/certificate =/a\        curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
-	fi
-
-	sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
-	sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
-
-	if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-		echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "mam"; -- Message archive management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "csi"; -- Client state indication' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "carbons"; -- Message carbons' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "smacks"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "smacks_offline"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "privacy"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "privacy_lists"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "blocking"; -- Blocking command' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '  "roster"; -- Roster versioning' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	fi
-	ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
-
-	sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
-	sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
-	if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
-		sed -i '/certificate =/a\    dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
-	fi
-	if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
-		sed -i '/certificate =/a\    options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
-	fi
-	if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then
-		sed -i "/certificate =/a\    ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua
-	fi
-	if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then
-		sed -i '/certificate =/a\    depth = "1";' /etc/prosody/prosody.cfg.lua
-	fi
-	if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then
-		sed -i "/certificate =/a\    curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua
-	fi
-	sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua
-	if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then
-		sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua
-	fi
-	if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then
-		echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	fi
-	sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
-	sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
-	sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
-	sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
-	sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
-	sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
-
-	systemctl restart prosody
-	touch /home/$MY_USERNAME/README
-
-	if [ ! -d /var/lib/tor ]; then
-		echo $'No Tor installation found. XMPP onion site cannot be configured.'
-		exit 877367
-	fi
-	if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
-		echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
-		echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
-		echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
-		echo $'Added onion site for XMPP chat'
-	fi
-
-	systemctl restart tor
-	wait_for_onion_service 'xmpp'
-
-	if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
-		echo $'XMPP onion site hostname not found'
-		exit 65349
-	fi
-	XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
-	if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-		echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
-		echo '    modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	fi
-	if ! grep -q "XMPP onion domain" $COMPLETION_FILE; then
-		echo "XMPP onion domain:${XMPP_ONION_HOSTNAME}" >> $COMPLETION_FILE
-	else
-		sed -i "s|XMPP onion domain.*|XMPP onion domain:${XMPP_ONION_HOSTNAME}|g" $COMPLETION_FILE
-	fi
-
-	if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then
-		if [ ${#XMPP_PASSWORD} -lt 8 ]; then
-			if [ -f $IMAGE_PASSWORD_FILE ]; then
-				XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-			else
-				XMPP_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-			fi
-		fi
-		prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'XMPP' >> /home/$MY_USERNAME/README
-		echo '====' >> /home/$MY_USERNAME/README
-		echo $"XMPP onion domain: ${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
-		echo $"Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README
-		echo $'You can change it with: ' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo "    prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
-
-	function_check configure_firewall_for_xmpp
-	configure_firewall_for_xmpp
-
-	echo 'install_xmpp_main' >> $COMPLETION_FILE
+    update_prosody_modules
+
+    if grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then
+	return
+    fi
+    apt-get -y install lua-sec lua-bitop
+    apt-get -y install prosody prosody-modules mercurial
+
+    if [ ! -d /etc/prosody ]; then
+	echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
+	exit 52
+    fi
+
+    # obtain the prosody modules
+    cd $INSTALL_DIR
+    hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
+    if [ ! -d $INSTALL_DIR/prosody-modules/mod_onions ]; then
+	echo $'mod_onions prosody module could not be found'
+	exit 73254
+    fi
+
+    # install the onions module
+    update_prosody_modules
+    if [ ! -f /usr/lib/prosody/modules/mod_onions.lua ]; then
+	echo $'mod_onions.lua could not be copied to the prosody modules directory'
+	exit 63952
+    fi
+
+    # create a certificate
+    if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
+	${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
+	check_certificates xmpp
+    fi
+    chown prosody:prosody /etc/ssl/private/xmpp.key
+    chown prosody:prosody /etc/ssl/certs/xmpp.*
+    cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
+
+    sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+    sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+    if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+	sed -i '/certificate =/a\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+    if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
+	sed -i '/certificate =/a\        options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+    if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
+	sed -i "/certificate =/a\        ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+    if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
+	sed -i '/certificate =/a\        depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+    if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
+	sed -i "/certificate =/a\        curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+
+    sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
+    sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
+
+    if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+	echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "mam"; -- Message archive management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "csi"; -- Client state indication' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "carbons"; -- Message carbons' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "smacks"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "smacks_offline"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "privacy"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "privacy_lists"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "blocking"; -- Blocking command' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '  "roster"; -- Roster versioning' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+    ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
+
+    sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
+    sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
+    if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
+	sed -i '/certificate =/a\    dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
+    fi
+    if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
+	sed -i '/certificate =/a\    options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
+    fi
+    if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then
+	sed -i "/certificate =/a\    ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua
+    fi
+    if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then
+	sed -i '/certificate =/a\    depth = "1";' /etc/prosody/prosody.cfg.lua
+    fi
+    if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then
+	sed -i "/certificate =/a\    curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua
+    fi
+    sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua
+    if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then
+	sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua
+    fi
+    if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then
+	echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+    sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
+    sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
+    sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
+    sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
+    sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
+    sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
+
+    systemctl restart prosody
+    touch /home/$MY_USERNAME/README
+
+    if [ ! -d /var/lib/tor ]; then
+	echo $'No Tor installation found. XMPP onion site cannot be configured.'
+	exit 877367
+    fi
+    if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
+	echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
+	echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
+	echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
+	echo $'Added onion site for XMPP chat'
+    fi
+
+    systemctl restart tor
+    wait_for_onion_service 'xmpp'
+
+    if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
+	echo $'XMPP onion site hostname not found'
+	exit 65349
+    fi
+    XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
+    if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+	echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	echo '    modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+    if ! grep -q "XMPP onion domain" $COMPLETION_FILE; then
+	echo "XMPP onion domain:${XMPP_ONION_HOSTNAME}" >> $COMPLETION_FILE
+    else
+	sed -i "s|XMPP onion domain.*|XMPP onion domain:${XMPP_ONION_HOSTNAME}|g" $COMPLETION_FILE
+    fi
+
+    if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then
+	if [ ${#XMPP_PASSWORD} -lt 8 ]; then
+	    if [ -f $IMAGE_PASSWORD_FILE ]; then
+		XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+	    else
+		XMPP_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+	    fi
+	fi
+	prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD
+	echo '' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo $'XMPP' >> /home/$MY_USERNAME/README
+	echo '====' >> /home/$MY_USERNAME/README
+	echo $"XMPP onion domain: ${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+	echo $"Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README
+	echo $'You can change it with: ' >> /home/$MY_USERNAME/README
+	echo '' >> /home/$MY_USERNAME/README
+	echo "    prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
+	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+	chmod 600 /home/$MY_USERNAME/README
+    fi
+
+    function_check configure_firewall_for_xmpp
+    configure_firewall_for_xmpp
+
+    echo 'install_xmpp_main' >> $COMPLETION_FILE
 }
 
 function install_xmpp_client {
-	if grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
-		return
-	fi
-	apt-get -y install profanity
-
-	XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
-	XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
-	if [ ! -d $XMPP_CLIENT_DIR ]; then
-		mkdir -p $XMPP_CLIENT_DIR
-	fi
-
+    if grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
+	return
+    fi
+    apt-get -y install profanity
+
+    XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
+    XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
+    if [ ! -d $XMPP_CLIENT_DIR ]; then
+	mkdir -p $XMPP_CLIENT_DIR
+    fi
+
+    if [[ $ONION_ONLY == 'no' ]]; then
+	echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS
+	echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
+	echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
+	echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
+	echo "muc.service=conference.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
+	echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
+	echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
+	echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
+	echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
+	echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
+	echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
+	echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
+	echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+	if [ ${#XMPP_PASSWORD} -gt 2 ]; then
+	    echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+	fi
+    fi
+
+    if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
+	XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
+	echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS
 	if [[ $ONION_ONLY == 'no' ]]; then
-		echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS
-		echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
-		echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
-		echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-		echo "muc.service=conference.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
-		echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
-		echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-		echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-		echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-		echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-		echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-		echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-		echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
-		if [ ${#XMPP_PASSWORD} -gt 2 ]; then
-			echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
-		fi
-	fi
-
-	if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
-		XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
-		echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS
-		if [[ $ONION_ONLY == 'no' ]]; then
-			echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS
-		else
-			echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
-		fi
-		echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-		echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-		echo "muc.service=conference.${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-		echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
-		echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-		echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-		echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-		echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-		echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-		echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-		echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
-		if [ ${#XMPP_PASSWORD} -gt 2 ]; then
-			echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
-		fi
-	fi
-
-	if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
-		mkdir /home/$MY_USERNAME/.config/profanity
-	fi
-	echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
-	echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
-
-	chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
-	chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
-
-	echo 'install_xmpp_client' >> $COMPLETION_FILE
+	    echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS
+	else
+	    echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
+	fi
+	echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
+	echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
+	echo "muc.service=conference.${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
+	echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
+	echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
+	echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
+	echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
+	echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
+	echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
+	echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
+	echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+	if [ ${#XMPP_PASSWORD} -gt 2 ]; then
+	    echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+	fi
+    fi
+
+    if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
+	mkdir /home/$MY_USERNAME/.config/profanity
+    fi
+    echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
+    echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
+
+    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
+    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+
+    echo 'install_xmpp_client' >> $COMPLETION_FILE
 }
 
 function install_xmpp {
-	if grep -Fxq "install_xmpp" $COMPLETION_FILE; then
-		return
-	fi
-	install_xmpp_main
-	install_xmpp_client
-	echo 'install_xmpp' >> $COMPLETION_FILE
+    if grep -Fxq "install_xmpp" $COMPLETION_FILE; then
+	return
+    fi
+    install_xmpp_main
+    install_xmpp_client
+    echo 'install_xmpp' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-mesh-install

@@ -82,434 +82,434 @@ REMOVE='no'
 source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-git
 
 function show_help {
-	echo ''
-	echo $"${PROJECT_NAME}-mesh-install -f [function] -r [rootdir]"
-	echo ''
-	echo $'Runs a mesh network install function'
-	echo ''
-	echo $'  -h --help                   Show help'
-	echo $'  -f --function [name]        Name of the function to be run'
-	echo $'  -r --rootdir [directory]    Root directory'
-	echo $'  -w --wifi [interface]       e.g. wlan0'
-	echo ''
-	exit 0
+    echo ''
+    echo $"${PROJECT_NAME}-mesh-install -f [function] -r [rootdir]"
+    echo ''
+    echo $'Runs a mesh network install function'
+    echo ''
+    echo $'  -h --help                   Show help'
+    echo $'  -f --function [name]        Name of the function to be run'
+    echo $'  -r --rootdir [directory]    Root directory'
+    echo $'  -w --wifi [interface]       e.g. wlan0'
+    echo ''
+    exit 0
 }
 
 
 function install_babel {
-	$CHROOT_PREFIX apt-get -y install babeld
-
-	babel_script=${rootdir}/var/lib/babel
-
-	echo '#!/bin/bash' > $babel_script
-	echo '' >> $babel_script
-	echo 'if [[ $1 == "ls" || $1 == "list" ]]; then' >> $babel_script
-	echo '    avahi-browse -atl' >> $babel_script
-	echo '    exit 0' >> $babel_script
-	echo 'fi' >> $babel_script
-	echo '' >> $babel_script
-	echo 'if [[ $1 == "start" ]]; then' >> $babel_script
-	echo '    sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
-	echo '    sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
-	echo '    sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
-	echo '    sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
-	echo '    sed -i "s|hosts:.*|hosts:          files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $babel_script
-	echo '    systemctl restart avahi-daemon' >> $babel_script
-	echo 'fi' >> $babel_script
-	echo '' >> $babel_script
-	echo "IFACE=$WIFI_INTERFACE" >> $babel_script
-	echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
-	echo '    if grep -q "wlan1" /proc/net/dev; then' >> $babel_script
-	echo '        IFACE=wlan1' >> $babel_script
-	echo '    fi' >> $babel_script
-	echo 'fi' >> $babel_script
-	echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
-	echo '    if grep -q "wlan2" /proc/net/dev; then' >> $babel_script
-	echo '        IFACE=wlan2' >> $babel_script
-	echo '    fi' >> $babel_script
-	echo 'fi' >> $babel_script
-	echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
-	echo '    if grep -q "wlan3" /proc/net/dev; then' >> $babel_script
-	echo '        IFACE=wlan3' >> $babel_script
-	echo '    fi' >> $babel_script
-	echo 'fi' >> $babel_script
-	echo '' >> $babel_script
-	echo 'if [[ ! grep -q "$IFACE" /proc/net/dev || $1 == "stop" ]]; then' >> $babel_script
-	echo '    if ! grep -q "$IFACE" /proc/net/dev; then' >> $babel_script
-	echo '        echo "Interface $IFACE was not found"' >> $babel_script
-	echo '    else' >> $babel_script
-	echo '        echo "Stopping"' >> $babel_script
-	echo '    fi' >> $babel_script
-	echo '    ifconfig $IFACE down' >> $babel_script
-	echo '    pkill babeld' >> $babel_script
-	echo '    systemctl restart network-manager' >> $babel_script
-	echo '    exit 1' >> $babel_script
-	echo 'fi' >> $babel_script
-	echo '' >> $babel_script
-	echo 'systemctl stop network-manager' >> $babel_script
-	echo 'ifconfig $IFACE down' >> $babel_script
-	echo -n 'iwconfig $IFACE mode ad-hoc channel ' >> $babel_script
-	echo "$WIFI_CHANNEL essid \"$WIFI_SSID\"" >> $babel_script
-	echo 'ifconfig $IFACE up' >> $babel_script
-	echo -n 'ifconfig $IFACE:avahi ' >> $babel_script
-	echo -n "$LOCAL_NETWORK_STATIC_IP_ADDRESS netmask " >> $babel_script
-	echo '255.255.255.0 broadcast 192.168.13.255' >> $babel_script
-	echo -n 'babeld -D $IFACE:avahi -p ' >> $babel_script
-	echo -n "$BABEL_PORT -d 5 " >> $babel_script
-	echo '$IFACE' >> $babel_script
-	echo 'exit 0' >> $babel_script
-	chmod +x $babel_script
-
-	echo '[Unit]' > ${rootdir}/etc/systemd/system/babel.service
-	echo 'Description=Babel Mesh' >> ${rootdir}/etc/systemd/system/babel.service
-	echo '' >> ${rootdir}/etc/systemd/system/babel.service
-	echo '[Service]' >> ${rootdir}/etc/systemd/system/babel.service
-	echo 'Type=oneshot' >> ${rootdir}/etc/systemd/system/babel.service
-	echo "ExecStart=$babel_script start" >> ${rootdir}/etc/systemd/system/babel.service
-	echo "ExecStop=$babel_script stop" >> ${rootdir}/etc/systemd/system/babel.service
-	echo 'RemainAfterExit=yes' >> ${rootdir}/etc/systemd/system/babel.service
-	echo '' >> ${rootdir}/etc/systemd/system/babel.service
-	echo '# Allow time for the server to start/stop' >> ${rootdir}/etc/systemd/system/babel.service
-	echo 'TimeoutSec=300' >> ${rootdir}/etc/systemd/system/babel.service
-	echo '' >> ${rootdir}/etc/systemd/system/babel.service
-	echo '[Install]' >> /etc/systemd/system/babel.service
-	echo 'WantedBy=multi-user.target' >> ${rootdir}/etc/systemd/system/babel.service
-	$CHROOT_PREFIX systemctl enable babel
+    $CHROOT_PREFIX apt-get -y install babeld
+
+    babel_script=${rootdir}/var/lib/babel
+
+    echo '#!/bin/bash' > $babel_script
+    echo '' >> $babel_script
+    echo 'if [[ $1 == "ls" || $1 == "list" ]]; then' >> $babel_script
+    echo '    avahi-browse -atl' >> $babel_script
+    echo '    exit 0' >> $babel_script
+    echo 'fi' >> $babel_script
+    echo '' >> $babel_script
+    echo 'if [[ $1 == "start" ]]; then' >> $babel_script
+    echo '    sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
+    echo '    sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
+    echo '    sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
+    echo '    sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
+    echo '    sed -i "s|hosts:.*|hosts:          files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $babel_script
+    echo '    systemctl restart avahi-daemon' >> $babel_script
+    echo 'fi' >> $babel_script
+    echo '' >> $babel_script
+    echo "IFACE=$WIFI_INTERFACE" >> $babel_script
+    echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
+    echo '    if grep -q "wlan1" /proc/net/dev; then' >> $babel_script
+    echo '        IFACE=wlan1' >> $babel_script
+    echo '    fi' >> $babel_script
+    echo 'fi' >> $babel_script
+    echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
+    echo '    if grep -q "wlan2" /proc/net/dev; then' >> $babel_script
+    echo '        IFACE=wlan2' >> $babel_script
+    echo '    fi' >> $babel_script
+    echo 'fi' >> $babel_script
+    echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
+    echo '    if grep -q "wlan3" /proc/net/dev; then' >> $babel_script
+    echo '        IFACE=wlan3' >> $babel_script
+    echo '    fi' >> $babel_script
+    echo 'fi' >> $babel_script
+    echo '' >> $babel_script
+    echo 'if [[ ! grep -q "$IFACE" /proc/net/dev || $1 == "stop" ]]; then' >> $babel_script
+    echo '    if ! grep -q "$IFACE" /proc/net/dev; then' >> $babel_script
+    echo '        echo "Interface $IFACE was not found"' >> $babel_script
+    echo '    else' >> $babel_script
+    echo '        echo "Stopping"' >> $babel_script
+    echo '    fi' >> $babel_script
+    echo '    ifconfig $IFACE down' >> $babel_script
+    echo '    pkill babeld' >> $babel_script
+    echo '    systemctl restart network-manager' >> $babel_script
+    echo '    exit 1' >> $babel_script
+    echo 'fi' >> $babel_script
+    echo '' >> $babel_script
+    echo 'systemctl stop network-manager' >> $babel_script
+    echo 'ifconfig $IFACE down' >> $babel_script
+    echo -n 'iwconfig $IFACE mode ad-hoc channel ' >> $babel_script
+    echo "$WIFI_CHANNEL essid \"$WIFI_SSID\"" >> $babel_script
+    echo 'ifconfig $IFACE up' >> $babel_script
+    echo -n 'ifconfig $IFACE:avahi ' >> $babel_script
+    echo -n "$LOCAL_NETWORK_STATIC_IP_ADDRESS netmask " >> $babel_script
+    echo '255.255.255.0 broadcast 192.168.13.255' >> $babel_script
+    echo -n 'babeld -D $IFACE:avahi -p ' >> $babel_script
+    echo -n "$BABEL_PORT -d 5 " >> $babel_script
+    echo '$IFACE' >> $babel_script
+    echo 'exit 0' >> $babel_script
+    chmod +x $babel_script
+
+    echo '[Unit]' > ${rootdir}/etc/systemd/system/babel.service
+    echo 'Description=Babel Mesh' >> ${rootdir}/etc/systemd/system/babel.service
+    echo '' >> ${rootdir}/etc/systemd/system/babel.service
+    echo '[Service]' >> ${rootdir}/etc/systemd/system/babel.service
+    echo 'Type=oneshot' >> ${rootdir}/etc/systemd/system/babel.service
+    echo "ExecStart=$babel_script start" >> ${rootdir}/etc/systemd/system/babel.service
+    echo "ExecStop=$babel_script stop" >> ${rootdir}/etc/systemd/system/babel.service
+    echo 'RemainAfterExit=yes' >> ${rootdir}/etc/systemd/system/babel.service
+    echo '' >> ${rootdir}/etc/systemd/system/babel.service
+    echo '# Allow time for the server to start/stop' >> ${rootdir}/etc/systemd/system/babel.service
+    echo 'TimeoutSec=300' >> ${rootdir}/etc/systemd/system/babel.service
+    echo '' >> ${rootdir}/etc/systemd/system/babel.service
+    echo '[Install]' >> /etc/systemd/system/babel.service
+    echo 'WantedBy=multi-user.target' >> ${rootdir}/etc/systemd/system/babel.service
+    $CHROOT_PREFIX systemctl enable babel
 }
 
 function install_babel_remove {
-	$CHROOT_PREFIX systemctl stop babel
-	$CHROOT_PREFIX apt-get -y remove --purge babeld
-	rm ${rootdir}/var/lib/babel
-	rm ${rootdir}/etc/systemd/system/babel.service
+    $CHROOT_PREFIX systemctl stop babel
+    $CHROOT_PREFIX apt-get -y remove --purge babeld
+    rm ${rootdir}/var/lib/babel
+    rm ${rootdir}/etc/systemd/system/babel.service
 }
 
 function mesh_avahi {
-	$CHROOT_PREFIX apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd
-
-	decarray=( 1 2 3 4 5 6 7 8 9 0 )
-	PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
-	sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" $rootdir/etc/avahi/avahi-daemon.conf
-
-	if [ ! -d $rootdir/etc/avahi/services ]; then
-		mkdir -p $rootdir/etc/avahi/services
-	fi
-
-	# remove an avahi service which isn't used
-	if [ -f $rootdir/etc/avahi/services/udisks.service ]; then
-		rm $rootdir/etc/avahi/services/udisks.service
-	fi
-
-	# Add an ssh service
-	echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/ssh.service
-	echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/ssh.service
-	echo '<service-group>' >> $rootdir/etc/avahi/services/ssh.service
-	echo '  <name replace-wildcards="yes">%h SSH</name>' >> $rootdir/etc/avahi/services/ssh.service
-	echo '  <service>' >> $rootdir/etc/avahi/services/ssh.service
-	echo '    <type>_ssh._tcp</type>' >> $rootdir/etc/avahi/services/ssh.service
-	echo "    <port>$SSH_PORT</port>" >> $rootdir/etc/avahi/services/ssh.service
-	echo '  </service>' >> $rootdir/etc/avahi/services/ssh.service
-	echo '</service-group>' >> $rootdir/etc/avahi/services/ssh.service
-
-	# keep the daemon running
-	WATCHDOG_SCRIPT_NAME="keepon"
-	echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo '  systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo '  echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-	chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    $CHROOT_PREFIX apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd
+
+    decarray=( 1 2 3 4 5 6 7 8 9 0 )
+    PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
+    sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" $rootdir/etc/avahi/avahi-daemon.conf
+
+    if [ ! -d $rootdir/etc/avahi/services ]; then
+	mkdir -p $rootdir/etc/avahi/services
+    fi
+
+    # remove an avahi service which isn't used
+    if [ -f $rootdir/etc/avahi/services/udisks.service ]; then
+	rm $rootdir/etc/avahi/services/udisks.service
+    fi
+
+    # Add an ssh service
+    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/ssh.service
+    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/ssh.service
+    echo '<service-group>' >> $rootdir/etc/avahi/services/ssh.service
+    echo '  <name replace-wildcards="yes">%h SSH</name>' >> $rootdir/etc/avahi/services/ssh.service
+    echo '  <service>' >> $rootdir/etc/avahi/services/ssh.service
+    echo '    <type>_ssh._tcp</type>' >> $rootdir/etc/avahi/services/ssh.service
+    echo "    <port>$SSH_PORT</port>" >> $rootdir/etc/avahi/services/ssh.service
+    echo '  </service>' >> $rootdir/etc/avahi/services/ssh.service
+    echo '</service-group>' >> $rootdir/etc/avahi/services/ssh.service
+
+    # keep the daemon running
+    WATCHDOG_SCRIPT_NAME="keepon"
+    echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo '  systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo '  echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 }
 
 function install_babel_client {
-	# TODO to be fixed
-	TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
-
-	if [ ! -f ${rootdir}/tmp/meshtype ]; then
-		$CHROOT_PREFIX sudo apt-get -y install babeld
-		if [ ! -f $TOXIC_FILE ]; then
-			$CHROOT_PREFIX sudo apt-get -y install toxic
-		fi
-
-		CURR_DIR=$(pwd)
-		if [ ! -f ~/develop/toxid ]; then
-			if [ ! -f ~/develop ]; then
-				mkdir ~/develop
-			fi
-			cd ~/develop
-			git_clone $TOXID_REPO ~/develop/toxid
-		fi
-		cd ~/develop/toxid
-		sudo make install
-		cd $CURR_DIR
+    # TODO to be fixed
+    TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
+
+    if [ ! -f ${rootdir}/tmp/meshtype ]; then
+	$CHROOT_PREFIX sudo apt-get -y install babeld
+	if [ ! -f $TOXIC_FILE ]; then
+	    $CHROOT_PREFIX sudo apt-get -y install toxic
 	fi
 
-	babel_script=${rootdir}/tmp/babel
-
-	echo '#!/bin/bash' > $babel_script
-	echo '' >> $babel_script
-	echo 'if [[ $1 == "ls" || $1 == "list" ]]; then' >> $babel_script
-	echo '    avahi-browse -atl' >> $babel_script
-	echo '    exit 0' >> $babel_script
-	echo 'fi' >> $babel_script
-	echo '' >> $babel_script
-	echo 'if [[ $1 == "start" ]]; then' >> $babel_script
-	echo '    if [ -f /tmp/meshtype ] ; then' >> $babel_script
-	echo '        echo "Mesh already running"' >> $babel_script
-	echo '        return' >> $babel_script
-	echo '    fi' >> $batman_script
-	echo '    # install avahi' >> $babel_script
-	echo '    apt-get -y install avahi-utils avahi-autoipd avahi-daemon avahi-dnsconfd bittornado' >> $babel_script
-	echo '    sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
-	echo '    sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
-	echo '    if [ -f /bin/systemctl ]; then' >> $babel_script
-	echo '        systemctl restart avahi-daemon' >> $babel_script
-	echo '    else' >> $babel_script
-	echo '        service avahi-daemon restart' >> $babel_script
-	echo '    fi' >> $babel_script
-	echo '    echo "babel" > /tmp/meshtype' >> $babel_script
-	echo 'fi' >> $babel_script
-	echo '' >> $babel_script
-	echo "IFACE=$WIFI_INTERFACE" >> $babel_script
-	echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
-	echo '    if grep -q "wlan1" /proc/net/dev; then' >> $babel_script
-	echo '        IFACE=wlan1' >> $babel_script
-	echo '    fi' >> $babel_script
-	echo 'fi' >> $babel_script
-	echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
-	echo '    if grep -q "wlan2" /proc/net/dev; then' >> $babel_script
-	echo '        IFACE=wlan2' >> $babel_script
-	echo '    fi' >> $babel_script
-	echo 'fi' >> $babel_script
-	echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
-	echo '    if grep -q "wlan3" /proc/net/dev; then' >> $babel_script
-	echo '        IFACE=wlan3' >> $babel_script
-	echo '    fi' >> $babel_script
-	echo 'fi' >> $babel_script
-	echo '' >> $babel_script
-	echo 'if [[ ! grep -q "$IFACE" /proc/net/dev || $1 == "stop" ]]; then' >> $babel_script
-	echo '    if ! grep -q "$IFACE" /proc/net/dev; then' >> $babel_script
-	echo '        echo "Interface $IFACE was not found"' >> $babel_script
-	echo '    else' >> $babel_script
-	echo '        echo "Stopping"' >> $babel_script
-	echo '    fi' >> $babel_script
-	echo '    ifconfig $IFACE down' >> $babel_script
-	echo '    pkill babeld' >> $babel_script
-	echo '    if [ -f /bin/systemctl ]; then' >> $babel_script
-	echo '        systemctl restart network-manager' >> $babel_script
-	echo '    else' >> $babel_script
-	echo '        service network-manager restart' >> $babel_script
-	echo '    fi' >> $babel_script
-	echo '    exit 1' >> $babel_script
-	echo 'fi' >> $babel_script
-	echo '' >> $babel_script
-	echo 'if [ -f /bin/systemctl ]; then' >> $babel_script
-	echo '    systemctl stop network-manager' >> $babel_script
-	echo 'else' >> $babel_script
-	echo '    service network-manager stop' >> $babel_script
-	echo 'fi' >> $babel_script
-	echo 'ifconfig $IFACE down' >> $babel_script
-	echo -n 'iwconfig $IFACE mode ad-hoc channel ' >> $babel_script
-	echo "$WIFI_CHANNEL essid \"$WIFI_SSID\"" >> $babel_script
-	echo 'ifconfig $IFACE up' >> $babel_script
-	echo -n 'ifconfig $IFACE:avahi ' >> $babel_script
-	echo -n "$LOCAL_NETWORK_STATIC_IP_ADDRESS netmask " >> $babel_script
-	echo '255.255.255.0 broadcast 192.168.13.255' >> $babel_script
-	echo -n 'babeld -D $IFACE:avahi -p ' >> $babel_script
-	echo -n "$BABEL_PORT -d 5 " >> $babel_script
-	echo '$IFACE' >> $babel_script
-	echo 'exit 0' >> $babel_script
-	chmod +x $babel_script
-	sudo mv $babel_script ${rootdir}/usr/bin/babel
+	CURR_DIR=$(pwd)
+	if [ ! -f ~/develop/toxid ]; then
+	    if [ ! -f ~/develop ]; then
+		mkdir ~/develop
+	    fi
+	    cd ~/develop
+	    git_clone $TOXID_REPO ~/develop/toxid
+	fi
+	cd ~/develop/toxid
+	sudo make install
+	cd $CURR_DIR
+    fi
+
+    babel_script=${rootdir}/tmp/babel
+
+    echo '#!/bin/bash' > $babel_script
+    echo '' >> $babel_script
+    echo 'if [[ $1 == "ls" || $1 == "list" ]]; then' >> $babel_script
+    echo '    avahi-browse -atl' >> $babel_script
+    echo '    exit 0' >> $babel_script
+    echo 'fi' >> $babel_script
+    echo '' >> $babel_script
+    echo 'if [[ $1 == "start" ]]; then' >> $babel_script
+    echo '    if [ -f /tmp/meshtype ] ; then' >> $babel_script
+    echo '        echo "Mesh already running"' >> $babel_script
+    echo '        return' >> $babel_script
+    echo '    fi' >> $batman_script
+    echo '    # install avahi' >> $babel_script
+    echo '    apt-get -y install avahi-utils avahi-autoipd avahi-daemon avahi-dnsconfd bittornado' >> $babel_script
+    echo '    sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
+    echo '    sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
+    echo '    if [ -f /bin/systemctl ]; then' >> $babel_script
+    echo '        systemctl restart avahi-daemon' >> $babel_script
+    echo '    else' >> $babel_script
+    echo '        service avahi-daemon restart' >> $babel_script
+    echo '    fi' >> $babel_script
+    echo '    echo "babel" > /tmp/meshtype' >> $babel_script
+    echo 'fi' >> $babel_script
+    echo '' >> $babel_script
+    echo "IFACE=$WIFI_INTERFACE" >> $babel_script
+    echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
+    echo '    if grep -q "wlan1" /proc/net/dev; then' >> $babel_script
+    echo '        IFACE=wlan1' >> $babel_script
+    echo '    fi' >> $babel_script
+    echo 'fi' >> $babel_script
+    echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
+    echo '    if grep -q "wlan2" /proc/net/dev; then' >> $babel_script
+    echo '        IFACE=wlan2' >> $babel_script
+    echo '    fi' >> $babel_script
+    echo 'fi' >> $babel_script
+    echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
+    echo '    if grep -q "wlan3" /proc/net/dev; then' >> $babel_script
+    echo '        IFACE=wlan3' >> $babel_script
+    echo '    fi' >> $babel_script
+    echo 'fi' >> $babel_script
+    echo '' >> $babel_script
+    echo 'if [[ ! grep -q "$IFACE" /proc/net/dev || $1 == "stop" ]]; then' >> $babel_script
+    echo '    if ! grep -q "$IFACE" /proc/net/dev; then' >> $babel_script
+    echo '        echo "Interface $IFACE was not found"' >> $babel_script
+    echo '    else' >> $babel_script
+    echo '        echo "Stopping"' >> $babel_script
+    echo '    fi' >> $babel_script
+    echo '    ifconfig $IFACE down' >> $babel_script
+    echo '    pkill babeld' >> $babel_script
+    echo '    if [ -f /bin/systemctl ]; then' >> $babel_script
+    echo '        systemctl restart network-manager' >> $babel_script
+    echo '    else' >> $babel_script
+    echo '        service network-manager restart' >> $babel_script
+    echo '    fi' >> $babel_script
+    echo '    exit 1' >> $babel_script
+    echo 'fi' >> $babel_script
+    echo '' >> $babel_script
+    echo 'if [ -f /bin/systemctl ]; then' >> $babel_script
+    echo '    systemctl stop network-manager' >> $babel_script
+    echo 'else' >> $babel_script
+    echo '    service network-manager stop' >> $babel_script
+    echo 'fi' >> $babel_script
+    echo 'ifconfig $IFACE down' >> $babel_script
+    echo -n 'iwconfig $IFACE mode ad-hoc channel ' >> $babel_script
+    echo "$WIFI_CHANNEL essid \"$WIFI_SSID\"" >> $babel_script
+    echo 'ifconfig $IFACE up' >> $babel_script
+    echo -n 'ifconfig $IFACE:avahi ' >> $babel_script
+    echo -n "$LOCAL_NETWORK_STATIC_IP_ADDRESS netmask " >> $babel_script
+    echo '255.255.255.0 broadcast 192.168.13.255' >> $babel_script
+    echo -n 'babeld -D $IFACE:avahi -p ' >> $babel_script
+    echo -n "$BABEL_PORT -d 5 " >> $babel_script
+    echo '$IFACE' >> $babel_script
+    echo 'exit 0' >> $babel_script
+    chmod +x $babel_script
+    sudo mv $babel_script ${rootdir}/usr/bin/babel
 }
 
 function install_batman_remove {
-	systemctl stop batman
-	rm $rootdir/var/lib/batman
-	rm $rootdir/etc/systemd/system/batman.service
+    systemctl stop batman
+    rm $rootdir/var/lib/batman
+    rm $rootdir/etc/systemd/system/batman.service
 }
 
 function install_batman {
-	$CHROOT_PREFIX apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
-	$CHROOT_PREFIX apt-get -y install python-dev libevent-dev ebtables python-pip git
-	$CHROOT_PREFIX apt-get -y install wireless-tools rfkill
-
-	if ! grep -q "batman_adv" $rootdir/etc/modules; then
-		echo 'batman_adv' >> $rootdir/etc/modules
-	fi
-
-	BATMAN_SCRIPT=$rootdir/var/lib/batman
-
-	if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
-		cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
-	else
-		cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
-	fi
-
-	BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
-	echo '[Unit]' > $BATMAN_DAEMON
-	echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
-	echo 'After=network.target' >> $BATMAN_DAEMON
-	echo '' >> $BATMAN_DAEMON
-	echo '[Service]' >> $BATMAN_DAEMON
-	echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
-	echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
-	echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
-	echo 'Restart=on-failure' >> $BATMAN_DAEMON
-	echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
-	echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
-	echo '' >> $BATMAN_DAEMON
-	echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
-	echo 'TimeoutSec=300' >> $BATMAN_DAEMON
-	echo '' >> $BATMAN_DAEMON
-	echo '[Install]' >> $BATMAN_DAEMON
-	echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
-	$CHROOT_PREFIX systemctl enable batman
+    $CHROOT_PREFIX apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
+    $CHROOT_PREFIX apt-get -y install python-dev libevent-dev ebtables python-pip git
+    $CHROOT_PREFIX apt-get -y install wireless-tools rfkill
+
+    if ! grep -q "batman_adv" $rootdir/etc/modules; then
+	echo 'batman_adv' >> $rootdir/etc/modules
+    fi
+
+    BATMAN_SCRIPT=$rootdir/var/lib/batman
+
+    if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
+	cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+    else
+	cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+    fi
+
+    BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
+    echo '[Unit]' > $BATMAN_DAEMON
+    echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
+    echo 'After=network.target' >> $BATMAN_DAEMON
+    echo '' >> $BATMAN_DAEMON
+    echo '[Service]' >> $BATMAN_DAEMON
+    echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
+    echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
+    echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
+    echo 'Restart=on-failure' >> $BATMAN_DAEMON
+    echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
+    echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
+    echo '' >> $BATMAN_DAEMON
+    echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
+    echo 'TimeoutSec=300' >> $BATMAN_DAEMON
+    echo '' >> $BATMAN_DAEMON
+    echo '[Install]' >> $BATMAN_DAEMON
+    echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
+    $CHROOT_PREFIX systemctl enable batman
 }
 
 function mesh_firewall {
-	FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
-	MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
-
-	echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
-	echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
-	echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
-	echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
-	echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
-	echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
-	echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
-	echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
-	echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
-	echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
-	echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
-	echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-	echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-	echo '' >> $MESH_FIREWALL_SCRIPT
-	echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
-	echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
-	echo '' >> $MESH_FIREWALL_SCRIPT
-	echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
-	echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
-	echo '' >> $MESH_FIREWALL_SCRIPT
-	echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
-	echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
-	echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-	echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-	echo '' >> $MESH_FIREWALL_SCRIPT
-	echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
-	echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
-	echo '' >> $MESH_FIREWALL_SCRIPT
-	echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-	echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-	echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-	echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-	echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-	echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-	chmod +x $MESH_FIREWALL_SCRIPT
-
-	echo '[Unit]' > $FIREWALL_FILENAME
-	echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
-	echo '' >> $FIREWALL_FILENAME
-	echo '[Service]' >> $FIREWALL_FILENAME
-	echo 'Type=oneshot' >> $FIREWALL_FILENAME
-	echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
-	echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
-	echo '' >> $FIREWALL_FILENAME
-	echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
-	echo '' >> $FIREWALL_FILENAME
-	echo '[Install]' >> $FIREWALL_FILENAME
-	echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
-	$CHROOT_PREFIX systemctl enable meshfirewall
+    FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
+    MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
+
+    echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
+    echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
+    echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
+    echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
+    echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
+    echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
+    echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
+    echo '' >> $MESH_FIREWALL_SCRIPT
+    echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
+    echo '' >> $MESH_FIREWALL_SCRIPT
+    echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
+    echo '' >> $MESH_FIREWALL_SCRIPT
+    echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
+    echo '' >> $MESH_FIREWALL_SCRIPT
+    echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
+    echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
+    echo '' >> $MESH_FIREWALL_SCRIPT
+    echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+    echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+    echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+    echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+    echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+    echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+    chmod +x $MESH_FIREWALL_SCRIPT
+
+    echo '[Unit]' > $FIREWALL_FILENAME
+    echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
+    echo '' >> $FIREWALL_FILENAME
+    echo '[Service]' >> $FIREWALL_FILENAME
+    echo 'Type=oneshot' >> $FIREWALL_FILENAME
+    echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
+    echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
+    echo '' >> $FIREWALL_FILENAME
+    echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
+    echo '' >> $FIREWALL_FILENAME
+    echo '[Install]' >> $FIREWALL_FILENAME
+    echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
+    $CHROOT_PREFIX systemctl enable meshfirewall
 }
 
 function enable_tox_repo {
-	sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > /etc/apt/sources.list.d/tox.list"
-	wget http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key
-	sudo sh -c "apt-key add - < Release.key"
-	sudo apt-get update
-	echo "Tox Repository Installed."
+    sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > /etc/apt/sources.list.d/tox.list"
+    wget http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key
+    sudo sh -c "apt-key add - < Release.key"
+    sudo apt-get update
+    echo "Tox Repository Installed."
 }
 
 function mesh_tox_client_qtox {
-	enable_tox_repo
-	sudo apt-get -y install qtox
-	echo "qTox Installed."
+    enable_tox_repo
+    sudo apt-get -y install qtox
+    echo "qTox Installed."
 }
 
 function mesh_tox_client_toxic_from_repo {
-	enable_tox_repo
-	sudo apt-get -y install toxic
-	echo "Toxic Installed."
+    enable_tox_repo
+    sudo apt-get -y install toxic
+    echo "Toxic Installed."
 }
 
 while [[ $# > 1 ]]
 do
-	key="$1"
-
-	case $key in
-		-h|--help)
-			show_help
-			;;
-		-f|--function)
-			shift
-			FN="$1"
-			;;
-		-r|--rootdir)
-			shift
-			rootdir="$1"
-			CHROOT_PREFIX='chroot "${rootdir}"'
-			;;
-		-w|--wifi|--interface)
-			shift
-			WIFI_INTERFACE="$1"
-			;;
-		-m|--mirror)
-			shift
-			FRIENDS_MIRRORS_SERVER="$1"
-			;;
-		--remove)
-			shift
-			REMOVE="$1"
-			;;
-		*)
-			# unknown option
-			;;
-
-	esac
-	shift
+    key="$1"
+
+    case $key in
+	-h|--help)
+	    show_help
+	    ;;
+	-f|--function)
+	    shift
+	    FN="$1"
+	    ;;
+	-r|--rootdir)
+	    shift
+	    rootdir="$1"
+	    CHROOT_PREFIX='chroot "${rootdir}"'
+	    ;;
+	-w|--wifi|--interface)
+	    shift
+	    WIFI_INTERFACE="$1"
+	    ;;
+	-m|--mirror)
+	    shift
+	    FRIENDS_MIRRORS_SERVER="$1"
+	    ;;
+	--remove)
+	    shift
+	    REMOVE="$1"
+	    ;;
+	*)
+	    # unknown option
+	    ;;
+
+    esac
+    shift
 done
 
 if [[ $FN == 'babel' ]]; then
-	if [[ $REMOVE != 'yes' ]]; then
-		install_babel
-	else
-		install_babel_remove
-	fi
+    if [[ $REMOVE != 'yes' ]]; then
+	install_babel
+    else
+	install_babel_remove
+    fi
 fi
 if [[ $FN == 'babel_client' ]]; then
-	install_babel_client
+    install_babel_client
 fi
 if [[ $FN == 'avahi' ]]; then
-	mesh_avahi
+    mesh_avahi
 fi
 if [[ $FN == 'firewall' ]]; then
-	mesh_firewall
+    mesh_firewall
 fi
 if [[ $FN == 'batman' ]]; then
-	if [[ $REMOVE != 'yes' ]]; then
-		install_batman
-	else
-		install_batman_remove
-	fi
+    if [[ $REMOVE != 'yes' ]]; then
+	install_batman
+    else
+	install_batman_remove
+    fi
 fi
 if [[ $FN == 'qtox' ]]; then
-	mesh_tox_client_qtox
+    mesh_tox_client_qtox
 fi
 if [[ $FN == 'toxic' ]]; then
-	mesh_tox_client_toxic_from_repo
+    mesh_tox_client_toxic_from_repo
 fi
 
 exit 0