free
/
freedombone
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Pārlūkot izejas kodu

Merge branch 'stretch' of https://github.com/bashrc/freedombone

Bob Mottram 7 gadus atpakaļ
vecāks
2e07c45147 782b57c565
revīzija
5cb6466f87
37 mainītis faili ar 161 papildinājumiem un 152 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 4
    4
      src/freedombone-app-akaunting
  2. 4
    4
      src/freedombone-app-dokuwiki
  3. 4
    4
      src/freedombone-app-edith
  4. 4
    4
      src/freedombone-app-etherpad
  5. 5
    8
      src/freedombone-app-fedwiki
  6. 4
    4
      src/freedombone-app-friendica
  7. 4
    4
      src/freedombone-app-ghost
  8. 7
    5
      src/freedombone-app-gnusocial
  9. 4
    4
      src/freedombone-app-gogs
  10. 4
    4
      src/freedombone-app-htmly
  11. 4
    4
      src/freedombone-app-hubzilla
  12. 2
    2
      src/freedombone-app-jitsi
  13. 4
    4
      src/freedombone-app-kanboard
  14. 4
    4
      src/freedombone-app-keyserver
  15. 2
    2
      src/freedombone-app-koel
  16. 4
    4
      src/freedombone-app-lychee
  17. 4
    4
      src/freedombone-app-mailpile
  18. 8
    8
      src/freedombone-app-matrix
  19. 4
    4
      src/freedombone-app-mediagoblin
  20. 4
    4
      src/freedombone-app-movim
  21. 5
    5
      src/freedombone-app-nextcloud
  22. 2
    2
      src/freedombone-app-peertube
  23. 4
    4
      src/freedombone-app-pelican
  24. 10
    5
      src/freedombone-app-pleroma
  25. 9
    9
      src/freedombone-app-postactiv
  26. 4
    4
      src/freedombone-app-privatebin
  27. 2
    2
      src/freedombone-app-radicale
  28. 4
    4
      src/freedombone-app-riot
  29. 2
    2
      src/freedombone-app-scuttlebot
  30. 2
    2
      src/freedombone-app-searx
  31. 2
    2
      src/freedombone-app-tahoelafs
  32. 4
    4
      src/freedombone-app-turtl
  33. 6
    6
      src/freedombone-image-customise
  34. 2
    2
      src/freedombone-template
  35. 5
    0
      src/freedombone-utils-gnusocialtools
  36. 4
    4
      src/freedombone-utils-turn
  37. 10
    10
      src/freedombone-utils-web

+ 4
- 4
src/freedombone-app-akaunting Parādīt failu 

@@ -372,8 +372,8 @@ function install_akaunting {
372 372 
         function_check nginx_ssl
373 373 
         nginx_ssl "$AKAUNTING_DOMAIN_NAME"
374 374
375 
-        function_check nginx_disable_sniffing
376 
-        nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
375 
+        function_check nginx_security_options
376 
+        nginx_security_options "$AKAUNTING_DOMAIN_NAME"
377 377
378 378 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
379 379 
           echo '';
 
@@ -415,8 +415,8 @@ function install_akaunting {
415 415 
       function_check nginx_compress
416 416 
     nginx_compress "$AKAUNTING_DOMAIN_NAME"
417 417 
     echo '' >> "$akaunting_nginx_site"
418 
-    function_check nginx_disable_sniffing
419 
-    nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
418 
+    function_check nginx_security_options
419 
+    nginx_security_options "$AKAUNTING_DOMAIN_NAME"
420 420 
     { echo '';
421 421 
       echo '  access_log /dev/null;';
422 422 
       echo '  error_log /dev/null;';

+ 4
- 4
src/freedombone-app-dokuwiki Parādīt failu 

@@ -380,8 +380,8 @@ function install_dokuwiki {
380 380 
           echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
381 381 
         function_check nginx_ssl
382 382 
         nginx_ssl "$DOKUWIKI_DOMAIN_NAME"
383 
-        function_check nginx_disable_sniffing
384 
-        nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
383 
+        function_check nginx_security_options
384 
+        nginx_security_options "$DOKUWIKI_DOMAIN_NAME"
385 385 
         { echo '    add_header Strict-Transport-Security "max-age=0;";';
386 386 
           echo '';
387 387 
           echo '    # rewrite to front controller as default rule';
 
@@ -458,8 +458,8 @@ function install_dokuwiki {
458 458 
       echo '    index index.php;';
459 459 
       echo '    charset utf-8;';
460 460 
       echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
461 
-    function_check nginx_disable_sniffing
462 
-    nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
461 
+    function_check nginx_security_options
462 
+    nginx_security_options "$DOKUWIKI_DOMAIN_NAME"
463 463 
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
464 464 
       echo '';
465 465 
       echo '    # rewrite to front controller as default rule';

+ 4
- 4
src/freedombone-app-edith Parādīt failu 

@@ -341,8 +341,8 @@ function install_edith {
341 341 
         function_check nginx_ssl
342 342 
         nginx_ssl "$EDITH_DOMAIN_NAME"
343 343
344 
-        function_check nginx_disable_sniffing
345 
-        nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
344 
+        function_check nginx_security_options
345 
+        nginx_security_options "$EDITH_DOMAIN_NAME"
346 346
347 347 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
348 348 
           echo '';
 
@@ -379,8 +379,8 @@ function install_edith {
379 379 
     function_check nginx_compress
380 380 
     nginx_compress "$EDITH_DOMAIN_NAME"
381 381 
     echo '' >> "$edith_nginx_site"
382 
-    function_check nginx_disable_sniffing
383 
-    nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
382 
+    function_check nginx_security_options
383 
+    nginx_security_options "$EDITH_DOMAIN_NAME"
384 384 
     { echo '';
385 385 
       echo '  access_log /dev/null;';
386 386 
       echo '  error_log /dev/null;';

+ 4
- 4
src/freedombone-app-etherpad Parādīt failu 

@@ -557,8 +557,8 @@ function install_etherpad {
557 557 
         function_check nginx_ssl
558 558 
         nginx_ssl "$ETHERPAD_DOMAIN_NAME"
559 559
560 
-        function_check nginx_disable_sniffing
561 
-        nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
560 
+        function_check nginx_security_options
561 
+        nginx_security_options "$ETHERPAD_DOMAIN_NAME"
562 562
563 563 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
564 564 
         echo '';
 
@@ -584,8 +584,8 @@ function install_etherpad {
584 584 
       echo "    listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;";
585 585 
       echo "    server_name $ETHERPAD_ONION_HOSTNAME;";
586 586 
       echo ''; } >> "$etherpad_nginx_site"
587 
-    function_check nginx_disable_sniffing
588 
-    nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
587 
+    function_check nginx_security_options
588 
+    nginx_security_options "$ETHERPAD_DOMAIN_NAME"
589 589 
     { echo '';
590 590 
       echo '  # Logs';
591 591 
       echo '  access_log /dev/null;';

+ 5
- 8
src/freedombone-app-fedwiki Parādīt failu 

@@ -339,12 +339,6 @@ function fedwiki_setup_web {
339 339 
         function_check nginx_ssl
340 340 
         nginx_ssl "$FEDWIKI_DOMAIN_NAME" mobile
341 341
342 
-        sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file"
343 
-        sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file"
344 
-        sed -i '/X-Robots-Tag/d' "$fedwiki_nginx_file"
345 
-        sed -i '/X-Download-Options/d' "$fedwiki_nginx_file"
346 
-        sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file"
347 
-
348 342 
         { echo '  add_header X-Robots-Tag none;';
349 343 
           echo '  add_header X-Download-Options noopen;';
350 344 
           echo '  add_header X-Frame-Options DENY;';
 
@@ -371,10 +365,9 @@ function fedwiki_setup_web {
371 365 
       echo "  listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;";
372 366 
       echo "  server_name $FEDWIKI_ONION_HOSTNAME;";
373 367 
       echo '';
374 
-      echo '  add_header X-Robots-Tag none;';
375 
-      echo '  add_header X-Download-Options noopen;';
376 368 
       echo '  add_header X-Frame-Options DENY;';
377 369 
       echo '  add_header X-Content-Type-Options nosniff;';
370 
+      echo '  add_header X-Download-Options noopen;';
378 371 
       echo '';
379 372 
       echo '  location /fonts-font-awesome/ {';
380 373 
       echo '    alias /usr/share/fonts-font-awesome/;';
 
@@ -389,6 +382,10 @@ function fedwiki_setup_web {
389 382 
       echo '  }';
390 383 
       echo '}'; } >> "$fedwiki_nginx_file"
391 384
385 
+    sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file"
386 
+    sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file"
387 
+    sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file"
388 
+
392 389 
     function_check create_site_certificate
393 390 
     create_site_certificate "$FEDWIKI_DOMAIN_NAME" 'yes'
394 391

+ 4
- 4
src/freedombone-app-friendica Parādīt failu 

@@ -419,8 +419,8 @@ function install_friendica {
419 419 
           echo '    access_log /dev/null;'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
420 420 
         function_check nginx_ssl
421 421 
         nginx_ssl "$FRIENDICA_DOMAIN_NAME"
422 
-        function_check nginx_disable_sniffing
423 
-        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
422 
+        function_check nginx_security_options
423 
+        nginx_security_options "$FRIENDICA_DOMAIN_NAME"
424 424 
         { echo '    add_header Strict-Transport-Security max-age=15768000;';
425 425 
           echo '';
426 426 
           echo '    # rewrite to front controller as default rule';
 
@@ -493,7 +493,7 @@ function install_friendica {
493 493 
           echo '    # rewrite to front controller as default rule';
494 494 
           echo '    location / {'; } > "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
495 495 
         nginx_limits "$FRIENDICA_DOMAIN_NAME"
496 
-        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
496 
+        nginx_security_options "$FRIENDICA_DOMAIN_NAME"
497 497 
         { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
498 498 
           echo '    }';
499 499 
           echo '';
 
@@ -515,7 +515,7 @@ function install_friendica {
515 515 
           echo '    # or a unix socket';
516 516 
           echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
517 517 
         nginx_limits "$FRIENDICA_DOMAIN_NAME"
518 
-        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
518 
+        nginx_security_options "$FRIENDICA_DOMAIN_NAME"
519 519 
         { echo '        # Zero-day exploit defense.';
520 520 
           echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
521 521 
           echo "        # Won't work properly (404 error) if the file is not stored on this";

+ 4
- 4
src/freedombone-app-ghost Parādīt failu 

@@ -518,8 +518,8 @@ function install_ghost {
518 518 
           echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
519 519 
         function_check nginx_ssl
520 520 
         nginx_ssl "${GHOST_DOMAIN_NAME}"
521 
-        function_check nginx_disable_sniffing
522 
-        nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
521 
+        function_check nginx_security_options
522 
+        nginx_security_options "${GHOST_DOMAIN_NAME}"
523 523 
         { echo '    add_header Strict-Transport-Security max-age=0;';
524 524 
           echo '';
525 525 
           echo '    location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
 
@@ -550,8 +550,8 @@ function install_ghost {
550 550 
       echo '    access_log /dev/null;';
551 551 
       echo "    error_log /dev/null;";
552 552 
       echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
553 
-    function_check nginx_disable_sniffing
554 
-    nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
553 
+    function_check nginx_security_options
554 
+    nginx_security_options "${GHOST_DOMAIN_NAME}"
555 555 
     { echo '    add_header Strict-Transport-Security max-age=0;';
556 556 
       echo '';
557 557 
       echo '    location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"

+ 7
- 5
src/freedombone-app-gnusocial Parādīt failu 

@@ -37,7 +37,7 @@ GNUSOCIAL_DOMAIN_NAME=
37 37 
 GNUSOCIAL_CODE=
38 38 
 GNUSOCIAL_ONION_PORT=8087
39 39 
 GNUSOCIAL_REPO="https://git.gnu.io/gnu/gnu-social.git"
40 
-GNUSOCIAL_COMMIT='ffe14fe5f326f013a34fdd303c0e5e8aae772559'
40 
+GNUSOCIAL_COMMIT='67a9c0415c395d92adeb784413bb9a88fba7347f'
41 41 
 GNUSOCIAL_ADMIN_PASSWORD=
42 42
43 43 
 GNUSOCIAL_BACKGROUND_IMAGE_URL=
 
@@ -707,8 +707,8 @@ function install_gnusocial_main {
707 707 
         function_check nginx_ssl
708 708 
         nginx_ssl "$GNUSOCIAL_DOMAIN_NAME"
709 709
710 
-        function_check nginx_disable_sniffing
711 
-        nginx_disable_sniffing "$GNUSOCIAL_DOMAIN_NAME"
710 
+        function_check nginx_security_options
711 
+        nginx_security_options "$GNUSOCIAL_DOMAIN_NAME"
712 712
713 713 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
714 714 
           echo '';
 
@@ -756,8 +756,8 @@ function install_gnusocial_main {
756 756 
     function_check nginx_compress
757 757 
     nginx_compress "$GNUSOCIAL_DOMAIN_NAME"
758 758 
     echo '' >> "$gnusocial_nginx_site"
759 
-    function_check nginx_disable_sniffing
760 
-    nginx_disable_sniffing "$GNUSOCIAL_DOMAIN_NAME"
759 
+    function_check nginx_security_options
760 
+    nginx_security_options "$GNUSOCIAL_DOMAIN_NAME"
761 761 
     { echo '';
762 762 
       echo '  # Logs';
763 763 
       echo '  access_log /dev/null;';
 
@@ -918,6 +918,8 @@ function install_gnusocial {
918 918 
     fi
919 919
920 920 
     # unleash the daemons!
921 
+    cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 236482684
922 
+    php scripts/checkschema.php
921 923 
     /etc/cron.hourly/gnusocial-daemons
922 924
923 925 
     systemctl restart nginx

+ 4
- 4
src/freedombone-app-gogs Parādīt failu 

@@ -591,8 +591,8 @@ function install_gogs {
591 591 
           echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
592 592 
         function_check nginx_ssl
593 593 
         nginx_ssl "${GIT_DOMAIN_NAME}"
594 
-        function_check nginx_disable_sniffing
595 
-        nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
594 
+        function_check nginx_security_options
595 
+        nginx_security_options "${GIT_DOMAIN_NAME}"
596 596 
         { echo '    add_header Strict-Transport-Security max-age=0;';
597 597 
           echo '';
598 598 
           echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
 
@@ -623,8 +623,8 @@ function install_gogs {
623 623 
       echo '    access_log /dev/null;';
624 624 
       echo "    error_log /dev/null;";
625 625 
       echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
626 
-    function_check nginx_disable_sniffing
627 
-    nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
626 
+    function_check nginx_security_options
627 
+    nginx_security_options "${GIT_DOMAIN_NAME}"
628 628 
     { echo '    add_header Strict-Transport-Security max-age=0;';
629 629 
       echo '';
630 630 
       echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"

+ 4
- 4
src/freedombone-app-htmly Parādīt failu 

@@ -460,8 +460,8 @@ function install_htmly_website {
460 460 
       echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
461 461 
     function_check nginx_ssl
462 462 
     nginx_ssl "$HTMLY_DOMAIN_NAME"
463 
-    function_check nginx_disable_sniffing
464 
-    nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
463 
+    function_check nginx_security_options
464 
+    nginx_security_options "$HTMLY_DOMAIN_NAME"
465 465 
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
466 466 
       echo '';
467 467 
       echo '    # rewrite to front controller as default rule';
 
@@ -542,8 +542,8 @@ function install_htmly_website_onion {
542 542 
       echo '    index index.php;';
543 543 
       echo '    charset utf-8;';
544 544 
       echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
545 
-    function_check nginx_disable_sniffing
546 
-    nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
545 
+    function_check nginx_security_options
546 
+    nginx_security_options "$HTMLY_DOMAIN_NAME"
547 547 
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
548 548 
       echo '';
549 549 
       echo '    # rewrite to front controller as default rule';

+ 4
- 4
src/freedombone-app-hubzilla Parādīt failu 

@@ -421,8 +421,8 @@ function install_hubzilla {
421 421 
           echo '    access_log /dev/null;'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
422 422 
         function_check nginx_ssl
423 423 
         nginx_ssl "$HUBZILLA_DOMAIN_NAME"
424 
-        function_check nginx_disable_sniffing
425 
-        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
424 
+        function_check nginx_security_options
425 
+        nginx_security_options "$HUBZILLA_DOMAIN_NAME"
426 426 
         { echo '    add_header Strict-Transport-Security max-age=15768000;';
427 427 
           echo '';
428 428 
           echo '    # rewrite to front controller as default rule';
 
@@ -494,7 +494,7 @@ function install_hubzilla {
494 494 
         echo '    # rewrite to front controller as default rule';
495 495 
         echo '    location / {'; } > "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
496 496 
         nginx_limits "$HUBZILLA_DOMAIN_NAME"
497 
-        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
497 
+        nginx_security_options "$HUBZILLA_DOMAIN_NAME"
498 498 
         { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
499 499 
           echo '    }';
500 500 
           echo '';
 
@@ -516,7 +516,7 @@ function install_hubzilla {
516 516 
           echo '    # or a unix socket';
517 517 
           echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
518 518 
         nginx_limits "$HUBZILLA_DOMAIN_NAME"
519 
-        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
519 
+        nginx_security_options "$HUBZILLA_DOMAIN_NAME"
520 520 
         { echo '        # Zero-day exploit defense.';
521 521 
           echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
522 522 
           echo "        # Won't work properly (404 error) if the file is not stored on this";

+ 2
- 2
src/freedombone-app-jitsi Parādīt failu 

@@ -286,8 +286,8 @@ function install_jitsi {
286 286 
         function_check nginx_ssl
287 287 
         nginx_ssl ${JITSI_DOMAIN_NAME}
288 288
289 
-        function_check nginx_disable_sniffing
290 
-        nginx_disable_sniffing ${JITSI_DOMAIN_NAME}
289 
+        function_check nginx_security_options
290 
+        nginx_security_options ${JITSI_DOMAIN_NAME}
291 291
292 292 
         { echo '    add_header Strict-Transport-Security max-age=15768000;';
293 293 
           echo '';

+ 4
- 4
src/freedombone-app-kanboard Parādīt failu 

@@ -468,8 +468,8 @@ function install_kanboard {
468 468 
         function_check nginx_ssl
469 469 
         nginx_ssl "$KANBOARD_DOMAIN_NAME"
470 470
471 
-        function_check nginx_disable_sniffing
472 
-        nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
471 
+        function_check nginx_security_options
472 
+        nginx_security_options "$KANBOARD_DOMAIN_NAME"
473 473
474 474 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
475 475 
           echo '';
 
@@ -517,8 +517,8 @@ function install_kanboard {
517 517 
     function_check nginx_compress
518 518 
     nginx_compress "$KANBOARD_DOMAIN_NAME"
519 519 
     echo '' >> "$kanboard_nginx_site"
520 
-    function_check nginx_disable_sniffing
521 
-    nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
520 
+    function_check nginx_security_options
521 
+    nginx_security_options "$KANBOARD_DOMAIN_NAME"
522 522 
     { echo '';
523 523 
       echo '  # Logs';
524 524 
       echo '  access_log /dev/null;';

+ 4
- 4
src/freedombone-app-keyserver Parādīt failu 

@@ -742,8 +742,8 @@ function install_keyserver {
742 742 
         function_check nginx_ssl
743 743 
         nginx_ssl $KEYSERVER_DOMAIN_NAME
744 744
745 
-        function_check nginx_disable_sniffing
746 
-        nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
745 
+        function_check nginx_security_options
746 
+        nginx_security_options $KEYSERVER_DOMAIN_NAME
747 747
748 748 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
749 749 
           echo '';
 
@@ -792,8 +792,8 @@ function install_keyserver {
792 792 
       echo '    return 404;';
793 793 
       echo '  }';
794 794 
       echo ''; } >> $keyserver_nginx_site
795 
-    function_check nginx_disable_sniffing
796 
-    nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
795 
+    function_check nginx_security_options
796 
+    nginx_security_options $KEYSERVER_DOMAIN_NAME
797 797 
     { echo '';
798 798 
       echo '  # Logs';
799 799 
       echo '  access_log /dev/null;';

+ 2
- 2
src/freedombone-app-koel Parādīt failu 

@@ -553,8 +553,8 @@ function install_koel_main {
553 553 
         function_check nginx_ssl mobile
554 554 
         nginx_ssl "$KOEL_DOMAIN_NAME"
555 555
556 
-        function_check nginx_disable_sniffing
557 
-        nginx_disable_sniffing "$KOEL_DOMAIN_NAME"
556 
+        function_check nginx_security_options
557 
+        nginx_security_options "$KOEL_DOMAIN_NAME"
558 558
559 559 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
560 560 
           echo '';

+ 4
- 4
src/freedombone-app-lychee Parādīt failu 

@@ -270,8 +270,8 @@ function install_lychee_website {
270 270 
       echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
271 271 
     function_check nginx_ssl
272 272 
     nginx_ssl "$LYCHEE_DOMAIN_NAME"
273 
-    function_check nginx_disable_sniffing
274 
-    nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
273 
+    function_check nginx_security_options
274 
+    nginx_security_options "$LYCHEE_DOMAIN_NAME"
275 275 
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
276 276 
       echo '';
277 277 
       echo '    # rewrite to front controller as default rule';
 
@@ -331,8 +331,8 @@ function install_lychee_website_onion {
331 331 
       echo '    index index.html;';
332 332 
       echo '    charset utf-8;';
333 333 
       echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
334 
-    function_check nginx_disable_sniffing
335 
-    nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
334 
+    function_check nginx_security_options
335 
+    nginx_security_options "$LYCHEE_DOMAIN_NAME"
336 336 
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
337 337 
       echo '';
338 338 
       echo '    # rewrite to front controller as default rule';

+ 4
- 4
src/freedombone-app-mailpile Parādīt failu 

@@ -248,8 +248,8 @@ function install_mailpile {
248 248 
         function_check nginx_ssl
249 249 
         nginx_ssl $MAILPILE_DOMAIN_NAME
250 250
251 
-        function_check nginx_disable_sniffing
252 
-        nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
251 
+        function_check nginx_security_options
252 
+        nginx_security_options $MAILPILE_DOMAIN_NAME
253 253
254 254 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
255 255 
           echo '';
 
@@ -280,8 +280,8 @@ function install_mailpile {
280 280 
       echo "    listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;";
281 281 
       echo "    server_name $MAILPILE_ONION_HOSTNAME;";
282 282 
       echo ''; } >> $mailpile_nginx_site
283 
-    function_check nginx_disable_sniffing
284 
-    nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
283 
+    function_check nginx_security_options
284 
+    nginx_security_options $MAILPILE_DOMAIN_NAME
285 285 
     { echo '';
286 286 
       echo '  # Logs';
287 287 
       echo '  access_log /dev/null;';

+ 8
- 8
src/freedombone-app-matrix Parādīt failu 

@@ -135,8 +135,8 @@ function matrix_nginx {
135 135 
         function_check nginx_ssl
136 136 
         nginx_ssl ${MATRIX_DOMAIN_NAME}
137 137
138 
-        function_check nginx_disable_sniffing
139 
-        nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
138 
+        function_check nginx_security_options
139 
+        nginx_security_options ${MATRIX_DOMAIN_NAME}
140 140
141 141 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
142 142 
           echo '';
 
@@ -164,8 +164,8 @@ function matrix_nginx {
164 164 
         function_check nginx_ssl
165 165 
         nginx_ssl ${MATRIX_DOMAIN_NAME}
166 166
167 
-        function_check nginx_disable_sniffing
168 
-        nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
167 
+        function_check nginx_security_options
168 
+        nginx_security_options ${MATRIX_DOMAIN_NAME}
169 169
170 170 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
171 171 
           echo '';
 
@@ -193,8 +193,8 @@ function matrix_nginx {
193 193 
       echo "    listen 127.0.0.1:$MATRIX_FEDERATION_ONION_PORT default_server;";
194 194 
       echo "    server_name $MATRIX_DOMAIN_NAME;";
195 195 
       echo ''; } >> $matrix_nginx_site
196 
-    function_check nginx_disable_sniffing
197 
-    nginx_disable_sniffing $MATRIX_DOMAIN_NAME
196 
+    function_check nginx_security_options
197 
+    nginx_security_options $MATRIX_DOMAIN_NAME
198 198 
     { echo '';
199 199 
       echo '  # Logs';
200 200 
       echo '  access_log /dev/null;';
 
@@ -214,8 +214,8 @@ function matrix_nginx {
214 214 
       echo "    listen 127.0.0.1:$MATRIX_ONION_PORT default_server;";
215 215 
       echo "    server_name $MATRIX_DOMAIN_NAME;";
216 216 
       echo ''; } >> $matrix_nginx_site
217 
-    function_check nginx_disable_sniffing
218 
-    nginx_disable_sniffing $MATRIX_DOMAIN_NAME
217 
+    function_check nginx_security_options
218 
+    nginx_security_options $MATRIX_DOMAIN_NAME
219 219 
     { echo '';
220 220 
       echo '  # Logs';
221 221 
       echo '  access_log /dev/null;';

+ 4
- 4
src/freedombone-app-mediagoblin Parādīt failu 

@@ -381,8 +381,8 @@ function install_mediagoblin {
381 381 
           echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
382 382 
         function_check nginx_ssl
383 383 
         nginx_ssl "$MEDIAGOBLIN_DOMAIN_NAME"
384 
-        function_check nginx_disable_sniffing
385 
-        nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
384 
+        function_check nginx_security_options
385 
+        nginx_security_options "$MEDIAGOBLIN_DOMAIN_NAME"
386 386 
         function_check nginx_limits
387 387 
         nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
388 388 
         { echo '';
 
@@ -438,8 +438,8 @@ function install_mediagoblin {
438 438 
       echo '    default_type  application/octet-stream;';
439 439 
       echo '    sendfile on;';
440 440 
       echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
441 
-    function_check nginx_disable_sniffing
442 
-    nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
441 
+    function_check nginx_security_options
442 
+    nginx_security_options "$MEDIAGOBLIN_DOMAIN_NAME"
443 443 
     function_check nginx_limits
444 444 
     nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
445 445 
     { echo '';

+ 4
- 4
src/freedombone-app-movim Parādīt failu 

@@ -444,8 +444,8 @@ function install_movim {
444 444 
         function_check nginx_ssl
445 445 
         nginx_ssl "$MOVIM_DOMAIN_NAME"
446 446
447 
-        function_check nginx_disable_sniffing
448 
-        nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
447 
+        function_check nginx_security_options
448 
+        nginx_security_options "$MOVIM_DOMAIN_NAME"
449 449
450 450 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
451 451 
           echo '';
 
@@ -506,8 +506,8 @@ function install_movim {
506 506 
     function_check nginx_compress
507 507 
     nginx_compress "$MOVIM_DOMAIN_NAME"
508 508 
     echo '' >> "$movim_nginx_site"
509 
-    function_check nginx_disable_sniffing
510 
-    nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
509 
+    function_check nginx_security_options
510 
+    nginx_security_options "$MOVIM_DOMAIN_NAME"
511 511 
     { echo '';
512 512 
       echo '  # Logs';
513 513 
       echo '  access_log /dev/null;';

+ 5
- 5
src/freedombone-app-nextcloud Parādīt failu 

@@ -138,7 +138,7 @@ function install_interactive_nextcloud {
138 138
139 139 
         # remove any invalid characters
140 140 
         if [ ${#NEXTCLOUD_TITLE} -gt 0 ]; then
141 
-            new_title=${"$NEXTCLOUD_TITLE"//\'//}
141 
+            new_title=${NEXTCLOUD_TITLE//\'/}
142 142 
             NEXTCLOUD_TITLE="$new_title"
143 143 
         fi
144 144 
 
@@ -490,8 +490,8 @@ function install_nextcloud_main {
490 490 
         function_check nginx_ssl
491 491 
         nginx_ssl "$NEXTCLOUD_DOMAIN_NAME" mobile
492 492
493 
-        function_check nginx_disable_sniffing
494 
-        nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
493 
+        function_check nginx_security_options
494 
+        nginx_security_options "$NEXTCLOUD_DOMAIN_NAME"
495 495
496 496 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
497 497 
           echo '';
 
@@ -554,8 +554,8 @@ function install_nextcloud_main {
554 554 
       echo "    listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;";
555 555 
       echo "    server_name $NEXTCLOUD_DOMAIN_NAME;";
556 556 
       echo ''; } >> "$nextcloud_nginx_site"
557 
-    function_check nginx_disable_sniffing
558 
-    nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
557 
+    function_check nginx_security_options
558 
+    nginx_security_options "$NEXTCLOUD_DOMAIN_NAME"
559 559 
     { echo '';
560 560 
       echo '  # Logs';
561 561 
       echo '  access_log /dev/null;';

+ 2
- 2
src/freedombone-app-peertube Parādīt failu 

@@ -376,8 +376,8 @@ function peertube_setup_web {
376 376 
         function_check nginx_ssl
377 377 
         nginx_ssl "$PEERTUBE_DOMAIN_NAME" mobile
378 378
379 
-        function_check nginx_disable_sniffing
380 
-        nginx_disable_sniffing "$PEERTUBE_DOMAIN_NAME"
379 
+        function_check nginx_security_options
380 
+        nginx_security_options "$PEERTUBE_DOMAIN_NAME"
381 381
382 382 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
383 383 
           echo '';

+ 4
- 4
src/freedombone-app-pelican Parādīt failu 

@@ -84,8 +84,8 @@ function install_pelican_website {
84 84 
       echo '    charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
85 85 
     function_check nginx_ssl
86 86 
     nginx_ssl "$PELICAN_DOMAIN_NAME"
87 
-    function_check nginx_disable_sniffing
88 
-    nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
87 
+    function_check nginx_security_options
88 
+    nginx_security_options "$PELICAN_DOMAIN_NAME"
89 89 
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
90 90 
       echo '';
91 91 
       echo '    location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
 
@@ -125,8 +125,8 @@ function install_pelican_website_onion {
125 125 
       echo "    error_log /dev/null;";
126 126 
       echo '    index index.html;';
127 127 
       echo '    charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
128 
-    function_check nginx_disable_sniffing
129 
-    nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
128 
+    function_check nginx_security_options
129 
+    nginx_security_options "$PELICAN_DOMAIN_NAME"
130 130 
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
131 131 
       echo '';
132 132 
       echo '    location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"

+ 10
- 5
src/freedombone-app-pleroma Parādīt failu 

@@ -353,7 +353,7 @@ function install_interactive_pleroma {
353 353
354 354 
         # remove any invalid characters
355 355 
         if [ ${#PLEROMA_TITLE} -gt 0 ]; then
356 
-            new_title=${"$PLEROMA_TITLE"//\'//}
356 
+            new_title=${PLEROMA_TITLE//\'/}
357 357 
             PLEROMA_TITLE="$new_title"
358 358 
         fi
359 359 
 
@@ -1029,8 +1029,8 @@ function install_pleroma {
1029 1029 
         function_check nginx_ssl
1030 1030 
         nginx_ssl "$PLEROMA_DOMAIN_NAME"
1031 1031
1032 
-        function_check nginx_disable_sniffing
1033 
-        nginx_disable_sniffing "$PLEROMA_DOMAIN_NAME"
1032 
+        function_check nginx_security_options
1033 
+        nginx_security_options "$PLEROMA_DOMAIN_NAME"
1034 1034
1035 1035 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
1036 1036 
           echo '';
 
@@ -1069,8 +1069,8 @@ function install_pleroma {
1069 1069 
     function_check nginx_compress
1070 1070 
     nginx_compress "$PLEROMA_DOMAIN_NAME"
1071 1071 
     echo '' >> "$pleroma_nginx_site"
1072 
-    function_check nginx_disable_sniffing
1073 
-    nginx_disable_sniffing "$PLEROMA_DOMAIN_NAME"
1072 
+    function_check nginx_security_options
1073 
+    nginx_security_options "$PLEROMA_DOMAIN_NAME"
1074 1074 
     { echo '';
1075 1075 
       echo '  # Logs';
1076 1076 
       echo '  access_log /dev/null;';
 
@@ -1173,6 +1173,11 @@ function install_pleroma {
1173 1173 
       echo '[Install]';
1174 1174 
       echo 'WantedBy=multi-user.target';
1175 1175 
       echo 'Alias=pleroma.service'; } > /etc/systemd/system/pleroma.service
1176 
+
1177 
+    # set registrations open initially
1178 
+    sed -i 's|registrations_open:.*|registrations_open: true,|g' $PLEROMA_DIR/config/config.exs
1179 
+    sed -i 's|"registrationOpen":.*|"registrationOpen": true,|g' $PLEROMA_DIR/priv/static/static/config.json
1180 
+
1176 1181 
     systemctl daemon-reload
1177 1182 
     systemctl enable pleroma
1178 1183 
     systemctl start pleroma

+ 9
- 9
src/freedombone-app-postactiv Parādīt failu 

@@ -36,8 +36,8 @@ SHOW_ON_ABOUT=1
36 36 
 POSTACTIV_DOMAIN_NAME=
37 37 
 POSTACTIV_CODE=
38 38 
 POSTACTIV_ONION_PORT=8100
39 
-POSTACTIV_REPO="https://git.postactiv.com/postActiv/postActiv.git"
40 
-POSTACTIV_COMMIT='0531c469b44aab6a71230778ab4492eca889bb2c'
39 
+POSTACTIV_REPO="http://gitea.postactiv.com/postActiv/postActiv.git"
40 
+POSTACTIV_COMMIT='3c88992eeb'
41 41 
 POSTACTIV_ADMIN_PASSWORD=
42 42
43 43 
 POSTACTIV_BACKGROUND_IMAGE_URL=
 
@@ -180,7 +180,7 @@ function install_interactive_postactiv {
180 180
181 181 
         # remove any invalid characters
182 182 
         if [ ${#POSTACTIV_TITLE} -gt 0 ]; then
183 
-            new_title=${"$POSTACTIV_TITLE"//\'//}
183 
+            new_title=${POSTACTIV_TITLE//\'/}
184 184 
             POSTACTIV_TITLE="$new_title"
185 185 
         fi
186 186 
 
@@ -665,8 +665,8 @@ function install_postactiv_main {
665 665 
             cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 46824682682
666 666 
             git pull
667 667 
         else
668 
-            function_check git_clone
669 
-            git_clone "$POSTACTIV_REPO" "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
668 
+            # This is deliberately non-recursive
669 
+            git clone "$POSTACTIV_REPO" "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
670 670 
         fi
671 671
672 672 
         if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" ]; then
 
@@ -721,8 +721,8 @@ function install_postactiv_main {
721 721 
         function_check nginx_ssl
722 722 
         nginx_ssl "$POSTACTIV_DOMAIN_NAME"
723 723
724 
-        function_check nginx_disable_sniffing
725 
-        nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"
724 
+        function_check nginx_security_options
725 
+        nginx_security_options "$POSTACTIV_DOMAIN_NAME"
726 726
727 727 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
728 728 
           echo '';
 
@@ -767,8 +767,8 @@ function install_postactiv_main {
767 767 
       echo "    listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;";
768 768 
       echo "    server_name $POSTACTIV_ONION_HOSTNAME;";
769 769 
       echo ''; } >> "$postactiv_nginx_site"
770 
-    function_check nginx_disable_sniffing
771 
-    nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"
770 
+    function_check nginx_security_options
771 
+    nginx_security_options "$POSTACTIV_DOMAIN_NAME"
772 772 
     echo '' >> "$postactiv_nginx_site"
773 773 
     function_check nginx_compress
774 774 
     nginx_compress "$POSTACTIV_DOMAIN_NAME"

+ 4
- 4
src/freedombone-app-privatebin Parādīt failu 

@@ -351,8 +351,8 @@ function install_privatebin {
351 351 
         function_check nginx_ssl
352 352 
         nginx_ssl "$PRIVATEBIN_DOMAIN_NAME"
353 353
354 
-        function_check nginx_disable_sniffing
355 
-        nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
354 
+        function_check nginx_security_options
355 
+        nginx_security_options "$PRIVATEBIN_DOMAIN_NAME"
356 356
357 357 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
358 358 
           echo '';
 
@@ -393,8 +393,8 @@ function install_privatebin {
393 393 
     function_check nginx_compress
394 394 
     nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
395 395 
     echo '' >> "$privatebin_nginx_site"
396 
-    function_check nginx_disable_sniffing
397 
-    nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
396 
+    function_check nginx_security_options
397 
+    nginx_security_options "$PRIVATEBIN_DOMAIN_NAME"
398 398 
     { echo '';
399 399 
       echo '  # Logs';
400 400 
       echo '  access_log /dev/null;';

+ 2
- 2
src/freedombone-app-radicale Parādīt failu 

@@ -476,8 +476,8 @@ function install_radicale {
476 476 
               echo ''; } > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
477 477 
             function_check nginx_ssl
478 478 
             nginx_ssl "${DEFAULT_DOMAIN_NAME}" mobile
479 
-            function_check nginx_disable_sniffing
480 
-            nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}"
479 
+            function_check nginx_security_options
480 
+            nginx_security_options "${DEFAULT_DOMAIN_NAME}"
481 481 
             { echo '';
482 482 
               echo "    server_name ${DEFAULT_DOMAIN_NAME};";
483 483

+ 4
- 4
src/freedombone-app-riot Parādīt failu 

@@ -279,8 +279,8 @@ function install_riot {
279 279 
         function_check nginx_ssl
280 280 
         nginx_ssl $RIOT_DOMAIN_NAME
281 281
282 
-        function_check nginx_disable_sniffing
283 
-        nginx_disable_sniffing $RIOT_DOMAIN_NAME
282 
+        function_check nginx_security_options
283 
+        nginx_security_options $RIOT_DOMAIN_NAME
284 284
285 285 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
286 286 
           echo '';
 
@@ -306,8 +306,8 @@ function install_riot {
306 306 
       echo "    listen 127.0.0.1:$RIOT_ONION_PORT default_server;";
307 307 
       echo "    server_name $RIOT_ONION_HOSTNAME;";
308 308 
       echo ''; } >> $riot_nginx_site
309 
-    function_check nginx_disable_sniffing
310 
-    nginx_disable_sniffing $RIOT_DOMAIN_NAME
309 
+    function_check nginx_security_options
310 
+    nginx_security_options $RIOT_DOMAIN_NAME
311 311 
     { echo '';
312 312 
       echo '  # Logs';
313 313 
       echo '  access_log /dev/null;';

+ 2
- 2
src/freedombone-app-scuttlebot Parādīt failu 

@@ -317,8 +317,8 @@ function scuttlebot_git_setup {
317 317 
         function_check nginx_ssl
318 318 
         nginx_ssl $SCUTTLEBOT_DOMAIN_NAME
319 319
320 
-        function_check nginx_disable_sniffing
321 
-        nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME
320 
+        function_check nginx_security_options
321 
+        nginx_security_options $SCUTTLEBOT_DOMAIN_NAME
322 322 
     fi
323 323
324 324 
     { echo '';

+ 2
- 2
src/freedombone-app-searx Parādīt failu 

@@ -967,8 +967,8 @@ function install_searx {
967 967 
       echo '    access_log /dev/null;';
968 968 
       echo "    error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;";
969 969 
       echo ''; } > /etc/nginx/sites-available/searx
970 
-    function_check nginx_disable_sniffing
971 
-    nginx_disable_sniffing searx
970 
+    function_check nginx_security_options
971 
+    nginx_security_options searx
972 972 
     { echo '    add_header Strict-Transport-Security max-age=0;';
973 973 
       echo '';
974 974 
       echo '    location / {'; } >> /etc/nginx/sites-available/searx

+ 2
- 2
src/freedombone-app-tahoelafs Parādīt failu 

@@ -608,8 +608,8 @@ function create_tahoelafs_web {
608 608 
       echo "    listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;";
609 609 
       echo "    server_name $TAHOELAFS_ONION_HOSTNAME;";
610 610 
       echo ''; } > "$tahoelafs_nginx_site"
611 
-    function_check nginx_disable_sniffing
612 
-    nginx_disable_sniffing tahoelafs
611 
+    function_check nginx_security_options
612 
+    nginx_security_options tahoelafs
613 613 
     { echo '';
614 614 
       echo '  # Logs';
615 615 
       echo '  access_log /dev/null;';

+ 4
- 4
src/freedombone-app-turtl Parādīt failu 

@@ -674,8 +674,8 @@ function install_turtl_nginx {
674 674 
         function_check nginx_ssl
675 675 
         nginx_ssl $TURTL_DOMAIN_NAME
676 676
677 
-        function_check nginx_disable_sniffing
678 
-        nginx_disable_sniffing $TURTL_DOMAIN_NAME
677 
+        function_check nginx_security_options
678 
+        nginx_security_options $TURTL_DOMAIN_NAME
679 679
680 680 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
681 681 
           echo '';
 
@@ -698,8 +698,8 @@ function install_turtl_nginx {
698 698 
       echo "  listen 127.0.0.1:${TURTL_ONION_PORT};";
699 699 
       echo "  server_name ${TURTL_ONION_HOSTNAME};";
700 700 
       echo ''; } >> $turtl_nginx_site
701 
-    function_check nginx_disable_sniffing
702 
-    nginx_disable_sniffing $TURTL_DOMAIN_NAME
701 
+    function_check nginx_security_options
702 
+    nginx_security_options $TURTL_DOMAIN_NAME
703 703 
     { echo '';
704 704 
       echo '  # Logs';
705 705 
       echo '  access_log /dev/null;';

+ 6
- 6
src/freedombone-image-customise Parādīt failu 

@@ -1901,7 +1901,7 @@ function image_preinstall_repos {
1901 1901
1902 1902 
     if [[ "$SOCIALINSTANCE" == "pleroma" ]]; then
1903 1903 
         git clone "$PLEROMA_REPO" "$rootdir/repos/pleroma"
1904 
-        #git clone $QVITTER_THEME_REPO "$rootdir/repos/qvitter"
1904 
+        git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
1905 1905 
         git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
1906 1906 
         return
1907 1907 
     fi
 
@@ -1909,16 +1909,16 @@ function image_preinstall_repos {
1909 1909 
     if [[ "$SOCIALINSTANCE" == "gnusocial" ]]; then
1910 1910 
         git clone "$GNUSOCIAL_REPO" "$rootdir/repos/gnusocial"
1911 1911 
         git clone "$GNUSOCIAL_MARKDOWN_REPO" "$rootdir/repos/gnusocial-markdown"
1912 
-        #git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
1912 
+        git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
1913 1913 
         git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
1914 1914 
         return
1915 1915 
     fi
1916 1916
1917 1917 
     if [[ "$SOCIALINSTANCE" == "postactiv" ]]; then
1918 1918 
         git clone "$GNUSOCIAL_MARKDOWN_REPO" "$rootdir/repos/gnusocial-markdown"
1919 
-        #git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
1919 
+        git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
1920 1920 
         git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
1921 
-        #git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
1921 
+        git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
1922 1922 
         return
1923 1923 
     fi
1924 1924 
 
@@ -1929,9 +1929,9 @@ function image_preinstall_repos {
1929 1929 
     git clone "$GNUSOCIAL_REPO" "$rootdir/repos/gnusocial"
1930 1930 
     git clone "$PLEROMA_REPO" "$rootdir/repos/pleroma"
1931 1931 
     git clone "$GNUSOCIAL_MARKDOWN_REPO" "$rootdir/repos/gnusocial-markdown"
1932 
-    #git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
1932 
+    git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
1933 1933 
     git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
1934 
-    #git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
1934 
+    git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
1935 1935 
     git clone "$SHARINGS_REPO" "$rootdir/repos/sharings"
1936 1936 
     git clone "$HTMLY_REPO" "$rootdir/repos/htmly"
1937 1937 
     git clone "$HUBZILLA_REPO" "$rootdir/repos/hubzilla"

+ 2
- 2
src/freedombone-template Parādīt failu 

@@ -665,7 +665,7 @@ if [ $app_onion_only ]; then
665 665 
     echo "        echo '  # Security' >> \$${app_name}_nginx_site"
666 666 
     echo "        nginx_ssl \$${app_name_upper}_DOMAIN_NAME"
667 667 
     echo ''
668 
-    echo "        nginx_disable_sniffing \$${app_name_upper}_DOMAIN_NAME"
668 
+    echo "        nginx_security_options \$${app_name_upper}_DOMAIN_NAME"
669 669 
     echo ''
670 670 
     echo "        echo '  add_header Strict-Transport-Security max-age=15768000;' >> \$${app_name}_nginx_site"
671 671 
     echo "        echo '' >> \$${app_name}_nginx_site"
 
@@ -709,7 +709,7 @@ echo "    echo \"    server_name \$${app_name_upper}_ONION_HOSTNAME;\" >> \$${ap
709 709 
 echo "    echo '' >> \$${app_name}_nginx_site"
710 710 
 echo "    nginx_compress \$${app_name_upper}_DOMAIN_NAME"
711 711 
 echo "    echo '' >> \$${app_name}_nginx_site"
712 
-echo "    nginx_disable_sniffing \$${app_name_upper}_DOMAIN_NAME"
712 
+echo "    nginx_security_options \$${app_name_upper}_DOMAIN_NAME"
713 713 
 echo "    echo '' >> \$${app_name}_nginx_site"
714 714 
 echo "    echo '  # Logs' >> \$${app_name}_nginx_site"
715 715 
 echo "    echo '  access_log /dev/null;' >> \$${app_name}_nginx_site"

+ 5
- 0
src/freedombone-utils-gnusocialtools Parādīt failu 

@@ -750,6 +750,7 @@ function gnusocial_use_classic {
750 750 
     if [ -f "/etc/nginx/sites-available/$domain_name" ]; then
751 751 
         sed -i 's|index_qvitter.php|index.php|g' "/etc/nginx/sites-available/$domain_name"
752 752 
         sed -i 's|index.html|index.php|g' "/etc/nginx/sites-available/$domain_name"
753 
+        sed -i 's|#add_header Content-Security-Policy|add_header Content-Security-Policy|g' "/etc/nginx/sites-available/$domain_name"
753 754 
     fi
754 755
755 756 
     if ! grep -q "//addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then
 
@@ -774,6 +775,9 @@ function gnusocial_use_qvitter {
774 775 
     if [ -f "/etc/nginx/sites-available/$domain_name" ]; then
775 776 
         sed -i 's|index_qvitter.php|index.php|g' "/etc/nginx/sites-available/$domain_name"
776 777 
         sed -i 's|index.html|index.php|g' "/etc/nginx/sites-available/$domain_name"
778 
+        if ! grep -q "#add_header Content-Security-Policy" "/etc/nginx/sites-available/$domain_name"; then
779 
+            sed -i 's|add_header Content-Security-Policy|#add_header Content-Security-Policy|g' "/etc/nginx/sites-available/$domain_name"
780 
+        fi
777 781 
     fi
778 782
779 783 
     if grep -q "//addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then
 
@@ -805,6 +809,7 @@ function gnusocial_use_pleroma {
805 809 
     if [ -f "/etc/nginx/sites-available/$domain_name" ]; then
806 810 
         sed -i 's|index.php|index_qvitter.php|g' "/etc/nginx/sites-available/$domain_name"
807 811 
         sed -i 's|index index_qvitter.php|index index.html|g' "/etc/nginx/sites-available/$domain_name"
812 
+        sed -i 's|#add_header Content-Security-Policy|add_header Content-Security-Policy|g' "/etc/nginx/sites-available/$domain_name"
808 813 
     fi
809 814
810 815 
     if grep -q "//addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then

+ 4
- 4
src/freedombone-utils-turn Parādīt failu 

@@ -81,8 +81,8 @@ function install_turn {
81 81 
             function_check nginx_ssl
82 82 
             nginx_ssl "${DEFAULT_DOMAIN_NAME}"
83 83
84 
-            function_check nginx_disable_sniffing
85 
-            nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}"
84 
+            function_check nginx_security_options
85 
+            nginx_security_options "${DEFAULT_DOMAIN_NAME}"
86 86
87 87 
             { echo '  add_header Strict-Transport-Security max-age=15768000;';
88 88 
               echo '';
 
@@ -109,8 +109,8 @@ function install_turn {
109 109 
           echo "    listen 127.0.0.1:$TURN_ONION_PORT default_server;";
110 110 
           echo "    server_name $DEFAULT_DOMAIN_NAME;";
111 111 
           echo ''; } >> "$turn_nginx_site"
112 
-        function_check nginx_disable_sniffing
113 
-        nginx_disable_sniffing "$DEFAULT_DOMAIN_NAME"
112 
+        function_check nginx_security_options
113 
+        nginx_security_options "$DEFAULT_DOMAIN_NAME"
114 114 
         { echo '';
115 115 
           echo '  # Logs';
116 116 
           echo '  access_log /dev/null;';

+ 10
- 10
src/freedombone-utils-web Parādīt failu 

@@ -71,11 +71,15 @@ function validate_domain_name {
71 71 
     fi
72 72 
 }
73 73
74 
-function nginx_disable_sniffing {
74 
+function nginx_security_options {
75 75 
     domain_name=$1
76 76 
     filename=/etc/nginx/sites-available/$domain_name
77 77 
     { echo '    add_header X-Frame-Options DENY;';
78 78 
       echo '    add_header X-Content-Type-Options nosniff;';
79 
+      echo '    add_header X-XSS-Protection "1; mode=block";';
80 
+      echo '    add_header X-Robots-Tag none;';
81 
+      echo '    add_header X-Download-Options noopen;';
82 
+      echo '    add_header X-Permitted-Cross-Domain-Policies none;';
79 83 
       echo ''; } >> "$filename"
80 84 
 }
81 85 
 
@@ -157,11 +161,7 @@ function nginx_ssl {
157 161 
     else
158 162 
         echo "    ssl_ciphers '$SSL_CIPHERS';" >> "$filename"
159 163 
     fi
160 
-    { echo "    add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";";
161 
-      echo '    add_header X-XSS-Protection "1; mode=block";';
162 
-      echo '    add_header X-Robots-Tag none;';
163 
-      echo '    add_header X-Download-Options noopen;';
164 
-      echo '    add_header X-Permitted-Cross-Domain-Policies none;'; } >> "$filename"
164 
+    echo "    add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";" >> "$filename"
165 165
166 166 
     #nginx_stapling $1
167 167 
 }
 
@@ -913,8 +913,8 @@ function create_default_web_site {
913 913 
             function_check nginx_ssl
914 914 
             nginx_ssl "$DEFAULT_DOMAIN_NAME" mobile
915 915
916 
-            function_check nginx_disable_sniffing
917 
-            nginx_disable_sniffing "$DEFAULT_DOMAIN_NAME"
916 
+            function_check nginx_security_options
917 
+            nginx_security_options "$DEFAULT_DOMAIN_NAME"
918 918
919 919 
             { echo '  add_header Strict-Transport-Security max-age=15768000;';
920 920 
               echo '';
 
@@ -946,8 +946,8 @@ function create_default_web_site {
946 946 
           echo "    listen 127.0.0.1:$DEFAULT_DOMAIN_ONION_PORT default_server;";
947 947 
           echo "    server_name $DEFAULT_DOMAIN_NAME;";
948 948 
           echo ''; } >> "$nginx_site"
949 
-        function_check nginx_disable_sniffing
950 
-        nginx_disable_sniffing "$DEFAULT_DOMAIN_NAME"
949 
+        function_check nginx_security_options
950 
+        nginx_security_options "$DEFAULT_DOMAIN_NAME"
951 951 
         { echo '';
952 952 
           echo '  # Logs';
953 953 
           echo '  access_log /dev/null;';