Merge branch 'stretch' of https://github.com/bashrc/freedombone

src/freedombone-app-akaunting

         function_check nginx_ssl
         nginx_ssl "$AKAUNTING_DOMAIN_NAME"
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$AKAUNTING_DOMAIN_NAME"
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
       function_check nginx_compress
     nginx_compress "$AKAUNTING_DOMAIN_NAME"
     echo '' >> "$akaunting_nginx_site"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$AKAUNTING_DOMAIN_NAME"
     { echo '';
       echo '  access_log /dev/null;';
       echo '  error_log /dev/null;';

src/freedombone-app-dokuwiki

           echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
         function_check nginx_ssl
         nginx_ssl "$DOKUWIKI_DOMAIN_NAME"
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$DOKUWIKI_DOMAIN_NAME"
         { echo '    add_header Strict-Transport-Security "max-age=0;";';
           echo '';
           echo '    # rewrite to front controller as default rule';
       echo '    index index.php;';
       echo '    charset utf-8;';
       echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$DOKUWIKI_DOMAIN_NAME"
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
       echo '';
       echo '    # rewrite to front controller as default rule';

src/freedombone-app-edith

         function_check nginx_ssl
         nginx_ssl "$EDITH_DOMAIN_NAME"
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$EDITH_DOMAIN_NAME"
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
     function_check nginx_compress
     nginx_compress "$EDITH_DOMAIN_NAME"
     echo '' >> "$edith_nginx_site"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$EDITH_DOMAIN_NAME"
     { echo '';
       echo '  access_log /dev/null;';
       echo '  error_log /dev/null;';

src/freedombone-app-etherpad

         function_check nginx_ssl
         nginx_ssl "$ETHERPAD_DOMAIN_NAME"
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$ETHERPAD_DOMAIN_NAME"
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
         echo '';
       echo "    listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;";
       echo "    server_name $ETHERPAD_ONION_HOSTNAME;";
       echo ''; } >> "$etherpad_nginx_site"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$ETHERPAD_DOMAIN_NAME"
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';

src/freedombone-app-fedwiki

         function_check nginx_ssl
         nginx_ssl "$FEDWIKI_DOMAIN_NAME" mobile
 
-        sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file"
-        sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file"
-        sed -i '/X-Robots-Tag/d' "$fedwiki_nginx_file"
-        sed -i '/X-Download-Options/d' "$fedwiki_nginx_file"
-        sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file"
-
         { echo '  add_header X-Robots-Tag none;';
           echo '  add_header X-Download-Options noopen;';
           echo '  add_header X-Frame-Options DENY;';
       echo "  listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;";
       echo "  server_name $FEDWIKI_ONION_HOSTNAME;";
       echo '';
-      echo '  add_header X-Robots-Tag none;';
-      echo '  add_header X-Download-Options noopen;';
       echo '  add_header X-Frame-Options DENY;';
       echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  add_header X-Download-Options noopen;';
       echo '';
       echo '  location /fonts-font-awesome/ {';
       echo '    alias /usr/share/fonts-font-awesome/;';
       echo '  }';
       echo '}'; } >> "$fedwiki_nginx_file"
 
+    sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file"
+    sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file"
+    sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file"
+
     function_check create_site_certificate
     create_site_certificate "$FEDWIKI_DOMAIN_NAME" 'yes'
 

src/freedombone-app-friendica

           echo '    access_log /dev/null;'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
         function_check nginx_ssl
         nginx_ssl "$FRIENDICA_DOMAIN_NAME"
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$FRIENDICA_DOMAIN_NAME"
         { echo '    add_header Strict-Transport-Security max-age=15768000;';
           echo '';
           echo '    # rewrite to front controller as default rule';
           echo '    # rewrite to front controller as default rule';
           echo '    location / {'; } > "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
         nginx_limits "$FRIENDICA_DOMAIN_NAME"
-        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
+        nginx_security_options "$FRIENDICA_DOMAIN_NAME"
         { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
           echo '    }';
           echo '';
           echo '    # or a unix socket';
           echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
         nginx_limits "$FRIENDICA_DOMAIN_NAME"
-        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
+        nginx_security_options "$FRIENDICA_DOMAIN_NAME"
         { echo '        # Zero-day exploit defense.';
           echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
           echo "        # Won't work properly (404 error) if the file is not stored on this";

src/freedombone-app-ghost

           echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
         function_check nginx_ssl
         nginx_ssl "${GHOST_DOMAIN_NAME}"
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
+        function_check nginx_security_options
+        nginx_security_options "${GHOST_DOMAIN_NAME}"
         { echo '    add_header Strict-Transport-Security max-age=0;';
           echo '';
           echo '    location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
       echo '    access_log /dev/null;';
       echo "    error_log /dev/null;";
       echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
+    function_check nginx_security_options
+    nginx_security_options "${GHOST_DOMAIN_NAME}"
     { echo '    add_header Strict-Transport-Security max-age=0;';
       echo '';
       echo '    location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"

src/freedombone-app-gnusocial

 GNUSOCIAL_CODE=
 GNUSOCIAL_ONION_PORT=8087
 GNUSOCIAL_REPO="https://git.gnu.io/gnu/gnu-social.git"
-GNUSOCIAL_COMMIT='ffe14fe5f326f013a34fdd303c0e5e8aae772559'
+GNUSOCIAL_COMMIT='67a9c0415c395d92adeb784413bb9a88fba7347f'
 GNUSOCIAL_ADMIN_PASSWORD=
 
 GNUSOCIAL_BACKGROUND_IMAGE_URL=
         function_check nginx_ssl
         nginx_ssl "$GNUSOCIAL_DOMAIN_NAME"
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$GNUSOCIAL_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$GNUSOCIAL_DOMAIN_NAME"
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
     function_check nginx_compress
     nginx_compress "$GNUSOCIAL_DOMAIN_NAME"
     echo '' >> "$gnusocial_nginx_site"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$GNUSOCIAL_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$GNUSOCIAL_DOMAIN_NAME"
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';
     fi
 
     # unleash the daemons!
+    cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 236482684
+    php scripts/checkschema.php
     /etc/cron.hourly/gnusocial-daemons
 
     systemctl restart nginx

src/freedombone-app-gogs

           echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
         function_check nginx_ssl
         nginx_ssl "${GIT_DOMAIN_NAME}"
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
+        function_check nginx_security_options
+        nginx_security_options "${GIT_DOMAIN_NAME}"
         { echo '    add_header Strict-Transport-Security max-age=0;';
           echo '';
           echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
       echo '    access_log /dev/null;';
       echo "    error_log /dev/null;";
       echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
+    function_check nginx_security_options
+    nginx_security_options "${GIT_DOMAIN_NAME}"
     { echo '    add_header Strict-Transport-Security max-age=0;';
       echo '';
       echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"

src/freedombone-app-htmly

       echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_ssl
     nginx_ssl "$HTMLY_DOMAIN_NAME"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$HTMLY_DOMAIN_NAME"
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
       echo '';
       echo '    # rewrite to front controller as default rule';
       echo '    index index.php;';
       echo '    charset utf-8;';
       echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$HTMLY_DOMAIN_NAME"
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
       echo '';
       echo '    # rewrite to front controller as default rule';

src/freedombone-app-hubzilla

           echo '    access_log /dev/null;'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
         function_check nginx_ssl
         nginx_ssl "$HUBZILLA_DOMAIN_NAME"
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$HUBZILLA_DOMAIN_NAME"
         { echo '    add_header Strict-Transport-Security max-age=15768000;';
           echo '';
           echo '    # rewrite to front controller as default rule';
         echo '    # rewrite to front controller as default rule';
         echo '    location / {'; } > "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
         nginx_limits "$HUBZILLA_DOMAIN_NAME"
-        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
+        nginx_security_options "$HUBZILLA_DOMAIN_NAME"
         { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
           echo '    }';
           echo '';
           echo '    # or a unix socket';
           echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
         nginx_limits "$HUBZILLA_DOMAIN_NAME"
-        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
+        nginx_security_options "$HUBZILLA_DOMAIN_NAME"
         { echo '        # Zero-day exploit defense.';
           echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
           echo "        # Won't work properly (404 error) if the file is not stored on this";

src/freedombone-app-jitsi

         function_check nginx_ssl
         nginx_ssl ${JITSI_DOMAIN_NAME}
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing ${JITSI_DOMAIN_NAME}
+        function_check nginx_security_options
+        nginx_security_options ${JITSI_DOMAIN_NAME}
 
         { echo '    add_header Strict-Transport-Security max-age=15768000;';
           echo '';

src/freedombone-app-kanboard

         function_check nginx_ssl
         nginx_ssl "$KANBOARD_DOMAIN_NAME"
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$KANBOARD_DOMAIN_NAME"
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
     function_check nginx_compress
     nginx_compress "$KANBOARD_DOMAIN_NAME"
     echo '' >> "$kanboard_nginx_site"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$KANBOARD_DOMAIN_NAME"
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';

src/freedombone-app-keyserver

         function_check nginx_ssl
         nginx_ssl $KEYSERVER_DOMAIN_NAME
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
+        function_check nginx_security_options
+        nginx_security_options $KEYSERVER_DOMAIN_NAME
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
       echo '    return 404;';
       echo '  }';
       echo ''; } >> $keyserver_nginx_site
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
+    function_check nginx_security_options
+    nginx_security_options $KEYSERVER_DOMAIN_NAME
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';

src/freedombone-app-koel

         function_check nginx_ssl mobile
         nginx_ssl "$KOEL_DOMAIN_NAME"
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$KOEL_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$KOEL_DOMAIN_NAME"
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';

src/freedombone-app-lychee

       echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_ssl
     nginx_ssl "$LYCHEE_DOMAIN_NAME"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$LYCHEE_DOMAIN_NAME"
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
       echo '';
       echo '    # rewrite to front controller as default rule';
       echo '    index index.html;';
       echo '    charset utf-8;';
       echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$LYCHEE_DOMAIN_NAME"
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
       echo '';
       echo '    # rewrite to front controller as default rule';

src/freedombone-app-mailpile

         function_check nginx_ssl
         nginx_ssl $MAILPILE_DOMAIN_NAME
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
+        function_check nginx_security_options
+        nginx_security_options $MAILPILE_DOMAIN_NAME
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
       echo "    listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;";
       echo "    server_name $MAILPILE_ONION_HOSTNAME;";
       echo ''; } >> $mailpile_nginx_site
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
+    function_check nginx_security_options
+    nginx_security_options $MAILPILE_DOMAIN_NAME
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';

src/freedombone-app-matrix

         function_check nginx_ssl
         nginx_ssl ${MATRIX_DOMAIN_NAME}
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
+        function_check nginx_security_options
+        nginx_security_options ${MATRIX_DOMAIN_NAME}
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
         function_check nginx_ssl
         nginx_ssl ${MATRIX_DOMAIN_NAME}
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
+        function_check nginx_security_options
+        nginx_security_options ${MATRIX_DOMAIN_NAME}
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
       echo "    listen 127.0.0.1:$MATRIX_FEDERATION_ONION_PORT default_server;";
       echo "    server_name $MATRIX_DOMAIN_NAME;";
       echo ''; } >> $matrix_nginx_site
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $MATRIX_DOMAIN_NAME
+    function_check nginx_security_options
+    nginx_security_options $MATRIX_DOMAIN_NAME
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';
       echo "    listen 127.0.0.1:$MATRIX_ONION_PORT default_server;";
       echo "    server_name $MATRIX_DOMAIN_NAME;";
       echo ''; } >> $matrix_nginx_site
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $MATRIX_DOMAIN_NAME
+    function_check nginx_security_options
+    nginx_security_options $MATRIX_DOMAIN_NAME
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';

src/freedombone-app-mediagoblin

           echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
         function_check nginx_ssl
         nginx_ssl "$MEDIAGOBLIN_DOMAIN_NAME"
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$MEDIAGOBLIN_DOMAIN_NAME"
         function_check nginx_limits
         nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
         { echo '';
       echo '    default_type  application/octet-stream;';
       echo '    sendfile on;';
       echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$MEDIAGOBLIN_DOMAIN_NAME"
     function_check nginx_limits
     nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
     { echo '';

src/freedombone-app-movim

         function_check nginx_ssl
         nginx_ssl "$MOVIM_DOMAIN_NAME"
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$MOVIM_DOMAIN_NAME"
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
     function_check nginx_compress
     nginx_compress "$MOVIM_DOMAIN_NAME"
     echo '' >> "$movim_nginx_site"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$MOVIM_DOMAIN_NAME"
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';

src/freedombone-app-nextcloud

 
         # remove any invalid characters
         if [ ${#NEXTCLOUD_TITLE} -gt 0 ]; then
-            new_title=${"$NEXTCLOUD_TITLE"//\'//}
+            new_title=${NEXTCLOUD_TITLE//\'/}
             NEXTCLOUD_TITLE="$new_title"
         fi
 
         function_check nginx_ssl
         nginx_ssl "$NEXTCLOUD_DOMAIN_NAME" mobile
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$NEXTCLOUD_DOMAIN_NAME"
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
       echo "    listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;";
       echo "    server_name $NEXTCLOUD_DOMAIN_NAME;";
       echo ''; } >> "$nextcloud_nginx_site"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$NEXTCLOUD_DOMAIN_NAME"
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';

src/freedombone-app-peertube

         function_check nginx_ssl
         nginx_ssl "$PEERTUBE_DOMAIN_NAME" mobile
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$PEERTUBE_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$PEERTUBE_DOMAIN_NAME"
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';

src/freedombone-app-pelican

       echo '    charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
     function_check nginx_ssl
     nginx_ssl "$PELICAN_DOMAIN_NAME"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$PELICAN_DOMAIN_NAME"
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
       echo '';
       echo '    location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
       echo "    error_log /dev/null;";
       echo '    index index.html;';
       echo '    charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$PELICAN_DOMAIN_NAME"
     { echo '    add_header Strict-Transport-Security "max-age=0;";';
       echo '';
       echo '    location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"

src/freedombone-app-pleroma

 
         # remove any invalid characters
         if [ ${#PLEROMA_TITLE} -gt 0 ]; then
-            new_title=${"$PLEROMA_TITLE"//\'//}
+            new_title=${PLEROMA_TITLE//\'/}
             PLEROMA_TITLE="$new_title"
         fi
 
         function_check nginx_ssl
         nginx_ssl "$PLEROMA_DOMAIN_NAME"
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$PLEROMA_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$PLEROMA_DOMAIN_NAME"
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
     function_check nginx_compress
     nginx_compress "$PLEROMA_DOMAIN_NAME"
     echo '' >> "$pleroma_nginx_site"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$PLEROMA_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$PLEROMA_DOMAIN_NAME"
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';
       echo '[Install]';
       echo 'WantedBy=multi-user.target';
       echo 'Alias=pleroma.service'; } > /etc/systemd/system/pleroma.service
+
+    # set registrations open initially
+    sed -i 's|registrations_open:.*|registrations_open: true,|g' $PLEROMA_DIR/config/config.exs
+    sed -i 's|"registrationOpen":.*|"registrationOpen": true,|g' $PLEROMA_DIR/priv/static/static/config.json
+
     systemctl daemon-reload
     systemctl enable pleroma
     systemctl start pleroma

src/freedombone-app-postactiv

 POSTACTIV_DOMAIN_NAME=
 POSTACTIV_CODE=
 POSTACTIV_ONION_PORT=8100
-POSTACTIV_REPO="https://git.postactiv.com/postActiv/postActiv.git"
-POSTACTIV_COMMIT='0531c469b44aab6a71230778ab4492eca889bb2c'
+POSTACTIV_REPO="http://gitea.postactiv.com/postActiv/postActiv.git"
+POSTACTIV_COMMIT='3c88992eeb'
 POSTACTIV_ADMIN_PASSWORD=
 
 POSTACTIV_BACKGROUND_IMAGE_URL=
 
         # remove any invalid characters
         if [ ${#POSTACTIV_TITLE} -gt 0 ]; then
-            new_title=${"$POSTACTIV_TITLE"//\'//}
+            new_title=${POSTACTIV_TITLE//\'/}
             POSTACTIV_TITLE="$new_title"
         fi
 
             cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 46824682682
             git pull
         else
-            function_check git_clone
-            git_clone "$POSTACTIV_REPO" "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
+            # This is deliberately non-recursive
+            git clone "$POSTACTIV_REPO" "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
         fi
 
         if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" ]; then
         function_check nginx_ssl
         nginx_ssl "$POSTACTIV_DOMAIN_NAME"
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$POSTACTIV_DOMAIN_NAME"
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
       echo "    listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;";
       echo "    server_name $POSTACTIV_ONION_HOSTNAME;";
       echo ''; } >> "$postactiv_nginx_site"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$POSTACTIV_DOMAIN_NAME"
     echo '' >> "$postactiv_nginx_site"
     function_check nginx_compress
     nginx_compress "$POSTACTIV_DOMAIN_NAME"

src/freedombone-app-privatebin

         function_check nginx_ssl
         nginx_ssl "$PRIVATEBIN_DOMAIN_NAME"
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$PRIVATEBIN_DOMAIN_NAME"
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
     function_check nginx_compress
     nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
     echo '' >> "$privatebin_nginx_site"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
+    function_check nginx_security_options
+    nginx_security_options "$PRIVATEBIN_DOMAIN_NAME"
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';

src/freedombone-app-radicale

               echo ''; } > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
             function_check nginx_ssl
             nginx_ssl "${DEFAULT_DOMAIN_NAME}" mobile
-            function_check nginx_disable_sniffing
-            nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}"
+            function_check nginx_security_options
+            nginx_security_options "${DEFAULT_DOMAIN_NAME}"
             { echo '';
               echo "    server_name ${DEFAULT_DOMAIN_NAME};";
 

src/freedombone-app-riot

         function_check nginx_ssl
         nginx_ssl $RIOT_DOMAIN_NAME
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing $RIOT_DOMAIN_NAME
+        function_check nginx_security_options
+        nginx_security_options $RIOT_DOMAIN_NAME
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
       echo "    listen 127.0.0.1:$RIOT_ONION_PORT default_server;";
       echo "    server_name $RIOT_ONION_HOSTNAME;";
       echo ''; } >> $riot_nginx_site
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $RIOT_DOMAIN_NAME
+    function_check nginx_security_options
+    nginx_security_options $RIOT_DOMAIN_NAME
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';

src/freedombone-app-scuttlebot

         function_check nginx_ssl
         nginx_ssl $SCUTTLEBOT_DOMAIN_NAME
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME
+        function_check nginx_security_options
+        nginx_security_options $SCUTTLEBOT_DOMAIN_NAME
     fi
 
     { echo '';

src/freedombone-app-searx

       echo '    access_log /dev/null;';
       echo "    error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;";
       echo ''; } > /etc/nginx/sites-available/searx
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing searx
+    function_check nginx_security_options
+    nginx_security_options searx
     { echo '    add_header Strict-Transport-Security max-age=0;';
       echo '';
       echo '    location / {'; } >> /etc/nginx/sites-available/searx

src/freedombone-app-tahoelafs

       echo "    listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;";
       echo "    server_name $TAHOELAFS_ONION_HOSTNAME;";
       echo ''; } > "$tahoelafs_nginx_site"
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing tahoelafs
+    function_check nginx_security_options
+    nginx_security_options tahoelafs
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';

src/freedombone-app-turtl

         function_check nginx_ssl
         nginx_ssl $TURTL_DOMAIN_NAME
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing $TURTL_DOMAIN_NAME
+        function_check nginx_security_options
+        nginx_security_options $TURTL_DOMAIN_NAME
 
         { echo '  add_header Strict-Transport-Security max-age=15768000;';
           echo '';
       echo "  listen 127.0.0.1:${TURTL_ONION_PORT};";
       echo "  server_name ${TURTL_ONION_HOSTNAME};";
       echo ''; } >> $turtl_nginx_site
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $TURTL_DOMAIN_NAME
+    function_check nginx_security_options
+    nginx_security_options $TURTL_DOMAIN_NAME
     { echo '';
       echo '  # Logs';
       echo '  access_log /dev/null;';

src/freedombone-image-customise

 
     if [[ "$SOCIALINSTANCE" == "pleroma" ]]; then
         git clone "$PLEROMA_REPO" "$rootdir/repos/pleroma"
-        #git clone $QVITTER_THEME_REPO "$rootdir/repos/qvitter"
+        git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
         git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
         return
     fi
     if [[ "$SOCIALINSTANCE" == "gnusocial" ]]; then
         git clone "$GNUSOCIAL_REPO" "$rootdir/repos/gnusocial"
         git clone "$GNUSOCIAL_MARKDOWN_REPO" "$rootdir/repos/gnusocial-markdown"
-        #git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
+        git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
         git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
         return
     fi
 
     if [[ "$SOCIALINSTANCE" == "postactiv" ]]; then
         git clone "$GNUSOCIAL_MARKDOWN_REPO" "$rootdir/repos/gnusocial-markdown"
-        #git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
+        git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
         git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
-        #git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
+        git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
         return
     fi
 
     git clone "$GNUSOCIAL_REPO" "$rootdir/repos/gnusocial"
     git clone "$PLEROMA_REPO" "$rootdir/repos/pleroma"
     git clone "$GNUSOCIAL_MARKDOWN_REPO" "$rootdir/repos/gnusocial-markdown"
-    #git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
+    git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
     git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
-    #git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
+    git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
     git clone "$SHARINGS_REPO" "$rootdir/repos/sharings"
     git clone "$HTMLY_REPO" "$rootdir/repos/htmly"
     git clone "$HUBZILLA_REPO" "$rootdir/repos/hubzilla"

src/freedombone-template

     echo "        echo '  # Security' >> \$${app_name}_nginx_site"
     echo "        nginx_ssl \$${app_name_upper}_DOMAIN_NAME"
     echo ''
-    echo "        nginx_disable_sniffing \$${app_name_upper}_DOMAIN_NAME"
+    echo "        nginx_security_options \$${app_name_upper}_DOMAIN_NAME"
     echo ''
     echo "        echo '  add_header Strict-Transport-Security max-age=15768000;' >> \$${app_name}_nginx_site"
     echo "        echo '' >> \$${app_name}_nginx_site"
 echo "    echo '' >> \$${app_name}_nginx_site"
 echo "    nginx_compress \$${app_name_upper}_DOMAIN_NAME"
 echo "    echo '' >> \$${app_name}_nginx_site"
-echo "    nginx_disable_sniffing \$${app_name_upper}_DOMAIN_NAME"
+echo "    nginx_security_options \$${app_name_upper}_DOMAIN_NAME"
 echo "    echo '' >> \$${app_name}_nginx_site"
 echo "    echo '  # Logs' >> \$${app_name}_nginx_site"
 echo "    echo '  access_log /dev/null;' >> \$${app_name}_nginx_site"

src/freedombone-utils-gnusocialtools

     if [ -f "/etc/nginx/sites-available/$domain_name" ]; then
         sed -i 's|index_qvitter.php|index.php|g' "/etc/nginx/sites-available/$domain_name"
         sed -i 's|index.html|index.php|g' "/etc/nginx/sites-available/$domain_name"
+        sed -i 's|#add_header Content-Security-Policy|add_header Content-Security-Policy|g' "/etc/nginx/sites-available/$domain_name"
     fi
 
     if ! grep -q "//addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then
     if [ -f "/etc/nginx/sites-available/$domain_name" ]; then
         sed -i 's|index_qvitter.php|index.php|g' "/etc/nginx/sites-available/$domain_name"
         sed -i 's|index.html|index.php|g' "/etc/nginx/sites-available/$domain_name"
+        if ! grep -q "#add_header Content-Security-Policy" "/etc/nginx/sites-available/$domain_name"; then
+            sed -i 's|add_header Content-Security-Policy|#add_header Content-Security-Policy|g' "/etc/nginx/sites-available/$domain_name"
+        fi
     fi
 
     if grep -q "//addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then
     if [ -f "/etc/nginx/sites-available/$domain_name" ]; then
         sed -i 's|index.php|index_qvitter.php|g' "/etc/nginx/sites-available/$domain_name"
         sed -i 's|index index_qvitter.php|index index.html|g' "/etc/nginx/sites-available/$domain_name"
+        sed -i 's|#add_header Content-Security-Policy|add_header Content-Security-Policy|g' "/etc/nginx/sites-available/$domain_name"
     fi
 
     if grep -q "//addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then

src/freedombone-utils-turn

             function_check nginx_ssl
             nginx_ssl "${DEFAULT_DOMAIN_NAME}"
 
-            function_check nginx_disable_sniffing
-            nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}"
+            function_check nginx_security_options
+            nginx_security_options "${DEFAULT_DOMAIN_NAME}"
 
             { echo '  add_header Strict-Transport-Security max-age=15768000;';
               echo '';
           echo "    listen 127.0.0.1:$TURN_ONION_PORT default_server;";
           echo "    server_name $DEFAULT_DOMAIN_NAME;";
           echo ''; } >> "$turn_nginx_site"
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$DEFAULT_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$DEFAULT_DOMAIN_NAME"
         { echo '';
           echo '  # Logs';
           echo '  access_log /dev/null;';

src/freedombone-utils-web

     fi
 }
 
-function nginx_disable_sniffing {
+function nginx_security_options {
     domain_name=$1
     filename=/etc/nginx/sites-available/$domain_name
     { echo '    add_header X-Frame-Options DENY;';
       echo '    add_header X-Content-Type-Options nosniff;';
+      echo '    add_header X-XSS-Protection "1; mode=block";';
+      echo '    add_header X-Robots-Tag none;';
+      echo '    add_header X-Download-Options noopen;';
+      echo '    add_header X-Permitted-Cross-Domain-Policies none;';
       echo ''; } >> "$filename"
 }
 
     else
         echo "    ssl_ciphers '$SSL_CIPHERS';" >> "$filename"
     fi
-    { echo "    add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";";
-      echo '    add_header X-XSS-Protection "1; mode=block";';
-      echo '    add_header X-Robots-Tag none;';
-      echo '    add_header X-Download-Options noopen;';
-      echo '    add_header X-Permitted-Cross-Domain-Policies none;'; } >> "$filename"
+    echo "    add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";" >> "$filename"
 
     #nginx_stapling $1
 }
             function_check nginx_ssl
             nginx_ssl "$DEFAULT_DOMAIN_NAME" mobile
 
-            function_check nginx_disable_sniffing
-            nginx_disable_sniffing "$DEFAULT_DOMAIN_NAME"
+            function_check nginx_security_options
+            nginx_security_options "$DEFAULT_DOMAIN_NAME"
 
             { echo '  add_header Strict-Transport-Security max-age=15768000;';
               echo '';
           echo "    listen 127.0.0.1:$DEFAULT_DOMAIN_ONION_PORT default_server;";
           echo "    server_name $DEFAULT_DOMAIN_NAME;";
           echo ''; } >> "$nginx_site"
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing "$DEFAULT_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$DEFAULT_DOMAIN_NAME"
         { echo '';
           echo '  # Logs';
           echo '  access_log /dev/null;';