Tidying

src/freedombone-app-dokuwiki

         echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        allow all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        nginx_keybase $DOKUWIKI_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        allow all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    nginx_keybase $DOKUWIKI_DOMAIN_NAME
     echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

src/freedombone-app-etherpad

         echo '    proxy_buffering   off;' >> $etherpad_nginx_site
         echo '  }' >> $etherpad_nginx_site
         echo '' >> $etherpad_nginx_site
-        echo "  # make sure webfinger and other well known services aren't blocked" >> $etherpad_nginx_site
-        echo '  # by denying dot files and rewrite request to the front controller' >> $etherpad_nginx_site
-        echo '  location ^~ /.well-known/ {' >> $etherpad_nginx_site
-        echo '      allow all;' >> $etherpad_nginx_site
-        echo '  }' >> $etherpad_nginx_site
+        nginx_keybase $ETHERPAD_DOMAIN_NAME
         echo '}' >> $etherpad_nginx_site
     else
         echo -n '' > $etherpad_nginx_site
     echo '    proxy_buffering   off;' >> $etherpad_nginx_site
     echo '  }' >> $etherpad_nginx_site
     echo '' >> $etherpad_nginx_site
-    echo "  # make sure webfinger and other well known services aren't blocked" >> $etherpad_nginx_site
-    echo '  # by denying dot files and rewrite request to the front controller' >> $etherpad_nginx_site
-    echo '  location ^~ /.well-known/ {' >> $etherpad_nginx_site
-    echo '      allow all;' >> $etherpad_nginx_site
-    echo '  }' >> $etherpad_nginx_site
+    nginx_keybase $ETHERPAD_DOMAIN_NAME
     echo '}' >> $etherpad_nginx_site
 
     function_check create_site_certificate

src/freedombone-app-ghost

         echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
         echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
         echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        nginx_keybase $GHOST_DOMAIN_NAME
         echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
         echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
     else
     echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
     echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
     echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    nginx_keybase ${GHOST_DOMAIN_NAME}
     echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
 
     function_check create_site_certificate

src/freedombone-app-gnusocial

         echo '    deny all;' >> $gnusocial_nginx_site
         echo '  }' >> $gnusocial_nginx_site
         echo '' >> $gnusocial_nginx_site
-        echo "  # make sure webfinger and other well known services aren't blocked" >> $gnusocial_nginx_site
-        echo '  # by denying dot files and rewrite request to the front controller' >> $gnusocial_nginx_site
-        echo '  location ^~ /.well-known/ {' >> $gnusocial_nginx_site
-        echo '      allow all;' >> $gnusocial_nginx_site
-        echo '  }' >> $gnusocial_nginx_site
+        nginx_keybase $GNUSOCIAL_DOMAIN_NAME
         echo '}' >> $gnusocial_nginx_site
     else
         echo -n '' > $gnusocial_nginx_site
     echo '  location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
     echo '    deny all;' >> $gnusocial_nginx_site
     echo '  }' >> $gnusocial_nginx_site
-    echo "  # make sure webfinger and other well known services aren't blocked" >> $gnusocial_nginx_site
-    echo '  # by denying dot files and rewrite request to the front controller' >> $gnusocial_nginx_site
-    echo '  location ^~ /.well-known/ {' >> $gnusocial_nginx_site
-    echo '      allow all;' >> $gnusocial_nginx_site
-    echo '  }' >> $gnusocial_nginx_site
+    echo '' >> $gnusocial_nginx_site
+    nginx_keybase $GNUSOCIAL_DOMAIN_NAME
     echo '}' >> $gnusocial_nginx_site
 
     function_check configure_php

src/freedombone-app-gogs

         echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
         echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
         echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '        allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        nginx_keybase ${GIT_DOMAIN_NAME}
         echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
         echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
     else
     echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
     echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
     echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '        allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    nginx_keybase ${GIT_DOMAIN_NAME}
     echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
 
     function_check configure_php

src/freedombone-app-htmly

     echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        allow all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_keybase ${HTMLY_DOMAIN_NAME}
     echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        allow all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_keybase ${HTMLY_DOMAIN_NAME}
     echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME

src/freedombone-app-hubzilla

         echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_keybase ${HUBZILLA_DOMAIN_NAME}
         echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        allow all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_keybase ${HUBZILLA_DOMAIN_NAME}
         echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME

src/freedombone-app-lychee

     nginx_limits $LYCHEE_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        allow all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_keybase ${LYCHEE_DOMAIN_NAME}
     echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '    # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     nginx_limits $LYCHEE_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        allow all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_keybase ${LYCHEE_DOMAIN_NAME}
     echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '    # block these file types' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME

src/freedombone-app-mailpile

         echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
         echo '  }' >> $mailpile_nginx_site
         echo '' >> $mailpile_nginx_site
-        echo "  # make sure webfinger and other well known services aren't blocked" >> $mailpile_nginx_site
-        echo '  # by denying dot files and rewrite request to the front controller' >> $mailpile_nginx_site
-        echo '  location ^~ /.well-known/ {' >> $mailpile_nginx_site
-        echo '      allow all;' >> $mailpile_nginx_site
-        echo '  }' >> $mailpile_nginx_site
+        nginx_keybase ${MAILPILE_DOMAIN_NAME}
         echo '}' >> $mailpile_nginx_site
     else
         echo -n '' > $mailpile_nginx_site
     echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
     echo '  }' >> $mailpile_nginx_site
     echo '' >> $mailpile_nginx_site
-    echo "  # make sure webfinger and other well known services aren't blocked" >> $mailpile_nginx_site
-    echo '  # by denying dot files and rewrite request to the front controller' >> $mailpile_nginx_site
-    echo '  location ^~ /.well-known/ {' >> $mailpile_nginx_site
-    echo '      allow all;' >> $mailpile_nginx_site
-    echo '  }' >> $mailpile_nginx_site
+    nginx_keybase ${MAILPILE_DOMAIN_NAME}
     echo '}' >> $mailpile_nginx_site
 
     function_check create_site_certificate

src/freedombone-app-postactiv

         echo '    deny all;' >> $postactiv_nginx_site
         echo '  }' >> $postactiv_nginx_site
         echo '' >> $postactiv_nginx_site
-        echo "  # make sure webfinger and other well known services aren't blocked" >> $postactiv_nginx_site
-        echo '  # by denying dot files and rewrite request to the front controller' >> $postactiv_nginx_site
-        echo '  location ^~ /.well-known/ {' >> $postactiv_nginx_site
-        echo '      allow all;' >> $postactiv_nginx_site
-        echo '  }' >> $postactiv_nginx_site
+        nginx_keybase ${POSTACTIV_DOMAIN_NAME}
         echo '}' >> $postactiv_nginx_site
     else
         echo -n '' > $postactiv_nginx_site
     echo '    deny all;' >> $postactiv_nginx_site
     echo '  }' >> $postactiv_nginx_site
     echo '' >> $postactiv_nginx_site
-    echo "  # make sure webfinger and other well known services aren't blocked" >> $postactiv_nginx_site
-    echo '  # by denying dot files and rewrite request to the front controller' >> $postactiv_nginx_site
-    echo '  location ^~ /.well-known/ {' >> $postactiv_nginx_site
-    echo '      allow all;' >> $postactiv_nginx_site
-    echo '  }' >> $postactiv_nginx_site
+    nginx_keybase ${POSTACTIV_DOMAIN_NAME}
     echo '}' >> $postactiv_nginx_site
 
     function_check configure_php

src/freedombone-utils-web

     #nginx_stapling $1
 }
 
+function nginx_keybase {
+    # creates files suitable for keybase.io verification
+    domain_name=$1
+    filename=/etc/nginx/sites-available/$domain_name
+
+    echo '' >> $domain_name
+    echo "  # make sure webfinger and other well known services aren't blocked" >> $domain_name
+    echo '  # by denying dot files and rewrite request to the front controller' >> $domain_name
+    echo '  location ^~ /.well-known/ {' >> $domain_name
+    echo '      allow all;' >> $domain_name
+    echo '  }' >> $domain_name
+
+    if [ ! -d /var/www/${domain_name}/htdocs/.well-known ]; then
+        mkdir -p /var/www/${domain_name}/htdocs/.well-known
+    fi
+    if [ ! -f /var/www/${domain_name}/htdocs/keybase.txt ]; then
+        touch /var/www/${domain_name}/htdocs/keybase.txt
+    fi
+    if [ ! -f /var/www/${domain_name}/htdocs/.well-known/keybase.txt ]; then
+        touch /var/www/${domain_name}/htdocs/.well-known/keybase.txt
+    fi
+}
+
 # check an individual domain name
 function test_domain_name {
     if [ $1 ]; then