Merge branch 'stretch' of https://github.com/bashrc/freedombone

doc/EN/app_bludit.org

+#+TITLE:
+#+AUTHOR: Bob Mottram
+#+EMAIL: bob@freedombone.net
+#+KEYWORDS: freedombone, bludit, blog
+#+DESCRIPTION: How to use Bludit
+#+OPTIONS: ^:nil toc:nil
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
+
+#+BEGIN_CENTER
+[[file:images/logo.png]]
+#+END_CENTER
+
+#+BEGIN_EXPORT html
+<center>
+<h1>Bludit</h1>
+</center>
+#+END_EXPORT
+
+This is a databaseless blogging system which uses markdown files. It's not very complex and so there is not much to go wrong, and it should run well on any server hardware.
+
+* Installation
+Log into your system with:
+
+#+begin_src bash
+ssh myusername@mydomain -p 2222
+#+end_src
+
+Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password.
+
+Select *Add/Remove Apps* then *bluit*. Enter the subdomain that you which to use, such as *blog.mydomain.net*, and optionally a FreeDNS code.
+
+Now in a browser navigate to your subdomain. You will need to enter some details for the database. You'll be asked to provide an initial administrator password.
+
+From there on it's all pretty straightforward. If you need to publish a draft the post status can be changed on a drop down list on the right hand side.

doc/EN/app_ghost.org

-#+TITLE:
-#+AUTHOR: Bob Mottram
-#+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombone, ghost
-#+DESCRIPTION: How to use Ghost
-#+OPTIONS: ^:nil toc:nil
-#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
-
-#+BEGIN_CENTER
-[[file:images/logo.png]]
-#+END_CENTER
-
-#+BEGIN_EXPORT html
-<center>
-<h1>Ghost</h1>
-</center>
-#+END_EXPORT
-
-Ghost is a blogging system which uses markdown formatted posts. It's quite simple to use, and also looks nice even on small mobile screens.
-
-* Installation
-Log into your system with:
-
-#+begin_src bash
-ssh myusername@mydomain -p 2222
-#+end_src
-
-Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password.
-
-Select *Add/Remove Apps* then *ghost*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /blog.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
-
-After the install has completed go to *Security settings* and select *Create a new Let's Encrypt certificate* and enter the domain name that you are using for Ghost. If you're using the "onion only" version of the system then you don't need to do this. If the certificate is obtained successfully then you will see a congratulations message.
-
-* Initial setup
-If you have just obtained a Lets Encrypt certificate as above then go to *About* on the administrator control panel and you should see your Ghost blog domain listed there along with an onion address. You can then navigate to your site in a browser.
-
-To see the login password for your site go to *Passwords* on the *Administrator control panel* and select the appropriate username and app. The passwords will be different for each user and may not be the same as the password which you used to originally ssh into the system.
-
-Navigate to https://yourghostblogdomain/ghost and click on *create your account*
-
-Enter your email address, password and blog title.
-
-When prompted to invite users click on *I'll do this later*
-
-Under *Settings* on the *General* option you can set a description, background image and so on.

doc/EN/app_peertube.org

+#+TITLE:
+#+AUTHOR: Bob Mottram
+#+EMAIL: bob@freedombone.net
+#+KEYWORDS: freedombone, peertube
+#+DESCRIPTION: How to use PeerTube
+#+OPTIONS: ^:nil toc:nil
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
+
+#+BEGIN_CENTER
+[[file:images/logo.png]]
+#+END_CENTER
+
+#+BEGIN_CENTER
+[[file:images/peertube.jpg]]
+#+END_CENTER
+
+This is a video hosting system similar to Mediagoblin but using webtorrent to help distribute the files to or between clients. This should be more practical for situations where a video becomes popular because the load is then spread across the network, with performance increasing with the number of nodes. However, the torrenting aspect of it only works with WebRTC enabled browsers and so this means it's unlikely to fully work with a Tor browser. Without WebRTC then from a user point of view it's effectively the same thing as Mediagoblin.
+
+* Installation
+Log into your system with:
+
+#+begin_src bash
+ssh myusername@mydomain -p 2222
+#+end_src
+
+Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password.
+
+Select *Add/Remove Apps* then *peertube*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /video.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
+
+* Initial setup
+Navigate to your site and select *Signup* to create a new account. By default the maximum number of accounts on your system is limited to a small number so that millions of random internet users can't then begin uploading dubious content. After that it's pretty straightforward.
+
+If you wish it's possible to turn off further signups via the *Administrator control panel* under *App settings* for *peertube*.
+
+* Importing videos from YouTube/Vimeo/Dailymotion
+It's possible to import videos from the main proprietary video hosting sites. /Only do this if they're videos which you made, or if the license is Creative Commons/. Hosting arbitrary videos under nonfree licenses is likely to get you into trouble, and we know how that works out from the P2P wars of the 2000s (i.e. badly).
+
+Go to the *Administrator control panel*, select *App settings* then *peertube* then *Import videos from YouTube/Vimeo/Dailymotion*. Enter your PeerTube login details and then you may specify either the individual video URL or the channel URL if you want to import a whole channel.
+
+* Importing videos from your desktop
+The most convenient way to add new videos to PeerTube is if you have the *syncthing* app installed. Set up [[./app_syncthing.html][syncthing]] with a folder called ~/Sync in your home directory. Create a subdirectory called *~/Sync/peertube_upload*. Within that directory make a text file called *login.txt*. This will contain your PeerTube login details.
+
+The first line of login.txt should be your username, the second line should be the password and optionally the third line can contain the words *public* and/or *nsfw*, if you want to make imported videos immediately public or mark them as not suitable for work.
+
+Prepare your videos in *ogv*, *mp4* or *webm* format. To minimize bandwidth usage try to keep your videos as small as possible. Giant videos with incredibly high resolution tend to result in a bad user experience. Often just converting your videos to *webm* using *ffmpeg* will keep the size down.
+
+Now copy or drag and drop your videos into the *~/Sync/peertube_upload* directory. Syncthing will sync to the server and automatically add the videos to PeerTube. Depending on how large the videos are this may take some time.
+
+Imported videos can be seen by logging into PeerTube, selecting *My account* then the *My videos* tab. You can then view them, add a description and select to make them public if you wish.

doc/EN/apps.org

 It's like ordinary email, but with [[https://en.wikipedia.org/wiki/I2P][i2p]] as the transport mechanism.
 
 [[./app_bdsmail.html][How to use it]]
+* Bludit
+This is a simple databaseless blogging system which uses markdown files. It should run well on any hardware.
+
+[[./app_bludit.html][How to use it]]
 * CryptPad
 Collaborate on editing documents, presentations and source code, or vote on things. All with a good level of security.
 
 Federated social network system.
 
 [[./app_friendica.html][How to use it]]
-* Ghost
-Modern looking blogging system.
-
-[[./app_ghost.html][How to use it]]
 * GNU Social
 Federated social network based on the OStatus protocol. You can "/remote follow/" other users within the GNU Social federation.
 

src/freedombone-app-akaunting

     # copy jquery locally
     jquery_version='1.12.4'
     if [ ! -f jquery-${jquery_version}.js ]; then
-        cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3276324
+        cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 3276324
         wget https://code.jquery.com/jquery-${jquery_version}.js
         jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
         if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then

src/freedombone-app-bludit

+#!/bin/bash
+#
+# .---.                  .              .
+# |                      |              |
+# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
+# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
+# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+#
+#                    Freedom in the Cloud
+#
+# License
+# =======
+#
+# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+VARIANTS='full full-vim'
+
+IN_DEFAULT_INSTALL=0
+SHOW_ON_ABOUT=1
+
+BLUDIT_DOMAIN_NAME=
+BLUDIT_CODE=
+BLUDIT_ONION_PORT=9844
+BLUDIT_REPO="https://github.com/bludit/bludit"
+BLUDIT_COMMIT='0e27e31a84421b3e6bd000a77bc89c2dff3c446a'
+
+bludit_variables=(ONION_ONLY
+                  BLUDIT_DOMAIN_NAME
+                  BLUDIT_CODE
+                  DDNS_PROVIDER
+                  MY_USERNAME)
+
+function logging_on_bludit {
+    echo -n ''
+}
+
+function logging_off_bludit {
+    echo -n ''
+}
+
+function remove_user_bludit {
+    remove_username="$1"
+
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp bludit
+}
+
+function add_user_bludit {
+    new_username="$1"
+    new_user_password="$2"
+
+    "${PROJECT_NAME}-pass" -u "$new_username" -a bludit -p "$new_user_password"
+    echo '0'
+}
+
+function install_interactive_bludit {
+    if [ ! "$ONION_ONLY" ]; then
+        ONION_ONLY='no'
+    fi
+
+    if [[ "$ONION_ONLY" != "no" ]]; then
+        BLUDIT_DOMAIN_NAME='bludit.local'
+        write_config_param "BLUDIT_DOMAIN_NAME" "$BLUDIT_DOMAIN_NAME"
+    else
+        interactive_site_details "bludit" "BLUDIT_DOMAIN_NAME" "BLUDIT_CODE"
+    fi
+    APP_INSTALLED=1
+}
+
+function change_password_bludit {
+    curr_username="$1"
+    new_user_password="$2"
+
+    read_config_param 'BLUDIT_DOMAIN_NAME'
+
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a bludit -p "$new_user_password"
+}
+
+function reconfigure_bludit {
+    # This is used if you need to switch identity. Dump old keys and generate new ones
+    echo -n ''
+}
+
+function upgrade_bludit {
+    CURR_BLUDIT_COMMIT=$(get_completion_param "bludit commit")
+    if [[ "$CURR_BLUDIT_COMMIT" == "$BLUDIT_COMMIT" ]]; then
+        return
+    fi
+
+    if grep -q "bludit domain" "$COMPLETION_FILE"; then
+        BLUDIT_DOMAIN_NAME=$(get_completion_param "bludit domain")
+    fi
+
+    # update to the next commit
+    set_repo_commit "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" "bludit commit" "$BLUDIT_COMMIT" $BLUDIT_REPO
+    chown -R www-data:www-data "/var/www/${BLUDIT_DOMAIN_NAME}/htdocs"
+}
+
+function backup_local_bludit {
+    BLUDIT_DOMAIN_NAME='bludit'
+    if grep -q "bludit domain" "$COMPLETION_FILE"; then
+        BLUDIT_DOMAIN_NAME=$(get_completion_param "bludit domain")
+    fi
+
+    source_directory=/var/www/${BLUDIT_DOMAIN_NAME}/htdocs
+
+    suspend_site "${BLUDIT_DOMAIN_NAME}"
+
+    dest_directory=bludit
+    backup_directory_to_usb "$source_directory" $dest_directory
+
+    restart_site
+}
+
+function restore_local_bludit {
+    if ! grep -q "bludit domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    BLUDIT_DOMAIN_NAME=$(get_completion_param "bludit domain")
+    if [ "$BLUDIT_DOMAIN_NAME" ]; then
+        temp_restore_dir=/root/tempbludit
+        bludit_dir=/var/www/${BLUDIT_DOMAIN_NAME}/htdocs
+
+        restore_directory_from_usb $temp_restore_dir bludit
+        if [ -d $temp_restore_dir ]; then
+            if [ -d "$temp_restore_dir$bludit_dir" ]; then
+                cp -rp "$temp_restore_dir$bludit_dir"/* "$bludit_dir"/
+            else
+                if [ ! -d "$bludit_dir" ]; then
+                    mkdir "$bludit_dir"
+                fi
+                cp -rp "$temp_restore_dir"/* "$bludit_dir"/
+            fi
+            chown -R www-data:www-data "$bludit_dir"
+            rm -rf $temp_restore_dir
+        fi
+
+    fi
+}
+
+function backup_remote_bludit {
+    BLUDIT_DOMAIN_NAME='bludit'
+    if grep -q "bludit domain" "$COMPLETION_FILE"; then
+        BLUDIT_DOMAIN_NAME=$(get_completion_param "bludit domain")
+    fi
+
+    source_directory=/var/www/${BLUDIT_DOMAIN_NAME}/htdocs
+
+    suspend_site "${BLUDIT_DOMAIN_NAME}"
+
+    dest_directory=bludit
+    backup_directory_to_friend "$source_directory" $dest_directory
+
+    restart_site
+}
+
+function restore_remote_bludit {
+    if ! grep -q "bludit domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    BLUDIT_DOMAIN_NAME=$(get_completion_param "bludit domain")
+    if [ "$BLUDIT_DOMAIN_NAME" ]; then
+        temp_restore_dir=/root/tempbludit
+        bludit_dir=/var/www/${BLUDIT_DOMAIN_NAME}/htdocs
+
+        restore_directory_from_friend $temp_restore_dir bludit
+        if [ -d $temp_restore_dir ]; then
+            if [ -d "$temp_restore_dir$bludit_dir" ]; then
+                cp -rp "$temp_restore_dir$bludit_dir"/* "$bludit_dir"/
+            else
+                if [ ! -d "$bludit_dir" ]; then
+                    mkdir "$bludit_dir"
+                fi
+                cp -rp $temp_restore_dir/* "$bludit_dir"/
+            fi
+            chown -R www-data:www-data "$bludit_dir"
+            rm -rf $temp_restore_dir
+        fi
+
+    fi
+}
+
+function remove_bludit {
+    nginx_dissite "$BLUDIT_DOMAIN_NAME"
+    remove_certs "$BLUDIT_DOMAIN_NAME"
+
+
+    if [ -d "/var/www/$BLUDIT_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$BLUDIT_DOMAIN_NAME"
+    fi
+    if [ -f "/etc/nginx/sites-available/$BLUDIT_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$BLUDIT_DOMAIN_NAME"
+    fi
+    remove_onion_service bludit ${BLUDIT_ONION_PORT}
+    if grep -q "bludit" /etc/crontab; then
+        sed -i "/bludit/d" /etc/crontab
+    fi
+    remove_app bludit
+    remove_completion_param install_bludit
+    sed -i '/bludit/d' "$COMPLETION_FILE"
+
+    remove_ddns_domain "$BLUDIT_DOMAIN_NAME"
+}
+
+function install_bludit {
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
+    apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
+
+    if [ ! "$BLUDIT_DOMAIN_NAME" ]; then
+        echo $'No domain name was given'
+        exit 3568356
+    fi
+
+    if [ -d "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" ]; then
+        rm -rf "/var/www/$BLUDIT_DOMAIN_NAME/htdocs"
+    fi
+    if [ -d /repos/bludit ]; then
+        mkdir "/var/www/$BLUDIT_DOMAIN_NAME/htdocs"
+        cp -r -p /repos/bludit/. "/var/www/$BLUDIT_DOMAIN_NAME/htdocs"
+        cd "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" || exit 324687356
+        git pull
+    else
+        git_clone $BLUDIT_REPO "/var/www/$BLUDIT_DOMAIN_NAME/htdocs"
+    fi
+
+    if [ ! -d "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" ]; then
+        echo $'Unable to clone bludit repo'
+        exit 87525
+    fi
+
+    cd "/var/www/$BLUDIT_DOMAIN_NAME/htdocs" || exit 36587356
+    git checkout $BLUDIT_COMMIT -b $BLUDIT_COMMIT
+    set_completion_param "bludit commit" "$BLUDIT_COMMIT"
+
+    chmod g+w "/var/www/$BLUDIT_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$BLUDIT_DOMAIN_NAME/htdocs"
+
+    add_ddns_domain "$BLUDIT_DOMAIN_NAME"
+
+    BLUDIT_ONION_HOSTNAME=$(add_onion_service bludit 80 ${BLUDIT_ONION_PORT})
+
+    bludit_nginx_site=/etc/nginx/sites-available/$BLUDIT_DOMAIN_NAME
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        nginx_http_redirect "$BLUDIT_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $BLUDIT_DOMAIN_NAME;";
+          echo ''; } >> "$bludit_nginx_site"
+        nginx_compress "$BLUDIT_DOMAIN_NAME"
+        echo '' >> "$bludit_nginx_site"
+        echo '  # Security' >> "$bludit_nginx_site"
+        nginx_ssl "$BLUDIT_DOMAIN_NAME"
+
+        nginx_security_options "$BLUDIT_DOMAIN_NAME"
+
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$BLUDIT_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.php;';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$bludit_nginx_site"
+        nginx_limits "$BLUDIT_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ /index.php?\$args;";
+          echo '  }';
+          echo '}'; } >> "$bludit_nginx_site"
+    else
+        echo -n '' > "$bludit_nginx_site"
+    fi
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$BLUDIT_ONION_PORT default_server;";
+      echo "    server_name $BLUDIT_ONION_HOSTNAME;";
+      echo ''; } >> "$bludit_nginx_site"
+    nginx_compress "$BLUDIT_DOMAIN_NAME"
+    echo '' >> "$bludit_nginx_site"
+    nginx_security_options "$BLUDIT_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$BLUDIT_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$bludit_nginx_site"
+    nginx_limits "$BLUDIT_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ index.php?\$args;";
+      echo '  }';
+      echo '}'; } >> "$bludit_nginx_site"
+
+    configure_php
+
+    create_site_certificate "$BLUDIT_DOMAIN_NAME" 'yes'
+
+    nginx_ensite "$BLUDIT_DOMAIN_NAME"
+
+    systemctl restart php7.0-fpm
+    systemctl restart nginx
+
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bludit -p "$BLUDIT_ADMIN_PASSWORD"
+    set_completion_param "bludit domain" "$BLUDIT_DOMAIN_NAME"
+
+    APP_INSTALLED=1
+}
+
+# NOTE: deliberately there is no "exit 0"

src/freedombone-app-cryptpad

 
     cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad
     { echo 'server {';
-      echo "  listen 80 default_server;";
+      echo '  listen [::]:80 default_server;';
       echo "  server_name P${PEER_ID}.local;";
       echo '';
       echo '  # Logs';
       echo '  }';
       echo '';
       echo '  location = /cryptpad_websocket {';
-      echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;";
+      echo "    proxy_pass http://[::]:$CRYPTPAD_PORT;";
       echo "    proxy_set_header X-Real-IP \$remote_addr;";
       echo "    proxy_set_header Host \$host;";
       echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";

src/freedombone-app-dlna

 }
 
 function configure_interactive_dlna {
+    W=(1 $"Attach a drive containing playable media"
+       2 $"Remove a drive containing playable media")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"Media Menu" \
-               --radiolist $"Choose an operation:" 13 70 3 \
-               1 $"Attach a drive containing playable media" off \
-               2 $"Remove a drive containing playable media" off \
-               3 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               break;;
-            255) rm -f "$data"
-                 break;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Media Menu" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) attach-music;;
             2) remove-music;;
-            3) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 

src/freedombone-app-edith

 }
 
 function configure_interactive_edith {
+    W=(1 $"Enable login"
+       2 $"Browse notes")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"Edith" \
-               --radiolist $"Choose an operation:" 10 50 3 \
-               1 $"Enable login" off \
-               2 $"Browse notes" off \
-               3 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               break;;
-            255) rm -f "$data"
-                 break;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Edith" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) edith_enable_login;;
             2) edith_browse;;
-            3) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 
     fi
 
     if [[ "$ONION_ONLY" != "no" ]]; then
-        GHOST_DOMAIN_NAME='edith.local'
+        EDITH_DOMAIN_NAME='edith.local'
         write_config_param "EDITH_DOMAIN_NAME" "$EDITH_DOMAIN_NAME"
     else
         function_check interactive_site_details

src/freedombone-app-etherpad

 }
 
 function configure_interactive_etherpad {
+    W=(1 $"Set Title"
+       2 $"Set a welcome message")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"Etherpad Settings" \
-               --radiolist $"Choose an operation:" 12 70 3 \
-               1 $"Set Title" off \
-               2 $"Set a welcome message" off \
-               3 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               return;;
-            255) rm -f "$data"
-                 return;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Etherpad" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) etherpad_set_title;;
             2) etherpad_set_welcome_message;;
-            3) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 

src/freedombone-app-fedwiki

 
 function fedwiki_remove_bad_links {
     if [[ $ONION_ONLY == 'no' ]]; then
-        sed -i "s|link[href='https://maxcdn.bootstrapcdn.com.*|link[href='https://${FEDWIKI_DOMAIN_NAME}/fonts-font-awesome/css/font-awesome.min.css']\").length) {|g" /usr/local/lib/node_modules/wiki/node_modules/wiki-security-friends/client/security.js
+        sed -i "s|link\\[href='https://maxcdn.bootstrapcdn.com.*|link\\[href='https://${FEDWIKI_DOMAIN_NAME}/fonts-font-awesome/css/font-awesome.min.css']\").length) {|g" /var/lib/wiki/node_modules/wiki-security-friends/client/security.js
 
-        sed -i "s|\$('<link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com.*|\$('<link rel=\"stylesheet\" href=\"https://${FEDWIKI_DOMAIN_NAME}/fonts-font-awesome/css/font-awesome.min.css\">').appendTo(\"head\");|g" /usr/local/lib/node_modules/wiki/node_modules/wiki-security-friends/client/security.js
+        sed -i "s|\$('<link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com.*|\$('<link rel=\"stylesheet\" href=\"https://${FEDWIKI_DOMAIN_NAME}/fonts-font-awesome/css/font-awesome.min.css\">').appendTo(\"head\");|g" /var/lib/wiki/node_modules/wiki-security-friends/client/security.js
     else
         FEDWIKI_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_fedwiki/hostname)
-        sed -i "s|link[href='https://maxcdn.bootstrapcdn.com.*|link[href='http://${FEDWIKI_ONION_HOSTNAME}/fonts-font-awesome/css/font-awesome.min.css']\").length) {|g" /usr/local/lib/node_modules/wiki/node_modules/wiki-security-friends/client/security.js
+        sed -i "s|link\\[href='https://maxcdn.bootstrapcdn.com.*|link\\[href='http://${FEDWIKI_ONION_HOSTNAME}/fonts-font-awesome/css/font-awesome.min.css']\").length) {|g" /var/lib/wiki/node_modules/wiki-security-friends/client/security.js
 
-        sed -i "s|\$('<link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com.*|\$('<link rel=\"stylesheet\" href=\"http://${FEDWIKI_ONION_HOSTNAME}/fonts-font-awesome/css/font-awesome.min.css\">').appendTo(\"head\");|g" /usr/local/lib/node_modules/wiki/node_modules/wiki-security-friends/client/security.js
+        sed -i "s|\$('<link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com.*|\$('<link rel=\"stylesheet\" href=\"http://${FEDWIKI_ONION_HOSTNAME}/fonts-font-awesome/css/font-awesome.min.css\">').appendTo(\"head\");|g" /var/lib/wiki/node_modules/wiki-security-friends/client/security.js
     fi
 
-    if [ -f /usr/local/lib/node_modules/wiki/node_modules/localforage/docs/theme/style.css ]; then
-        sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/localforage/docs/theme/style.css
+    if [ -f /var/lib/wiki/node_modules/localforage/docs/theme/style.css ]; then
+        sed -i '/googleapi/d' /var/lib/wiki/node_modules/localforage/docs/theme/style.css
     fi
 
-    if [ -f /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html ]; then
-        sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html
+    if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html ]; then
+        sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html
     fi
 
-    if [ -f /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/done.html ]; then
-        sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/done.html
+    if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/done.html ]; then
+        sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/done.html
     fi
 
-    if [ -f /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html ]; then
-        sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html
+    if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html ]; then
+        sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html
     fi
 
-    if [ -f /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html ]; then
-        sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html
+    if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html ]; then
+        sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html
     fi
 
-    if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-google-oauth20 ]; then
-        rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-google-oauth20
+    if [ -d /var/lib/wiki/node_modules/passport-google-oauth20 ]; then
+        rm -rf /var/lib/wiki/node_modules/passport-google-oauth20
     fi
 
-    if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-oauth2 ]; then
-        rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-oauth2
+    if [ -d /var/lib/wiki/node_modules/passport-oauth2 ]; then
+        rm -rf /var/lib/wiki/node_modules/passport-oauth2
     fi
 
-    if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-twitter ]; then
-        rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-twitter
+    if [ -d /var/lib/wiki/node_modules/passport-twitter ]; then
+        rm -rf /var/lib/wiki/node_modules/passport-twitter
     fi
 
-    if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-github ]; then
-        rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-github
+    if [ -d /var/lib/wiki/node_modules/passport-github ]; then
+        rm -rf /var/lib/wiki/node_modules/passport-github
     fi
 }
 
 
     systemctl stop fedwiki
     npm upgrade -g wiki@$FEDWIKI_VERSION
+
+    cp -r /root/.npm-global/lib/node_modules/wiki/* /var/lib/wiki/
+    cp /root/.npm-global/bin/wiki /var/lib/wiki/wiki
+    chown -R fedwiki:fedwiki /var/lib/wiki
+
     fedwiki_remove_bad_links
+
     chown -R fedwiki:fedwiki $FEDWIKI_DATA
     systemctl start fedwiki
 
     if [ -d "/var/www/$FEDWIKI_DOMAIN_NAME" ]; then
         rm -rf "/var/www/$FEDWIKI_DOMAIN_NAME"
     fi
+    if [ -d /var/lib/wiki ]; then
+        rm -rf /var/lib/wiki
+    fi
     remove_config_param FEDWIKI_DOMAIN_NAME
     remove_config_param FEDWIKI_CODE
     function_check remove_onion_service
         exit 783533
     fi
 
-    if [ ! -f /usr/local/bin/wiki ]; then
+    if [ ! -f /root/.npm-global/bin/wiki ]; then
         echo $'wiki was not installed'
         exit 5293524
     fi
 
-    if [ ! -d /usr/local/lib/node_modules/wiki ]; then
-        echo $'wiki directory not found /usr/local/lib/node_modules/wiki'
+    if [ ! -d /root/.npm-global/lib/node_modules/wiki ]; then
+        echo $'wiki directory not found /root/.npm-global/lib/node_modules/wiki'
         exit 6285324
     fi
 
         FEDWIKI_COOKIE="$(create_password 20)"
     fi
 
+    cp -r /root/.npm-global/lib/node_modules/wiki /var/lib
+    cp /root/.npm-global/bin/wiki /var/lib/wiki
+    chown -R fedwiki:fedwiki /var/lib/wiki
+
     { echo '[Unit]';
       echo 'Description=Fedwiki federated wiki';
       echo 'After=syslog.target';
       echo '[Service]';
       echo 'User=fedwiki';
       echo 'Group=fedwiki';
-      echo "WorkingDirectory=/usr/local/lib/node_modules/wiki";
-      echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'";
+      echo "WorkingDirectory=/var/lib/wiki";
+      echo "ExecStart=/var/lib/wiki/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'";
       echo 'StandardOutput=syslog';
       echo 'StandardError=syslog';
       echo 'SyslogIdentifier=fedwiki';

src/freedombone-app-friendica

 }
 
 function configure_interactive_friendica {
+    W=(1 $"Set channel directory server"
+       2 $"Renew SSL certificate"
+       3 $"Close new account registrations"
+       4 $"Allow new account registrations")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"Friendica" \
-               --radiolist $"Choose an operation:" 15 70 6 \
-               1 $"Set channel directory server" off \
-               2 $"Renew SSL certificate" off \
-               3 $"Close new account registrations" off \
-               4 $"Allow new account registrations" off \
-               5 $"Back to main menu" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) break;;
-            255) break;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Friendica" --menu $"Choose an operation, or ESC to exit:" 14 60 4 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) friendica_channel_directory_server;;
             2) friendica_renew_cert;;
             3) friendica_close_registrations;;
             4) friendica_allow_registrations;;
-            5) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 

src/freedombone-app-ghost

-#!/bin/bash
-#
-# .---.                  .              .
-# |                      |              |
-# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
-# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
-# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
-#
-#                    Freedom in the Cloud
-#
-# Ghost blog
-#
-# License
-# =======
-#
-# Copyright (C) 2016-2018 Bob Mottram <bob@freedombone.net>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-VARIANTS="full full-vim writer"
-
-IN_DEFAULT_INSTALL=0
-SHOW_ON_ABOUT=1
-
-GHOST_VERSION=1.19.0
-GHOST_DOMAIN_NAME=
-GHOST_CODE=
-GHOST_ONION_PORT=8104
-GHOST_PORT=2368
-
-ghost_variables=(GHOST_DOMAIN_NAME
-                 GHOST_CODE
-                 GHOST_ADMIN_PASSWORD
-                 ONION_ONLY
-                 DDNS_PROVIDER
-                 MY_USERNAME)
-
-function ghost_bust {
-    # kill the started ghost process
-    kill_pid=$(pgrep "ghost run" | head -n 1)
-    kill -9 "$kill_pid"
-
-    kill_pid=$(pgrep "ghost" | head -n 1)
-    kill -9 "$kill_pid"
-
-    kill_pid=$(pgrep "ghost" | head -n 1)
-    kill -9 "$kill_pid"
-}
-
-function logging_on_ghost {
-    echo -n ''
-}
-
-function logging_off_ghost {
-    echo -n ''
-}
-
-function ghost_replace_jquery {
-    curr_domain="https://$GHOST_DOMAIN_NAME"
-    if [[ "$ONION_ONLY" != 'no' ]]; then
-        curr_domain="http://$GHOST_ONION_HOSTNAME"
-    fi
-
-    sed -i "s|src=\"https://code.jquery.com/jquery-.*|src=\"$curr_domain/jquery-${jquery_version}.js\"|g" current/content/themes/casper/default.hbs
-    sed -i "s|src=\"https://code.jquery.com/jquery-.*|src=\"$curr_domain/jquery-${jquery_version}.js\"></script>|g" current/node_modules/gscan/app/tpl/layouts/default.hbs
-    sed -i "s|http://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md
-    sed -i "s|https://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md
-
-    cd "/var/www/${GHOST_DOMAIN_NAME}/htdocs/current" || exit 3468368
-    find ./ -type f -exec sed -i -e "s|https://code.jquery.com|$curr_domain|g" {} \;
-    find ./ -type f -exec sed -i -e "s|http://code.jquery.com|$curr_domain|g" {} \;
-}
-
-function ghost_rss_button {
-    # remove feedly -aaargh!
-    sed -i 's|http://cloud.feedly.com/#subscription/feed/{{@blog.url}}/rss/|{{@blog.url}}/rss/|g' /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/content/themes/casper/partials/site-nav.hbs
-    sed -i 's|http://cloud.feedly.com/#subscription/feed/{{url absolute="true"}}/rss/|{{url absolute="true"}}rss/|g' /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/content/themes/casper/author.hbs
-
-}
-
-function ghost_remove_offsite_links {
-    curr_domain="$GHOST_DOMAIN_NAME"
-    if [[ "$ONION_ONLY" != 'no' ]]; then
-        curr_domain="$GHOST_ONION_HOSTNAME"
-    fi
-
-    ghost_rss_button
-
-    # remove google font links
-    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 246872424
-    find ./ -type f -exec sed -i -e "s/fonts.googleapis.com/$curr_domain/g" {} \;
-
-    # copy jquery locally
-    previous_jquery_version='1.12.0'
-    jquery_version='1.12.4'
-    if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/jquery-${jquery_version}.js ]; then
-        cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468746824
-        wget https://code.jquery.com/jquery-${jquery_version}.js
-        jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
-        if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then
-            echo $'Unexpected jquery hash value'
-            exit 258442
-        fi
-    fi
-    ghost_replace_jquery
-    previous_jquery_version='1.11.3'
-    ghost_replace_jquery
-}
-
-function ghost_replace_proprietary_services {
-    replace_file="$1"
-
-    sed -i 's|Twitter Profile|GNU Social Profile|g' "$replace_file"
-    sed -i 's|Twitter profile|GNU Social Profile|g' "$replace_file"
-    sed -i 's|Twitter Username|GNU Social Username|g' "$replace_file"
-    sed -i 's|twitter.com|quitter.se|g' "$replace_file"
-    sed -i 's|Facebook Page|Hubzilla Channel|g' "$replace_file"
-    sed -i 's|Facebook Profile|Hubzilla Channel|g' "$replace_file"
-    sed -i 's|Facebook profile|Hubzilla Channel|g' "$replace_file"
-    sed -i 's|www.facebook.com/username|hubzilladomain/username|g' "$replace_file"
-    sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' "$replace_file"
-    sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' "$replace_file"
-    sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' "$replace_file"
-    sed -i 's|www.facebook.com/test|hubzilladomain/username|g' "$replace_file"
-    sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' "$replace_file"
-    sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' "$replace_file"
-    sed -i 's|Facebook Username|Hubzilla Channel|g' "$replace_file"
-    sed -i 's|www.facebook.com|hubzilladomain|g' "$replace_file"
-    sed -i 's|facebook value|hubzilla value|g' "$replace_file"
-
-    sed -i '/<section class="share">/,/<\/section>/d' "$replace_file"
-}
-
-function ghost_replace_services {
-    ghost_replace_proprietary_services /var/www/${GHOST_DOMAIN_NAME}/htdocs/content/themes/casper/post.hbs
-}
-
-function remove_user_ghost {
-    remove_username="$1"
-}
-
-function add_user_ghost {
-    if [[ $(app_is_installed ghost) == "0" ]]; then
-        echo '0'
-        return
-    fi
-
-    new_username="$1"
-    new_user_password="$2"
-
-    echo '0'
-}
-
-function install_interactive_ghost {
-    if [ ! "$ONION_ONLY" ]; then
-        ONION_ONLY='no'
-    fi
-
-    if [[ $ONION_ONLY != "no" ]]; then
-        GHOST_DOMAIN_NAME='ghost.local'
-        write_config_param "GHOST_DOMAIN_NAME" "$GHOST_DOMAIN_NAME"
-    else
-        function_check interactive_site_details
-        interactive_site_details "ghost" "GHOST_DOMAIN_NAME" "GHOST_CODE"
-    fi
-    APP_INSTALLED=1
-}
-
-function change_password_ghost {
-    #GHOST_USERNAME="$1"
-    GHOST_PASSWORD="$2"
-    if [ ${#GHOST_PASSWORD} -lt 8 ]; then
-        echo $'Ghost password is too short'
-        return
-    fi
-    #"${PROJECT_NAME}-pass" -u "$GHOST_USERNAME" -a ghost -p "$GHOST_PASSWORD"
-}
-
-function reconfigure_ghost {
-    echo -n ''
-}
-
-function upgrade_ghost {
-    CURR_GHOST_VERSION=$(get_completion_param "ghost version")
-    if [[ "${CURR_GHOST_VERSION}" == "${GHOST_VERSION}" ]]; then
-        return
-    fi
-
-    read_config_param GHOST_DOMAIN_NAME
-
-    if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs ]; then
-        return
-    fi
-
-    systemctl stop ghost
-    ghost_bust
-
-    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468463
-
-    npm i -g ghost-cli
-    /usr/local/bin/ghost update &
-    sleep 200
-    ghost_bust
-
-    ghost_replace_services
-    ghost_remove_offsite_links
-
-    chown root:root /usr/local/bin/ghost
-    chown -R root:root /usr/local/lib
-    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
-    systemctl restart ghost
-    sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" "${COMPLETION_FILE}"
-}
-
-function backup_local_ghost {
-    GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" "$COMPLETION_FILE"; then
-        GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
-    fi
-
-    suspend_site "${GHOST_DOMAIN_NAME}"
-    systemctl stop ghost
-
-    ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
-    if [ -d "$ghost_path" ]; then
-        backup_directory_to_usb "$ghost_path" ghostcontent
-    fi
-
-    ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
-    if [ -d "$ghost_path" ]; then
-        backup_directory_to_usb "$ghost_path" ghostcurrent
-    fi
-
-    systemctl start ghost
-    restart_site
-}
-
-function restore_local_ghost {
-    GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" "$COMPLETION_FILE"; then
-        GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
-    fi
-    if [ "$GHOST_DOMAIN_NAME" ]; then
-        suspend_site "${GHOST_DOMAIN_NAME}"
-        systemctl stop ghost
-
-        temp_restore_dir=/root/tempghostcontent
-        function_check restore_directory_from_usb
-        restore_directory_from_usb $temp_restore_dir ghostcontent
-        if [ -d $temp_restore_dir ]; then
-            if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
-                cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
-            else
-                if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
-                    mkdir "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
-                fi
-                cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
-            fi
-            chown -R ghost:ghost "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
-            rm -rf $temp_restore_dir
-        fi
-
-        temp_restore_dir=/root/tempghostcurrent
-        function_check restore_directory_from_usb
-        restore_directory_from_usb $temp_restore_dir ghostcurrent
-        if [ -d $temp_restore_dir ]; then
-            if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
-                cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
-            else
-                if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
-                    mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
-                fi
-                cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
-            fi
-            chown -R ghost:ghost "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
-            rm -rf $temp_restore_dir
-        fi
-
-        systemctl start ghost
-        restart_site
-    fi
-}
-
-function backup_remote_ghost {
-    GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" "$COMPLETION_FILE"; then
-        GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
-    fi
-
-    suspend_site "${GHOST_DOMAIN_NAME}"
-
-    temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
-    if [ -d "$temp_backup_dir" ]; then
-        backup_directory_to_friend "$temp_backup_dir" ghostcontent
-    else
-        restart_site
-        echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}"
-        exit 2578
-    fi
-
-    temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
-    if [ -d "$temp_backup_dir" ]; then
-        backup_directory_to_friend "$temp_backup_dir" ghostcurrent
-    else
-        restart_site
-        echo $"Ghost domain specified but not found in $temp_backup_dir"
-        exit 78353
-    fi
-
-    restart_site
-}
-
-function restore_remote_ghost {
-    GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" "$COMPLETION_FILE"; then
-        GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
-    fi
-    suspend_site "${GHOST_DOMAIN_NAME}"
-
-    systemctl stop ghost
-
-    temp_restore_dir=/root/tempghostcontent
-    function_check restore_directory_from_friend
-    restore_directory_from_friend $temp_restore_dir ghostcontent
-    if [ -d $temp_restore_dir ]; then
-        if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
-            cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
-        else
-            if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
-                mkdir "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
-            fi
-            cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
-        fi
-        chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
-        rm -rf $temp_restore_dir
-    fi
-
-    temp_restore_dir=/root/tempghostcurrent
-    function_check restore_directory_from_friend
-    restore_directory_from_friend $temp_restore_dir ghostcurrent
-    if [ -d $temp_restore_dir ]; then
-        if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
-            cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
-        else
-            if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
-                mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
-            fi
-            cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
-        fi
-        chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
-        rm -rf $temp_restore_dir
-    fi
-
-    systemctl start ghost
-    restart_site
-}
-
-function remove_ghost {
-    if [ ${#GHOST_DOMAIN_NAME} -eq 0 ]; then
-        return
-    fi
-
-    systemctl stop ghost
-    systemctl disable ghost
-    rm /etc/systemd/system/ghost.service
-    systemctl daemon-reload
-
-    npm uninstall -g ghost-cli
-
-    function_check remove_nodejs
-    remove_nodejs ghost
-
-    read_config_param "GHOST_DOMAIN_NAME"
-    nginx_dissite "$GHOST_DOMAIN_NAME"
-    remove_certs "${GHOST_DOMAIN_NAME}"
-    if [ -f "/etc/nginx/sites-available/$GHOST_DOMAIN_NAME" ]; then
-        rm -f "/etc/nginx/sites-available/$GHOST_DOMAIN_NAME"
-    fi
-    if [ -d "/var/www/$GHOST_DOMAIN_NAME" ]; then
-        rm -rf "/var/www/$GHOST_DOMAIN_NAME"
-    fi
-    remove_config_param GHOST_DOMAIN_NAME
-    remove_config_param GHOST_CODE
-    function_check remove_onion_service
-    remove_onion_service ghost ${GHOST_ONION_PORT}
-    remove_completion_param "install_ghost"
-    sed -i '/Ghost/d' "$COMPLETION_FILE"
-    sed -i '/ghost/d' "$COMPLETION_FILE"
-
-    groupdel -f ghost
-    userdel -r ghost
-
-    function_check remove_ddns_domain
-    remove_ddns_domain "$GHOST_DOMAIN_NAME"
-}
-
-function install_ghost {
-    check_ram_availability 900
-
-    if [ ! $ONION_ONLY ]; then
-        ONION_ONLY='no'
-    fi
-
-    if [ ! "$GHOST_DOMAIN_NAME" ]; then
-        echo $'The ghost domain name was not specified'
-        exit 5062
-    fi
-
-    # for the avatar changing command
-    apt-get -yq install unzip wget
-
-    if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs" ]; then
-        mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs"
-    fi
-    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 26422842
-
-    function_check install_nodejs
-    install_nodejs ghost
-
-    # now install ghost itself
-    npm install -g ghost-cli@latest
-    if [ ! -f /usr/local/bin/ghost ]; then
-        echo $'ghost was not installed'
-        exit 738539
-    fi
-
-    GHOST_ONION_HOSTNAME=$(add_onion_service ghost 80 ${GHOST_ONION_PORT})
-
-    npm install -g yarn
-    yarn install --no-emoji --no-progress
-    yarn cache clean
-    adduser --system --home="/var/www/${GHOST_DOMAIN_NAME}/htdocs/" --group ghost
-    rm -rf "/var/www/$GHOST_DOMAIN_NAME/htdocs/"*
-    printf 'y' | ghost install ${GHOST_VERSION} --user ghost --db=sqlite3 --port ${GHOST_PORT} --verbose
-
-    if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions" ]; then
-        echo $'versions directory was not found'
-        exit 782523462
-    fi
-    if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
-        echo $'content directory was not found'
-        exit 68352682
-    fi
-
-    npm install -g knex-migrator
-    if [ ! -f "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js" ]; then
-        echo $'MigratorConfig.js was not found'
-        exit 62783538
-    fi
-    cp "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js" "/var/www/$GHOST_DOMAIN_NAME/htdocs"
-    chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
-    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 783452464
-    knex-migrator init
-
-    ghost_bust
-
-    echo '{' > "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
-    if [[ "$ONION_ONLY" == 'no' ]]; then
-        # NOTE: url must be http, not https
-        echo "  \"url\": \"http://${GHOST_DOMAIN_NAME}\"," >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
-    else
-        echo "  \"url\": \"http://${GHOST_ONION_HOSTNAME}\"," >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
-    fi
-    { echo '    "paths": {';
-      echo "        \"contentPath\": \"/var/www/${GHOST_DOMAIN_NAME}/htdocs/content\"";
-      echo '    }';
-      echo '}'; } >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
-
-    { echo '[Unit]';
-      echo 'Description=Ghost Blog';
-      echo 'After=syslog.target';
-      echo 'After=network.target';
-      echo '';
-      echo '[Service]';
-      echo 'Type=simple';
-      echo 'User=ghost';
-      echo 'Group=ghost';
-      echo "WorkingDirectory=/var/www/${GHOST_DOMAIN_NAME}/htdocs";
-      echo "ExecStart=/usr/local/bin/ghost run -D";
-      echo "ExecStop=/usr/local/bin/ghost stop";
-      echo "ExecRestart=/usr/local/bin/ghost restart";
-      echo 'Restart=always';
-      echo 'RestartSec=60';
-      echo "Environment=NODE_ENV=development PORT=${GHOST_PORT}";
-      echo '';
-      echo '[Install]';
-      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ghost.service
-
-    ghost_remove_offsite_links
-
-    chown -R ghost: "/var/www/${GHOST_DOMAIN_NAME}/htdocs"
-
-    systemctl enable ghost
-    systemctl daemon-reload
-    systemctl start ghost
-
-    if [[ ${ONION_ONLY} == "no" ]]; then
-        function_check nginx_http_redirect
-        nginx_http_redirect "${GHOST_DOMAIN_NAME}"
-        { echo 'server {';
-          echo '    listen 443 ssl;';
-          echo '    #listen [::]:443 ssl;';
-          echo "    root /var/www/${GHOST_DOMAIN_NAME}/htdocs;";
-          echo "    server_name ${GHOST_DOMAIN_NAME};";
-          echo '    access_log /dev/null;';
-          echo "    error_log /dev/null;";
-          echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
-        function_check nginx_ssl
-        nginx_ssl "${GHOST_DOMAIN_NAME}"
-        function_check nginx_security_options
-        nginx_security_options "${GHOST_DOMAIN_NAME}"
-        { echo '    add_header Strict-Transport-Security max-age=0;';
-          echo '';
-          echo '    location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
-        function_check nginx_limits
-        nginx_limits "${GHOST_DOMAIN_NAME}" '10G'
-        { echo "        proxy_pass http://localhost:${GHOST_PORT};";
-          echo '    }';
-          echo '';
-          echo '    fastcgi_buffers 64 4K;';
-          echo '';
-          echo '    error_page 403 /core/templates/403.php;';
-          echo '    error_page 404 /core/templates/404.php;';
-          echo '';
-          echo '    location = /robots.txt {';
-          echo '        allow all;';
-          echo '        log_not_found off;';
-          echo '        access_log /dev/null;';
-          echo '    }';
-          echo '}';
-          echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
-    else
-        echo -n '' > "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
-    fi
-    { echo 'server {';
-      echo "    listen 127.0.0.1:${GHOST_ONION_PORT} default_server;";
-      echo "    root /var/www/$GHOST_DOMAIN_NAME/htdocs;";
-      echo "    server_name $GHOST_ONION_HOSTNAME;";
-      echo '    access_log /dev/null;';
-      echo "    error_log /dev/null;";
-      echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
-    function_check nginx_security_options
-    nginx_security_options "${GHOST_DOMAIN_NAME}"
-    { echo '    add_header Strict-Transport-Security max-age=0;';
-      echo '';
-      echo '    location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
-    function_check nginx_limits
-    nginx_limits "${GHOST_DOMAIN_NAME}" '10G'
-    { echo "        proxy_pass http://localhost:${GHOST_PORT};";
-      echo '    }';
-      echo '';
-      echo '    fastcgi_buffers 64 4K;';
-      echo '';
-      echo '    error_page 403 /core/templates/403.php;';
-      echo '    error_page 404 /core/templates/404.php;';
-      echo '';
-      echo '    location = /robots.txt {';
-      echo '        allow all;';
-      echo '        log_not_found off;';
-      echo '        access_log /dev/null;';
-      echo '    }';
-      echo '}'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
-
-    function_check create_site_certificate
-    create_site_certificate "$GHOST_DOMAIN_NAME" 'yes'
-
-    ghost_replace_services
-
-    function_check nginx_ensite
-    nginx_ensite "$GHOST_DOMAIN_NAME"
-
-    systemctl restart nginx
-
-    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a ghost -p "$GHOST_ADMIN_PASSWORD"
-
-    function_check add_ddns_domain
-    add_ddns_domain "$GHOST_DOMAIN_NAME"
-
-    chown root:root /usr/local/bin/ghost
-    chown -R root:root /usr/local/lib
-    chown -R ghost: "/var/www/${GHOST_DOMAIN_NAME}/htdocs"
-    set_completion_param "ghost domain" "$GHOST_DOMAIN_NAME"
-    if ! grep -q "ghost version:" "${COMPLETION_FILE}"; then
-        echo "ghost version:${GHOST_VERSION}" >> "${COMPLETION_FILE}"
-    else
-        sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" "${COMPLETION_FILE}"
-    fi
-
-    APP_INSTALLED=1
-}
-
-# NOTE: deliberately no exit 0

src/freedombone-app-gnusocial

     read_config_param GNUSOCIAL_EXPIRE_MONTHS
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"GNU Social" \
-               --radiolist $"Choose an operation:" 16 70 7 \
-               1 $"Set a background image" off \
-               2 $"Set the title" off \
-               3 $"Set post expiry period (currently $GNUSOCIAL_EXPIRE_MONTHS months)" off \
-               4 $"Select Qvitter user interface" off \
-               5 $"Select Pleroma user interface" off \
-               6 $"Select Classic user interface" off \
-               7 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               return;;
-            255) rm -f "$data"
-                 return;;
-        esac
-        case $(cat "$data") in
+        W=(1 $"Set a background image"
+           2 $"Set the title"
+           3 $"Set post expiry period (currently $GNUSOCIAL_EXPIRE_MONTHS months)"
+           4 $"Select Qvitter user interface"
+           5 $"Select Pleroma user interface"
+           6 $"Select Classic user interface")
+
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"GNU Social" --menu $"Choose an operation, or ESC to exit:" 15 60 6 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) gnusocial_set_background_image;;
             2) gnusocial_set_title;;
             3) gnusocial_set_expire_months;;
             4) gnusocial_use_qvitter gnusocial;;
             5) gnusocial_use_pleroma gnusocial;;
             6) gnusocial_use_classic gnusocial;;
-            7) break;;
         esac
-        rm -f "$data"
     done
 }
 

src/freedombone-app-hubzilla

 }
 
 function configure_interactive_hubzilla {
+    W=(1 $"Set channel directory server"
+       2 $"Renew SSL certificate")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"Hubzilla" \
-               --radiolist $"Choose an operation:" 13 70 4 \
-               1 $"Set channel directory server" off \
-               2 $"Renew SSL certificate" off \
-               3 $"Back to main menu" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) break;;
-            255) break;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Hubzilla" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) hubzilla_channel_directory_server;;
             2) hubzilla_renew_cert;;
-            3) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 

src/freedombone-app-icecast

 }
 
 function configure_interactive_icecast {
+    W=(1 $"Import stream files from directory"
+       2 $"Import stream files from USB drive"
+       3 $"Format a USB drive for stream file storage"
+       4 $"Export stream files to USB drive"
+       5 $"Manually edit playlist"
+       6 $"Enable login for stream visitors"
+       7 $"Change password for stream visitors"
+       8 $"Re-scan playlist"
+       9 $"Restart stream"
+       10 $"Set Stream Name/Description/Genre"
+       11 $"Set maximum number of clients/streams")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"Icecast" \
-               --radiolist $"Choose an operation:" 19 70 12 \
-               1 $"Import stream files from directory" off \
-               2 $"Import stream files from USB drive" off \
-               3 $"Format a USB drive for stream file storage" off \
-               4 $"Export stream files to USB drive" off \
-               5 $"Manually edit playlist" off \
-               6 $"Enable login for stream visitors" off \
-               7 $"Change password for stream visitors" off \
-               8 $"Re-scan playlist" off \
-               9 $"Restart stream" off \
-               10 $"Set Stream Name/Description/Genre" off \
-               11 $"Set maximum number of clients/streams" off \
-               12 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               break;;
-            255) rm -f "$data"
-                 break;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Icecast" --menu $"Choose an operation, or ESC to exit:" 20 60 11 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) icecast_import_from_directory;;
             2) icecast_import_from_usb;;
             3) icecast_format_drive;;
                start_icecast;;
             10) icecast_set_stream_name;;
             11) icecast_set_maximum_streams;;
-            12) rm -f "$data"
-                break;;
         esac
-        rm -f "$data"
     done
 }
 

src/freedombone-app-irc

         return
     fi
 
+    W=(1 $"Set a password for all IRC users"
+       2 $"Show current IRC login password")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"IRC Menu" \
-               --radiolist $"Choose an operation:" 14 70 4 \
-               1 $"Set a password for all IRC users" off \
-               2 $"Show current IRC login password" off \
-               3 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               break;;
-            255) rm -f "$data"
-                 break;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"IRC" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) irc_set_global_password;;
             2) irc_show_password;;
-            3) break;;
         esac
-        rm -f "$data"
     done
 }
 

src/freedombone-app-keyserver

 }
 
 function configure_interactive_keyserver {
+    W=(1 $"Remove a key"
+       2 $"Sync with other keyserver"
+       3 $"Edit sync keyservers")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"SKS Keyserver" \
-               --radiolist $"Choose an operation:" 12 70 4 \
-               1 $"Remove a key" off \
-               2 $"Sync with other keyserver" off \
-               3 $"Edit sync keyservers" off \
-               4 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               return;;
-            255) rm -f "$data"
-                 return;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"SKS Keyserver" --menu $"Choose an operation, or ESC to exit:" 11 60 3 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) keyserver_remove_key;;
             2) keyserver_sync;;
             3) keyserver_edit;;
-            4) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 

src/freedombone-app-koel

 
 
 function configure_interactive_koel {
+    W=(1 $"Import music from directory"
+       2 $"Import music from USB drive"
+       3 $"Export music to USB drive"
+       4 $"Format a USB drive for music storage")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"Koel" \
-               --radiolist $"Choose an operation:" 12 70 5 \
-               1 $"Import music from directory" off \
-               2 $"Import music from USB drive" off \
-               3 $"Export music to USB drive" off \
-               4 $"Format a USB drive for music storage" off \
-               5 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               break;;
-            255) rm -f "$data"
-                 break;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Koel" --menu $"Choose an operation, or ESC to exit:" 12 60 4 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) koel_import_from_directory;;
             2) koel_import_from_usb;;
             3) koel_export_to_usb;;
             4) format_music_drive;;
-            5) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 

src/freedombone-app-mailpile

       echo 'User=mailpile';
       echo 'Group=mailpile';
       echo "WorkingDirectory=/var/www/$MAILPILE_DOMAIN_NAME/mail";
-      echo "ExecStart=/var/www/$MAILPILE_DOMAIN_NAME/mail/mp --www=0.0.0.0:${MAILPILE_PORT} --wait";
+      echo "ExecStart=/var/www/$MAILPILE_DOMAIN_NAME/mail/mp --www=127.0.0.1:${MAILPILE_PORT} --wait";
       echo 'Restart=always';
       echo 'RestartSec=10';
       echo '';

src/freedombone-app-matrix

     matrix_nginx_site=/etc/nginx/sites-available/$MATRIX_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         { echo 'server {';
-          echo "  listen 0.0.0.0:443;";
+          echo "  listen 443;";
           echo "  server_name ${MATRIX_DOMAIN_NAME};";
           echo '';
           echo '  # Security'; } > $matrix_nginx_site
           echo '}';
           echo '';
           echo 'server {';
-          echo "  listen 0.0.0.0:${MATRIX_HTTP_PORT};";
+          echo "  listen ${MATRIX_HTTP_PORT};";
           echo "  server_name ${MATRIX_DOMAIN_NAME};";
           echo '';
           echo '  # Security'; } >> $matrix_nginx_site

src/freedombone-app-peertube

 PEERTUBE_DOMAIN_NAME=
 PEERTUBE_CODE=
 PEERTUBE_REPO="https://github.com/Chocobozzz/PeerTube"
-PEERTUBE_COMMIT='fef2c7164e025b12a64185dbab058ef4129733c6'
+PEERTUBE_COMMIT='f209b32afaffbb8b93c265525ebde182ab66c37a'
 PEERTUBE_ONION_PORT=8136
 PEERTUBE_PORT=9004
 MESH_PEERTUBE_PORT=8500
                     ARCHITECTURE
                     MY_EMAIL_ADDRESS)
 
+function peertube_import_from_syncthing {
+    peertubedomain="https://$PEERTUBE_DOMAIN_NAME"
+    nodecmd='node'
+
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        peertubedomain="http://$(cat /var/lib/tor/hidden_service_peertube/hostname)"
+        nodecmd='torsocks node'
+    fi
+
+    { echo '#!/bin/bash';
+      echo '';
+      echo 'LOCKFILE=/tmp/.peertube.lock';
+      echo '';
+      echo 'if [ -f /root/.peertube.lock ]; then';
+      echo "    lockctr=\$(cat \$LOCKFILE)";
+      echo "    lockctr=\$((lockctr+1))";
+      echo "    echo \"\$lockctr\" > \$LOCKFILE";
+      echo "    if [ \$lockctr -ge 30 ]; then";
+      echo "        rm \$LOCKFILE";
+      echo '    else';
+      echo '        exit 0';
+      echo '    fi';
+      echo 'fi';
+      echo '';
+      echo "MY_USERNAME=\$(cat /root/${PROJECT_NAME}.cfg | grep MY_USERNAME | awk -F '=' '{print \$2}')";
+      echo "if [ ! \"\$MY_USERNAME\" ]; then";
+      echo '    exit 0';
+      echo 'fi';
+      echo '';
+      echo "search_dir=/home/\$MY_USERNAME/Sync/peertube_upload";
+      echo "if [ ! -f \$search_dir/login.txt ]; then";
+      echo '    exit 0';
+      echo 'fi';
+      echo "import_script=${PEERTUBE_DIR}/dist/server/tools/upload.js";
+      echo "if [ ! -f \$import_script ]; then";
+      echo '    exit 0';
+      echo 'fi';
+      echo '';
+      echo "peertubedomain=\"$peertubedomain\"";
+      echo "peertubeuser=\$(sed -n 1p < \"\$search_dir/login.txt\")";
+      echo "peertubepassword=\$(sed -n 2p < \"\$search_dir/login.txt\")";
+      echo 'peertubensfw=';
+      echo "if grep -q 'nsfw' \"\$search_dir/login.txt\"; then";
+      echo "    peertubensfw='--nsfw'";
+      echo 'fi';
+      echo "if grep -q 'NSFW' \"\$search_dir/login.txt\"; then";
+      echo "    peertubensfw='--nsfw'";
+      echo 'fi';
+      echo '';
+      echo "peertubeprivate='-P 3'";
+      echo "if grep -q 'public' \"\$search_dir/login.txt\"; then";
+      echo "    peertubeprivate='-P 1'";
+      echo 'fi';
+      echo "if grep -q 'Public' \"\$search_dir/login.txt\"; then";
+      echo "    peertubeprivate='-P 1'";
+      echo 'fi';
+      echo '';
+      echo 'failed_uploads=0';
+      echo '';
+      echo "cd ${PEERTUBE_DIR} || exit 32468356";
+      echo "echo \"0\" > \$LOCKFILE";
+      echo '';
+      echo "for video_file in \$search_dir/*; do";
+      echo "    if [[ \"\$video_file\" == *'.ogv' || \"\$video_file\" == *'.mp4' || \"\$video_file\" == *'.webm' ]]; then";
+      echo "        if ! grep -q \"\$video_file\" /root/.peertube_uploaded; then";
+      echo "            peertubetitle=\$(basename \"\$video_file\" | awk -F '.' '{print \$1}' | sed 's|_| |g' | sed 's|-| |g')";
+      echo "            if $nodecmd \$import_script -n \"\$peertubetitle\" \$peertubensfw \$peertubeprivate -u \"\$peertubedomain\" -U \"\$peertubeuser\" --password \"\$peertubepassword\" -f \"\$video_file\"; then";
+      echo "                echo \"\$video_file\" >> /root/.peertube_uploaded";
+      echo "                rm \$LOCKFILE";
+      echo "                exit 0";
+      echo '            else';
+      echo "                failed_uploads=\$((failed_uploads+1))";
+      echo "                if [ \$failed_uploads -gt 1 ]; then";
+      echo "                    rm \$LOCKFILE";
+      echo '                    exit 0';
+      echo '                fi';
+      echo '            fi';
+      echo '        fi';
+      echo '    fi';
+      echo 'done';
+      echo '';
+      echo "rm \$LOCKFILE"; } > /usr/bin/peertubesync
+
+    chmod +x /usr/bin/peertubesync
+    cron_add_mins 1 /usr/bin/peertubesync
+}
+
 function peertube_create_database {
     if [ -f "$IMAGE_PASSWORD_FILE" ]; then
         PEERTUBE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     systemctl restart peertube
 }
 
+function peertube_import_from_file {
+    read_config_param MY_USERNAME
+    read_config_param PEERTUBE_DOMAIN_NAME
+    read_config_param ONION_ONLY
+
+    data2=$(mktemp 2>/dev/null)
+    dialog --backtitle $"Freedombone Control Panel" \
+           --title $"Import Video from file" \
+           --form $"Enter your PeerTube login details and video title" 10 65 4 \
+           $"Username:" 1 1 "$MY_USERNAME" 1 18 16 15 \
+           $"Password:" 2 1 "" 2 18 40 10000 \
+           $"Video Title:" 3 1 "" 3 18 40 1000 \
+           $"NSFW:" 4 1 $"no" 4 18 4 4 \
+           2> "$data2"
+    sel=$?
+    case $sel in
+        1) rm -f "$data2"
+           return;;
+        255) rm -f "$data2"
+             return;;
+    esac
+    peertubeuser=$(sed -n 1p < "$data2")
+    peertubepassword=$(sed -n 2p < "$data2")
+    peertubetitle=$(sed -n 3p < "$data2")
+    peertubensfw=$(sed -n 4p < "$data2")
+    rm -f "$data2"
+
+    peertubedomain="https://$PEERTUBE_DOMAIN_NAME"
+    nodecmd='node'
+
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        peertubedomain="http://$(cat /var/lib/tor/hidden_service_peertube/hostname)"
+        nodecmd='torsocks node'
+    fi
+
+    data2=$(mktemp 2>/dev/null)
+    dialog --title "Choose the video file (select with spacebar)" --fselect "/home/$MY_USERNAME/" 30 60 2> "$data2"
+    selected_file=$(cat "$data2")
+    rm -f "$data2"
+    if [ ! "$selected_file" ]; then
+        return
+    fi
+    if [[ "$selected_file" != *'.ogv' && "$selected_file" != *'.mp4' && "$selected_file" != *'.webm' ]]; then
+        dialog --title $"Import video from file" \
+               --msgbox $"The video should be in ogv, mp4 or webm format" 6 75
+        return
+    fi
+
+    cd $PEERTUBE_DIR || exit 32468356
+    import_script=$PEERTUBE_DIR/dist/server/tools/upload.js
+    if [ ! -f $import_script ]; then
+        dialog --title $"Import videos" \
+               --msgbox $"upload script was not found" 6 75
+        return
+    fi
+
+    nsfwstr=
+    if [[ "$peertubensfw" == *'y'* || "$peertubensfw" == *'Y'* ]]; then
+        nsfwstr='--nsfw'
+    fi
+
+    titlestr=$(basename "$selected_file" | awk -F '.' '{print $1}' | sed 's|_| |g' | sed 's|-| |g')
+    if [ "$peertubetitle" ]; then
+        titlestr="-n \"$peertubetitle\""
+    fi
+
+    clear
+    $nodecmd $import_script $nsfwstr "$titlestr" -u "$peertubedomain" -U "$peertubeuser" --password "$peertubepassword" -f "$selected_file"
+
+    dialog --title $"Import video from file" \
+           --msgbox $"Video imported from $selected_file" 6 75
+}
+
+function peertube_import_videos {
+    read_config_param MY_USERNAME
+    read_config_param PEERTUBE_DOMAIN_NAME
+    read_config_param ONION_ONLY
+
+    data2=$(mktemp 2>/dev/null)
+    dialog --backtitle $"Freedombone Control Panel" \
+           --title $"Import Videos from legacy sites" \
+           --form $"Enter a channel of video URL for YouTube/Vimeo/Dailymotion" 10 75 4 \
+           $"Username:" 1 1 "$MY_USERNAME" 1 22 16 15 \
+           $"Password:" 2 1 "" 2 22 50 10000 \
+           $"Video/Channel URL:" 3 1 "" 3 22 50 10000 \
+           2> "$data2"
+    sel=$?
+    case $sel in
+        1) rm -f "$data2"
+           return;;
+        255) rm -f "$data2"
+             return;;
+    esac
+    peertubeuser=$(sed -n 1p < "$data2")
+    peertubepassword=$(sed -n 2p < "$data2")
+    video_url=$(sed -n 3p < "$data2")
+    rm -f "$data2"
+
+    peertubedomain="https://$PEERTUBE_DOMAIN_NAME"
+    nodecmd='node'
+
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        peertubedomain="http://$(cat /var/lib/tor/hidden_service_peertube/hostname)"
+        nodecmd='torsocks node'
+    fi
+
+    if [ ${#peertubeuser} -lt 3 ]; then
+        dialog --title $"Import videos from legacy sites" \
+               --msgbox $"Username was not valid" 6 75
+        return
+    fi
+
+    if [ ${#peertubepassword} -lt 3 ]; then
+        dialog --title $"Import videos from legacy sites" \
+               --msgbox $"Password was not valid" 6 75
+        return
+    fi
+
+    if [[ "$video_url" == *' '* || "$video_url" == *','* || "$video_url" == *'@'* ]]; then
+        dialog --title $"Import videos from legacy sites" \
+               --msgbox $"Video/channel URL was not valid" 6 75
+        return
+    fi
+
+    if [ ${#video_url} -lt 8 ]; then
+        dialog --title $"Import videos from legacy sites" \
+               --msgbox $"Video/channel URL was not valid" 6 75
+        return
+    fi
+
+    cd $PEERTUBE_DIR || exit 32468356
+    import_script=$PEERTUBE_DIR/dist/server/tools/import-videos.js
+    if [ ! -f $import_script ]; then
+        dialog --title $"Import videos from legacy sites" \
+               --msgbox $"import-videos script was not found" 6 75
+        return
+    fi
+
+    clear
+    $nodecmd $import_script -u "$peertubedomain" -U "$peertubeuser" --password "$peertubepassword" -t "$video_url"
+
+    dialog --title $"Import videos from legacy sites" \
+           --msgbox $"Video/s imported from $video_url" 6 75
+}
+
 function configure_interactive_peertube {
+    W=(1 $"Set administrator email address"
+       2 $"Disable or enable signups"
+       3 $"Import videos from YouTube/Vimeo/Dailymotion"
+       4 $"Import video from file")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"PeerTube" \
-               --radiolist $"Choose an operation:" 10 70 4 \
-               1 $"Set administrator email address" off \
-               2 $"Disable or enable signups" off \
-               3 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) break;;
-            255) break;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"PeerTube" --menu $"Choose an operation, or ESC to exit:" 12 60 4 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) peertube_set_admin_email;;
             2) peertube_disable_signups;;
-            3) rm -f "$data"
-               break;;
+            3) peertube_import_videos;;
+            4) peertube_import_from_file;;
         esac
-        rm -f "$data"
     done
 }
 
 }
 
 function upgrade_peertube {
+    peertube_import_from_syncthing
+
     CURR_PEERTUBE_COMMIT=$(get_completion_param "peertube commit")
     if [[ "$CURR_PEERTUBE_COMMIT" == "$PEERTUBE_COMMIT" ]]; then
         return
     remove_onion_service peertube ${PEERTUBE_ONION_PORT}
     remove_completion_param "install_peertube"
     sed -i '/peertube/d' "$COMPLETION_FILE"
+    sed -i '/peertubesync/d' /etc/crontab
+
+    if [ -f /usr/bin/peertubesync ]; then
+        rm /usr/bin/peertubesync
+    fi
+    if [ -f /root/peertube_uploaded ]; then
+        rm /root/peertube_uploaded
+    fi
 
     function_check drop_database_postgresql
     drop_database_postgresql peertube peertube
     if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
         return
     fi
-    if [[ "$ARCHITECTURE" != 'x86_64' && "$ARCHITECTURE" != 'amd64' ]]; then
+    if [[ "$ARCHITECTURE" != 'x86_64' && "$ARCHITECTURE" != 'amd64' && "$ARCHITECTURE" != 'i386' ]]; then
         return
     fi
 
-    chroot "$rootdir" apt-get -yq install ffmpeg curl
+    chroot "$rootdir" apt-get -yq install ffmpeg curl redis-tools redis-server
 
     function_check install_postgresql
     install_postgresql
 apt-get -y update
 apt-get -yq install yarn
 
-#npm install --arch=$NPM_ARCH -g yarn
-#if [ ! "\$?" = "0" ]; then
+#if ! npm install --arch=$NPM_ARCH -g yarn@1.5.1; then
 #    echo $'PeerTube Failed to install yarn'
 #    exit 79353234
 #fi
-#npm install --arch=$NPM_ARCH webpack@3.10.0 --no-optional
-#if [ ! "\$?" = "0" ]; then
+#if ! npm install --arch=$NPM_ARCH webpack@3.10.0 --no-optional; then
 #    echo $'PeerTube failed to install webpack'
 #    exit 68386353
 #fi
 yarn install
 yarn run build:prod
-yarn add -D webpack
-if [ ! "\$?" = "0" ]; then
+if ! yarn add -D webpack; then
     echo $'PeerTube failed to add webpack'
     exit 67342823
 fi
-yarn install --ignore-optional
-if [ ! "\$?" = "0" ]; then
+if ! yarn install --ignore-optional; then
     echo $'PeerTube failed to run yarn install'
     exit 63754235
 fi
-npm install --arch=$NPM_ARCH
-if [ ! "\$?" = "0" ]; then
+if ! npm install --arch=$NPM_ARCH -g npm@4; then
+    # https://github.com/KraigM/homebridge-harmonyhub/issues/119
+    echo $'Failed to downgrade npm'
+    exit 3476835
+fi
+cp /root/.npm-global/bin/npm /usr/local/bin/npm
+if ! npm install --arch=$NPM_ARCH; then
     echo $'PeerTube failed to install peertube'
     exit 7835243
 fi
-npm run build --arch=$NPM_ARCH
-if [ ! "\$?" = "0" ]; then
+if ! npm install --arch=$NPM_ARCH -g "npm@${NPM_VERSION}"; then
+    echo $'Failed to restore npm after downgrade'
+    exit 5737583
+fi
+cp /root/.npm-global/bin/npm /usr/local/bin/npm
+if ! npm run build --arch=$NPM_ARCH; then
     echo $'PeerTube failed to build peertube'
     exit 5293593
 fi
         exit 783523
     fi
 
-    apt-get -yq install ffmpeg
+    apt-get -yq install ffmpeg redis-tools redis-server
 
     function_check install_postgresql
     install_postgresql
     git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT
     set_completion_param "peertube commit" "$PEERTUBE_COMMIT"
 
-    if ! npm install -g yarn; then
+    if ! npm install -g yarn@1.5.1; then
         echo $'Failed to install yarn'
         exit 79353234
     fi
         echo $'Failed to run yarn install'
         exit 63754235
     fi
+    if ! npm install -g npm@4; then
+        # https://github.com/KraigM/homebridge-harmonyhub/issues/119
+        echo $'Failed to downgrade npm'
+        exit 3476835
+    fi
+    cp /root/.npm-global/bin/npm /usr/local/bin/npm
     if ! npm install; then
         echo $'Failed to install peertube'
         exit 7835243
     fi
+    if ! npm install -g "npm@${NPM_VERSION}"; then
+        echo $'Failed to restore npm after downgrade'
+        exit 5737583
+    fi
+    cp /root/.npm-global/bin/npm /usr/local/bin/npm
     if ! npm run build; then
         echo $'Failed to build peertube'
         exit 5293593
     # update the admin email address after creation of the database
     sed -i "s|email: .*|email: '$MY_EMAIL_ADDRESS'|g" $PEERTUBE_DIR/config/production.yaml
 
+    peertube_import_from_syncthing
+
     set_completion_param "peertube domain" "$PEERTUBE_DOMAIN_NAME"
     APP_INSTALLED=1
 }

src/freedombone-app-pihole

 SHOW_ON_ABOUT=0
 
 PIHOLE_IFACE=eth0
-PIHOLE_DNS1='85.214.73.63'
-PIHOLE_DNS2='213.73.91.35'
+PIHOLE_DNS1='91.239.100.100'
+PIHOLE_DNS2='89.233.43.71'
 
 piholeBasename=pihole
 piholeDir=/etc/$piholeBasename
 function pihole_change_upstream_dns {
     data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Ad Blocker Upstream DNS" \
-           --radiolist $"Pick a domain name service (DNS):" 28 50 19 \
-           1 $"Digital Courage" on \
-           2 $"German Privacy Foundation 1" off \
-           3 $"German Privacy Foundation 2" off \
-           4 $"Chaos Computer Club" off \
-           5 $"ClaraNet" off \
-           6 $"OpenNIC 1" off \
-           7 $"OpenNIC 2" off \
-           8 $"OpenNIC 3" off \
-           9 $"OpenNIC 4" off \
-           10 $"OpenNIC 5" off \
-           11 $"OpenNIC 6" off \
-           12 $"OpenNIC 7" off \
-           13 $"PowerNS" off \
-           14 $"ValiDOM" off \
-           15 $"Freie Unzensierte" off \
-           16 $"DNS.Watch" off \
-           17 $"uncensoreddns.org" off \
-           18 $"Lorraine Data Network" off \
-           19 $"Google" off 2> "$data"
+           --radiolist $"Pick a domain name service (DNS):" 29 50 20 \
+           1 $"UncensoredDNS" on \
+           2 $"Digital Courage" off \
+           3 $"German Privacy Foundation 1" off \
+           4 $"German Privacy Foundation 2" off \
+           5 $"Chaos Computer Club" off \
+           6 $"ClaraNet" off \
+           7 $"OpenNIC 1" off \
+           8 $"OpenNIC 2" off \
+           9 $"OpenNIC 3" off \
+           10 $"OpenNIC 4" off \
+           11 $"OpenNIC 5" off \
+           12 $"OpenNIC 6" off \
+           13 $"OpenNIC 7" off \
+           14 $"PowerNS" off \
+           15 $"ValiDOM" off \
+           16 $"Freie Unzensierte" off \
+           17 $"DNS.Watch" off \
+           18 $"uncensoreddns.org" off \
+           19 $"Lorraine Data Network" off \
+           20 $"Google" off 2> "$data"
     sel=$?
     case $sel in
         1) rm -f "$data"
              exit 1;;
     esac
     case $(cat "$data") in
-        1) PIHOLE_DNS1='85.214.73.63'
+        1) PIHOLE_DNS1='91.239.100.100'
+           PIHOLE_DNS2='89.233.43.71'
+           ;;
+        2) PIHOLE_DNS1='85.214.73.63'
            PIHOLE_DNS2='213.73.91.35'
            ;;
-        2) PIHOLE_DNS1='87.118.100.175'
+        3) PIHOLE_DNS1='87.118.100.175'
            PIHOLE_DNS2='94.75.228.29'
            ;;
-        3) PIHOLE_DNS1='85.25.251.254'
+        4) PIHOLE_DNS1='85.25.251.254'
            PIHOLE_DNS2='2.141.58.13'
            ;;
-        4) PIHOLE_DNS1='213.73.91.35'
+        5) PIHOLE_DNS1='213.73.91.35'
            PIHOLE_DNS2='85.214.73.63'
            ;;
-        5) PIHOLE_DNS1='212.82.225.7'
+        6) PIHOLE_DNS1='212.82.225.7'
            PIHOLE_DNS2='212.82.226.212'
            ;;
-        6) PIHOLE_DNS1='58.6.115.42'
+        7) PIHOLE_DNS1='58.6.115.42'
            PIHOLE_DNS2='58.6.115.43'
            ;;
-        7) PIHOLE_DNS1='119.31.230.42'
+        8) PIHOLE_DNS1='119.31.230.42'
            PIHOLE_DNS2='200.252.98.162'
            ;;
-        8) PIHOLE_DNS1='217.79.186.148'
+        9) PIHOLE_DNS1='217.79.186.148'
            PIHOLE_DNS2='81.89.98.6'
            ;;
-        9) PIHOLE_DNS1='78.159.101.37'
-           PIHOLE_DNS2='203.167.220.153'
-           ;;
-        10) PIHOLE_DNS1='82.229.244.191'
+        10) PIHOLE_DNS1='78.159.101.37'
+            PIHOLE_DNS2='203.167.220.153'
+            ;;
+        11) PIHOLE_DNS1='82.229.244.191'
             PIHOLE_DNS2='82.229.244.191'
             ;;
-        11) PIHOLE_DNS1='216.87.84.211'
+        12) PIHOLE_DNS1='216.87.84.211'
             PIHOLE_DNS2='66.244.95.20'
             ;;
-        12) PIHOLE_DNS1='207.192.69.155'
+        13) PIHOLE_DNS1='207.192.69.155'
             PIHOLE_DNS2='72.14.189.120'
             ;;
-        13) PIHOLE_DNS1='194.145.226.26'
+        14) PIHOLE_DNS1='194.145.226.26'
             PIHOLE_DNS2='77.220.232.44'
             ;;
-        14) PIHOLE_DNS1='78.46.89.147'
+        15) PIHOLE_DNS1='78.46.89.147'
             PIHOLE_DNS2='88.198.75.145'
             ;;
-        15) PIHOLE_DNS1='85.25.149.144'
+        16) PIHOLE_DNS1='85.25.149.144'
             PIHOLE_DNS2='87.106.37.196'
             ;;
-        16) PIHOLE_DNS1='84.200.69.80'
+        17) PIHOLE_DNS1='84.200.69.80'
             PIHOLE_DNS2='84.200.70.40'
             ;;
-        17) PIHOLE_DNS1='91.239.100.100'
+        18) PIHOLE_DNS1='91.239.100.100'
             PIHOLE_DNS2='89.233.43.71'
             ;;
-        18) PIHOLE_DNS1='80.67.188.188'
+        19) PIHOLE_DNS1='80.67.188.188'
             PIHOLE_DNS2='89.234.141.66'
             ;;
-        19) PIHOLE_DNS1='8.8.8.8'
+        20) PIHOLE_DNS1='8.8.8.8'
             PIHOLE_DNS2='4.4.4.4'
             dialog --title $"WARNING" \
                    --msgbox $"\\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\\n\\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60

src/freedombone-app-pleroma

 PLEROMA_PORT=4000
 PLEROMA_ONION_PORT=8011
 PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
-PLEROMA_COMMIT='c50c7745bc8b8f52ba07c69c0d2505df54da0f59'
+PLEROMA_COMMIT='7130e9ddb16286efd7d01088e816f05e82cfa2a1'
 PLEROMA_ADMIN_PASSWORD=
 PLEROMA_DIR=/etc/pleroma
 PLEROMA_SECRET_KEY=""
     read_config_param PLEROMA_EXPIRE_MONTHS
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"Pleroma" \
-               --radiolist $"Choose an operation:" 15 70 6 \
-               1 $"Set a background image" off \
-               2 $"Set the title" off \
-               3 $"Disable new account registrations" off \
-               4 $"Add a custom emoji" off \
-               5 $"Set post expiry period (currently $PLEROMA_EXPIRE_MONTHS months)" off \
-               6 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               return;;
-            255) rm -f "$data"
-                 return;;
-        esac
-        case $(cat "$data") in
+        W=(1 $"Set a background image"
+           2 $"Set the title"
+           3 $"Disable new account registrations"
+           4 $"Add a custom emoji"
+           5 $"Set post expiry period (currently $PLEROMA_EXPIRE_MONTHS months)")
+
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Pleroma" --menu $"Choose an operation, or ESC to exit:" 14 60 5 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) pleroma_set_background_image;;
             2) pleroma_set_title;;
             3) pleroma_disable_registrations;;
             4) pleroma_add_emoji;;
             5) pleroma_set_expire_months;;
-            6) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 
         function_check nginx_http_redirect
         nginx_http_redirect "$PLEROMA_DOMAIN_NAME" "index index.html"
         { echo '';
-        echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;';
-        echo '';
-        echo 'server {';
-        echo '  listen 443 ssl;';
-        echo '  #listen [::]:443 ssl;';
-        echo "  server_name $PLEROMA_DOMAIN_NAME;";
-        echo ''; } >> "$pleroma_nginx_site"
-        function_check nginx_compress
-        nginx_compress "$PLEROMA_DOMAIN_NAME"
-        echo '' >> "$pleroma_nginx_site"
-        echo '  # Security' >> "$pleroma_nginx_site"
+          echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;';
+          echo '';
+          echo 'server {';
+          echo '  listen 443 ssl http2;';
+          echo '  #listen [::]:443 ssl http2;';
+          echo "  server_name $PLEROMA_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> "$pleroma_nginx_site"
         function_check nginx_ssl
         nginx_ssl "$PLEROMA_DOMAIN_NAME"
 
           echo "  root $PLEROMA_DIR;";
           echo '';
           echo '  index index.html;';
-          echo '  location / {'; } >> "$pleroma_nginx_site"
-        function_check nginx_limits
-        nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
-        { echo "    add_header 'Access-Control-Allow-Origin' '*';";
+          echo '';
+          echo '  gzip_vary on;';
+          echo '  gzip_proxied any;';
+          echo '  gzip_comp_level 6;';
+          echo '  gzip_buffers 16 8k;';
+          echo '  gzip_http_version 1.1;';
+          echo '  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
+          echo '';
+          echo '  location / {';
+          echo '    client_max_body_size 15m;';
+          echo '    client_body_buffer_size 15m;';
+          echo '';
+          echo '    limit_conn conn_limit_per_ip 50;';
+          echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
+          echo '';
+          echo "    add_header 'Access-Control-Allow-Origin' '*' always;";
+          echo "    add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS' always;";
+          echo "    add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;";
+          echo "    if (\$request_method = OPTIONS) {";
+          echo '        return 204;';
+          echo '    }';
+          echo '';
           echo '    proxy_http_version 1.1;';
           echo "    proxy_set_header Upgrade \$http_upgrade;";
           echo '    proxy_set_header Connection "upgrade";';
           echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
           echo '  }';
           echo '';
-          echo '  location /proxy {'; } >> "$pleroma_nginx_site"
-        nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
-        { echo '    proxy_cache pleroma_media_cache;';
+          echo '  location /proxy {';
+          echo '    client_max_body_size 15m;';
+          echo '    client_body_buffer_size 15m;';
+          echo '';
+          echo '    limit_conn conn_limit_per_ip 50;';
+          echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
+          echo '';
+          echo '    proxy_cache pleroma_media_cache;';
           echo '    proxy_cache_lock on;';
           echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
           echo '  }';
         echo '' >> "$pleroma_nginx_site"
     fi
     { echo 'server {';
-      echo "    listen 127.0.0.1:$PLEROMA_ONION_PORT default_server;";
+      echo "    listen 127.0.0.1:$PLEROMA_ONION_PORT default_server http2;";
       echo "    server_name $PLEROMA_ONION_HOSTNAME;";
       echo ''; } >> "$pleroma_nginx_site"
-    function_check nginx_compress
-    nginx_compress "$PLEROMA_DOMAIN_NAME"
-    echo '' >> "$pleroma_nginx_site"
     function_check nginx_security_options
     nginx_security_options "$PLEROMA_DOMAIN_NAME"
     { echo '';
       echo "  root $PLEROMA_DIR;";
       echo '';
       echo '  index index.html;';
-      echo '  location / {'; } >> "$pleroma_nginx_site"
-    function_check nginx_limits
-    nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
-    { echo "      add_header 'Access-Control-Allow-Origin' '*';";
-      echo '      proxy_http_version 1.1;';
-      echo "      proxy_set_header Upgrade \$http_upgrade;";
-      echo '      proxy_set_header Connection "upgrade";';
-      echo "      proxy_set_header Host \$http_host;";
       echo '';
-      echo "      proxy_pass http://localhost:$PLEROMA_PORT;";
+      echo '  gzip_vary on;';
+      echo '  gzip_proxied any;';
+      echo '  gzip_comp_level 6;';
+      echo '  gzip_buffers 16 8k;';
+      echo '  gzip_http_version 1.1;';
+      echo '  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;';
+      echo '';
+      echo '  location / {';
+      echo '    client_max_body_size 15m;';
+      echo '    client_body_buffer_size 15m;';
+      echo '';
+      echo '    limit_conn conn_limit_per_ip 50;';
+      echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
+      echo '';
+      echo "    add_header 'Access-Control-Allow-Origin' '*' always;";
+      echo "    add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS' always;";
+      echo "    add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;";
+      echo "    if (\$request_method = OPTIONS) {";
+      echo '        return 204;';
+      echo '    }';
+      echo '';
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection "upgrade";';
+      echo "    proxy_set_header Host \$http_host;";
+      echo '';
+      echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
       echo '  }';
       echo '';
-      echo '  location /proxy {'; } >> "$pleroma_nginx_site"
-    nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
-    { echo '    proxy_cache pleroma_media_cache;';
+      echo '  location /proxy {';
+      echo '    client_max_body_size 15m;';
+      echo '    client_body_buffer_size 15m;';
+      echo '';
+      echo '    limit_conn conn_limit_per_ip 50;';
+      echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
+      echo '';
+      echo '    proxy_cache pleroma_media_cache;';
       echo '    proxy_cache_lock on;';
       echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
       echo '  }';
       echo 'WantedBy=multi-user.target';
       echo 'Alias=pleroma.service'; } > /etc/systemd/system/pleroma.service
 
+
+    # avoid mixed content warnings
+    sed -i '/config :pleroma, :media_proxy/!b;n;c####enabled: true,' $PLEROMA_DIR/config/config.exs
+    sed -i 's|####enabled|  enabled|g' $PLEROMA_DIR/config/config.exs
+    sed -i 's|redirect_on_failure:.*|redirect_on_failure: false|g' $PLEROMA_DIR/config/config.exs
+
     # set registrations open initially
     sed -i 's|registrations_open:.*|registrations_open: true,|g' $PLEROMA_DIR/config/config.exs
     sed -i 's|"registrationOpen":.*|"registrationOpen": true,|g' $PLEROMA_DIR/priv/static/static/config.json
 
     if ! grep -q "media_proxy" $PLEROMA_DIR/priv/static/static/config.json; then
-        sed -i '/"name":/a "media_proxy": false,' $PLEROMA_DIR/priv/static/static/config.json
+        sed -i '/"name":/a "media_proxy": true,' $PLEROMA_DIR/priv/static/static/config.json
         sed -i 's|"media_proxy"|  "media_proxy"|g' $PLEROMA_DIR/priv/static/static/config.json
     else
         sed -i 's|"media_proxy".*|"media_proxy": false,|g' $PLEROMA_DIR/priv/static/static/config.json

src/freedombone-app-postactiv

     read_config_param "POSTACTIV_EXPIRE_MONTHS"
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"PostActiv" \
-               --radiolist $"Choose an operation:" 16 70 7 \
-               1 $"Set a background image" off \
-               2 $"Set the title" off \
-               3 $"Set post expiry period (currently $POSTACTIV_EXPIRE_MONTHS months)" off \
-               4 $"Select Qvitter user interface" off \
-               5 $"Select Pleroma user interface" off \
-               6 $"Select Classic user interface" off \
-               7 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               return;;
-            255) rm -f "$data"
-                 return;;
-        esac
-        case $(cat "$data") in
+        W=(1 $"Set a background image"
+           2 $"Set the title"
+           3 $"Set post expiry period (currently $POSTACTIV_EXPIRE_MONTHS months)"
+           4 $"Select Qvitter user interface"
+           5 $"Select Pleroma user interface"
+           6 $"Select Classic user interface")
+
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"PostActiv" --menu $"Choose an operation, or ESC to exit:" 15 60 6 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) postactiv_set_background_image;;
             2) postactiv_set_title;;
             3) postactiv_set_expire_months;;
             4) gnusocial_use_qvitter postactiv;;
             5) gnusocial_use_pleroma postactiv;;
             6) gnusocial_use_classic postactiv;;
-            7) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 

src/freedombone-app-scuttlebot

 }
 
 function configure_interactive_scuttlebot {
+    W=(1 $"Create an invite")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"Scuttlebot" \
-               --radiolist $"Choose an operation:" 10 50 2 \
-               1 $"Create an invite" off \
-               2 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               return;;
-            255) rm -f "$data"
-                 return;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Scuttlebot" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) scuttlebot_create_invite;;
-            2) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 
         mkdir -p /etc/scuttlebot
     fi
 
+    npm install -g dat
+
     # an unprivileged user to run as
     useradd -d /etc/scuttlebot/ scuttlebot
 
         exit 73528
     fi
 
-    { echo '{';
-      echo "  \"host\": \"${DEFAULT_DOMAIN_NAME}\",";
-      echo "  \"port\": ${SCUTTLEBOT_PORT},";
+    SCUTTLEBOT_ONION_HOSTNAME=$(add_onion_service scuttlebot 80 ${SCUTTLEBOT_ONION_PORT})
+
+    if [[ "$ONION_ONLY" == 'no' ]]; then
+        { echo '{';
+          echo "  \"host\": \"${DEFAULT_DOMAIN_NAME}\",";
+          echo '  "tor-only": false,'; } > /etc/scuttlebot/.ssb/config
+    else
+        { echo '{';
+          echo "  \"host\": \"${SCUTTLEBOT_ONION_HOSTNAME}\",";
+          echo '  "tor-only": true,'; } > /etc/scuttlebot/.ssb/config
+    fi
+
+    { echo "  \"port\": ${SCUTTLEBOT_PORT},";
       echo '  "timeout": 30000,';
       echo '  "pub": true,';
       echo '  "local": true,';
       echo '  "logging": {';
       echo '    "level": "error"';
       echo '  }';
-      echo '}'; } > /etc/scuttlebot/.ssb/config
+      echo '}'; } >> /etc/scuttlebot/.ssb/config
     chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config
     systemctl restart scuttlebot.service
 
     firewall_add scuttlebot ${SCUTTLEBOT_PORT}
     firewall_add git_ssb ${GIT_SSB_PORT}
 
-
-    SCUTTLEBOT_ONION_HOSTNAME=$(add_onion_service scuttlebot 80 ${SCUTTLEBOT_ONION_PORT})
     scuttlebot_git_setup
     git_ssb_script
 

src/freedombone-app-searx

 }
 
 function configure_interactive_searx {
+    W=(1 $"Set a background image"
+       2 $"Enable login")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"SearX Metasearch" \
-               --radiolist $"Choose an operation:" 12 70 3 \
-               1 $"Set a background image" off \
-               2 $"Enable login" off \
-               3 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               return;;
-            255) rm -f "$data"
-                 return;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"SearX" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) searx_set_background_image;;
             2) searx_enable_login;;
-            3) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 

src/freedombone-app-tahoelafs

 }
 
 function configure_interactive_tahoelafs {
-    data=$(mktemp 2>/dev/null)
-    dialog --backtitle $"Freedombone Configuration" \
-           --title $"Tahoe-LAFS" \
-           --radiolist $"The least authority is always the best" 11 50 5 \
-           1 "Add a storage node" off \
-           2 "Manually edit storage nodes" off \
-           3 "Shares settings" off \
-           4 "Back to main menu" on 2> "$data"
-    sel=$?
-    case $sel in
-        1) rm -f "$data"
-           exit 1;;
-        255) rm -f "$data"
-             exit 1;;
-    esac
-    case $(cat "$data") in
-        1) add_tahoelafs_storage_node_interactive;;
-        2) edit_tahoelafs_nodes;;
-        3) edit_tahoelafs_shares;;
-    esac
-    rm -f "$data"
+    W=(1 $"Add a storage node"
+       2 $"Manually edit storage nodes"
+       3 $"Shares settings")
+
+    while true
+    do
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Tahoe-LAFS" --menu $"Choose an operation, or ESC to exit:" 12 60 3 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
+            1) add_tahoelafs_storage_node_interactive;;
+            2) edit_tahoelafs_nodes;;
+            3) edit_tahoelafs_shares;;
+        esac
+    done
 }
 
 function tahoelafs_setup_client_config {

src/freedombone-app-vpn

     read_config_param VPN_TLS_PORT
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"VPN Configuration" \
-               --radiolist $"Choose an operation:" 13 70 3 \
-               1 $"Change TLS port (currently $VPN_TLS_PORT)" off \
-               2 $"Regenerate keys for a user" off \
-               3 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               return;;
-            255) rm -f "$data"
-                 return;;
-        esac
-        case $(cat "$data") in
+        W=(1 $"Change TLS port (currently $VPN_TLS_PORT)"
+           2 $"Regenerate keys for a user")
+
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"VPN" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) vpn_change_tls_port;;
             2) vpn_regenerate_client_keys;;
-            3) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 
       echo 'dh /etc/openvpn/dh2048.pem';
       echo 'server 10.8.0.0 255.255.255.0';
       echo 'push "redirect-gateway def1 bypass-dhcp"';
-      echo "push \"dhcp-option DNS 85.214.73.63\"";
-      echo "push \"dhcp-option DNS 213.73.91.35\"";
+      echo "push \"dhcp-option DNS 91.239.100.100\"";
+      echo "push \"dhcp-option DNS 89.233.43.71\"";
       echo 'keepalive 5 30';
       echo 'comp-lzo';
       echo 'persist-key';

src/freedombone-app-xmpp

 }
 
 function configure_interactive_xmpp {
+    W=(1 $"Add an ICANN to onion domain mapping"
+       2 $"Remove an ICANN to onion domain mapping")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"XMPP" \
-               --radiolist $"Choose an operation:" 12 70 3 \
-               1 $"Add an ICANN to onion domain mapping" off \
-               2 $"Remove an ICANN to onion domain mapping" off \
-               3 $"Return to administrator control panel" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               return;;
-            255) rm -f "$data"
-                 return;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"XMPP" --menu $"Choose an operation, or ESC to exit:" 10 60 2 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+
+        case $selection in
             1) xmpp_add_onion_address_interactive;;
             2) xmpp_remove_onion_address_interactive;;
-            3) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 
     remove_onion_service xmpp 5222 5223 5269
     sed -i '/HiddenServiceVersion 2/d' /etc/tor/torrc
 
+    apt-mark -q unhold prosody
     apt-get -yq remove --purge prosody
     rm /etc/cron.daily/prosody
     if [ -f "$INSTALL_DIR/$prosody_modules_filename" ]; then

src/freedombone-base-email

 # the default email address
 MY_EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
 
+# When sending mail to riseup.net route to this onion address
+RISEUP_EMAIL_ONION='wy6zk3pmcwiyhiao.onion'
+
 # If you want to run a public mailing list specify its name here.
 # There should be no spaces in the name
 PUBLIC_MAILING_LIST=
 # refresh gpg keys every few hours
 REFRESH_GPG_KEYS_HOURS=2
 
+exim_version='4.89'
+
+function rebuild_exim_with_socks {
+    exim_socks_installed=$(get_completion_param "exim_socks")
+    if [[ "$exim_socks_installed" == 'true' ]]; then
+        return
+    fi
+
+    # shellcheck disable=SC2154
+    if [ ! -d "$INSTALL_DIR/exim4" ]; then
+        mkdir -p "$INSTALL_DIR/exim4"
+    fi
+    cd "$INSTALL_DIR/exim4" || exit 3468356
+    rm -rf "$INSTALL_DIR/exim4/"*
+    apt-get -qy install build-essential fakeroot devscripts
+    apt-get source exim4-daemon-heavy
+    apt-get -qy build-dep exim4-daemon-heavy
+    cd "${INSTALL_DIR}/exim4/exim4-${exim_version}" || exit 356835685
+
+    { echo 'Description: Socks proxying';
+      echo ' Support for socks proxying of outgoing mail';
+      echo ' This is to support onion email addresses, which require support for SOCKS5';
+      echo ' .';
+      echo " exim4 (${exim_version}-2+deb9u3) stretch-security; urgency=high";
+      echo ' .';
+      echo '   * Non-maintainer upload by the Security Team.';
+      echo '   * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)';
+      echo 'Author: Salvatore Bonaccorso <carnil@debian.org>';
+      echo 'Bug-Debian: https://bugs.debian.org/890000';
+      echo '';
+      echo '---';
+      echo 'The information above should follow the Patch Tagging Guidelines, please';
+      echo 'checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here';
+      echo 'are templates for supplementary fields that you might want to add:';
+      echo '';
+      echo 'Origin: <vendor|upstream|other>, <url of original patch>';
+      echo 'Bug: <url in upstream bugtracker>';
+      echo 'Bug-Debian: https://bugs.debian.org/<bugnumber>';
+      echo 'Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>';
+      echo 'Forwarded: <no|not-needed|url proving that it has been forwarded>';
+      echo 'Reviewed-By: <name and email of someone who approved the patch>';
+      echo "Last-Update: $(date +%Y-%m-%d)";
+      echo '';
+      echo '--- /dev/null';
+      echo "+++ exim4-${exim_version}/Local/Makefile";
+      echo '@@ -0,0 +1,32 @@';
+      echo '+BIN_DIRECTORY=/usr/exim/bin';
+      echo '+CONFIGURE_FILE=/usr/exim/configure';
+      echo '+EXIM_USER=';
+      echo '+SPOOL_DIRECTORY=/var/spool/exim';
+      echo '+ROUTER_ACCEPT=yes';
+      echo '+ROUTER_DNSLOOKUP=yes';
+      echo '+ROUTER_IPLITERAL=yes';
+      echo '+ROUTER_MANUALROUTE=yes';
+      echo '+ROUTER_QUERYPROGRAM=yes';
+      echo '+ROUTER_REDIRECT=yes';
+      echo '+TRANSPORT_APPENDFILE=yes';
+      echo '+TRANSPORT_AUTOREPLY=yes';
+      echo '+TRANSPORT_PIPE=yes';
+      echo '+TRANSPORT_SMTP=yes';
+      echo '+LOOKUP_DBM=yes';
+      echo '+LOOKUP_LSEARCH=yes';
+      echo '+LOOKUP_DNSDB=yes';
+      echo '+PCRE_CONFIG=yes';
+      echo '+EXIM_MONITOR=eximon.bin';
+      echo '+FIXED_NEVER_USERS=root';
+      echo '+HEADERS_CHARSET="ISO-8859-1"';
+      echo '+DLOPEN_LOCAL_SCAN=yes';
+      echo '+LDFLAGS += -rdynamic';
+      echo '+CFLAGS += -fvisibility=hidden';
+      echo '+SYSLOG_LOG_PID=yes';
+      echo '+EXICYCLOG_MAX=10';
+      echo '+COMPRESS_COMMAND=/usr/bin/gzip';
+      echo '+COMPRESS_SUFFIX=gz';
+      echo '+ZCAT_COMMAND=/usr/bin/zcat';
+      echo '+SUPPORT_SOCKS=yes';
+      echo '+SYSTEM_ALIASES_FILE=/etc/aliases';
+      echo '+EXIM_TMPDIR="/tmp"'; } > debian/patches/SOCKS
+
+    debuild -us -uc
+    cd "$INSTALL_DIR/exim4" || exit 3468356
+    mv exim4_${exim_version}-*.deb exim4_${exim_version}_all.deb
+    if [ ! -f exim4_${exim_version}_all.deb ]; then
+        ls -l "$INSTALL_DIR/exim4/exim4_"*.deb
+        echo "exim4_${exim_version}_all.deb not found"
+        exit 63857368
+    fi
+    apt-mark -q unhold exim4
+    dpkg -i exim4_${exim_version}_all.deb
+    apt-mark -q hold exim4
+    apt-get -yq remove --purge at
+
+    systemctl restart exim4
+    if [[ $(systemctl is-active exim4) != 'active' ]]; then
+        apt-mark -q unhold exim4
+        apt-get -yq install exim4 --reinstall
+        systemctl restart exim4
+    fi
+
+    rm -rf "$INSTALL_DIR/exim4"
+
+    set_completion_param "exim_socks" "true"
+}
+
 function email_create_template {
     if [ ! -d /etc/skel/log ]; then
         mkdir -m 700 /etc/skel/log
     fi
 }
 
-function configure_email_onion {
-    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
-        return
-    fi
-    if [[ "$SYSTEM_TYPE" == "mesh"* ]]; then
-        return
-    fi
-
+function create_email_onion_address {
     if ! grep -q "hidden_service_email" /etc/tor/torrc; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/';
+          echo 'HiddenServiceVersion 3';
           echo 'HiddenServicePort 25 127.0.0.1:25';
           echo 'HiddenServicePort 587 127.0.0.1:587';
           echo 'HiddenServicePort 465 127.0.0.1:465'; } >> /etc/tor/torrc
-    fi
 
-    function_check onion_update
-    onion_update
+        function_check onion_update
+        onion_update
 
-    function_check wait_for_onion_service
-    wait_for_onion_service email
+        function_check wait_for_onion_service
+        wait_for_onion_service email
 
-    if [ ! -f /var/lib/tor/hidden_service_email/hostname ]; then
-        echo $"email onion site hostname not found"
-        systemctl restart tor
-        exit 782352
+        if [ ! -f /var/lib/tor/hidden_service_email/hostname ]; then
+            echo $"email onion site hostname not found"
+            systemctl restart tor
+            exit 782352
+        fi
+
+        onion_address=$(cat /var/lib/tor/hidden_service_email/hostname)
+        set_completion_param "email onion domain" "${onion_address}"
+        add_email_hostname "$onion_address"
+    else
+        onion_address=$(cat /var/lib/tor/hidden_service_email/hostname)
+    fi
+}
+
+function configure_email_onion {
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
+        return
+    fi
+    if [[ "$SYSTEM_TYPE" == "mesh"* ]]; then
+        return
     fi
 
-    onion_address=$(cat /var/lib/tor/hidden_service_email/hostname)
-    set_completion_param "email onion domain" "${onion_address}"
-    add_email_hostname "$onion_address"
+    create_email_onion_address
 
-    apt-get -yq install tinycdb perl
+    #apt-get -yq install tinycdb perl
 
     # MX record should be:
-    # _onion-mx._tcp.$DEFAULT_DOMAIN_NAME. 3600 IN SRV 0 5 25 $onion_address
+    # _onion-mx._tcp
+    # 20:$onion_address
+    # 3600 IN SRV 0 5 25 $onion_address
+
+    # Test with: exim -d -bt username@$onion_address
 
-    echo "$DEFAULT_DOMAIN_NAME $onion_address" > /etc/exim4/onionrelay.txt
-    cdb -m -c -t ~/onionrelay.tmp /etc/exim4/onionrelay.cdb /etc/exim4/onionrelay.txt
+    #echo "$DEFAULT_DOMAIN_NAME $onion_address" > /etc/exim4/onionrelay.txt
+    #cdb -m -c -t ~/onionrelay.tmp /etc/exim4/onionrelay.cdb /etc/exim4/onionrelay.txt
 
     { echo "perl_startup = do '/etc/exim4/perl-routines.pl'";
-      echo "perl_at_start"; } > /etc/exim4/conf.d/main/perl
+      echo "perl_at_start"; } > /etc/exim4/conf.d/main/00_exim4-config_perl
 
     { echo "use Net::DNS::Resolver;";
       echo "sub onionLookup {";
       echo "  return 'no_such_host';";
       echo "}"; } > /etc/exim4/perl-routines.pl
 
-    { echo "ONION_RELAYDB=/etc/exim4/onionrelay.cdb";
-      echo "domainlist onion_relays     = cdb;ONION_RELAYDB"; } > /etc/exim4/conf.d/domainlists
+    #{ echo "ONION_RELAYDB=/etc/exim4/onionrelay.cdb";
+    #  echo "domainlist onion_relays     = cdb;ONION_RELAYDB"; } > /etc/exim4/conf.d/main/48_exim4-config_onion_relays
 
-    { echo "# send things over tor where we have an entry for it";
-      echo "onionrelays:";
+    { echo "riseup:";
       echo "  driver    = manualroute";
-      echo "  domains   = +onion_relays";
+      echo "  domains   = riseup.net";
       echo "  transport = onion_relay";
-      echo "  # get the automap IP for the onion address from the tor daemon";
-      echo "  route_data = \${perl{onionLookup}{\${lookup{\$domain}cdb{ONION_RELAYDB}}}}";
-      echo "  no_more"; } > /etc/exim4/conf.d/router/50_exim4-config-onion
+      echo "  route_data = \${perl{onionLookup}{$RISEUP_EMAIL_ONION}}"
+      echo "  no_more"; } > /etc/exim4/conf.d/router/049_exim4-config-riseup
+
+    { echo "onionrelays:";
+      echo "  driver    = manualroute";
+      echo "  domains   = *.onion";
+      echo "  transport = onion_relay";
+      #echo "  route_data = \${lookup dnsdb{a=\$domain}}";
+      echo "  route_data = \${perl{onionLookup}{\$domain}}"
+      echo "  no_more"; } > /etc/exim4/conf.d/router/050_exim4-config-onionrelays
 
     { echo "onion_relay:";
       echo "  driver = smtp";
-      echo "  socks_proxy = 127.0.0.1 port=9050"; } > /etc/exim4/conf.d/transport/50_exim4-config_onion
+      echo "  socks_proxy = 127.0.0.1 port=9050"; } > /etc/exim4/conf.d/transport/050_exim4-config_onion_relay
 
     if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
         echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
         sed -i 's|DNSListenAddress.*|DNSListenAddress 127.0.0.1|g' /etc/tor/torrc
     fi
 
+    update-exim4.conf.template -r
+    update-exim4.conf
     dpkg-reconfigure --frontend noninteractive exim4-config
     systemctl restart tor
     systemctl restart exim4
         MY_EMAIL_ADDRESS="${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}"
         write_config_param "MY_EMAIL_ADDRESS" "$MY_EMAIL_ADDRESS"
     fi
+
+    if [[ $ONION_ONLY != 'no' ]]; then
+        my_email=$onion_address
+        MY_EMAIL_ADDRESS=$onion_address
+        write_config_param "MY_EMAIL_ADDRESS" "$MY_EMAIL_ADDRESS"
+    fi
 }
 
 function backup_email {
     sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd
     sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su
 
-    { echo "dc_eximconfig_configtype='internet'";
-      echo "dc_other_hostnames='${DEFAULT_DOMAIN_NAME};mail.${DEFAULT_DOMAIN_NAME}'";
-      echo "dc_local_interfaces=''";
+    echo "dc_eximconfig_configtype='internet'" > /etc/exim4/update-exim4.conf.conf
+
+    if [[ $ONION_ONLY == 'no' ]]; then
+        echo "dc_other_hostnames='${DEFAULT_DOMAIN_NAME};mail.${DEFAULT_DOMAIN_NAME}'" >> /etc/exim4/update-exim4.conf.conf
+    else
+        echo "dc_other_hostnames='${onion_address}'" >> /etc/exim4/update-exim4.conf.conf
+    fi
+
+    { echo "dc_local_interfaces=''";
       echo "dc_readhost=''";
       echo "dc_relay_domains=''";
-      echo "dc_minimaldns='false'"; } > /etc/exim4/update-exim4.conf.conf
+      echo "dc_minimaldns='false'"; } >> /etc/exim4/update-exim4.conf.conf
     IPv4_address=$(get_ipv4_address)
     IPv4_address_base=$(echo "$IPv4_address" | awk -F '.' '{print $1"."$2"."$3}')
     RELAY_NETS="${IPv4_address_base}.0/24"
         return
     fi
 
+    create_email_onion_address
     check_email_address_exists
     install_email_basic
     configure_email_onion

src/freedombone-config

 }
 
 function dynamic_dns_setup {
-    data=$(mktemp 2>/dev/null)
-    dialog --backtitle $"Freedombone Configuration" \
-           --radiolist $"Choose Dynamic DNS provider:" 40 40 40 \
-           1 dyn.com off \
-           2 freedns.afraid.org on \
-           3 zoneedit.com off \
-           4 no-ip.com off \
-           5 easydns.com off \
-           6 tzo.com off \
-           7 3322.org off \
-           8 dnsomatic.com off \
-           9 dns.he.net off \
-           10 tunnelbroker.net off \
-           11 dynsip.org off \
-           12 sitelutions.com off \
-           13 dnsexit.com off \
-           14 changeip.com off \
-           15 zerigo.com off \
-           16 dhis.org off \
-           17 nsupdate.info off \
-           18 duckdns.org off \
-           19 loopia.com off \
-           20 namecheap.com off \
-           21 domains.google.com off \
-           22 ovh.com off \
-           23 dtdns.com off \
-           24 giradns.com off \
-           25 duiadns.net off \
-           26 ddnss.de off \
-           27 dynv6.com off \
-           28 ipv4.dynv6.com off \
-           29 default@spdyn.de off \
-           30 strato.com off \
-           31 freemyip.com off \
-           32 cloudxns.net off \
-           33 none off 2> "$data"
-    sel=$?
-    case $sel in
-        1) rm -f "$data"
-           exit 1;;
-        255) rm -f "$data"
-             exit 1;;
-    esac
-    case $(cat "$data") in
-        1) DDNS_PROVIDER="default@www.dyn.com";;
-        2) DDNS_PROVIDER="default@freedns.afraid.org";;
+    W=(1 freedns.afraid.org
+       2 dyn.com
+       3 zoneedit.com
+       4 no-ip.com
+       5 easydns.com
+       6 tzo.com
+       7 3322.org
+       8 dnsomatic.com
+       9 dns.he.net
+       10 tunnelbroker.net
+       11 dynsip.org
+       12 sitelutions.com
+       13 dnsexit.com
+       14 changeip.com
+       15 zerigo.com
+       16 dhis.org
+       17 nsupdate.info
+       18 duckdns.org
+       19 loopia.com
+       20 namecheap.com
+       21 domains.google.com
+       22 ovh.com
+       23 dtdns.com
+       24 giradns.com
+       25 duiadns.net
+       26 ddnss.de
+       27 dynv6.com
+       28 ipv4.dynv6.com
+       29 default@spdyn.de
+       30 strato.com
+       31 freemyip.com
+       32 cloudxns.net)
+
+    # shellcheck disable=SC2068
+    selection=$(dialog --backtitle $"Freedombone Configuration" --title $"Dynamic DNS" --menu $"Choose Dynamic DNS provider, or ESC for none:" 24 60 32 "${W[@]}" 3>&2 2>&1 1>&3)
+
+    if [ ! "$selection" ]; then
+        if [ -f /etc/systemd/system/inadyn.service ]; then
+            systemctl stop inadyn
+            systemctl disable inadyn
+        fi
+        return
+    fi
+
+    case $selection in
+        1) DDNS_PROVIDER="default@freedns.afraid.org";;
+        2) DDNS_PROVIDER="default@www.dyn.com";;
         3) DDNS_PROVIDER="default@www.zoneedit.com";;
         4) DDNS_PROVIDER="default@www.no-ip.com";;
         5) DDNS_PROVIDER="default@www.easydns.com";;
         31) DDNS_PROVIDER="default@freemyip.com";;
         32) DDNS_PROVIDER="default@www.cloudxns.net";;
         33) DDNS_PROVIDER="none";;
-        255) rm -f "$data"
-             exit 1;;
     esac
-    rm -f "$data"
     save_configuration_values
 
     valid_ddns_username=
                     if [ "$possible_username" ]; then
                         if [ ${#possible_username} -gt 1 ]; then
                             valid_ddns_username=$(cat "$data")
+                            # shellcheck disable=SC2034
                             DDNS_USERNAME="$valid_ddns_username"
                             rm -f "$data"
                             break;
 
 function choose_debian_repo {
     if [[ "$MINIMAL_INSTALL" == "no" ]]; then
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Configuration" \
-               --radiolist $"Where to download Debian packages from:" 25 45 49 \
-               1 $"Australia" off \
-               2 $"Austria" off \
-               3 $"Belarus" off \
-               4 $"Belgium" off \
-               5 $"Bosnia and Herzegovina" off \
-               6 $"Brazil" off \
-               7 $"Bulgaria" off \
-               8 $"Canada" off \
-               9 $"Chile" off \
-               10 $"China" off \
-               11 $"Croatia" off \
-               12 $"Czech Republic" off \
-               13 $"Denmark" off \
-               14 $"El Salvador" off \
-               15 $"Estonia" off \
-               16 $"Finland" off \
-               17 $"France 1" off \
-               18 $"France 2" off \
-               19 $"Germany 1" off \
-               20 $"Germany 2" off \
-               21 $"Greece" off \
-               22 $"Hungary" off \
-               23 $"Iceland" off \
-               24 $"Iran" off \
-               25 $"Ireland" off \
-               26 $"Italy" off \
-               27 $"Japan" off \
-               28 $"Korea" off \
-               29 $"Lithuania" off \
-               30 $"Mexico" off \
-               31 $"Netherlands" off \
-               32 $"New Caledonia" off \
-               33 $"New Zealand" off \
-               34 $"Norway" off \
-               35 $"Poland" off \
-               36 $"Portugal" off \
-               37 $"Romania" off \
-               38 $"Russia" off \
-               39 $"Slovakia" off \
-               40 $"Slovenia" off \
-               41 $"Spain" off \
-               42 $"Sweden" off \
-               43 $"Switzerland" off \
-               44 $"Taiwan" off \
-               45 $"Thailand" off \
-               46 $"Turkey" off \
-               47 $"Ukraine" off \
-               48 $"United Kingdom" off \
-               49 $"United States" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               exit 1;;
-            255) rm -f "$data"
-                 exit 1;;
-        esac
-        case $(cat "$data") in
-            1) DEBIAN_REPO='ftp.au.debian.org';;
-            2) DEBIAN_REPO='ftp.at.debian.org';;
-            3) DEBIAN_REPO='ftp.by.debian.org';;
-            4) DEBIAN_REPO='ftp.be.debian.org';;
-            5) DEBIAN_REPO='ftp.ba.debian.org';;
-            6) DEBIAN_REPO='ftp.br.debian.org';;
-            7) DEBIAN_REPO='ftp.bg.debian.org';;
-            8) DEBIAN_REPO='ftp.ca.debian.org';;
-            9) DEBIAN_REPO='ftp.cl.debian.org';;
-            10) DEBIAN_REPO='ftp.cn.debian.org';;
-            11) DEBIAN_REPO='ftp.hr.debian.org';;
-            12) DEBIAN_REPO='ftp.cz.debian.org';;
-            13) DEBIAN_REPO='ftp.dk.debian.org';;
-            14) DEBIAN_REPO='ftp.sv.debian.org';;
-            15) DEBIAN_REPO='ftp.ee.debian.org';;
-            16) DEBIAN_REPO='ftp.fi.debian.org';;
-            17) DEBIAN_REPO='ftp2.fr.debian.org';;
-            18) DEBIAN_REPO='ftp.fr.debian.org';;
-            19) DEBIAN_REPO='ftp2.de.debian.org';;
-            20) DEBIAN_REPO='ftp.de.debian.org';;
-            21) DEBIAN_REPO='ftp.gr.debian.org';;
-            22) DEBIAN_REPO='ftp.hu.debian.org';;
-            23) DEBIAN_REPO='ftp.is.debian.org';;
-            24) DEBIAN_REPO='ftp.ir.debian.org';;
-            25) DEBIAN_REPO='ftp.ie.debian.org';;
-            26) DEBIAN_REPO='ftp.it.debian.org';;
-            27) DEBIAN_REPO='ftp.jp.debian.org';;
-            28) DEBIAN_REPO='ftp.kr.debian.org';;
-            29) DEBIAN_REPO='ftp.lt.debian.org';;
-            30) DEBIAN_REPO='ftp.mx.debian.org';;
-            31) DEBIAN_REPO='ftp.nl.debian.org';;
-            32) DEBIAN_REPO='ftp.nc.debian.org';;
-            33) DEBIAN_REPO='ftp.nz.debian.org';;
-            34) DEBIAN_REPO='ftp.no.debian.org';;
-            35) DEBIAN_REPO='ftp.pl.debian.org';;
-            36) DEBIAN_REPO='ftp.pt.debian.org';;
-            37) DEBIAN_REPO='ftp.ro.debian.org';;
-            38) DEBIAN_REPO='ftp.ru.debian.org';;
-            39) DEBIAN_REPO='ftp.sk.debian.org';;
-            40) DEBIAN_REPO='ftp.si.debian.org';;
-            41) DEBIAN_REPO='ftp.es.debian.org';;
-            42) DEBIAN_REPO='ftp.se.debian.org';;
-            43) DEBIAN_REPO='ftp.ch.debian.org';;
-            44) DEBIAN_REPO='ftp.tw.debian.org';;
-            45) DEBIAN_REPO='ftp.th.debian.org';;
-            46) DEBIAN_REPO='ftp.tr.debian.org';;
-            47) DEBIAN_REPO='ftp.ua.debian.org';;
-            48) DEBIAN_REPO='ftp.uk.debian.org';;
-            49) DEBIAN_REPO='ftp.us.debian.org';;
-            255) rm -f "$data"
-                 exit 1;;
+
+        W=(1 $"United Kingdom"
+           2 $"United States"
+           3 $"Australia"
+           4 $"Austria"
+           5 $"Belarus"
+           6 $"Belgium"
+           7 $"Bosnia and Herzegovina"
+           8 $"Brazil"
+           9 $"Bulgaria"
+           10 $"Canada"
+           11 $"Chile"
+           12 $"China"
+           13 $"Croatia"
+           14 $"Czech Republic"
+           15 $"Denmark"
+           16 $"El Salvador"
+           17 $"Estonia"
+           18 $"Finland"
+           19 $"France 1"
+           20 $"France 2"
+           21 $"Germany 1"
+           22 $"Germany 2"
+           23 $"Greece"
+           24 $"Hungary"
+           25 $"Iceland"
+           26 $"Iran"
+           27 $"Ireland"
+           28 $"Italy"
+           29 $"Japan"
+           30 $"Korea"
+           31 $"Lithuania"
+           32 $"Mexico"
+           33 $"Netherlands"
+           34 $"New Caledonia"
+           35 $"New Zealand"
+           36 $"Norway"
+           37 $"Poland"
+           38 $"Portugal"
+           39 $"Romania"
+           40 $"Russia"
+           41 $"Slovakia"
+           42 $"Slovenia"
+           43 $"Spain"
+           44 $"Sweden"
+           45 $"Switzerland"
+           46 $"Taiwan"
+           47 $"Thailand"
+           48 $"Turkey"
+           49 $"Ukraine")
+
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Configuration" --title $"Debian Repo" --menu $"Where to download Debian packages from:" 24 60 49 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            selection='1'
+        fi
+
+        case $selection in
+            1) DEBIAN_REPO='ftp.uk.debian.org';;
+            2) DEBIAN_REPO='ftp.us.debian.org';;
+            3) DEBIAN_REPO='ftp.au.debian.org';;
+            4) DEBIAN_REPO='ftp.at.debian.org';;
+            5) DEBIAN_REPO='ftp.by.debian.org';;
+            6) DEBIAN_REPO='ftp.be.debian.org';;
+            7) DEBIAN_REPO='ftp.ba.debian.org';;
+            8) DEBIAN_REPO='ftp.br.debian.org';;
+            9) DEBIAN_REPO='ftp.bg.debian.org';;
+            10) DEBIAN_REPO='ftp.ca.debian.org';;
+            11) DEBIAN_REPO='ftp.cl.debian.org';;
+            12) DEBIAN_REPO='ftp.cn.debian.org';;
+            13) DEBIAN_REPO='ftp.hr.debian.org';;
+            14) DEBIAN_REPO='ftp.cz.debian.org';;
+            15) DEBIAN_REPO='ftp.dk.debian.org';;
+            16) DEBIAN_REPO='ftp.sv.debian.org';;
+            17) DEBIAN_REPO='ftp.ee.debian.org';;
+            18) DEBIAN_REPO='ftp.fi.debian.org';;
+            19) DEBIAN_REPO='ftp2.fr.debian.org';;
+            20) DEBIAN_REPO='ftp.fr.debian.org';;
+            21) DEBIAN_REPO='ftp2.de.debian.org';;
+            22) DEBIAN_REPO='ftp.de.debian.org';;
+            23) DEBIAN_REPO='ftp.gr.debian.org';;
+            24) DEBIAN_REPO='ftp.hu.debian.org';;
+            25) DEBIAN_REPO='ftp.is.debian.org';;
+            26) DEBIAN_REPO='ftp.ir.debian.org';;
+            27) DEBIAN_REPO='ftp.ie.debian.org';;
+            28) DEBIAN_REPO='ftp.it.debian.org';;
+            29) DEBIAN_REPO='ftp.jp.debian.org';;
+            30) DEBIAN_REPO='ftp.kr.debian.org';;
+            31) DEBIAN_REPO='ftp.lt.debian.org';;
+            32) DEBIAN_REPO='ftp.mx.debian.org';;
+            33) DEBIAN_REPO='ftp.nl.debian.org';;
+            34) DEBIAN_REPO='ftp.nc.debian.org';;
+            35) DEBIAN_REPO='ftp.nz.debian.org';;
+            36) DEBIAN_REPO='ftp.no.debian.org';;
+            37) DEBIAN_REPO='ftp.pl.debian.org';;
+            38) DEBIAN_REPO='ftp.pt.debian.org';;
+            39) DEBIAN_REPO='ftp.ro.debian.org';;
+            40) DEBIAN_REPO='ftp.ru.debian.org';;
+            41) DEBIAN_REPO='ftp.sk.debian.org';;
+            42) DEBIAN_REPO='ftp.si.debian.org';;
+            43) DEBIAN_REPO='ftp.es.debian.org';;
+            44) DEBIAN_REPO='ftp.se.debian.org';;
+            45) DEBIAN_REPO='ftp.ch.debian.org';;
+            46) DEBIAN_REPO='ftp.tw.debian.org';;
+            47) DEBIAN_REPO='ftp.th.debian.org';;
+            48) DEBIAN_REPO='ftp.tr.debian.org';;
+            49) DEBIAN_REPO='ftp.ua.debian.org';;
         esac
-        rm -f "$data"
         save_configuration_values
     else
+        # shellcheck disable=SC2034
         DEBIAN_REPO='ftp.de.debian.org'
     fi
 }
                      exit 1;;
             esac
         else
+            # shellcheck disable=SC2034
             HWRNG_TYPE="beaglebone"
         fi
         rm -f "$data"
         save_configuration_values
     else
         # enable for the minimal case
+        # shellcheck disable=SC2034
         ENABLE_SOCIAL_KEY_MANAGEMENT="yes"
     fi
 }
                 if [ "$possible_name" ]; then
                     if [ ${#possible_name} -gt 1 ]; then
                         valid_name="$possible_name"
+                        # shellcheck disable=SC2034
                         MY_NAME="$possible_name"
                         break;
                     fi
 done
 
 function interactive_select_language {
-    data=$(mktemp 2>/dev/null)
-    dialog --backtitle $"Freedombone Configuration" \
-           --radiolist $"Select your language:" 26 40 24 \
-           1 $"Afrikaans" off \
-           2 $"Albanian" off \
-           3 $"Arabic" off \
-           4 $"Basque" off \
-           5 $"Belarusian" off \
-           6 $"Bosnian" off \
-           7 $"Bulgarian" off \
-           8 $"Catalan" off \
-           9 $"Croatian" off \
-           10 $"Chinese (Simplified)" off \
-           11 $"Chinese (Traditional)" off \
-           12 $"Czech" off \
-           13 $"Danish" off \
-           14 $"Dutch" off \
-           15 $"English" on \
-           16 $"English (US)" off \
-           17 $"Estonian" off \
-           18 $"Farsi" off \
-           19 $"Filipino" off \
-           20 $"Finnish" off \
-           21 $"French" off \
-           22 $"French (Canada)" off \
-           23 $"Gaelic" off \
-           24 $"Gallego" off \
-           25 $"Georgian" off \
-           26 $"German" off \
-           27 $"German (Personal)" off \
-           28 $"Greek" off \
-           29 $"Gujarati" off \
-           30 $"Hebrew" off \
-           31 $"Hindi" off \
-           32 $"Hungarian" off \
-           33 $"Icelandic" off \
-           34 $"Indonesian" off \
-           35 $"Italian" off \
-           36 $"Japanese" off \
-           37 $"Kannada" off \
-           38 $"Khmer" off \
-           39 $"Korean" off \
-           40 $"Lao" off \
-           41 $"Lithuanian" off \
-           42 $"Latvian" off \
-           43 $"Malayalam" off \
-           44 $"Malaysian" off \
-           45 $"Maori (Ngai Tahu)" off \
-           46 $"Maori (Waikoto Uni)" off \
-           47 $"Mongolian" off \
-           48 $"Norwegian" off \
-           49 $"Norwegian (Primary)" off \
-           50 $"Nynorsk" off \
-           51 $"Polish" off \
-           52 $"Portuguese" off \
-           53 $"Portuguese (Brazil)" off \
-           54 $"Romanian" off \
-           55 $"Russian" off \
-           56 $"Samoan" off \
-           57 $"Serbian" off \
-           58 $"Slovak" off \
-           59 $"Slovenian" off \
-           60 $"Somali" off \
-           61 $"Spanish (International)" off \
-           62 $"Swedish" off \
-           63 $"Tagalog" off \
-           64 $"Tamil" off \
-           65 $"Thai" off \
-           66 $"Turkish" off \
-           67 $"Ukrainian" off \
-           68 $"Vietnamese" off 2> "$data"
-    sel=$?
-    case $sel in
-        1) rm -f "$data"
-           exit 1;;
-        255) rm -f "$data"
-             exit 1;;
-    esac
-    case $(cat "$data") in
-        1) DEFAULT_LANGUAGE='af_ZA.UTF-8';;
-        2) DEFAULT_LANGUAGE='sq_AL.UTF-8';;
-        3) DEFAULT_LANGUAGE='ar_SA.UTF-8';;
-        4) DEFAULT_LANGUAGE='eu_ES.UTF-8';;
-        5) DEFAULT_LANGUAGE='be_BY.UTF-8';;
-        6) DEFAULT_LANGUAGE='bs_BA.UTF-8';;
-        7) DEFAULT_LANGUAGE='bg_BG.UTF-8';;
-        8) DEFAULT_LANGUAGE='ca_ES.UTF-8';;
-        9) DEFAULT_LANGUAGE='hr_HR.UTF-8';;
-        10) DEFAULT_LANGUAGE='zh_CN.UTF-8';;
-        11) DEFAULT_LANGUAGE='zh_TW.UTF-8';;
-        12) DEFAULT_LANGUAGE='cs_CZ.UTF-8';;
-        13) DEFAULT_LANGUAGE='da_DK.UTF-8';;
-        14) DEFAULT_LANGUAGE='nl_NL.UTF-8';;
-        15) DEFAULT_LANGUAGE='en_GB.UTF-8';;
+    W=(1 $"English"
+       2 $"Afrikaans"
+       3 $"Albanian"
+       4 $"Arabic"
+       5 $"Basque"
+       6 $"Belarusian"
+       7 $"Bosnian"
+       8 $"Bulgarian"
+       9 $"Catalan"
+       10 $"Croatian"
+       11 $"Chinese (Simplified)"
+       12 $"Chinese (Traditional)"
+       13 $"Czech"
+       14 $"Danish"
+       15 $"Dutch"
+       16 $"English (US)"
+       17 $"Estonian"
+       18 $"Farsi"
+       19 $"Filipino"
+       20 $"Finnish"
+       21 $"French"
+       22 $"French (Canada)"
+       23 $"Gaelic"
+       24 $"Gallego"
+       25 $"Georgian"
+       26 $"German"
+       27 $"German (Personal)"
+       28 $"Greek"
+       29 $"Gujarati"
+       30 $"Hebrew"
+       31 $"Hindi"
+       32 $"Hungarian"
+       33 $"Icelandic"
+       34 $"Indonesian"
+       35 $"Italian"
+       36 $"Japanese"
+       37 $"Kannada"
+       38 $"Khmer"
+       39 $"Korean"
+       40 $"Lao"
+       41 $"Lithuanian"
+       42 $"Latvian"
+       43 $"Malayalam"
+       44 $"Malaysian"
+       45 $"Maori (Ngai Tahu)"
+       46 $"Maori (Waikoto Uni)"
+       47 $"Mongolian"
+       48 $"Norwegian"
+       49 $"Norwegian (Primary)"
+       50 $"Nynorsk"
+       51 $"Polish"
+       52 $"Portuguese"
+       53 $"Portuguese (Brazil)"
+       54 $"Romanian"
+       55 $"Russian"
+       56 $"Samoan"
+       57 $"Serbian"
+       58 $"Slovak"
+       59 $"Slovenian"
+       60 $"Somali"
+       61 $"Spanish (International)"
+       62 $"Swedish"
+       63 $"Tagalog"
+       64 $"Tamil"
+       65 $"Thai"
+       66 $"Turkish"
+       67 $"Ukrainian"
+       68 $"Vietnamese")
+
+    # shellcheck disable=SC2068
+    selection=$(dialog --backtitle $"Freedombone Configuration" --title $"Language" --menu $"Select your language:" 24 60 68 "${W[@]}" 3>&2 2>&1 1>&3)
+
+    if [ ! "$selection" ]; then
+        selection='1'
+    fi
+
+    case $selection in
+        1) DEFAULT_LANGUAGE='en_GB.UTF-8';;
+        2) DEFAULT_LANGUAGE='af_ZA.UTF-8';;
+        3) DEFAULT_LANGUAGE='sq_AL.UTF-8';;
+        4) DEFAULT_LANGUAGE='ar_SA.UTF-8';;
+        5) DEFAULT_LANGUAGE='eu_ES.UTF-8';;
+        6) DEFAULT_LANGUAGE='be_BY.UTF-8';;
+        7) DEFAULT_LANGUAGE='bs_BA.UTF-8';;
+        8) DEFAULT_LANGUAGE='bg_BG.UTF-8';;
+        9) DEFAULT_LANGUAGE='ca_ES.UTF-8';;
+        10) DEFAULT_LANGUAGE='hr_HR.UTF-8';;
+        11) DEFAULT_LANGUAGE='zh_CN.UTF-8';;
+        12) DEFAULT_LANGUAGE='zh_TW.UTF-8';;
+        13) DEFAULT_LANGUAGE='cs_CZ.UTF-8';;
+        14) DEFAULT_LANGUAGE='da_DK.UTF-8';;
+        15) DEFAULT_LANGUAGE='nl_NL.UTF-8';;
         16) DEFAULT_LANGUAGE='en_US.UTF-8';;
         17) DEFAULT_LANGUAGE='et_EE.UTF-8';;
         18) DEFAULT_LANGUAGE='fa_IR.UTF-8';;
         67) DEFAULT_LANGUAGE='uk_UA.UTF-8';;
         68) DEFAULT_LANGUAGE='vi_VN.UTF-8';;
     esac
-    rm -f "$data"
     save_configuration_values
 
     please_wait

src/freedombone-image

 BOX_IP_ADDRESS="192.168.1.55"
 
 # DNS
-NAMESERVER1='213.73.91.35'
-NAMESERVER2='85.214.20.141'
+NAMESERVER1='91.239.100.100'
+NAMESERVER2='89.233.43.71'
 NAMESERVER3='213.73.91.35'
 NAMESERVER4='85.214.73.63'
 NAMESERVER5='84.200.69.80'

src/freedombone-image-customise

 BOX_IP_ADDRESS="192.168.1.55"
 
 # DNS
-NAMESERVER1='85.214.73.63'
-NAMESERVER2='213.73.91.35'
+NAMESERVER1='91.239.100.100'
+NAMESERVER2='89.233.43.71'
 NAMESERVER3='87.118.100.175'
 NAMESERVER4='94.75.228.29'
 NAMESERVER5='85.25.251.254'
     if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
         # change the motd to show further install instructions
         echo $"
- .---.                  .              .
- |                      |              |
- |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
- |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
- '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+       _____               _           _
+      |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
+      |   __|  _| -_| -_| . | . |     | . | . |   | -_|
+      |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
 
-                    Initial base install
+                                   Initial base install
 
 Your system is not yet installed. To complete the process run the
 following commands, then enter your details.
 " > "$rootdir/etc/motd"
     else
         echo $"
- .---.                  .              .
- |                      |              |
- |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
- |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
- '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+       _____               _           _
+      |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
+      |   __|  _| -_| -_| . | . |     | . | . |   | -_|
+      |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
 
-                    Freedom in the Mesh
+                                    Freedom in the Mesh
 " > "$rootdir/etc/motd"
     fi
 }
     fi
 
     git clone "$CRYPTPAD_REPO" "$rootdir/repos/cryptpad"
+    git clone "$BLUDIT_REPO" "$rootdir/repos/bludit"
     git clone "$DOKUWIKI_REPO" "$rootdir/repos/dokuwiki"
     git clone "$ETHERPAD_REPO" "$rootdir/repos/etherpad"
     git clone "$FRIENDICA_REPO" "$rootdir/repos/friendica"

src/freedombone-image-makefile

 BOX_IP_ADDRESS ?= "192.168.1.55"
 
 # DNS
-NAMESERVER1 ?= '213.73.91.35'
-NAMESERVER2 ?= '85.214.20.141'
+NAMESERVER1 ?= '91.239.100.100'
+NAMESERVER2 ?= '89.233.43.71'
 NAMESERVER3 ?= '213.73.91.35'
 NAMESERVER4 ?= '85.214.73.63'
 NAMESERVER5 ?= '84.200.69.80'

src/freedombone-syncthing

             if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 echo "" > $TEMP_IDS_FILE
                 while read -r line || [[ -n "$line" ]]; do
-                    line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
+                    line2=$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
                     if [[ $line2 != *"#"* && $line2 != *"*"* && $line2 != *'/'*  && $line2 == *"-"* ]]; then
                         if [ ${#line2} -gt 10 ]; then
                             if ! grep -q "$line2" $TEMP_IDS_FILE; then
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 while read -r line || [[ -n "$line" ]]; do
-                    line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
+                    line2=$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
                     if [[ $line2 != *"#"* && $line2 != *"*"* && $line2 != *'/'*  && $line2 == *"-"* ]]; then
                         if [ ${#line2} -gt 10 ]; then
                             if ! grep -q "$line2" $TEMP_IDS_FILE; then
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 while read -r line || [[ -n "$line" ]]; do
-                    line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
+                    line2=$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
                     if [[ $line2 != *"#"* && $line2 != *"*"* && $line2 != *'/'*  && $line2 == *"-"* ]]; then
                         if [ ${#line2} -gt 10 ]; then
                             if ! grep -q "$line2" $TEMP_IDS_FILE; then

src/freedombone-template

 app_name_lower=$(echo "${app_name}" | tr '[:upper:]' '[:lower:]')
 app_name=$app_name_lower
 app_name_upper=$(echo "${app_name}" | tr '[:lower:]' '[:upper:]')
-echo "test: $app_name_upper"
 app_repo="TODO"
 app_repo_commit='TODO'
 app_php=
     fi
 fi
 echo ''
-echo "${app_name}=(ONION_ONLY"
-echo "             ${app_name_upper}_DOMAIN_NAME"
-echo "             ${app_name_upper}_CODE"
-echo '             DDNS_PROVIDER'
-echo "             MY_USERNAME)"
+echo "${app_name}_variables=(ONION_ONLY"
+echo "                       ${app_name_upper}_DOMAIN_NAME"
+echo "                       ${app_name_upper}_CODE"
+echo '                       DDNS_PROVIDER'
+echo "                       MY_USERNAME)"
 echo ''
 echo "function logging_on_${app_name} {"
 echo "    echo -n ''"
 echo "function remove_user_${app_name} {"
 echo "    remove_username=\"\$1\""
 echo ''
-echo "    \${PROJECT_NAME}-pass -u \$remove_username --rmapp ${app_name}"
+echo "    \"\${PROJECT_NAME}-pass\" -u \"\$remove_username\" --rmapp ${app_name}"
 echo '}'
 echo ''
 echo "function add_user_${app_name} {"
 echo "    new_username=\"\$1\""
 echo "    new_user_password=\"\$2\""
 echo ''
-echo "    \${PROJECT_NAME}-pass -u \$new_username -a ${app_name} -p \"\$new_user_password\""
+echo "    \"\${PROJECT_NAME}-pass\" -u \"\$new_username\" -a ${app_name} -p \"\$new_user_password\""
 echo "    echo '0'"
 echo '}'
 echo ''
 echo "function install_interactive_${app_name} {"
 if [ ! $app_onion_only ]; then
-    echo "    if [ ! \$ONION_ONLY ]; then"
+    echo "    if [ ! \"\$ONION_ONLY\" ]; then"
     echo "        ONION_ONLY='no'"
     echo '    fi'
     echo ''
-    echo "    if [[ \$ONION_ONLY != \"no\" ]]; then"
+    echo "    if [[ \"\$ONION_ONLY\" != \"no\" ]]; then"
     echo "        ${app_name_upper}_DOMAIN_NAME='${app_name}.local'"
     echo "        write_config_param \"${app_name_upper}_DOMAIN_NAME\" \"\$${app_name_upper}_DOMAIN_NAME\""
     echo '    else'
-    echo "        interactive_site_details \"${app_name}\" \"${app_name_upper}_DOMAIN_NAME\" \"${app_name}_CODE\""
+    echo "        interactive_site_details \"${app_name}\" \"${app_name_upper}_DOMAIN_NAME\" \"${app_name_upper}_CODE\""
     echo '    fi'
 else
     echo "    echo -n ''"
 echo ''
 echo "    read_config_param '${app_name_upper}_DOMAIN_NAME'"
 echo ''
-echo "    \${PROJECT_NAME}-pass -u \"\$curr_username\" -a ${app_name} -p \"\$new_user_password\""
+echo "    \"\${PROJECT_NAME}-pass\" -u \"\$curr_username\" -a ${app_name} -p \"\$new_user_password\""
 echo '}'
 
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" || "$database_type" == "postgres"* ]]; then
 echo '        return'
 echo '    fi'
 echo ''
-echo "    if grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
+echo "    if grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
 echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo '    fi'
 echo ''
 echo '    # update to the next commit'
 if [ ! "$app_dir" ]; then
-    echo "    set_repo_commit /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\" \$${app_name_upper}_REPO"
-    echo "    chown -R www-data:www-data /var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
+    echo "    set_repo_commit \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\" \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\" \$${app_name_upper}_REPO"
+    echo "    chown -R www-data:www-data \"/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs\""
 else
-    echo "    set_repo_commit ${app_dir} \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\" \$${app_name_upper}_REPO"
-    echo "    chown -R ${app_name}:${app_name} ${app_dir}"
+    echo "    set_repo_commit \"${app_dir}\" \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\" \$${app_name_upper}_REPO"
+    echo "    chown -R ${app_name}:${app_name} \"${app_dir}\""
 fi
 echo '}'
 echo ''
 echo "function backup_local_${app_name} {"
 echo "    ${app_name_upper}_DOMAIN_NAME='${app_name}'"
-echo "    if grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
+echo "    if grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
 echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo '    fi'
 echo ''
     echo "    source_directory=${app_dir}"
 fi
 echo ''
-echo "    suspend_site \${${app_name_upper}_DOMAIN_NAME}"
+echo "    suspend_site \"\${${app_name_upper}_DOMAIN_NAME}\""
 echo ''
 echo "    dest_directory=${app_name}"
-echo "    backup_directory_to_usb \$source_directory \$dest_directory"
+echo "    backup_directory_to_usb \"\$source_directory\" \$dest_directory"
 echo ''
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "    backup_database_to_usb ${app_name}"
 echo '}'
 echo ''
 echo "function restore_local_${app_name} {"
-echo "    if ! grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
+echo "    if ! grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
 echo '        return'
 echo '    fi'
 echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
-echo "    if [ \$${app_name_upper}_DOMAIN_NAME ]; then"
+echo "    if [ \"\$${app_name_upper}_DOMAIN_NAME\" ]; then"
 echo "        temp_restore_dir=/root/temp${app_name}"
 if [ ! "$app_dir" ]; then
     echo "        ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 fi
 echo "        restore_directory_from_usb \$temp_restore_dir ${app_name}"
 echo "        if [ -d \$temp_restore_dir ]; then"
-echo "            if [ -d cp \$temp_restore_dir\$${app_name}_dir ]; then"
-echo "                cp -rp \$temp_restore_dir\$${app_name}_dir/* \$${app_name}_dir/"
+echo "            if [ -d \"\$temp_restore_dir\$${app_name}_dir\" ]; then"
+echo "                cp -rp \"\$temp_restore_dir\$${app_name}_dir\"/* \"\$${app_name}_dir\"/"
 echo '            else'
-echo "                if [ ! -d \$${app_name}_dir ]; then"
-echo "                    mkdir \$${app_name}_dir"
+echo "                if [ ! -d \"\$${app_name}_dir\" ]; then"
+echo "                    mkdir \"\$${app_name}_dir\""
 echo '                fi'
-echo "                cp -rp \$temp_restore_dir/* \$${app_name}_dir/"
+echo "                cp -rp \"\$temp_restore_dir\"/* \"\$${app_name}_dir\"/"
 echo '            fi'
-echo "            chown -R www-data:www-data \$${app_name}_dir"
+echo "            chown -R www-data:www-data \"\$${app_name}_dir\""
 echo "            rm -rf \$temp_restore_dir"
 echo '        fi'
 echo ''
 echo ''
 echo "function backup_remote_${app_name} {"
 echo "    ${app_name_upper}_DOMAIN_NAME='${app_name}'"
-echo "    if grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
+echo "    if grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
 echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo '    fi'
 echo ''
     echo "    source_directory=${app_dir}"
 fi
 echo ''
-echo "    suspend_site \${${app_name_upper}_DOMAIN_NAME}"
+echo "    suspend_site \"\${${app_name_upper}_DOMAIN_NAME}\""
 echo ''
 echo "    dest_directory=${app_name}"
-echo "    backup_directory_to_friend \$source_directory \$dest_directory"
-echo ''
+echo "    backup_directory_to_friend \"\$source_directory\" \$dest_directory"
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "    backup_database_to_friend ${app_name}"
+    echo ''
 fi
 if [[ "$database_type" == "postgres"* ]]; then
     echo '    USE_POSTGRESQL=1'
 echo '}'
 echo ''
 echo "function restore_remote_${app_name} {"
-echo "    if ! grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
+echo "    if ! grep -q \"${app_name} domain\" \"\$COMPLETION_FILE\"; then"
 echo '        return'
 echo '    fi'
 echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
-echo "    if [ \$${app_name_upper}_DOMAIN_NAME ]; then"
+echo "    if [ \"\$${app_name_upper}_DOMAIN_NAME\" ]; then"
 echo "        temp_restore_dir=/root/temp${app_name}"
 if [ ! "$app_dir" ]; then
     echo "        ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
     echo "        ${app_name}_create_database"
     echo ''
     echo "        restore_database_from_friend ${app_name}"
-    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "        if [ -d \"\$temp_restore_dir\" ]; then"
     echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
     echo ''
     echo '        USE_POSTGRESQL=1'
     echo "        restore_database_from_friend ${app_name}"
-    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "        if [ -d \"\$temp_restore_dir\" ]; then"
     echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
 fi
 echo "        restore_directory_from_friend \$temp_restore_dir ${app_name}"
 echo "        if [ -d \$temp_restore_dir ]; then"
-echo "            if [ -d cp \$temp_restore_dir\$${app_name}_dir ]; then"
-echo "                cp -rp \$temp_restore_dir\$${app_name}_dir/* \$${app_name}_dir/"
+echo "            if [ -d \"\$temp_restore_dir\$${app_name}_dir\" ]; then"
+echo "                cp -rp \"\$temp_restore_dir\$${app_name}_dir\"/* \"\$${app_name}_dir\"/"
 echo '            else'
-echo "                if [ ! -d \$${app_name}_dir ]; then"
-echo "                    mkdir \$${app_name}_dir"
+echo "                if [ ! -d \"\$${app_name}_dir\" ]; then"
+echo "                    mkdir \"\$${app_name}_dir\""
 echo '                fi'
-echo "                cp -rp \$temp_restore_dir/* \$${app_name}_dir/"
+echo "                cp -rp \$temp_restore_dir/* \"\$${app_name}_dir\"/"
 echo '            fi'
-echo "            chown -R www-data:www-data \$${app_name}_dir"
+echo "            chown -R www-data:www-data \"\$${app_name}_dir\""
 echo "            rm -rf \$temp_restore_dir"
 echo '        fi'
 echo ''
     echo "    remove_nodejs ${app_name}"
     echo ''
 fi
-echo "    nginx_dissite \$${app_name_upper}_DOMAIN_NAME"
-echo "    remove_certs \$${app_name_upper}_DOMAIN_NAME"
+echo "    nginx_dissite \"\$${app_name_upper}_DOMAIN_NAME\""
+echo "    remove_certs \"\$${app_name_upper}_DOMAIN_NAME\""
 echo ''
 if [ $app_daemon ]; then
     echo "    if [ -f /etc/systemd/system/${app_name}.service ]; then"
     echo "    userdel -r ${app_name}"
 fi
 echo ''
-echo "    if [ -d /var/www/\$${app_name_upper}_DOMAIN_NAME ]; then"
-echo "        rm -rf /var/www/\$${app_name_upper}_DOMAIN_NAME"
+echo "    if [ -d \"/var/www/\$${app_name_upper}_DOMAIN_NAME\" ]; then"
+echo "        rm -rf \"/var/www/\$${app_name_upper}_DOMAIN_NAME\""
 echo '    fi'
-echo "    if [ -f /etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME ]; then"
-echo "        rm /etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME"
+echo "    if [ -f \"/etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME\" ]; then"
+echo "        rm \"/etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME\""
 echo '    fi'
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "    drop_database ${app_name}"
 echo '    fi'
 echo "    remove_app ${app_name}"
 echo "    remove_completion_param install_${app_name}"
-echo "    sed -i '/${app_name}/d' \$COMPLETION_FILE"
+echo "    sed -i '/${app_name}/d' \"\$COMPLETION_FILE\""
 if [ "$app_port" ]; then
     echo ''
     echo "    firewall_remove ${app_port} tcp"
 fi
 echo ''
-echo "    remove_ddns_domain \$${app_name_upper}_DOMAIN_NAME"
+echo "    remove_ddns_domain \"\$${app_name_upper}_DOMAIN_NAME\""
 echo '}'
 echo ''
 echo "function install_${app_name} {"
     echo '    apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl'
     echo ''
 fi
-echo "    if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME ]; then"
-echo "        mkdir /var/www/\$${app_name_upper}_DOMAIN_NAME"
+
+echo "    if [ ! \"\$${app_name_upper}_DOMAIN_NAME\" ]; then"
+echo "        echo \$'No domain name was given'"
+echo '        exit 3568356'
+echo '    fi'
+echo ''
+echo "    if [ -d \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\" ]; then"
+echo "        rm -rf \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
 echo '    fi'
-echo "    if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs ]; then"
-echo "        if [ -d /repos/${app_name} ]; then"
-echo "            mkdir /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
+
+echo "      if [ -d /repos/${app_name} ]; then"
+echo "          mkdir \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
 if [ ! "$app_dir" ]; then
-    echo "            cp -r -p /repos/${app_name}/. /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
-    echo "            cd /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
+    echo "          cp -r -p /repos/${app_name}/. \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
+    echo "          cd \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\" || exit 324687356"
 else
-    echo "            cp -r -p /repos/${app_name}/. ${app_dir}"
-    echo "            cd ${app_dir}"
+    echo "          cp -r -p /repos/${app_name}/. \"${app_dir}\""
+    echo "          cd \"${app_dir}\" || exit 36487365"
 fi
-echo '            git pull'
-echo '        else'
+echo '          git pull'
+echo '      else'
 if [ ! "$app_dir" ]; then
-    echo "            git_clone \$${app_name_upper}_REPO /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
+    echo "          git_clone \$${app_name_upper}_REPO \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
 else
-    echo "            git_clone \$${app_name_upper}_REPO ${app_dir}"
+    echo "          git_clone \$${app_name_upper}_REPO \"${app_dir}\""
 fi
-echo '        fi'
+echo '      fi'
 echo ''
 if [ ! "$app_dir" ]; then
-    echo "        if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs ]; then"
+    echo "        if [ ! -d \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\" ]; then"
 else
-    echo "        if [ ! -d ${app_dir} ]; then"
+    echo "        if [ ! -d \"${app_dir}\" ]; then"
 fi
 echo "            echo \$'Unable to clone ${app_name} repo'"
 echo '            exit 87525'
 echo '        fi'
-echo '    fi'
 echo ''
 if [ ! "$app_dir" ]; then
-    echo "    cd /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
+    echo "    cd \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\" || exit 36587356"
 else
-    echo "    cd ${app_dir}"
+    echo "    cd \"${app_dir}\" || exit 3463754637"
 fi
 echo "    git checkout \$${app_name_upper}_COMMIT -b \$${app_name_upper}_COMMIT"
 echo "    set_completion_param \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\""
 echo ''
-echo "    chmod g+w /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
-echo "    chown -R www-data:www-data /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
+echo "    chmod g+w \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
+echo "    chown -R www-data:www-data \"/var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs\""
 
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" || "$database_type" == "postgres"*  ]]; then
     echo ''
     echo "    ${app_name}_create_database"
 fi
 echo ''
-echo "    add_ddns_domain \$${app_name_upper}_DOMAIN_NAME"
+echo "    add_ddns_domain \"\$${app_name_upper}_DOMAIN_NAME\""
 echo ''
 echo "    ${app_name_upper}_ONION_HOSTNAME=\$(add_onion_service ${app_name} 80 \${${app_name_upper}_ONION_PORT})"
 echo ''
 echo "    ${app_name}_nginx_site=/etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME"
 
-if [ $app_onion_only ]; then
+if [ ! $app_onion_only ]; then
     echo "    if [[ \"\$ONION_ONLY\" == \"no\" ]]; then"
     if [[ "$app_php" == 'yes' ]]; then
-        echo "        nginx_http_redirect \$${app_name_upper}_DOMAIN_NAME \"index index.php\""
+        echo "        nginx_http_redirect \"\$${app_name_upper}_DOMAIN_NAME\" \"index index.php\""
     else
-        echo "        nginx_http_redirect \$${app_name_upper}_DOMAIN_NAME \"index index.html\""
+        echo "        nginx_http_redirect \"\$${app_name_upper}_DOMAIN_NAME\" \"index index.html\""
     fi
-    echo "        echo 'server {' >> \$${app_name}_nginx_site"
-    echo "        echo '  listen 443 ssl;' >> \$${app_name}_nginx_site"
-    echo "        echo '  #listen [::]:443 ssl;' >> \$${app_name}_nginx_site"
-    echo "        echo \"  server_name \$${app_name_upper}_DOMAIN_NAME;\" >> \$${app_name}_nginx_site"
-    echo "        echo '' >> \$${app_name}_nginx_site"
-    echo "        nginx_compress \$${app_name_upper}_DOMAIN_NAME"
-    echo "        echo '' >> \$${app_name}_nginx_site"
-    echo "        echo '  # Security' >> \$${app_name}_nginx_site"
-    echo "        nginx_ssl \$${app_name_upper}_DOMAIN_NAME"
-    echo ''
-    echo "        nginx_security_options \$${app_name_upper}_DOMAIN_NAME"
-    echo ''
-    echo "        echo '  add_header Strict-Transport-Security max-age=15768000;' >> \$${app_name}_nginx_site"
-    echo "        echo '' >> \$${app_name}_nginx_site"
-    echo "        echo '  # Logs' >> \$${app_name}_nginx_site"
-    echo "        echo '  access_log /dev/null;' >> \$${app_name}_nginx_site"
-    echo "        echo '  error_log /dev/null;' >> \$${app_name}_nginx_site"
-    echo "        echo '' >> \$${app_name}_nginx_site"
-    echo "        echo '  # Root' >> \$${app_name}_nginx_site"
-    echo "        echo \"  root /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs;\" >> \$${app_name}_nginx_site"
-    echo "        echo '' >> \$${app_name}_nginx_site"
+    echo "        { echo 'server {';"
+    echo "          echo '  listen 443 ssl;';"
+    echo "          echo '  #listen [::]:443 ssl;';"
+    echo "          echo \"  server_name \$${app_name_upper}_DOMAIN_NAME;\";"
+    echo "          echo ''; } >> \"\$${app_name}_nginx_site\""
+    echo "        nginx_compress \"\$${app_name_upper}_DOMAIN_NAME\""
+    echo "        echo '' >> \"\$${app_name}_nginx_site\""
+    echo "        echo '  # Security' >> \"\$${app_name}_nginx_site\""
+    echo "        nginx_ssl \"\$${app_name_upper}_DOMAIN_NAME\""
+    echo ''
+    echo "        nginx_security_options \"\$${app_name_upper}_DOMAIN_NAME\""
+    echo ''
+    echo "        { echo '  add_header Strict-Transport-Security max-age=15768000;';"
+    echo "          echo '';"
+    echo "          echo '  # Logs';"
+    echo "          echo '  access_log /dev/null;';"
+    echo "          echo '  error_log /dev/null;';"
+    echo "          echo '';"
+    echo "          echo '  # Root';"
+    echo "          echo \"  root /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs;\";"
+    echo "          echo '';"
     if [[ "$app_php" == 'yes' ]]; then
-        echo "        echo '  index index.php;' >> \$${app_name}_nginx_site"
-        echo "        echo '  location ~ \\.php {' >> \$${app_name}_nginx_site"
-        echo "        echo '    include snippets/fastcgi-php.conf;' >> \$${app_name}_nginx_site"
-        echo "        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> \$${app_name}_nginx_site"
-        echo "        echo '    fastcgi_read_timeout 30;' >> \$${app_name}_nginx_site"
-        echo "        echo '  }' >> \$${app_name}_nginx_site"
-        echo "        echo '' >> \$${app_name}_nginx_site"
+        echo "          echo '  index index.php;';"
+        echo "          echo '  location ~ \\.php {';"
+        echo "          echo '    include snippets/fastcgi-php.conf;';"
+        echo "          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';"
+        echo "          echo '    fastcgi_read_timeout 30;';"
+        echo "          echo '    fastcgi_param HTTPS on;';"
+        echo "          echo '  }';"
+        echo "          echo '';"
     else
-        echo "        echo '  index index.html;' >> \$${app_name}_nginx_site"
+        echo "        echo '  index index.html;';"
     fi
-    echo "        echo '  # Location' >> \$${app_name}_nginx_site"
-    echo "        echo '  location / {' >> \$${app_name}_nginx_site"
-    echo "        nginx_limits \$${app_name_upper}_DOMAIN_NAME '15m'"
+    echo "          echo '  # Location';"
+    echo "          echo '  location / {'; } >> \"\$${app_name}_nginx_site\""
+    echo "        nginx_limits \"\$${app_name_upper}_DOMAIN_NAME\" '15m'"
     if [ ! $app_daemon ]; then
-        echo "        echo '    try_files \$uri \$uri/ /index.html;' >> \$${app_name}_nginx_site"
+        if [[ "$app_php" != 'yes' ]]; then
+            echo "        { echo \"    try_files \\\$uri \\\$uri/ /index.html;\";"
+        else
+            echo "        { echo \"    try_files \\\$uri \\\$uri/ /index.php?\\\$args;\";"
+        fi
     else
-        echo "        echo \"    proxy_pass http://localhost:\$${app_name_upper}_PORT_INTERNAL;\" >> \$${app_name}_nginx_site"
+        echo "        { echo \"    proxy_pass http://localhost:\$${app_name_upper}_PORT_INTERNAL;\";"
     fi
-    echo "        echo '  }' >> \$${app_name}_nginx_site"
-    echo "        echo '}' >> \$${app_name}_nginx_site"
+    echo "          echo '  }';"
+    echo "          echo '}'; } >> \"\$${app_name}_nginx_site\""
     echo '    else'
-    echo "        echo -n '' > \$${app_name}_nginx_site"
+    echo "        echo -n '' > \"\$${app_name}_nginx_site\""
     echo '    fi'
 else
-    echo "    echo -n '' > \$${app_name}_nginx_site"
-fi
-echo "    echo 'server {' >> \$${app_name}_nginx_site"
-echo "    echo \"    listen 127.0.0.1:\$${app_name_upper}_ONION_PORT default_server;\" >> \$${app_name}_nginx_site"
-echo "    echo \"    server_name \$${app_name_upper}_ONION_HOSTNAME;\" >> \$${app_name}_nginx_site"
-echo "    echo '' >> \$${app_name}_nginx_site"
-echo "    nginx_compress \$${app_name_upper}_DOMAIN_NAME"
-echo "    echo '' >> \$${app_name}_nginx_site"
-echo "    nginx_security_options \$${app_name_upper}_DOMAIN_NAME"
-echo "    echo '' >> \$${app_name}_nginx_site"
-echo "    echo '  # Logs' >> \$${app_name}_nginx_site"
-echo "    echo '  access_log /dev/null;' >> \$${app_name}_nginx_site"
-echo "    echo '  error_log /dev/null;' >> \$${app_name}_nginx_site"
-echo "    echo '' >> \$${app_name}_nginx_site"
-echo "    echo '  # Root' >> \$${app_name}_nginx_site"
-echo "    echo \"  root /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs;\" >> \$${app_name}_nginx_site"
-echo "    echo '' >> \$${app_name}_nginx_site"
+    echo "    echo -n '' > \"\$${app_name}_nginx_site\""
+fi
+echo "    { echo 'server {';"
+echo "      echo \"    listen 127.0.0.1:\$${app_name_upper}_ONION_PORT default_server;\";"
+echo "      echo \"    server_name \$${app_name_upper}_ONION_HOSTNAME;\";"
+echo "      echo ''; } >> \"\$${app_name}_nginx_site\""
+echo "    nginx_compress \"\$${app_name_upper}_DOMAIN_NAME\""
+echo "    echo '' >> \"\$${app_name}_nginx_site\""
+echo "    nginx_security_options \"\$${app_name_upper}_DOMAIN_NAME\""
+echo "    { echo '';"
+echo "      echo '  # Logs';"
+echo "      echo '  access_log /dev/null;';"
+echo "      echo '  error_log /dev/null;';"
+echo "      echo '';"
+echo "      echo '  # Root';"
+echo "      echo \"  root /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs;\";"
+echo "      echo '';"
 if [[ "$app_php" == 'yes' ]]; then
-    echo "    echo '  index index.php;' >> \$${app_name}_nginx_site"
-    echo "    echo '  location ~ \\.php {' >> \$${app_name}_nginx_site"
-    echo "    echo '    include snippets/fastcgi-php.conf;' >> \$${app_name}_nginx_site"
-    echo "    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> \$${app_name}_nginx_site"
-    echo "    echo '    fastcgi_read_timeout 30;' >> \$${app_name}_nginx_site"
-    echo "    echo '  }' >> \$${app_name}_nginx_site"
-    echo "    echo '' >> \$${app_name}_nginx_site"
+    echo "      echo '  index index.php;';"
+    echo "      echo '  location ~ \\.php {';"
+    echo "      echo '    include snippets/fastcgi-php.conf;';"
+    echo "      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';"
+    echo "      echo '    fastcgi_read_timeout 30;';"
+    echo "      echo '    fastcgi_param HTTPS off;';"
+    echo "      echo '  }';"
+    echo "      echo '';"
 else
-    echo "        echo '  index index.html;' >> \$${app_name}_nginx_site"
+    echo "        echo '  index index.html;';"
 fi
-echo "    echo '  # Location' >> \$${app_name}_nginx_site"
-echo "    echo '  location / {' >> \$${app_name}_nginx_site"
-echo "    nginx_limits \$${app_name_upper}_DOMAIN_NAME '15m'"
+echo "      echo '  # Location';"
+echo "      echo '  location / {'; } >> \"\$${app_name}_nginx_site\""
+echo "    nginx_limits \"\$${app_name_upper}_DOMAIN_NAME\" '15m'"
 if [ ! $app_daemon ]; then
-    echo "    echo '    try_files \$uri \$uri/ index.html;' >> \$${app_name}_nginx_site"
+    if [[ "$app_php" != 'yes' ]]; then
+        echo "    { echo \"    try_files \\\$uri \\\$uri/ index.html;\";"
+    else
+        echo "    { echo \"    try_files \\\$uri \\\$uri/ index.php?\\\$args;\";"
+    fi
 else
-    echo "    echo \"    proxy_pass http://localhost:\$${app_name_upper}_PORT_INTERNAL;\" >> \$${app_name}_nginx_site"
+    echo "      echo \"    proxy_pass http://localhost:\$${app_name_upper}_PORT_INTERNAL;\";"
 fi
-echo "    echo '  }' >> \$${app_name}_nginx_site"
-echo "    echo '}' >> \$${app_name}_nginx_site"
+echo "      echo '  }';"
+echo "      echo '}'; } >> \"\$${app_name}_nginx_site\""
 if [[ "$app_php" == 'yes' ]]; then
     echo ''
     echo '    configure_php'
 fi
 if [ $app_daemon ]; then
     echo ''
-    echo "    useradd -d TODO_PATH_TO_INSTALL -s /bin/false ${app_name}"
-    echo ''
-    echo "    echo '[Unit]' > /etc/systemd/system/${app_name}.service"
-    echo "    echo 'Description=${app_name}' >> /etc/systemd/system/${app_name}.service"
-    echo "    echo 'After=syslog.target' >> /etc/systemd/system/${app_name}.service"
-    echo "    echo 'After=network.target' >> /etc/systemd/system/${app_name}.service"
-    echo "    echo '' >> /etc/systemd/system/${app_name}.service"
-    echo "    echo '[Service]' >> /etc/systemd/system/${app_name}.service"
-    echo "    echo 'Type=simple' >> /etc/systemd/system/${app_name}.service"
-    echo "    echo 'User=${app_name}' >> /etc/systemd/system/${app_name}.service"
-    echo "    echo 'Group=${app_name}' >> /etc/systemd/system/${app_name}.service"
+    echo "    useradd -d \"TODO_PATH_TO_INSTALL\" -s /bin/false ${app_name}"
+    echo ''
+    echo "    { echo '[Unit]';"
+    echo "      echo 'Description=${app_name}';"
+    echo "      echo 'After=syslog.target';"
+    echo "      echo 'After=network.target';"
+    echo "      echo '';"
+    echo "      echo '[Service]';"
+    echo "      echo 'Type=simple';"
+    echo "      echo 'User=${app_name}';"
+    echo "      echo 'Group=${app_name}'; } > \"/etc/systemd/system/${app_name}.service\""
     if [ ! "$app_dir" ]; then
-        echo "    echo 'WorkingDirectory=TODO' >> /etc/systemd/system/${app_name}.service"
+        echo "    echo 'WorkingDirectory=TODO' >> \"/etc/systemd/system/${app_name}.service\""
     else
-        echo "    echo 'WorkingDirectory=${app_dir}' >> /etc/systemd/system/${app_name}.service"
+        echo "    echo 'WorkingDirectory=${app_dir}' >> \"/etc/systemd/system/${app_name}.service\""
     fi
-    echo "    echo 'ExecStart=TODO' >> /etc/systemd/system/${app_name}.service"
-    echo "    echo 'Restart=always' >> /etc/systemd/system/${app_name}.service"
-    echo "    echo 'Environment=\"USER=${app_name}\"' >> /etc/systemd/system/${app_name}.service"
-    echo "    echo '' >> /etc/systemd/system/${app_name}.service"
-    echo "    echo '[Install]' >> /etc/systemd/system/${app_name}.service"
-    echo "    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/${app_name}.service"
+    echo "    { echo 'ExecStart=TODO';"
+    echo "      echo 'Restart=always';"
+    echo "      echo 'Environment=\"USER=${app_name}\"';"
+    echo "      echo '';"
+    echo "      echo '[Install]';"
+    echo "      echo 'WantedBy=multi-user.target'; } >> \"/etc/systemd/system/${app_name}.service\""
     echo "    systemctl enable ${app_name}"
     if [ "$app_dir" ]; then
-        echo "    chown -R ${app_name}:${app_name} ${app_dir}"
+        echo "    chown -R ${app_name}:${app_name} \"${app_dir}\""
     fi
     echo "    systemctl start ${app_name}"
 fi
 echo ''
-echo "    create_site_certificate \$${app_name_upper}_DOMAIN_NAME 'yes'"
+echo "    create_site_certificate \"\$${app_name_upper}_DOMAIN_NAME\" 'yes'"
 echo ''
-echo "    nginx_ensite \$${app_name_upper}_DOMAIN_NAME"
+echo "    nginx_ensite \"\$${app_name_upper}_DOMAIN_NAME\""
 echo ''
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo '    systemctl restart mariadb'
 fi
 echo '    systemctl restart nginx'
 echo ''
-echo "    \${PROJECT_NAME}-pass -u \$MY_USERNAME -a ${app_name} -p \"\$${app_name_upper}_ADMIN_PASSWORD\""
+echo "    \"\${PROJECT_NAME}-pass\" -u \"\$MY_USERNAME\" -a ${app_name} -p \"\$${app_name_upper}_ADMIN_PASSWORD\""
 echo "    set_completion_param \"${app_name} domain\" \"\$${app_name_upper}_DOMAIN_NAME\""
 if [ "$app_port" ]; then
     echo ''

src/freedombone-upgrade

     source "$f"
 done
 
+source "/usr/share/${PROJECT_NAME}/base/${PROJECT_NAME}-base-email"
+
 read_config_param PROJECT_REPO
 read_config_param DEVELOPMENT_BRANCH
 read_config_param DEFAULT_DOMAIN_NAME
     fi
 fi
 
-if grep -q "cat /root/dbpass" /usr/bin/backupdatabases; then
-    # update to using the password manager
-    sed -i "s|cat /root/dbpass|freedombone-pass -u root -a mariadb|g" /usr/bin/backupdatabases
+if [ -f /usr/bin/backupdatabases ]; then
+    if grep -q "cat /root/dbpass" /usr/bin/backupdatabases; then
+        # update to using the password manager
+        sed -i "s|cat /root/dbpass|freedombone-pass -u root -a mariadb|g" /usr/bin/backupdatabases
+    fi
 fi
 
 #update-ca-certificates
             exit 453536
         fi
 
+        #rebuild_exim_with_socks
+        nodejs_upgrade
         apt-get -yq -t stretch-backports install certbot
         email_install_tls
         email_disable_chunking

src/freedombone-utils-avahi

     sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" "$rootdir/etc/avahi/avahi-daemon.conf"
     sed -i "s|use-ipv4=.*|use-ipv4=no|g" "$rootdir/etc/avahi/avahi-daemon.conf"
     sed -i "s|use-ipv6=.*|use-ipv6=yes|g" "$rootdir/etc/avahi/avahi-daemon.conf"
-    #sed -i "s|#allow-interfaces=.*|allow-interfaces=wlan0, wlan1, wlan2, wlan3, wlan4, wlan5|g" "$rootdir/etc/avahi/avahi-daemon.conf"
-    #sed -i "s|allow-interfaces=.*|allow-interfaces=wlan0, wlan1, wlan2, wlan3, wlan4, wlan5|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+
+    # Note: wlan interfaces must be allowed within avahi, otherwise the
+    #       *.local address will not resolve
+
+    sed -i "s|#allow-interfaces|allow-interfaces|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|allow-interfaces=.*|allow-interfaces=wlan0, wlan1, wlan2, wlan3, wlan4, wlan5, eth0, eth1|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+
     #sed -i "s|#deny-interfaces=.*|deny-interfaces=eth0, eth1, eth2, eth3, eth4, eth5|g" "$rootdir/etc/avahi/avahi-daemon.conf"
     #sed -i "s|deny-interfaces=.*|deny-interfaces=eth0, eth1, eth2, eth3, eth4, eth5|g" "$rootdir/etc/avahi/avahi-daemon.conf"
     sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" "$rootdir/etc/avahi/avahi-daemon.conf"

src/freedombone-utils-dns

 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 # DNS
-NAMESERVER1='85.214.73.63'
-NAMESERVER2='213.73.91.35'
+NAMESERVER1='91.239.100.100'
+NAMESERVER2='89.233.43.71'
 NAMESERVER3='87.118.100.175'
 NAMESERVER4='94.75.228.29'
 NAMESERVER5='85.25.251.254'

src/freedombone-utils-firewall

         fi
         sed -i "/${unblocked_domain}/d" "$FIREWALL_DOMAINS"
     fi
+    if grep -q " $unblocked_domain" /etc/hosts; then
+        sed -i "/ $unblocked_domain/d" /etc/hosts
+    fi
 }
 
 function firewall_drop_spoofed_packets {

src/freedombone-utils-login

         rm -f /etc/init.d/motd
     fi
 
-    { echo ".---.                  .              .                   ";
-      echo "|                      |              |                   ";
-      echo "|--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-. ";
-      echo "|    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-' ";
-      echo "'    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'";
-      echo $'                  Freedom in the Cloud';
+    { echo '    _____               _           _';
+      echo '   |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___';
+      echo '   |   __|  _| -_| -_| . | . |     | . | . |   | -_|';
+      echo '   |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|';
+      echo '';
+      echo $'                                Freedom in the Cloud';
       echo ''; } > /etc/motd
+
     mark_completed "${FUNCNAME[0]}"
 }
 

src/freedombone-utils-nodejs

 
 # change these versions at your peril. Things will often crash if you don't
 # have specifically the correct versions
-NODEJS_VERSION='6.11.4'
-NODEJS_N_VERSION='2.1.7'
-NPM_VERSION='4.0.5'
+NODEJS_VERSION='8.11.1'
+NODEJS_N_VERSION='2.1.8'
+NPM_VERSION='5.8.0'
 
 # This file keeps track of the apps needing nodejs
 # so that it can be removed if tere are no apps which need it
     fi
 }
 
+function nodejs_fix_cpu_detection {
+    # fix for failing cpu detection during image build with qemu, see https://github.com/npm/npm/issues/19265
+    if [ -f "$rootdir/usr/lib/node_modules/npm/node_modules/worker-farm/lib/farm.js" ]; then
+        sed -i "s/require('os').cpus().length/(require('os').cpus() || { length: 1 }).length/g" "$rootdir/usr/lib/node_modules/npm/node_modules/worker-farm/lib/farm.js"
+    fi
+
+    if [ -f "$rootdir/usr/lib/node_modules/npm/node_modules/node-gyp/lib/build.js" ]; then
+        sed -i "s/require('os').cpus().length/(require('os').cpus() || { length: 1 }).length/g" "$rootdir/usr/lib/node_modules/npm/node_modules/node-gyp/lib/build.js"
+    fi
+
+    if [ -f "$rootdir/usr/lib/node_modules/npm/node_modules/worker-farm/examples/pi/index.js" ]; then
+        sed -i "s/require('os').cpus().length/(require('os').cpus() || { length: 1 }).length/g" "$rootdir/usr/lib/node_modules/npm/node_modules/worker-farm/examples/pi/index.js"
+    fi
+
+
+    if [ -f "$rootdir/.npm-global/lib/node_modules/npm/node_modules/worker-farm/lib/farm.js" ]; then
+        sed -i "s/require('os').cpus().length/(require('os').cpus() || { length: 1 }).length/g" "$rootdir/.npm-global/lib/node_modules/npm/node_modules/worker-farm/lib/farm.js"
+    fi
+
+    if [ -f "$rootdir/.npm-global/lib/node_modules/npm/node_modules/node-gyp/lib/build.js" ]; then
+        sed -i "s/require('os').cpus().length/(require('os').cpus() || { length: 1 }).length/g" "$rootdir/.npm-global/lib/node_modules/npm/node_modules/node-gyp/lib/build.js"
+    fi
+
+    if [ -f "$rootdir/.npm-global/lib/node_modules/npm/node_modules/worker-farm/examples/pi/index.js" ]; then
+        sed -i "s/require('os').cpus().length/(require('os').cpus() || { length: 1 }).length/g" "$rootdir/.npm-global/lib/node_modules/npm/node_modules/worker-farm/examples/pi/index.js"
+    fi
+
+    # installing worker farm fixes the cpu detection bug
+    #$mesh_install_nodejs_prefix npm install --arch=$NPM_ARCH -g worker-farm@1.6.0 --save
+}
+
 function mesh_install_nodejs {
     mesh_install_nodejs_prefix=
     if [ "$rootdir" ]; then
     $mesh_install_nodejs_prefix wget https://deb.nodesource.com/gpgkey/nodesource.gpg.key -O /root/node.gpg.key
     if [ ! -f "$rootdir/root/node.gpg.key" ]; then
         echo $'Unable to obtain gpg key for nodejs repo'
+        NODE_UPGRADE=
         exit 6389252
     fi
     $mesh_install_nodejs_prefix apt-key add /root/node.gpg.key
-    echo "deb https://deb.nodesource.com/node_6.x stretch main" > "$rootdir/etc/apt/sources.list.d/nodesource.list"
-    echo "deb-src https://deb.nodesource.com/node_6.x stretch main" >> "$rootdir/etc/apt/sources.list.d/nodesource.list"
+    echo "deb https://deb.nodesource.com/node_8.x stretch main" > "$rootdir/etc/apt/sources.list.d/nodesource.list"
+    echo "deb-src https://deb.nodesource.com/node_8.x stretch main" >> "$rootdir/etc/apt/sources.list.d/nodesource.list"
 
+    $mesh_install_nodejs_prefix apt-mark -q unhold nodejs
     $mesh_install_nodejs_prefix apt-get update
     $mesh_install_nodejs_prefix apt-get -yq remove --purge nodejs
 
-    if [ -d "$rootdir/usr/local/lib/node_modules" ]; then
-        rm -rf "$rootdir/usr/local/lib/node_modules"
+    if [ ! $NODE_UPGRADE ]; then
+        if [ -d "$rootdir/usr/local/lib/node_modules" ]; then
+            rm -rf "$rootdir/usr/local/lib/node_modules"
+        fi
     fi
+
     if [ -f "$rootdir/usr/local/bin/node" ]; then
         rm "$rootdir/usr/local/bin/node"
     fi
     if [ -f "$rootdir/usr/bin/node" ]; then
-        rm /usr/bin/node
+        rm "$rootdir/usr/bin/node"
     fi
     if [ -f "$rootdir/usr/bin/nodejs" ]; then
         rm "$rootdir/usr/bin/nodejs"
         cp "$rootdir/usr/bin/nodejs" "$rootdir/usr/bin/node"
     fi
 
+    if [ -f "$rootdir/usr/bin/node" ]; then
+        cp "$rootdir/usr/bin/node" "$rootdir/usr/local/bin/node"
+    fi
+
+    $mesh_install_nodejs_prefix apt-mark -q hold nodejs
+
     if [ ! -f "${rootdir}/usr/bin/node" ]; then
         if [ ! -f "${rootdir}/usr/local/bin/node" ]; then
             if [ ! -f "${rootdir}/usr/bin/nodejs" ]; then
                 echo $'nodejs was not installed'
+                NODE_UPGRADE=
                 exit 63962
             fi
         fi
 
     if [ ! -f "$rootdir/usr/bin/node" ]; then
         echo $'/usr/bin/node not found'
+        NODE_UPGRADE=
         exit 7235728
     fi
 
     get_npm_arch
 
     $mesh_install_nodejs_prefix npm config set unsafe-perm true
+    nodejs_setup_global_modules
+    nodejs_fix_cpu_detection
     $mesh_install_nodejs_prefix npm install --arch=$NPM_ARCH -g npm@${NPM_VERSION} --save
+    if [ -f "$rootdir/.npm-global/bin/npm" ]; then
+        cp "$rootdir/.npm-global/bin/npm" "$rootdir/usr/local/bin/npm"
+        cp "$rootdir/.npm-global/bin/npm" "$rootdir/usr/bin/npm"
+    fi
     if [ -f "$rootdir/usr/local/bin/npm" ]; then
-        cp "$rootdir/usr/local/bin/npm" /usr/bin/npm
+        cp "$rootdir/usr/local/bin/npm" "$rootdir/usr/bin/npm"
     fi
     cp "$rootdir/usr/bin/npm" "$rootdir/root/npm"
 
     # update from the old debian nodejs version
     $mesh_install_nodejs_prefix npm install --arch=$NPM_ARCH -g n@${NODEJS_N_VERSION} --save
-    $mesh_install_nodejs_prefix n --arch $N_ARCH ${NODEJS_VERSION}
-    cp "$rootdir/root/npm" "$rootdir/usr/bin/npm"
+    if [ ! "$rootdir" ]; then
+        # Don't do this if we're building an image,
+        # because cpu detection faults occur.
+        # This condition may no longer be needed in future once the bug is fixed
+        $mesh_install_nodejs_prefix n --arch $N_ARCH ${NODEJS_VERSION}
+        nodejs_fix_cpu_detection
+        cp "$rootdir/root/npm" "$rootdir/usr/bin/npm"
+        cp "$rootdir/root/npm" "$rootdir/usr/local/bin/npm"
 
-    # deliberate second install of npm
-    $mesh_install_nodejs_prefix npm install --arch=$NPM_ARCH -g npm@${NPM_VERSION} --save
-    if [ -f "$rootdir/usr/local/bin/npm" ]; then
-        cp "$rootdir/usr/local/bin/npm" /usr/bin/npm
+        # deliberate second install of npm
+        $mesh_install_nodejs_prefix npm install --arch=$NPM_ARCH -g npm@${NPM_VERSION} --save
+        if [ -f "$rootdir/usr/local/bin/npm" ]; then
+            cp "$rootdir/usr/local/bin/npm" "$rootdir/usr/bin/npm"
+        fi
+        cp "$rootdir/usr/bin/npm" "$rootdir/root/npm"
+    fi
+    if [ -f "$rootdir/usr/bin/node" ]; then
+        cp "$rootdir/usr/bin/node" "$rootdir/usr/local/bin/node"
     fi
-    cp "$rootdir/usr/bin/npm" "$rootdir/root/npm"
 
     # check the version numbers
     cat <<EOF > "$rootdir/usr/bin/test_nodejs_install"
     chmod +x "$rootdir/usr/bin/test_nodejs_install"
     if ! $mesh_install_nodejs_prefix /usr/bin/test_nodejs_install; then
         echo $"nodejs version numbers did not match. Architecture is $NPM_ARCH."
+        NODE_UPGRADE=
         exit 76835282
     fi
     rm "$rootdir/usr/bin/test_nodejs_install"
+    NODE_UPGRADE=
+}
+
+function nodejs_upgrade {
+    if [ ! -f /etc/apt/sources.list.d/nodesource.list ]; then
+        return
+    fi
+    nodejs_setup_global_modules
+    if grep -q "node_8.x" /etc/apt/sources.list.d/nodesource.list; then
+        if [ -f /usr/local/bin/node ]; then
+            CURR_NODE_VERSION=$(node --version)
+            if [[ "$CURR_NODE_VERSION" == "v${NODEJS_VERSION}" ]]; then
+                return
+            fi
+        fi
+    fi
+    if [ -f /usr/local/bin/node ]; then
+        CURR_NODE_VERSION=$(node --version)
+        if [[ "$CURR_NODE_VERSION" == "v${NODEJS_VERSION}" ]]; then
+            return
+        fi
+    fi
+    read_config_param ARCHITECTURE
+    get_npm_arch
+    NODE_UPGRADE=1
+    rootdir=
+    mesh_install_nodejs
+    npm update -g
+}
+
+function nodejs_setup_global_modules {
+    if [ ! -f /usr/local/bin/node ]; then
+        return
+    fi
+    if [ ! -d "$rootdir/root/.npm-global" ]; then
+        mkdir "$rootdir/root/.npm-global"
+    fi
+    $mesh_install_nodejs_prefix npm config set prefix '/root/.npm-global'
+    if ! grep -q "PATH=/root/.npm-global/bin" "$rootdir/root/.bashrc"; then
+        echo "PATH=/root/.npm-global/bin:\$PATH" >> "$rootdir/root/.bashrc"
+    fi
+    if ! grep -q "NPM_CONFIG_PREFIX=" "$rootdir/root/.bashrc"; then
+        echo "export NPM_CONFIG_PREFIX=/root/.npm-global" >> "$rootdir/root/.bashrc"
+    fi
+    # shellcheck disable=SC2086
+    $mesh_install_nodejs_prefix export PATH=/root/.npm-global/bin:$PATH
+    $mesh_install_nodejs_prefix export NPM_CONFIG_PREFIX=/root/.npm-global
 }
 
 function remove_nodejs {

src/freedombone-utils-onion

     extra_email_hostname="$1"
     email_hostnames=$(grep "dc_other_hostnames" /etc/exim4/update-exim4.conf.conf | awk -F "'" '{print $2}')
     if [[ "$email_hostnames" != *"$extra_email_hostname"* ]]; then
-        sed -i "s|dc_other_hostnames=.*|dc_other_hostnames='$email_hostnames;extra_email_hostname'|g" /etc/exim4/update-exim4.conf.conf
+        sed -i "s|dc_other_hostnames=.*|dc_other_hostnames='$email_hostnames;$extra_email_hostname'|g" /etc/exim4/update-exim4.conf.conf
         update-exim4.conf
         dpkg-reconfigure --frontend noninteractive exim4-config
         systemctl restart saslauthd
     POSTACTIV_DOMAIN_NAME='postactiv.local'
     GNUSOCIAL_DOMAIN_NAME='gnusocial.local'
     HTMLY_DOMAIN_NAME='htmly.local'
-    GHOST_DOMAIN_NAME='ghost.local'
+    BLUDIT_DOMAIN_NAME='bludit.local'
     DOKUWIKI_DOMAIN_NAME='dokuwiki.local'
     DEFAULT_DOMAIN_NAME="${LOCAL_NAME}.local"
     GIT_DOMAIN_NAME='gogs.local'

website/EN/app_ghost.html → website/EN/app_bludit.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-02-21 Wed 16:16 -->
+<!-- 2018-03-31 Sat 18:25 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
 <meta name="generator" content="Org mode" />
 <meta name="author" content="Bob Mottram" />
-<meta name="description" content="How to use Ghost"
+<meta name="description" content="How to use Bludit"
  />
-<meta name="keywords" content="freedombone, ghost" />
+<meta name="keywords" content="freedombone, bludit, blog" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
   .title  { text-align: center;
 </div>
 
 <center>
-<h1>Ghost</h1>
+<h1>Bludit</h1>
 </center>
 
 <p>
-Ghost is a blogging system which uses markdown formatted posts. It's quite simple to use, and also looks nice even on small mobile screens.
+This is a databaseless blogging system which uses markdown files. It's not very complex and so there is not much to go wrong, and it should run well on any server hardware.
 </p>
 
-<div id="outline-container-orgae93cef" class="outline-2">
-<h2 id="orgae93cef">Installation</h2>
-<div class="outline-text-2" id="text-orgae93cef">
+<div id="outline-container-org09c48a1" class="outline-2">
+<h2 id="org09c48a1">Installation</h2>
+<div class="outline-text-2" id="text-org09c48a1">
 <p>
 Log into your system with:
 </p>
 </p>
 
 <p>
-Select <b>Add/Remove Apps</b> then <b>ghost</b>. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under <b>Dynamic DNS</b> on the FreeDNS site (the random string from "<i>quick cron example</i>" which appears after <i>update.php?</i> and before <i>&gt;&gt;</i>). For more details on obtaining a domain and making it accessible via dynamic DNS see the <a href="./faq.html">FAQ</a>. Typically the domain name you use will be a subdomain, such as <i>blog.mydomainname.net</i>. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
+Select <b>Add/Remove Apps</b> then <b>bluit</b>. Enter the subdomain that you which to use, such as <b>blog.mydomain.net</b>, and optionally a FreeDNS code.
 </p>
 
 <p>
-After the install has completed go to <b>Security settings</b> and select <b>Create a new Let's Encrypt certificate</b> and enter the domain name that you are using for Ghost. If you're using the "onion only" version of the system then you don't need to do this. If the certificate is obtained successfully then you will see a congratulations message.
-</p>
-</div>
-</div>
-
-<div id="outline-container-org1a75b29" class="outline-2">
-<h2 id="org1a75b29">Initial setup</h2>
-<div class="outline-text-2" id="text-org1a75b29">
-<p>
-If you have just obtained a Lets Encrypt certificate as above then go to <b>About</b> on the administrator control panel and you should see your Ghost blog domain listed there along with an onion address. You can then navigate to your site in a browser.
-</p>
-
-<p>
-To see the login password for your site go to <b>Passwords</b> on the <b>Administrator control panel</b> and select the appropriate username and app. The passwords will be different for each user and may not be the same as the password which you used to originally ssh into the system.
-</p>
-
-<p>
-Navigate to <a href="https://yourghostblogdomain/ghost">https://yourghostblogdomain/ghost</a> and click on <b>create your account</b>
-</p>
-
-<p>
-Enter your email address, password and blog title.
-</p>
-
-<p>
-When prompted to invite users click on <b>I'll do this later</b>
+Now in a browser navigate to your subdomain. You will need to enter some details for the database. You'll be asked to provide an initial administrator password.
 </p>
 
 <p>
-Under <b>Settings</b> on the <b>General</b> option you can set a description, background image and so on.
+From there on it's all pretty straightforward. If you need to publish a draft the post status can be changed on a drop down list on the right hand side.
 </p>
 </div>
 </div>

website/EN/app_peertube.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-12-03 Sun 12:48 -->
+<!-- 2018-04-01 Sun 20:32 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
 </div>
 </div>
 
-<center>
-<h1>PeerTube</h1>
-</center>
-
-<p>
-This is a video hosting system similar to Mediagoblin but using <a href="https://webtorrent.io/">webtorrent</a> to help distribute the files to or between clients. This should be more practical for situations where a video becomes popular because the load is then spread across the network, with performance increasing with the number of nodes. However, the torrenting aspect of it only works with WebRTC enabled browsers and so this means it's unlikely to fully work with a Tor browser. Without WebRTC then from a user point of view it's effectively the same thing as Mediagoblin.
-</p>
-
 <div class="org-center">
 
 <div class="figure">
 </div>
 </div>
 
-<div id="outline-container-orgd4e2d94" class="outline-2">
-<h2 id="orgd4e2d94">Installation</h2>
-<div class="outline-text-2" id="text-orgd4e2d94">
+<p>
+This is a video hosting system similar to Mediagoblin but using webtorrent to help distribute the files to or between clients. This should be more practical for situations where a video becomes popular because the load is then spread across the network, with performance increasing with the number of nodes. However, the torrenting aspect of it only works with WebRTC enabled browsers and so this means it's unlikely to fully work with a Tor browser. Without WebRTC then from a user point of view it's effectively the same thing as Mediagoblin.
+</p>
+
+<div id="outline-container-org244b57b" class="outline-2">
+<h2 id="org244b57b">Installation</h2>
+<div class="outline-text-2" id="text-org244b57b">
 <p>
 Log into your system with:
 </p>
 </div>
 </div>
 
-<div id="outline-container-org50ab03b" class="outline-2">
-<h2 id="org50ab03b">Initial setup</h2>
-<div class="outline-text-2" id="text-org50ab03b">
+<div id="outline-container-orgc8779c8" class="outline-2">
+<h2 id="orgc8779c8">Initial setup</h2>
+<div class="outline-text-2" id="text-orgc8779c8">
 <p>
 Navigate to your site and select <b>Signup</b> to create a new account. By default the maximum number of accounts on your system is limited to a small number so that millions of random internet users can't then begin uploading dubious content. After that it's pretty straightforward.
 </p>
 
 <p>
-One thing to be aware of is that after you upload a video it will take quite a while to transcode, and during that time you won't be able to play it or it will hang after playing. A way to avoid this wait is to ensure that your videos are already in mp4 format when you upload them.
+If you wish it's possible to turn off further signups via the <b>Administrator control panel</b> under <b>App settings</b> for <b>peertube</b>.
+</p>
+</div>
+</div>
+
+<div id="outline-container-orgb28bda0" class="outline-2">
+<h2 id="orgb28bda0">Importing videos from YouTube/Vimeo/Dailymotion</h2>
+<div class="outline-text-2" id="text-orgb28bda0">
+<p>
+It's possible to import videos from the main proprietary video hosting sites. <i>Only do this if they're videos which you made, or if the license is Creative Commons</i>. Hosting arbitrary videos under nonfree licenses is likely to get you into trouble, and we know how that works out from the P2P wars of the 2000s (i.e. badly).
+</p>
+
+<p>
+Go to the <b>Administrator control panel</b>, select <b>App settings</b> then <b>peertube</b> then <b>Import videos from YouTube/Vimeo/Dailymotion</b>. Enter your PeerTube login details and then you may specify either the individual video URL or the channel URL if you want to import a whole channel.
+</p>
+</div>
+</div>
+
+<div id="outline-container-orgcfb5e79" class="outline-2">
+<h2 id="orgcfb5e79">Importing videos from your desktop</h2>
+<div class="outline-text-2" id="text-orgcfb5e79">
+<p>
+The most convenient way to add new videos to PeerTube is if you have the <b>syncthing</b> app installed. Set up <a href="./app_syncthing.html">syncthing</a> with a folder called ~/Sync in your home directory. Create a subdirectory called <b>~/Sync/peertube_upload</b>. Within that directory make a text file called <b>login.txt</b>. This will contain your PeerTube login details.
+</p>
+
+<p>
+The first line of login.txt should be your username, the second line should be the password and optionally the third line can contain the words <b>public</b> and/or <b>nsfw</b>, if you want to make imported videos immediately public or mark them as not suitable for work.
+</p>
+
+<p>
+Prepare your videos in <b>ogv</b>, <b>mp4</b> or <b>webm</b> format. To minimize bandwidth usage try to keep your videos as small as possible. Giant videos with incredibly high resolution tend to result in a bad user experience. Often just converting your videos to <b>webm</b> using <b>ffmpeg</b> will keep the size down.
+</p>
+
+<p>
+Now copy or drag and drop your videos into the <b>~/Sync/peertube_upload</b> directory. Syncthing will sync to the server and automatically add the videos to PeerTube. Depending on how large the videos are this may take some time.
+</p>
+
+<p>
+Imported videos can be seen by logging into PeerTube, selecting <b>My account</b> then the <b>My videos</b> tab. You can then view them, add a description and select to make them public if you wish.
 </p>
 </div>
 </div>

website/EN/apps.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-03-10 Sat 21:13 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="List of apps available on freedombone"
+<!-- 2018-03-31 Sat 18:28 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="List of apps available on freedombone"
  />
-<meta  name="keywords" content="freedombone, apps" />
+<meta name="keywords" content="freedombone, apps" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
-<div class="center">
+<div class="org-center">
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" />
 The base install of the system just contains an email server and Mutt client, but not much else. In addition from within the <b>Administrator control panel</b> under <b>Add/remove apps</b> the following are installable. This list only applies on the home server version, with the mesh network version having a different and smaller set of apps.
 </p>
 
-<div class="center">
+<div class="org-center">
 
 <div class="figure">
 <p><img src="images/controlpanel/control_panel_apps.jpg" alt="control_panel_apps.jpg" />
 </div>
 
 
-<div id="outline-container-sec-1" class="outline-2">
-<h2 id="sec-1">Akaunting</h2>
-<div class="outline-text-2" id="text-1">
+<div id="outline-container-org28b5697" class="outline-2">
+<h2 id="org28b5697">Akaunting</h2>
+<div class="outline-text-2" id="text-org28b5697">
 <p>
 A web based accounts system for small businesses or freelancers.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-2" class="outline-2">
-<h2 id="sec-2">BDS Mail</h2>
-<div class="outline-text-2" id="text-2">
+<div id="outline-container-org777bb3f" class="outline-2">
+<h2 id="org777bb3f">BDS Mail</h2>
+<div class="outline-text-2" id="text-org777bb3f">
 <p>
 It's like ordinary email, but with <a href="https://en.wikipedia.org/wiki/I2P">i2p</a> as the transport mechanism.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-3" class="outline-2">
-<h2 id="sec-3">CryptPad</h2>
-<div class="outline-text-2" id="text-3">
+<div id="outline-container-orgebcec42" class="outline-2">
+<h2 id="orgebcec42">Bludit</h2>
+<div class="outline-text-2" id="text-orgebcec42">
+<p>
+This is a simple databaseless blogging system which uses markdown files. It should run well on any hardware.
+</p>
+
+<p>
+<a href="./app_bludit.html">How to use it</a>
+</p>
+</div>
+</div>
+<div id="outline-container-orgff63d63" class="outline-2">
+<h2 id="orgff63d63">CryptPad</h2>
+<div class="outline-text-2" id="text-orgff63d63">
 <p>
 Collaborate on editing documents, presentations and source code, or vote on things. All with a good level of security.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-4" class="outline-2">
-<h2 id="sec-4">DLNA</h2>
-<div class="outline-text-2" id="text-4">
+<div id="outline-container-orgbb60849" class="outline-2">
+<h2 id="orgbb60849">DLNA</h2>
+<div class="outline-text-2" id="text-orgbb60849">
 <p>
 Enables you to use the system as a music server which any DLNA compatible devices can connect to within your home network.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-5" class="outline-2">
-<h2 id="sec-5">Dokuwiki</h2>
-<div class="outline-text-2" id="text-5">
+<div id="outline-container-org5792c5f" class="outline-2">
+<h2 id="org5792c5f">Dokuwiki</h2>
+<div class="outline-text-2" id="text-org5792c5f">
 <p>
 A databaseless wiki system.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-6" class="outline-2">
-<h2 id="sec-6">Edith</h2>
-<div class="outline-text-2" id="text-6">
+<div id="outline-container-orgfe3cb28" class="outline-2">
+<h2 id="orgfe3cb28">Edith</h2>
+<div class="outline-text-2" id="text-orgfe3cb28">
 <p>
 Extremely simple and distraction-free notes system.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-7" class="outline-2">
-<h2 id="sec-7">Emacs</h2>
-<div class="outline-text-2" id="text-7">
+<div id="outline-container-org8962159" class="outline-2">
+<h2 id="org8962159">Emacs</h2>
+<div class="outline-text-2" id="text-org8962159">
 <p>
 If you use the Mutt client to read your email then this will set it up to use emacs for composing new mail.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-8" class="outline-2">
-<h2 id="sec-8">Email Server</h2>
-<div class="outline-text-2" id="text-8">
+<div id="outline-container-org1902633" class="outline-2">
+<h2 id="org1902633">Email Server</h2>
+<div class="outline-text-2" id="text-org1902633">
 <p>
 Since many apps require email registration an email server is installed by default. You can find advice on using the email system <a href="./usage_email.html">here</a>.
 </p>
 </div>
 </div>
-<div id="outline-container-sec-9" class="outline-2">
-<h2 id="sec-9">Etherpad</h2>
-<div class="outline-text-2" id="text-9">
+<div id="outline-container-orgd4e27a5" class="outline-2">
+<h2 id="orgd4e27a5">Etherpad</h2>
+<div class="outline-text-2" id="text-orgd4e27a5">
 <p>
 Collaborate on creating documents in real time. Maybe you're planning a holiday with other family members or creating documentation for a Free Software project along with other volunteers. Etherpad is hard to beat for simplicity and speed. Only users of the system will be able to access it.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-10" class="outline-2">
-<h2 id="sec-10">Federated wiki</h2>
-<div class="outline-text-2" id="text-10">
+<div id="outline-container-org71dc0a8" class="outline-2">
+<h2 id="org71dc0a8">Federated wiki</h2>
+<div class="outline-text-2" id="text-org71dc0a8">
 <p>
 A new approach to creating wiki content.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-11" class="outline-2">
-<h2 id="sec-11">Friendica</h2>
-<div class="outline-text-2" id="text-11">
+<div id="outline-container-org6afa6fa" class="outline-2">
+<h2 id="org6afa6fa">Friendica</h2>
+<div class="outline-text-2" id="text-org6afa6fa">
 <p>
 Federated social network system.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-12" class="outline-2">
-<h2 id="sec-12">Ghost</h2>
-<div class="outline-text-2" id="text-12">
-<p>
-Modern looking blogging system.
-</p>
-
-<p>
-<a href="./app_ghost.html">How to use it</a>
-</p>
-</div>
-</div>
-<div id="outline-container-sec-13" class="outline-2">
-<h2 id="sec-13">GNU Social</h2>
-<div class="outline-text-2" id="text-13">
+<div id="outline-container-org0f25cd5" class="outline-2">
+<h2 id="org0f25cd5">GNU Social</h2>
+<div class="outline-text-2" id="text-org0f25cd5">
 <p>
 Federated social network based on the OStatus protocol. You can "<i>remote follow</i>" other users within the GNU Social federation.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-14" class="outline-2">
-<h2 id="sec-14">Gogs</h2>
-<div class="outline-text-2" id="text-14">
+<div id="outline-container-org7d5a232" class="outline-2">
+<h2 id="org7d5a232">Gogs</h2>
+<div class="outline-text-2" id="text-org7d5a232">
 <p>
 Lightweight git project hosting system. You can mirror projects from Github, or if Github turns evil then just host your own projects while retaining the familiar <i>fork-and-pull</i> workflow. If you can use Github then you can also use Gogs.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-15" class="outline-2">
-<h2 id="sec-15">HTMLy</h2>
-<div class="outline-text-2" id="text-15">
+<div id="outline-container-org5421983" class="outline-2">
+<h2 id="org5421983">HTMLy</h2>
+<div class="outline-text-2" id="text-org5421983">
 <p>
 Databaseless blogging system. Quite simple and with a markdown-like format.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-16" class="outline-2">
-<h2 id="sec-16">Hubzilla</h2>
-<div class="outline-text-2" id="text-16">
+<div id="outline-container-org753029b" class="outline-2">
+<h2 id="org753029b">Hubzilla</h2>
+<div class="outline-text-2" id="text-org753029b">
 <p>
 Web publishing platform with social network like features and good privacy controls so that it's possible to specify who can see which content. Includes photo albums, calendar, wiki and file storage.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-17" class="outline-2">
-<h2 id="sec-17">Icecast media stream</h2>
-<div class="outline-text-2" id="text-17">
+<div id="outline-container-org4588aff" class="outline-2">
+<h2 id="org4588aff">Icecast media stream</h2>
+<div class="outline-text-2" id="text-org4588aff">
 <p>
 Make your own internet radio station.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-18" class="outline-2">
-<h2 id="sec-18">IRC Server (ngirc)</h2>
-<div class="outline-text-2" id="text-18">
+<div id="outline-container-org0dc73d8" class="outline-2">
+<h2 id="org0dc73d8">IRC Server (ngirc)</h2>
+<div class="outline-text-2" id="text-org0dc73d8">
 <p>
 Run your own IRC chat channel which can be secured with a password and accessible via an onion address. A bouncer is included so that you can receive messages sent while you were offline. Works with Hexchat and other popular clients.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-19" class="outline-2">
-<h2 id="sec-19">Jitsi Meet</h2>
-<div class="outline-text-2" id="text-19">
+<div id="outline-container-orgc8faaa0" class="outline-2">
+<h2 id="orgc8faaa0">Jitsi Meet</h2>
+<div class="outline-text-2" id="text-orgc8faaa0">
 <p>
 Experimental WebRTC video conferencing system, similar to Google Hangouts. This may not be fully functional, but is hoped to be in the near future.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-20" class="outline-2">
-<h2 id="sec-20">KanBoard</h2>
-<div class="outline-text-2" id="text-20">
+<div id="outline-container-orgbc435d0" class="outline-2">
+<h2 id="orgbc435d0">KanBoard</h2>
+<div class="outline-text-2" id="text-orgbc435d0">
 <p>
 A simple kanban system for managing projects or TODO lists.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-21" class="outline-2">
-<h2 id="sec-21">Key Server</h2>
-<div class="outline-text-2" id="text-21">
+<div id="outline-container-org3ced426" class="outline-2">
+<h2 id="org3ced426">Key Server</h2>
+<div class="outline-text-2" id="text-org3ced426">
 <p>
 An OpenPGP key server for storing and retrieving GPG public keys.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-22" class="outline-2">
-<h2 id="sec-22">Koel</h2>
-<div class="outline-text-2" id="text-22">
+<div id="outline-container-orgd689f61" class="outline-2">
+<h2 id="orgd689f61">Koel</h2>
+<div class="outline-text-2" id="text-orgd689f61">
 <p>
 Access your music collection from any internet connected device.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-23" class="outline-2">
-<h2 id="sec-23">Lychee</h2>
-<div class="outline-text-2" id="text-23">
+<div id="outline-container-org0b6e716" class="outline-2">
+<h2 id="org0b6e716">Lychee</h2>
+<div class="outline-text-2" id="text-org0b6e716">
 <p>
 Make your photo albums available on the web.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-24" class="outline-2">
-<h2 id="sec-24">Mailpile</h2>
-<div class="outline-text-2" id="text-24">
+<div id="outline-container-org5a5bf12" class="outline-2">
+<h2 id="org5a5bf12">Mailpile</h2>
+<div class="outline-text-2" id="text-org5a5bf12">
 <p>
 Modern email client which supports GPG encryption.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-25" class="outline-2">
-<h2 id="sec-25">Matrix</h2>
-<div class="outline-text-2" id="text-25">
+<div id="outline-container-org23fcc5d" class="outline-2">
+<h2 id="org23fcc5d">Matrix</h2>
+<div class="outline-text-2" id="text-org23fcc5d">
 <p>
 Multi-user chat with some security and moderation controls.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-26" class="outline-2">
-<h2 id="sec-26">Mediagoblin</h2>
-<div class="outline-text-2" id="text-26">
+<div id="outline-container-org152ef9d" class="outline-2">
+<h2 id="org152ef9d">Mediagoblin</h2>
+<div class="outline-text-2" id="text-org152ef9d">
 <p>
 Publicly host video and audio files so that you don't need to use YouTube/Vimeo/etc.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-27" class="outline-2">
-<h2 id="sec-27">Mumble</h2>
-<div class="outline-text-2" id="text-27">
+<div id="outline-container-orgdf02288" class="outline-2">
+<h2 id="orgdf02288">Mumble</h2>
+<div class="outline-text-2" id="text-orgdf02288">
 <p>
 The popular VoIP and text chat system. Say goodbye to old-fashioned telephony conferences with silly dial codes. Also works well on mobile.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-28" class="outline-2">
-<h2 id="sec-28">NextCloud</h2>
-<div class="outline-text-2" id="text-28">
+<div id="outline-container-orga6e7867" class="outline-2">
+<h2 id="orga6e7867">NextCloud</h2>
+<div class="outline-text-2" id="text-orga6e7867">
 <p>
 Store files on your server and sync them with laptops or mobile devices. Includes many plugins including videoconferencing and collaborative document editing.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-29" class="outline-2">
-<h2 id="sec-29">PeerTube</h2>
-<div class="outline-text-2" id="text-29">
+<div id="outline-container-org1f222c6" class="outline-2">
+<h2 id="org1f222c6">PeerTube</h2>
+<div class="outline-text-2" id="text-org1f222c6">
 <p>
 Peer-to-peer video hosting. Similar to Mediagoblin, but the P2P aspect better enables the streaming load to be shared across servers.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-30" class="outline-2">
-<h2 id="sec-30">PI-Hole</h2>
-<div class="outline-text-2" id="text-30">
+<div id="outline-container-org93da9a8" class="outline-2">
+<h2 id="org93da9a8">PI-Hole</h2>
+<div class="outline-text-2" id="text-org93da9a8">
 <p>
 The black hole for web adverts. Block adverts at the domain name level within your local network. It can significantly reduce bandwidth, speed up page load times and protect your systems from being tracked by spyware.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-31" class="outline-2">
-<h2 id="sec-31">Pleroma</h2>
-<div class="outline-text-2" id="text-31">
+<div id="outline-container-org23c546e" class="outline-2">
+<h2 id="org23c546e">Pleroma</h2>
+<div class="outline-text-2" id="text-org23c546e">
 <p>
 Fediverse instance which is compatible with GNU Social and Mastodon, and suited for systems without much RAM or CPU resource.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-32" class="outline-2">
-<h2 id="sec-32">PostActiv</h2>
-<div class="outline-text-2" id="text-32">
+<div id="outline-container-org9916ff6" class="outline-2">
+<h2 id="org9916ff6">PostActiv</h2>
+<div class="outline-text-2" id="text-org9916ff6">
 <p>
 An alternative federated social networking system compatible with GNU Social, Pleroma and Mastodon. It includes some optimisations and fixes currently not available within the main GNU Social project.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-33" class="outline-2">
-<h2 id="sec-33">PrivateBin</h2>
-<div class="outline-text-2" id="text-33">
+<div id="outline-container-orgd4b23b3" class="outline-2">
+<h2 id="orgd4b23b3">PrivateBin</h2>
+<div class="outline-text-2" id="text-orgd4b23b3">
 <p>
 A pastebin where the server has zero knowledge of the content being pasted.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-34" class="outline-2">
-<h2 id="sec-34">Profanity</h2>
-<div class="outline-text-2" id="text-34">
+<div id="outline-container-org0082b2c" class="outline-2">
+<h2 id="org0082b2c">Profanity</h2>
+<div class="outline-text-2" id="text-org0082b2c">
 <p>
 A shell based XMPP client which you can run on the Freedombone server via ssh.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-35" class="outline-2">
-<h2 id="sec-35">Riot Web</h2>
-<div class="outline-text-2" id="text-35">
+<div id="outline-container-orga4c89c0" class="outline-2">
+<h2 id="orga4c89c0">Riot Web</h2>
+<div class="outline-text-2" id="text-orga4c89c0">
 <p>
 A browser based user interface for the Matrix federated communications system, including WebRTC audio and video chat.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-36" class="outline-2">
-<h2 id="sec-36">SearX</h2>
-<div class="outline-text-2" id="text-36">
+<div id="outline-container-orgfe0d758" class="outline-2">
+<h2 id="orgfe0d758">SearX</h2>
+<div class="outline-text-2" id="text-orgfe0d758">
 <p>
 A metasearch engine for customised and private web searches.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-37" class="outline-2">
-<h2 id="sec-37">tt-rss</h2>
-<div class="outline-text-2" id="text-37">
+<div id="outline-container-org1a8ec29" class="outline-2">
+<h2 id="org1a8ec29">tt-rss</h2>
+<div class="outline-text-2" id="text-org1a8ec29">
 <p>
 Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "<i>the right to read</i>" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-38" class="outline-2">
-<h2 id="sec-38">Syncthing</h2>
-<div class="outline-text-2" id="text-38">
+<div id="outline-container-orgc31b9a5" class="outline-2">
+<h2 id="orgc31b9a5">Syncthing</h2>
+<div class="outline-text-2" id="text-orgc31b9a5">
 <p>
 Possibly the best way to synchronise files across all of your devices. Once it has been set up it "just works" with no user intervention needed.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-39" class="outline-2">
-<h2 id="sec-39">Tahoe-LAFS</h2>
-<div class="outline-text-2" id="text-39">
+<div id="outline-container-org84b0dd7" class="outline-2">
+<h2 id="org84b0dd7">Tahoe-LAFS</h2>
+<div class="outline-text-2" id="text-org84b0dd7">
 <p>
 Robust and encrypted storage of files on one or more server.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-40" class="outline-2">
-<h2 id="sec-40">Tox</h2>
-<div class="outline-text-2" id="text-40">
+<div id="outline-container-orge358056" class="outline-2">
+<h2 id="orge358056">Tox</h2>
+<div class="outline-text-2" id="text-orge358056">
 <p>
 Client and bootstrap node for the Tox chat/VoIP system.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-41" class="outline-2">
-<h2 id="sec-41">Turtl</h2>
-<div class="outline-text-2" id="text-41">
+<div id="outline-container-org252f43c" class="outline-2">
+<h2 id="org252f43c">Turtl</h2>
+<div class="outline-text-2" id="text-org252f43c">
 <p>
 A system for privately creating and sharing notes and images, similar to Evernote but without the spying.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-42" class="outline-2">
-<h2 id="sec-42">Vim</h2>
-<div class="outline-text-2" id="text-42">
+<div id="outline-container-orga8df5ec" class="outline-2">
+<h2 id="orga8df5ec">Vim</h2>
+<div class="outline-text-2" id="text-orga8df5ec">
 <p>
 If you use the Mutt client to read your email then this will set it up to use vim for composing new mail.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-43" class="outline-2">
-<h2 id="sec-43">Virtual Private Network (VPN)</h2>
-<div class="outline-text-2" id="text-43">
+<div id="outline-container-orga3f5966" class="outline-2">
+<h2 id="orga3f5966">Virtual Private Network (VPN)</h2>
+<div class="outline-text-2" id="text-orga3f5966">
 <p>
 Set up a VPN on your server so that you can bypass local internet censorship.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-44" class="outline-2">
-<h2 id="sec-44">XMPP</h2>
-<div class="outline-text-2" id="text-44">
+<div id="outline-container-org4a03248" class="outline-2">
+<h2 id="org4a03248">XMPP</h2>
+<div class="outline-text-2" id="text-org4a03248">
 <p>
 Chat server which can be used together with client such as Gajim or Conversations to provide end-to-end content security and also onion routed metadata security. Includes advanced features such as <i>client state notification</i> to save battery power on your mobile devices, support for seamless roaming between networks and <i>message carbons</i> so that you can receive the same messages while being simultaneously logged in to your account on more than one device.
 </p>