app functions for changing passwords

src/freedombone-app-babel

@@ -33,6 +33,10 @@ VARIANTS=''
 ENABLE_BABEL="no"
 BABEL_PORT=6696
 
+function change_password_babel {
+    echo -n ''
+}
+
 function reconfigure_babel {
     echo -n ''
 }

src/freedombone-app-batman

@@ -33,12 +33,16 @@ VARIANTS='mesh'
 ENABLE_BATMAN="no"
 BATMAN_CELLID='any'
 
-function configure_firewall_for_batma {
+function change_password_batman {
+    echo -n ''
+}
+
+function configure_firewall_for_batman {
     if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then
-		return
+        return
     fi
     if [[ $ENABLE_BATMAN != "yes" ]]; then
-		return
+        return
     fi
 
     function_check save_firewall_settings
@@ -72,13 +76,13 @@ function restore_remote_batman {
 
 function remove_batman {
     if ! grep -Fxq "install_batman" $COMPLETION_FILE; then
-		return
+        return
     fi
 
     ${PROJECT_NAME}-mesh-install -f batman --remove yes
     if [ ! "$?" = "0" ]; then
-		echo $'Failed to remove batman'
-		exit 79353
+        echo $'Failed to remove batman'
+        exit 79353
     fi
     sed -i '/install_batman/d' $COMPLETION_FILE
     sed -i '/configure_firewall_for_batman/d' $COMPLETION_FILE
@@ -90,15 +94,15 @@ function mesh_install_batman {
     chroot "$rootdir" apt-get -y install wireless-tools rfkill
 
     if ! grep -q "batman_adv" $rootdir/etc/modules; then
-		echo 'batman_adv' >> $rootdir/etc/modules
+        echo 'batman_adv' >> $rootdir/etc/modules
     fi
 
     BATMAN_SCRIPT=$rootdir/var/lib/batman
 
     if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
-		cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+        cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
     else
-		cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+        cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
     fi
 
     BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
@@ -124,32 +128,32 @@ function mesh_install_batman {
 
 function install_batman {
     if [ $INSTALLING_MESH ]; then
-		mesh_install_batman
-		return
+        mesh_install_batman
+        return
     fi
     if grep -Fxq "install_batman" $COMPLETION_FILE; then
-		return
+        return
     fi
     if [[ $ENABLE_BATMAN != "yes" ]]; then
-		return
+        return
     fi
 
     ${PROJECT_NAME}-mesh-install -f batman
     if [ ! "$?" = "0" ]; then
-		echo $'Failed to install batman'
-		exit 72524
+        echo $'Failed to install batman'
+        exit 72524
     fi
 
     if ! grep -q "Mesh Networking (B.A.T.M.A.N)" /home/$MY_USERNAME/README; then
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README
-		echo '=============================' >> /home/$MY_USERNAME/README
-		echo "Mesh ESSID: $WIFI_SSID" >> /home/$MY_USERNAME/README
-		echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README
-		echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README
+        echo '=============================' >> /home/$MY_USERNAME/README
+        echo "Mesh ESSID: $WIFI_SSID" >> /home/$MY_USERNAME/README
+        echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README
+        echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README
+        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+        chmod 600 /home/$MY_USERNAME/README
     fi
 
     function_check configure_firewall_for_batman

src/freedombone-app-blog

@@ -38,6 +38,27 @@ FULLBLOG_COMMIT='bf5fe9486160be4da86d8987d3e5c977e1dc6d32'
 MY_BLOG_TITLE="My Blog"
 MY_BLOG_SUBTITLE="Another ${PROJECT_NAME} Blog"
 
+function change_password_blog {
+    if ! grep -q "Blog domain:" $COMPLETION_FILE; then
+        return
+        echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
+    fi
+    FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | head -n 1 | awk -F ':' '{print $2}')
+
+    BLOG_USERNAME="$1"
+    BLOG_PASSWORD="$2"
+    if [ ${#BLOG_PASSWORD} -lt 8 ]; then
+        echo $'Blog password is too short'
+        return
+    fi
+    BLOG_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$BLOG_PASSWORD")
+    if [ ${#BLOG_PASSWORD_HASH} -lt 8 ]; then
+        echo $'Blog admin password could not be hashed'
+        exit 625728
+    fi
+    sed -i "s|password =.*|password = $BLOG_PASSWORD_HASH|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$BLOG_USERNAME.ini
+}
+
 function reconfigure_blog {
     echo -n ''
 }

src/freedombone-app-blogstatic

@@ -35,6 +35,10 @@ PELICAN_THEMES_REPO="https://github.com/getpelican/pelican-themes"
 PELICAN_PLUGINS_REPO="https://github.com/getpelican/pelican-plugins"
 DEFAULT_BLOG_TITLE=$"Freedombone Blog"
 
+function change_password_blogstatic {
+    echo -n ''
+}
+
 function reconfigure_blogstatic {
     echo -n ''
 }

src/freedombone-app-cjdns

@@ -41,499 +41,503 @@ CJDNS_COMMIT='13189fde111d0500427a7a0ce06a970753527bca'
 CJDCMD_REPO="https://github.com/inhies/cjdcmd"
 CJDCMD_COMMIT='973cca6ed0eecf9041c3403a40193c0b1291b808'
 
+function change_password_cjdns {
+    echo -n ''
+}
+
 function reconfigure_cjdns {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_cjdns {
-	if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then
-		return
-	fi
-	function_check set_repo_commit
-	set_repo_commit /etc/cjdns "cjdns commit" "$CJDNS_COMMIT" $CJDNS_REPO
+    if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then
+        return
+    fi
+    function_check set_repo_commit
+    set_repo_commit /etc/cjdns "cjdns commit" "$CJDNS_COMMIT" $CJDNS_REPO
 }
 
 function configure_firewall_for_cjdns {
-	if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $ENABLE_CJDNS != "yes" ]]; then
-		return
-	fi
-	ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
-	ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-	ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
-	ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
-
-	function_check save_firewall_settings
-	save_firewall_settings
-	echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
+    if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
+        return
+    fi
+    if [[ $ENABLE_CJDNS != "yes" ]]; then
+        return
+    fi
+    ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
+    ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+    ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
+
+    function_check save_firewall_settings
+    save_firewall_settings
+    echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
 }
 
 function get_cjdns_public_key {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
-			if [ ! $CJDNS_PUBLIC_KEY ]; then
-				CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//')
-			fi
-		fi
-	fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+        if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
+            if [ ! $CJDNS_PUBLIC_KEY ]; then
+                CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//')
+            fi
+        fi
+    fi
 }
 
 function get_cjdns_private_key {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "cjdns private key" /home/$MY_USERNAME/README; then
-			if [ ! $CJDNS_PRIVATE_KEY ]; then
-				CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//')
-			fi
-		fi
-	fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+        if grep -q "cjdns private key" /home/$MY_USERNAME/README; then
+            if [ ! $CJDNS_PRIVATE_KEY ]; then
+                CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//')
+            fi
+        fi
+    fi
 }
 
 function get_cjdns_ipv6_address {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then
-			if [ ! $CJDNS_IPV6 ]; then
-				CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//')
-			fi
-		fi
-	fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+        if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then
+            if [ ! $CJDNS_IPV6 ]; then
+                CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//')
+            fi
+        fi
+    fi
 }
 
 function get_cjdns_port {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "cjdns port" /home/$MY_USERNAME/README; then
-			if [ ! $CJDNS_PORT ]; then
-				CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//')
-			fi
-		fi
-	fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+        if grep -q "cjdns port" /home/$MY_USERNAME/README; then
+            if [ ! $CJDNS_PORT ]; then
+                CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//')
+            fi
+        fi
+    fi
 }
 
 function get_cjdns_password {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "cjdns password" /home/$MY_USERNAME/README; then
-			if [ ! $CJDNS_PASSWORD ]; then
-				CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
-			fi
-		fi
-	fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+        if grep -q "cjdns password" /home/$MY_USERNAME/README; then
+            if [ ! $CJDNS_PASSWORD ]; then
+                CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+            fi
+        fi
+    fi
 }
 
 function backup_local_cjdns {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_local_cjdns {
-	if [ -d $USB_MOUNT/backup/cjdns ]; then
-		echo $"Restoring cjdns installation"
-		temp_restore_dir=/root/tempcjdns
-		function_check restore_directory_from_usb
-		restore_directory_from_usb $temp_restore_dir cjdns
-		rm -rf /etc/cjdns
-		cp -r $temp_restore_dir/etc/cjdns /etc/
-		if [ ! "$?" = "0" ]; then
-			function_check set_user_permissions
-			set_user_permissions
-			function_check backup_unmount_drive
-			backup_unmount_drive
-			exit 8472
-		fi
-		rm -rf $temp_restore_dir
-	fi
+    if [ -d $USB_MOUNT/backup/cjdns ]; then
+        echo $"Restoring cjdns installation"
+        temp_restore_dir=/root/tempcjdns
+        function_check restore_directory_from_usb
+        restore_directory_from_usb $temp_restore_dir cjdns
+        rm -rf /etc/cjdns
+        cp -r $temp_restore_dir/etc/cjdns /etc/
+        if [ ! "$?" = "0" ]; then
+            function_check set_user_permissions
+            set_user_permissions
+            function_check backup_unmount_drive
+            backup_unmount_drive
+            exit 8472
+        fi
+        rm -rf $temp_restore_dir
+    fi
 }
 
 function backup_remote_cjdns {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_remote_cjdns {
-	if [ -d $SERVER_DIRECTORY/backup/cjdns ]; then
-		echo $"Restoring cjdns installation"
-		temp_restore_dir=/root/tempcjdns
-		function_check restore_directory_from_friend
-		restore_directory_from_friend $temp_restore_dir cjdns
-		rm -rf /etc/cjdns
-		cp -r $temp_restore_dir/etc/cjdns /etc/
-		if [ ! "$?" = "0" ]; then
-			exit 7438
-		fi
-		rm -rf $temp_restore_dir
-	fi
+    if [ -d $SERVER_DIRECTORY/backup/cjdns ]; then
+        echo $"Restoring cjdns installation"
+        temp_restore_dir=/root/tempcjdns
+        function_check restore_directory_from_friend
+        restore_directory_from_friend $temp_restore_dir cjdns
+        rm -rf /etc/cjdns
+        cp -r $temp_restore_dir/etc/cjdns /etc/
+        if [ ! "$?" = "0" ]; then
+            exit 7438
+        fi
+        rm -rf $temp_restore_dir
+    fi
 }
 
 function remove_cjdns {
-	if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then
-		return
-	fi
-	service cjdns stop
-	ip6tables -D nat -D POSTROUTING -o tun0 -j MASQUERADE
-	ip6tables -D FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-	ip6tables -D INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
-	ip6tables -D INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	rm -rf /etc/cjdns
-	sed -i '/install_cjdns/d' $COMPLETION_FILE
-	sed -i '/cjdns /d' $COMPLETION_FILE
-	sed -i '/configure_firewall_for_cjdns/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then
+        return
+    fi
+    service cjdns stop
+    ip6tables -D nat -D POSTROUTING -o tun0 -j MASQUERADE
+    ip6tables -D FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+    ip6tables -D INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    rm -rf /etc/cjdns
+    sed -i '/install_cjdns/d' $COMPLETION_FILE
+    sed -i '/cjdns /d' $COMPLETION_FILE
+    sed -i '/configure_firewall_for_cjdns/d' $COMPLETION_FILE
 }
 
 function install_cjdns_main {
-	if [[ $ENABLE_CJDNS != "yes" ]]; then
-		return
-	fi
-
-	if grep -Fxq "install_cjdns_main" $COMPLETION_FILE; then
-		return
-	fi
-
-	apt-get -y install nodejs git build-essential nmap
-
-	# if a README exists then obtain the cjdns parameters
-	function_check get_cjdns_ipv6_address
-	get_cjdns_ipv6_address
-
-	function_check get_cjdns_public_key
-	get_cjdns_public_key
-
-	function_check get_cjdns_private_key
-	get_cjdns_private_key
-
-	function_check get_cjdns_port
-	get_cjdns_port
-
-	function_check get_cjdns_password
-	get_cjdns_password
-
-	# special compile settings for running ./do on the Beaglebone Black
-	if [[ $INSTALLING_ON_BBB == "yes" ]]; then
-		CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized"
-		export LDFLAGS="$CFLAGS"
-	fi
-
-	if [ ! -d /etc/cjdns ]; then
-		function_check git_pull
-		git_clone $CJDNS_REPO /etc/cjdns
-		cd /etc/cjdns
-
-		git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT
-		if ! grep -q "cjdns commit" $COMPLETION_FILE; then
-			echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE
-		else
-			sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
-		fi
-
-		./do
-		if [ ! "$?" = "0" ]; then
-			exit 7439
-		fi
-		# create a configuration
-		if [ ! -f /etc/cjdns/cjdroute.conf ]; then
-			./cjdroute --genconf > /etc/cjdns/cjdroute.conf
-			if [ ! "$?" = "0" ]; then
-				exit 5922
-			fi
-		fi
-		# create a user to run as
-		useradd cjdns
-	else
-		cd /etc/cjdns
-		function_check git_pull
-		git_pull $CJDNS_REPO
-		./do
-		if [ ! "$?" = "0" ]; then
-			exit 9926
-		fi
-	fi
-
-	# set permissions
-	chown -R cjdns:cjdns /etc/cjdns
-	chmod 600 /etc/cjdns/cjdroute.conf
-
-	/sbin/ip tuntap add mode tun user cjdns dev cjdroute0
-
-	# insert values into the configuration file
-	if [ $CJDNS_PRIVATE_KEY ]; then
-		sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf
-	else
-		CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p)
-	fi
-	if [ $CJDNS_PUBLIC_KEY ]; then
-		sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf
-	else
-		CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p)
-	fi
-	if [ $CJDNS_IPV6 ]; then
-		sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf
-	else
-		CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p)
-	fi
-	if [ $CJDNS_PASSWORD ]; then
-		sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf
-	else
-		CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p)
-	fi
-	if [ $CJDNS_PORT ]; then
-		sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf
-	else
-		CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p)
-	fi
-
-	function_check enable_ipv6
-	enable_ipv6
-
-	echo '#!/bin/sh -e' > /etc/init.d/cjdns
-	echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns
-	echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns
-	echo '# Provides:          cjdroute' >> /etc/init.d/cjdns
-	echo '# Required-Start:    $remote_fs $network' >> /etc/init.d/cjdns
-	echo '# Required-Stop:     $remote_fs $network' >> /etc/init.d/cjdns
-	echo '# Default-Start:     2 3 4 5' >> /etc/init.d/cjdns
-	echo '# Default-Stop:      0 1 6' >> /etc/init.d/cjdns
-	echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns
-	echo '# Description:       A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns
-	echo '# cjdns git repo:    https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns
-	echo '### END INIT INFO' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo 'PROG="cjdroute"' >> /etc/init.d/cjdns
-	echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
-	echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
-	echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns
-	echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns
-	echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo 'start() {' >> /etc/init.d/cjdns
-	echo '     # Start it up with the user cjdns' >> /etc/init.d/cjdns
-	echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
-	echo '     then' >> /etc/init.d/cjdns
-	echo '         echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns
-	echo '     else' >> /etc/init.d/cjdns
-	echo '         echo " * Starting cjdroute"' >> /etc/init.d/cjdns
-	echo '         su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns
-	echo '         /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns
-	echo '         /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns
-	echo '         /sbin/ip link set tun0 up' >> /etc/init.d/cjdns
-	echo '         /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns
-	echo '     fi' >> /etc/init.d/cjdns
-	echo '}' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo 'stop() {' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo '     if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns
-	echo '     then' >> /etc/init.d/cjdns
-	echo '         echo "cjdns isnt running."' >> /etc/init.d/cjdns
-	echo '     else' >> /etc/init.d/cjdns
-	echo '         echo "Killing cjdroute"' >> /etc/init.d/cjdns
-	echo '         killall cjdroute' >> /etc/init.d/cjdns
-	echo '     fi' >> /etc/init.d/cjdns
-	echo '}' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo 'status() {' >> /etc/init.d/cjdns
-	echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
-	echo '     then' >> /etc/init.d/cjdns
-	echo '         echo "Cjdns is running"' >> /etc/init.d/cjdns
-	echo '     else' >> /etc/init.d/cjdns
-	echo '         echo "Cjdns is not running"' >> /etc/init.d/cjdns
-	echo '     fi' >> /etc/init.d/cjdns
-	echo '}' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo ' update() {' >> /etc/init.d/cjdns
-	echo '     cd $GIT_PATH' >> /etc/init.d/cjdns
-	echo '     echo "Updating..."' >> /etc/init.d/cjdns
-	echo '     git pull' >> /etc/init.d/cjdns
-	echo '     ./do' >> /etc/init.d/cjdns
-	echo '}' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns
-	echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns
-	echo '    echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns
-	echo '    exit 1' >> /etc/init.d/cjdns
-	echo 'fi' >> /etc/init.d/cjdns
-	echo '' >> /etc/init.d/cjdns
-	echo 'case $1 in' >> /etc/init.d/cjdns
-	echo '     start)' >> /etc/init.d/cjdns
-	echo '         start' >> /etc/init.d/cjdns
-	echo '         exit 0' >> /etc/init.d/cjdns
-	echo '     ;;' >> /etc/init.d/cjdns
-	echo '     stop)' >> /etc/init.d/cjdns
-	echo '         stop' >> /etc/init.d/cjdns
-	echo '         exit 0' >> /etc/init.d/cjdns
-	echo '     ;;' >> /etc/init.d/cjdns
-	echo '     reload|restart|force-reload)' >> /etc/init.d/cjdns
-	echo '         stop' >> /etc/init.d/cjdns
-	echo '         sleep 1' >> /etc/init.d/cjdns
-	echo '         start' >> /etc/init.d/cjdns
-	echo '         exit 0' >> /etc/init.d/cjdns
-	echo '     ;;' >> /etc/init.d/cjdns
-	echo '     status)' >> /etc/init.d/cjdns
-	echo '         status' >> /etc/init.d/cjdns
-	echo '         exit 0' >> /etc/init.d/cjdns
-	echo '     ;;' >> /etc/init.d/cjdns
-	echo '     update|upgrade)' >> /etc/init.d/cjdns
-	echo '         update' >> /etc/init.d/cjdns
-	echo '         stop' >> /etc/init.d/cjdns
-	echo '         sleep 2' >> /etc/init.d/cjdns
-	echo '         start' >> /etc/init.d/cjdns
-	echo '         exit 0' >> /etc/init.d/cjdns
-	echo '     ;;' >> /etc/init.d/cjdns
-	echo '     **)' >> /etc/init.d/cjdns
-	echo '         echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns
-	echo '         exit 1' >> /etc/init.d/cjdns
-	echo '     ;;' >> /etc/init.d/cjdns
-	echo 'esac' >> /etc/init.d/cjdns
-	chmod +x /etc/init.d/cjdns
-	update-rc.d cjdns defaults
-	service cjdns start
-	if [ ! "$?" = "0" ]; then
-		systemctl status cjdns.service
-		exit 8260
-	fi
-
-	apt-get -y install radvd
-	echo 'interface eth0' > /etc/radvd.conf
-	echo '{' >> /etc/radvd.conf
-	echo '    AdvSendAdvert on;' >> /etc/radvd.conf
-	echo '    prefix fdfc::1/64' >> /etc/radvd.conf
-	echo '    {' >> /etc/radvd.conf
-	echo '        AdvRouterAddr on;' >> /etc/radvd.conf
-	echo '    };' >> /etc/radvd.conf
-	echo '};' >> /etc/radvd.conf
-	systemctl restart radvd
-	if [ ! "$?" = "0" ]; then
-		systemctl status radvd.service
-		exit 4395
-	fi
-
-	if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then
-		echo '' >> /etc/network/interfaces
-		echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces
-		echo 'iface eth0 inet6 static' >> /etc/network/interfaces
-		echo '    pre-up modprobe ipv6' >> /etc/network/interfaces
-		echo '    address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces
-		echo '    netmask 64' >> /etc/network/interfaces
-		service network-manager restart
-		if [ ! "$?" = "0" ]; then
-			systemctl status networking.service
-			exit 6949
-		fi
-	fi
-
-	if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
-		CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}')
-
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README
-		echo '=======================' >> /home/$MY_USERNAME/README
-		echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README
-		echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README
-		echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README
-		echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README
-		echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README
-		echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README
-		echo $'to you using your default password' >> /home/$MY_USERNAME/README
-		echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README
-		echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README
-		echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README
-		echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README
-		echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README
-		echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README
-		echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README
-		echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README
-		echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README
-		echo $'each password is for.' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README
-		echo '    http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README
-		echo '    http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
-
-	function_check configure_firewall_for_cjdns
-	configure_firewall_for_cjdns
-
-	echo 'install_cjdns_main' >> $COMPLETION_FILE
+    if [[ $ENABLE_CJDNS != "yes" ]]; then
+        return
+    fi
+
+    if grep -Fxq "install_cjdns_main" $COMPLETION_FILE; then
+        return
+    fi
+
+    apt-get -y install nodejs git build-essential nmap
+
+    # if a README exists then obtain the cjdns parameters
+    function_check get_cjdns_ipv6_address
+    get_cjdns_ipv6_address
+
+    function_check get_cjdns_public_key
+    get_cjdns_public_key
+
+    function_check get_cjdns_private_key
+    get_cjdns_private_key
+
+    function_check get_cjdns_port
+    get_cjdns_port
+
+    function_check get_cjdns_password
+    get_cjdns_password
+
+    # special compile settings for running ./do on the Beaglebone Black
+    if [[ $INSTALLING_ON_BBB == "yes" ]]; then
+        CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized"
+        export LDFLAGS="$CFLAGS"
+    fi
+
+    if [ ! -d /etc/cjdns ]; then
+        function_check git_pull
+        git_clone $CJDNS_REPO /etc/cjdns
+        cd /etc/cjdns
+
+        git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT
+        if ! grep -q "cjdns commit" $COMPLETION_FILE; then
+            echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE
+        else
+            sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
+        fi
+
+        ./do
+        if [ ! "$?" = "0" ]; then
+            exit 7439
+        fi
+        # create a configuration
+        if [ ! -f /etc/cjdns/cjdroute.conf ]; then
+            ./cjdroute --genconf > /etc/cjdns/cjdroute.conf
+            if [ ! "$?" = "0" ]; then
+                exit 5922
+            fi
+        fi
+        # create a user to run as
+        useradd cjdns
+    else
+        cd /etc/cjdns
+        function_check git_pull
+        git_pull $CJDNS_REPO
+        ./do
+        if [ ! "$?" = "0" ]; then
+            exit 9926
+        fi
+    fi
+
+    # set permissions
+    chown -R cjdns:cjdns /etc/cjdns
+    chmod 600 /etc/cjdns/cjdroute.conf
+
+    /sbin/ip tuntap add mode tun user cjdns dev cjdroute0
+
+    # insert values into the configuration file
+    if [ $CJDNS_PRIVATE_KEY ]; then
+        sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf
+    else
+        CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p)
+    fi
+    if [ $CJDNS_PUBLIC_KEY ]; then
+        sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf
+    else
+        CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p)
+    fi
+    if [ $CJDNS_IPV6 ]; then
+        sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf
+    else
+        CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p)
+    fi
+    if [ $CJDNS_PASSWORD ]; then
+        sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf
+    else
+        CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p)
+    fi
+    if [ $CJDNS_PORT ]; then
+        sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf
+    else
+        CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p)
+    fi
+
+    function_check enable_ipv6
+    enable_ipv6
+
+    echo '#!/bin/sh -e' > /etc/init.d/cjdns
+    echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns
+    echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns
+    echo '# Provides:          cjdroute' >> /etc/init.d/cjdns
+    echo '# Required-Start:    $remote_fs $network' >> /etc/init.d/cjdns
+    echo '# Required-Stop:     $remote_fs $network' >> /etc/init.d/cjdns
+    echo '# Default-Start:     2 3 4 5' >> /etc/init.d/cjdns
+    echo '# Default-Stop:      0 1 6' >> /etc/init.d/cjdns
+    echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns
+    echo '# Description:       A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns
+    echo '# cjdns git repo:    https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns
+    echo '### END INIT INFO' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo 'PROG="cjdroute"' >> /etc/init.d/cjdns
+    echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
+    echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
+    echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns
+    echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns
+    echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo 'start() {' >> /etc/init.d/cjdns
+    echo '     # Start it up with the user cjdns' >> /etc/init.d/cjdns
+    echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
+    echo '     then' >> /etc/init.d/cjdns
+    echo '         echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns
+    echo '     else' >> /etc/init.d/cjdns
+    echo '         echo " * Starting cjdroute"' >> /etc/init.d/cjdns
+    echo '         su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns
+    echo '         /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns
+    echo '         /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns
+    echo '         /sbin/ip link set tun0 up' >> /etc/init.d/cjdns
+    echo '         /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns
+    echo '     fi' >> /etc/init.d/cjdns
+    echo '}' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo 'stop() {' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo '     if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns
+    echo '     then' >> /etc/init.d/cjdns
+    echo '         echo "cjdns isnt running."' >> /etc/init.d/cjdns
+    echo '     else' >> /etc/init.d/cjdns
+    echo '         echo "Killing cjdroute"' >> /etc/init.d/cjdns
+    echo '         killall cjdroute' >> /etc/init.d/cjdns
+    echo '     fi' >> /etc/init.d/cjdns
+    echo '}' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo 'status() {' >> /etc/init.d/cjdns
+    echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
+    echo '     then' >> /etc/init.d/cjdns
+    echo '         echo "Cjdns is running"' >> /etc/init.d/cjdns
+    echo '     else' >> /etc/init.d/cjdns
+    echo '         echo "Cjdns is not running"' >> /etc/init.d/cjdns
+    echo '     fi' >> /etc/init.d/cjdns
+    echo '}' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo ' update() {' >> /etc/init.d/cjdns
+    echo '     cd $GIT_PATH' >> /etc/init.d/cjdns
+    echo '     echo "Updating..."' >> /etc/init.d/cjdns
+    echo '     git pull' >> /etc/init.d/cjdns
+    echo '     ./do' >> /etc/init.d/cjdns
+    echo '}' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns
+    echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns
+    echo '    echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns
+    echo '    exit 1' >> /etc/init.d/cjdns
+    echo 'fi' >> /etc/init.d/cjdns
+    echo '' >> /etc/init.d/cjdns
+    echo 'case $1 in' >> /etc/init.d/cjdns
+    echo '     start)' >> /etc/init.d/cjdns
+    echo '         start' >> /etc/init.d/cjdns
+    echo '         exit 0' >> /etc/init.d/cjdns
+    echo '     ;;' >> /etc/init.d/cjdns
+    echo '     stop)' >> /etc/init.d/cjdns
+    echo '         stop' >> /etc/init.d/cjdns
+    echo '         exit 0' >> /etc/init.d/cjdns
+    echo '     ;;' >> /etc/init.d/cjdns
+    echo '     reload|restart|force-reload)' >> /etc/init.d/cjdns
+    echo '         stop' >> /etc/init.d/cjdns
+    echo '         sleep 1' >> /etc/init.d/cjdns
+    echo '         start' >> /etc/init.d/cjdns
+    echo '         exit 0' >> /etc/init.d/cjdns
+    echo '     ;;' >> /etc/init.d/cjdns
+    echo '     status)' >> /etc/init.d/cjdns
+    echo '         status' >> /etc/init.d/cjdns
+    echo '         exit 0' >> /etc/init.d/cjdns
+    echo '     ;;' >> /etc/init.d/cjdns
+    echo '     update|upgrade)' >> /etc/init.d/cjdns
+    echo '         update' >> /etc/init.d/cjdns
+    echo '         stop' >> /etc/init.d/cjdns
+    echo '         sleep 2' >> /etc/init.d/cjdns
+    echo '         start' >> /etc/init.d/cjdns
+    echo '         exit 0' >> /etc/init.d/cjdns
+    echo '     ;;' >> /etc/init.d/cjdns
+    echo '     **)' >> /etc/init.d/cjdns
+    echo '         echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns
+    echo '         exit 1' >> /etc/init.d/cjdns
+    echo '     ;;' >> /etc/init.d/cjdns
+    echo 'esac' >> /etc/init.d/cjdns
+    chmod +x /etc/init.d/cjdns
+    update-rc.d cjdns defaults
+    service cjdns start
+    if [ ! "$?" = "0" ]; then
+        systemctl status cjdns.service
+        exit 8260
+    fi
+
+    apt-get -y install radvd
+    echo 'interface eth0' > /etc/radvd.conf
+    echo '{' >> /etc/radvd.conf
+    echo '    AdvSendAdvert on;' >> /etc/radvd.conf
+    echo '    prefix fdfc::1/64' >> /etc/radvd.conf
+    echo '    {' >> /etc/radvd.conf
+    echo '        AdvRouterAddr on;' >> /etc/radvd.conf
+    echo '    };' >> /etc/radvd.conf
+    echo '};' >> /etc/radvd.conf
+    systemctl restart radvd
+    if [ ! "$?" = "0" ]; then
+        systemctl status radvd.service
+        exit 4395
+    fi
+
+    if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then
+        echo '' >> /etc/network/interfaces
+        echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces
+        echo 'iface eth0 inet6 static' >> /etc/network/interfaces
+        echo '    pre-up modprobe ipv6' >> /etc/network/interfaces
+        echo '    address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces
+        echo '    netmask 64' >> /etc/network/interfaces
+        service network-manager restart
+        if [ ! "$?" = "0" ]; then
+            systemctl status networking.service
+            exit 6949
+        fi
+    fi
+
+    if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
+        CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}')
+
+        echo '' >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README
+        echo '=======================' >> /home/$MY_USERNAME/README
+        echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README
+        echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README
+        echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README
+        echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README
+        echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README
+        echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README
+        echo $'to you using your default password' >> /home/$MY_USERNAME/README
+        echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README
+        echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README
+        echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README
+        echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README
+        echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README
+        echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README
+        echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README
+        echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README
+        echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README
+        echo $'each password is for.' >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README
+        echo '    http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README
+        echo '    http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README
+        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+        chmod 600 /home/$MY_USERNAME/README
+    fi
+
+    function_check configure_firewall_for_cjdns
+    configure_firewall_for_cjdns
+
+    echo 'install_cjdns_main' >> $COMPLETION_FILE
 }
 
 function install_cjdns_tools {
-	if grep -Fxq "install_cjdns_tools" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $ENABLE_CJDNS != "yes" ]]; then
-		return
-	fi
-	if [ ! -d /etc/cjdns ]; then
-		install_cjdns
-	fi
-
-	function_check select_go_version
-	select_go_version
-
-	apt-get -y install golang mercurial
-	if [ ! -f ~/.bashrc ]; then
-		touch ~/.bashrc
-	fi
-
-	if [ ! -d /home/git ]; then
-		# add a gogs user account
-		adduser --disabled-login --gecos 'Gogs' git
-
-		# install Go
-		if ! grep -q "export GOPATH=" ~/.bashrc; then
-			echo "export GOPATH=$GOPATH" >> ~/.bashrc
-		fi
-		systemctl set-environment GOPATH=$GOPATH
-		if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
-			echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
-		fi
-		if [ ! -d $GOPATH ]; then
-			mkdir -p $GOPATH
-		fi
-	fi
-
-	if ! grep -q "export GOPATH=" ~/.bashrc; then
-		echo "export GOPATH=$GOPATH" >> ~/.bashrc
-	fi
-	expected_go_path='export PATH=$PATH:'${GOPATH}'/bin'
-	export PATH=$PATH:${GOPATH}/bin
-	if ! grep -q "$expected_go_path" ~/.bashrc; then
-		echo "$expected_go_path" >> ~/.bashrc
-	fi
-	export PATH=$PATH:$GOPATH/bin
-	CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g')
-	go get $CJDCMD_REPO2
-	if [ ! -f $GOPATH/bin/cjdcmd ]; then
-		echo $'cjdcmd was not compiled. Check your golang installation'
-		exit 7439
-	fi
-	cp $GOPATH/bin/cjdcmd /usr/bin
-
-	# initialise from the cjdns config
-	/usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf
-
-	echo 'install_cjdns_tools' >> $COMPLETION_FILE
+    if grep -Fxq "install_cjdns_tools" $COMPLETION_FILE; then
+        return
+    fi
+    if [[ $ENABLE_CJDNS != "yes" ]]; then
+        return
+    fi
+    if [ ! -d /etc/cjdns ]; then
+        install_cjdns
+    fi
+
+    function_check select_go_version
+    select_go_version
+
+    apt-get -y install golang mercurial
+    if [ ! -f ~/.bashrc ]; then
+        touch ~/.bashrc
+    fi
+
+    if [ ! -d /home/git ]; then
+        # add a gogs user account
+        adduser --disabled-login --gecos 'Gogs' git
+
+        # install Go
+        if ! grep -q "export GOPATH=" ~/.bashrc; then
+            echo "export GOPATH=$GOPATH" >> ~/.bashrc
+        fi
+        systemctl set-environment GOPATH=$GOPATH
+        if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
+            echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
+        fi
+        if [ ! -d $GOPATH ]; then
+            mkdir -p $GOPATH
+        fi
+    fi
+
+    if ! grep -q "export GOPATH=" ~/.bashrc; then
+        echo "export GOPATH=$GOPATH" >> ~/.bashrc
+    fi
+    expected_go_path='export PATH=$PATH:'${GOPATH}'/bin'
+    export PATH=$PATH:${GOPATH}/bin
+    if ! grep -q "$expected_go_path" ~/.bashrc; then
+        echo "$expected_go_path" >> ~/.bashrc
+    fi
+    export PATH=$PATH:$GOPATH/bin
+    CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g')
+    go get $CJDCMD_REPO2
+    if [ ! -f $GOPATH/bin/cjdcmd ]; then
+        echo $'cjdcmd was not compiled. Check your golang installation'
+        exit 7439
+    fi
+    cp $GOPATH/bin/cjdcmd /usr/bin
+
+    # initialise from the cjdns config
+    /usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf
+
+    echo 'install_cjdns_tools' >> $COMPLETION_FILE
 }
 
 function install_cjdns {
-	if grep -Fxq "install_cjdns" $COMPLETION_FILE; then
-		return
-	fi
-	install_cjdns_main
-	install_cjdns_tools
-	echo 'install_cjdns' >> $COMPLETION_FILE
+    if grep -Fxq "install_cjdns" $COMPLETION_FILE; then
+        return
+    fi
+    install_cjdns_main
+    install_cjdns_tools
+    echo 'install_cjdns' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-dlna

@@ -30,206 +30,210 @@
 
 VARIANTS='full media'
 
+function change_password_dlna {
+    echo -n ''
+}
+
 function reconfigure_dlna {
-	echo ''
+    echo ''
 }
 
 function upgrade_dlna {
-	echo ''
+    echo ''
 }
 
 function configure_firewall_for_dlna {
-	if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-		# docker does its own firewalling
-		return
-	fi
-	iptables -A INPUT -p udp --dport 1900 -j ACCEPT
-	iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	OPEN_PORTS+=('DLNA     1900')
-	OPEN_PORTS+=('DLNA     8200')
-	echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
+    if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
+        return
+    fi
+    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+        # docker does its own firewalling
+        return
+    fi
+    iptables -A INPUT -p udp --dport 1900 -j ACCEPT
+    iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    OPEN_PORTS+=('DLNA     1900')
+    OPEN_PORTS+=('DLNA     8200')
+    echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
 }
 
 function backup_local_dlna {
-	source_directory=/var/cache/minidlna
-	if [ -d $source_directory ]; then
-		dest_directory=dlna
-		echo $"Backing up $source_directory to $dest_directory"
+    source_directory=/var/cache/minidlna
+    if [ -d $source_directory ]; then
+        dest_directory=dlna
+        echo $"Backing up $source_directory to $dest_directory"
 
-		function_check backup_directory_to_usb
-		backup_directory_to_usb $source_directory $dest_directory
+        function_check backup_directory_to_usb
+        backup_directory_to_usb $source_directory $dest_directory
 
-		echo $"Backup to $dest_directory complete"
-	fi
+        echo $"Backup to $dest_directory complete"
+    fi
 }
 
 function restore_local_dlna {
-	if [ -d /var/cache/minidlna ]; then
-		if [ -d $USB_MOUNT/backup/dlna ]; then
-			echo $"Restoring DLNA cache"
-			temp_restore_dir=/root/tempdlna
-			function_check restore_directory_from_usb
-			restore_directory_from_usb $temp_restore_dir dlna
-			cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/
-			if [ ! "$?" = "0" ]; then
-				rm -rf $temp_restore_dir
-				function_check set_user_permissions
-				set_user_permissions
-				function_check backup_unmount_drive
-				backup_unmount_drive
-				exit 982572
-			fi
-			rm -rf $temp_restore_dir
-		fi
-	fi
+    if [ -d /var/cache/minidlna ]; then
+        if [ -d $USB_MOUNT/backup/dlna ]; then
+            echo $"Restoring DLNA cache"
+            temp_restore_dir=/root/tempdlna
+            function_check restore_directory_from_usb
+            restore_directory_from_usb $temp_restore_dir dlna
+            cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/
+            if [ ! "$?" = "0" ]; then
+                rm -rf $temp_restore_dir
+                function_check set_user_permissions
+                set_user_permissions
+                function_check backup_unmount_drive
+                backup_unmount_drive
+                exit 982572
+            fi
+            rm -rf $temp_restore_dir
+        fi
+    fi
 }
 
 function backup_remote_dlna {
-	if [ -d /var/cache/minidlna ]; then
-		echo $"Backing up DLNA cache"
-		backup_directory_to_friend /var/cache/minidlna dlna
-		echo $"Backup of DLNA cache complete"
-	fi
+    if [ -d /var/cache/minidlna ]; then
+        echo $"Backing up DLNA cache"
+        backup_directory_to_friend /var/cache/minidlna dlna
+        echo $"Backup of DLNA cache complete"
+    fi
 }
 
 function restore_remote_dlna {
-	if [ -d /var/cache/minidlna ]; then
-		if [ -d $SERVER_DIRECTORY/backup/dlna ]; then
-			echo $"Restoring DLNA cache"
-			temp_restore_dir=/root/tempdlna
-			function_check restore_directory_from_friend
-			restore_directory_from_friend $temp_restore_dir dlna
-			cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/
-			if [ ! "$?" = "0" ]; then
-				exit 982
-			fi
-			rm -rf $temp_restore_dir
-			echo $"Restore of DLNA complete"
-		fi
-	fi
+    if [ -d /var/cache/minidlna ]; then
+        if [ -d $SERVER_DIRECTORY/backup/dlna ]; then
+            echo $"Restoring DLNA cache"
+            temp_restore_dir=/root/tempdlna
+            function_check restore_directory_from_friend
+            restore_directory_from_friend $temp_restore_dir dlna
+            cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/
+            if [ ! "$?" = "0" ]; then
+                exit 982
+            fi
+            rm -rf $temp_restore_dir
+            echo $"Restore of DLNA complete"
+        fi
+    fi
 }
 
 function remove_dlna {
-	if ! grep -Fxq "install_dlna" $COMPLETION_FILE; then
-		return
-	fi
-	service minidlna stop
-	apt-get -y remove --purge minidlna
-	if [ -f /etc/minidlna.conf ]; then
-		rm /etc/minidlna.conf
-	fi
-	iptables -D INPUT -p udp --dport 1900 -j ACCEPT
-	iptables -D INPUT -p tcp --dport 8200 -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-	sed -i '/install_dlna/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_dlna" $COMPLETION_FILE; then
+        return
+    fi
+    service minidlna stop
+    apt-get -y remove --purge minidlna
+    if [ -f /etc/minidlna.conf ]; then
+        rm /etc/minidlna.conf
+    fi
+    iptables -D INPUT -p udp --dport 1900 -j ACCEPT
+    iptables -D INPUT -p tcp --dport 8200 -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+    sed -i '/install_dlna/d' $COMPLETION_FILE
 }
 
 function install_dlna_main {
-	if grep -Fxq "install_dlna_main" $COMPLETION_FILE; then
-		return
-	fi
-
-	apt-get -y install minidlna
-
-	if [ ! -f /etc/minidlna.conf ]; then
-		echo $"ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE"
-		exit 55
-	fi
-
-	sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf
-	if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then
-		echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf
-	fi
-	if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then
-		echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf
-	fi
-	if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then
-		echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf
-	fi
-	if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then
-		echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf
-	fi
-	if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then
-		echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf
-	fi
-	sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
-	if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
-		sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
-	else
-		sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf
-	fi
-	sed -i "s/#friendly_name=/friendly_name=\"${PROJECT_NAME} Media\"/g" /etc/minidlna.conf
-	sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
-	sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
-	sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf
-	sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
-	service minidlna force-reload
-	service minidlna reload
-
-	sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
-	if ! grep -q "max_user_watches" $COMPLETION_FILE; then
-		echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
-	fi
-	/sbin/sysctl -p
-
-	function_check configure_firewall_for_dlna
-	configure_firewall_for_dlna
-	echo 'install_dlna_main' >> $COMPLETION_FILE
+    if grep -Fxq "install_dlna_main" $COMPLETION_FILE; then
+        return
+    fi
+
+    apt-get -y install minidlna
+
+    if [ ! -f /etc/minidlna.conf ]; then
+        echo $"ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE"
+        exit 55
+    fi
+
+    sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf
+    if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then
+        echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf
+    fi
+    if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then
+        echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf
+    fi
+    if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then
+        echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf
+    fi
+    if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then
+        echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf
+    fi
+    if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then
+        echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf
+    fi
+    sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
+    if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+        sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
+    else
+        sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf
+    fi
+    sed -i "s/#friendly_name=/friendly_name=\"${PROJECT_NAME} Media\"/g" /etc/minidlna.conf
+    sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
+    sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
+    sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf
+    sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
+    service minidlna force-reload
+    service minidlna reload
+
+    sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
+    if ! grep -q "max_user_watches" $COMPLETION_FILE; then
+        echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
+    fi
+    /sbin/sysctl -p
+
+    function_check configure_firewall_for_dlna
+    configure_firewall_for_dlna
+    echo 'install_dlna_main' >> $COMPLETION_FILE
 }
 
 function script_for_attaching_usb_drive {
-	if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
-		return
-	fi
-	echo '#!/bin/bash' > /usr/bin/attach-music
-	echo 'remove-music' >> /usr/bin/attach-music
-	echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
-	echo "  mkdir $USB_MOUNT" >> /usr/bin/attach-music
-	echo 'fi' >> /usr/bin/attach-music
-	echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music
-	echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music
-	echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music
-	echo 'service minidlna restart' >> /usr/bin/attach-music
-	echo 'minidlnad -R' >> /usr/bin/attach-music
-	chmod +x /usr/bin/attach-music
-	ln -s /usr/bin/attach-music /usr/bin/attach-usb
-	ln -s /usr/bin/attach-music /usr/bin/attach-videos
-	ln -s /usr/bin/attach-music /usr/bin/attach-pictures
-	ln -s /usr/bin/attach-music /usr/bin/attach-media
-
-	echo '#!/bin/bash' > /usr/bin/remove-music
-	echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music
-	echo "  umount $USB_MOUNT" >> /usr/bin/remove-music
-	echo "  rm -rf $USB_MOUNT" >> /usr/bin/remove-music
-	echo 'fi' >> /usr/bin/remove-music
-	chmod +x /usr/bin/remove-music
-	ln -s /usr/bin/remove-music /usr/bin/detach-music
-	ln -s /usr/bin/remove-music /usr/bin/detach-usb
-	ln -s /usr/bin/remove-music /usr/bin/remove-usb
-	ln -s /usr/bin/remove-music /usr/bin/detach-media
-	ln -s /usr/bin/remove-music /usr/bin/remove-media
-	ln -s /usr/bin/remove-music /usr/bin/detach-videos
-	ln -s /usr/bin/remove-music /usr/bin/remove-videos
-	ln -s /usr/bin/remove-music /usr/bin/detach-pictures
-	ln -s /usr/bin/remove-music /usr/bin/remove-pictures
-
-	echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
+    if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
+        return
+    fi
+    echo '#!/bin/bash' > /usr/bin/attach-music
+    echo 'remove-music' >> /usr/bin/attach-music
+    echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
+    echo "  mkdir $USB_MOUNT" >> /usr/bin/attach-music
+    echo 'fi' >> /usr/bin/attach-music
+    echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music
+    echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music
+    echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music
+    echo 'service minidlna restart' >> /usr/bin/attach-music
+    echo 'minidlnad -R' >> /usr/bin/attach-music
+    chmod +x /usr/bin/attach-music
+    ln -s /usr/bin/attach-music /usr/bin/attach-usb
+    ln -s /usr/bin/attach-music /usr/bin/attach-videos
+    ln -s /usr/bin/attach-music /usr/bin/attach-pictures
+    ln -s /usr/bin/attach-music /usr/bin/attach-media
+
+    echo '#!/bin/bash' > /usr/bin/remove-music
+    echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music
+    echo "  umount $USB_MOUNT" >> /usr/bin/remove-music
+    echo "  rm -rf $USB_MOUNT" >> /usr/bin/remove-music
+    echo 'fi' >> /usr/bin/remove-music
+    chmod +x /usr/bin/remove-music
+    ln -s /usr/bin/remove-music /usr/bin/detach-music
+    ln -s /usr/bin/remove-music /usr/bin/detach-usb
+    ln -s /usr/bin/remove-music /usr/bin/remove-usb
+    ln -s /usr/bin/remove-music /usr/bin/detach-media
+    ln -s /usr/bin/remove-music /usr/bin/remove-media
+    ln -s /usr/bin/remove-music /usr/bin/detach-videos
+    ln -s /usr/bin/remove-music /usr/bin/remove-videos
+    ln -s /usr/bin/remove-music /usr/bin/detach-pictures
+    ln -s /usr/bin/remove-music /usr/bin/remove-pictures
+
+    echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
 }
 
 function install_dlna {
-	if grep -Fxq "install_dlna" $COMPLETION_FILE; then
-		return
-	fi
-	install_dlna_main
-	script_for_attaching_usb_drive
-	echo 'install_dlna' >> $COMPLETION_FILE
+    if grep -Fxq "install_dlna" $COMPLETION_FILE; then
+        return
+    fi
+    install_dlna_main
+    script_for_attaching_usb_drive
+    echo 'install_dlna' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-emacs

@@ -30,6 +30,10 @@
 
 VARIANTS='all'
 
+function change_password_emacs {
+    echo -n ''
+}
+
 function reconfigure_emacs {
     echo -n ''
 }

src/freedombone-app-gogs

@@ -38,6 +38,10 @@ GIT_CODE=
 GIT_ONION_PORT=8090
 GIT_ADMIN_PASSWORD=
 
+function change_password_gogs {
+    echo -n ''
+}
+
 function gogs_parameters {
     CURR_ARCH=
     if [[ $ARCHITECTURE == *"386" || $ARCHITECTURE == *"686" ]]; then

src/freedombone-app-hubzilla

@@ -40,6 +40,10 @@ HUBZILLA_ADMIN_PASSWORD=
 HUBZILLA_COMMIT='8aee932525d0bc341713fe7052e2a5ab318a69c0'
 HUBZILLA_ADDONS_COMMIT='4456f097e3faf2adeab696ad08e3f213e82199bd'
 
+function change_password_hubzilla {
+    echo -n ''
+}
+
 function get_mariadb_hubzilla_admin_password {
     if [ -f /home/$MY_USERNAME/README ]; then
         if grep -q "MariaDB Hubzilla admin password" /home/$MY_USERNAME/README; then

src/freedombone-app-ipfs

@@ -41,6 +41,10 @@ IPFS_JS_RONIN_VERSION='0.3.11'
 IPFS_KEY_LENGTH=2048
 IPFS_GO_VERSION=0.4.2
 
+function change_password_ipfs {
+    echo -n ''
+}
+
 function reconfigure_ipfs {
     echo -n ''
 }

src/freedombone-app-irc

@@ -36,277 +36,281 @@ IRC_ONION_PORT=6697
 # An optional password to log into IRC. This applies to all users
 IRC_PASSWORD=
 
+function change_password_irc {
+    echo -n ''
+}
+
 function reconfigure_irc {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_irc {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_local_irc {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_local_irc {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_remote_irc {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_remote_irc {
-	echo -n ''
+    echo -n ''
 }
 
 function remove_irc {
-	if ! grep -Fxq "install_irc" $COMPLETION_FILE; then
-		return
-	fi
-	systemctl stop ngircd
-	apt-get -y remove --purge ngircd
-	apt-get -y remove --purge irssi
-	if [ -d /etc/ngircd ]; then
-		rm -rf /etc/ngircd
-	fi
-	iptables -D INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
-	iptables -D INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-	function_check remove_onion_service
-	remove_onion_service irc ${IRC_ONION_PORT}
-	sed -i '/install_irc/d' $COMPLETION_FILE
-	sed -i '/IRC /d' $COMPLETION_FILE
-	sed -i '/configure_firewall_for_irc/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_irc" $COMPLETION_FILE; then
+        return
+    fi
+    systemctl stop ngircd
+    apt-get -y remove --purge ngircd
+    apt-get -y remove --purge irssi
+    if [ -d /etc/ngircd ]; then
+        rm -rf /etc/ngircd
+    fi
+    iptables -D INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
+    iptables -D INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+    function_check remove_onion_service
+    remove_onion_service irc ${IRC_ONION_PORT}
+    sed -i '/install_irc/d' $COMPLETION_FILE
+    sed -i '/IRC /d' $COMPLETION_FILE
+    sed -i '/configure_firewall_for_irc/d' $COMPLETION_FILE
 }
 
 function configure_firewall_for_irc {
-	if [ ! -d /etc/ngircd ]; then
-		return
-	fi
-	if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-		# docker does its own firewalling
-		return
-	fi
-	if [[ $ONION_ONLY != "no" ]]; then
-		return
-	fi
-	iptables -A INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
-	iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
+    if [ ! -d /etc/ngircd ]; then
+        return
+    fi
+    if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
+        return
+    fi
+    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+        # docker does its own firewalling
+        return
+    fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
+    iptables -A INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
+    iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
 
-	OPEN_PORTS+=("IRC      $IRC_PORT")
-	echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
+    OPEN_PORTS+=("IRC      $IRC_PORT")
+    echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
 }
 
 function install_irc_server {
-	if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
-		return
-	fi
-	apt-get -y install ngircd
+    if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
+        return
+    fi
+    apt-get -y install ngircd
 
-	if [ ! -d /etc/ngircd ]; then
-		echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
-		exit 53
-	fi
+    if [ ! -d /etc/ngircd ]; then
+        echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
+        exit 53
+    fi
 
-	if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
-		${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH
-		function_check check_certificates
-		check_certificates ngircd
-	fi
+    if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
+        ${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH
+        function_check check_certificates
+        check_certificates ngircd
+    fi
 
-	DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME
-	if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
-		DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local"
-	fi
+    DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME
+    if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+        DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local"
+    fi
 
-	# create a login password if needed
-	if [ ! $IRC_PASSWORD ]; then
-		IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-	fi
+    # create a login password if needed
+    if [ ! $IRC_PASSWORD ]; then
+        IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    fi
 
-	echo '**************************************************' > /etc/ngircd/motd
-	echo $'*           F R E E D O M B O N E   I R C        *' >> /etc/ngircd/motd
-	echo '*                                                *' >> /etc/ngircd/motd
-	echo $'*               Freedom in the Cloud             *' >> /etc/ngircd/motd
-	echo '**************************************************' >> /etc/ngircd/motd
-	sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
-	sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
-	sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
-	sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf
-	sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
-	sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
-	sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
-	sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
-	sed -i "s/;Ports =.*/Ports = $IRC_PORT/1" /etc/ngircd/ngircd.conf
-	sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf
-	sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
-	sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf
-	sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
-	sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
-	sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
-	IRC_SALT="$(create_password 30)"
-	if [ -f $IMAGE_PASSWORD_FILE ]; then
-		IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-	else
-		IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-	fi
-	sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
-	sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
-	sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
-	sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
-	sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
-	sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
-	sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
-	if [ $IRC_PASSWORD ]; then
-		sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf
-	fi
-	# If we are on a mesh then DNS is not available
-	if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
-		sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf
-	fi
-	# upgrade a cypher
-	sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf
-	mkdir /var/run/ircd
-	chown -R irc:irc /var/run/ircd
-	mkdir /var/run/ngircd
-	touch /var/run/ngircd/ngircd.pid
-	chown -R irc:irc /var/run/ngircd
+    echo '**************************************************' > /etc/ngircd/motd
+    echo $'*           F R E E D O M B O N E   I R C        *' >> /etc/ngircd/motd
+    echo '*                                                *' >> /etc/ngircd/motd
+    echo $'*               Freedom in the Cloud             *' >> /etc/ngircd/motd
+    echo '**************************************************' >> /etc/ngircd/motd
+    sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
+    sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
+    sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
+    sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf
+    sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
+    sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
+    sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
+    sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
+    sed -i "s/;Ports =.*/Ports = $IRC_PORT/1" /etc/ngircd/ngircd.conf
+    sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf
+    sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
+    sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf
+    sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
+    sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
+    sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
+    IRC_SALT="$(create_password 30)"
+    if [ -f $IMAGE_PASSWORD_FILE ]; then
+        IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    else
+        IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    fi
+    sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
+    sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
+    sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
+    sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
+    sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
+    sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
+    sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
+    if [ $IRC_PASSWORD ]; then
+        sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf
+    fi
+    # If we are on a mesh then DNS is not available
+    if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+        sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf
+    fi
+    # upgrade a cypher
+    sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf
+    mkdir /var/run/ircd
+    chown -R irc:irc /var/run/ircd
+    mkdir /var/run/ngircd
+    touch /var/run/ngircd/ngircd.pid
+    chown -R irc:irc /var/run/ngircd
 
-	IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT})
-	if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then
-		echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE
-	fi
+    IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT})
+    if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then
+        echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE
+    fi
 
-	systemctl restart ngircd
+    systemctl restart ngircd
 
-	# keep the daemon running
-	echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo '  systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo '  echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-	echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    # keep the daemon running
+    echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo '  systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo '  echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
 
-	if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'IRC Server' >> /home/$MY_USERNAME/README
-		echo '==========' >> /home/$MY_USERNAME/README
-		echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		if [[ $ONION_ONLY != 'yes' ]]; then
-			echo "  irssi" >> /home/$MY_USERNAME/README
-			echo "  /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README
-			echo "  /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
-		else
-			echo "  usetorwith irssi" >> /home/$MY_USERNAME/README
-			echo "  /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README
-			echo "  /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
-		fi
-		echo "  /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
+    if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then
+        echo '' >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo $'IRC Server' >> /home/$MY_USERNAME/README
+        echo '==========' >> /home/$MY_USERNAME/README
+        echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        if [[ $ONION_ONLY != 'yes' ]]; then
+            echo "  irssi" >> /home/$MY_USERNAME/README
+            echo "  /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README
+            echo "  /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
+        else
+            echo "  usetorwith irssi" >> /home/$MY_USERNAME/README
+            echo "  /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README
+            echo "  /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
+        fi
+        echo "  /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README
+        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+        chmod 600 /home/$MY_USERNAME/README
+    fi
 
-	function_check configure_firewall_for_irc
-	configure_firewall_for_irc
-	echo 'install_irc_server' >> $COMPLETION_FILE
+    function_check configure_firewall_for_irc
+    configure_firewall_for_irc
+    echo 'install_irc_server' >> $COMPLETION_FILE
 }
 
 function install_irc_client {
-	if grep -Fxq "install_irc_client" $COMPLETION_FILE; then
-		return
-	fi
-	apt-get -y install irssi
+    if grep -Fxq "install_irc_client" $COMPLETION_FILE; then
+        return
+    fi
+    apt-get -y install irssi
 
-	if [ ! -d /home/$MY_USERNAME/.irssi ]; then
-		mkdir /home/$MY_USERNAME/.irssi
-	fi
+    if [ ! -d /home/$MY_USERNAME/.irssi ]; then
+        mkdir /home/$MY_USERNAME/.irssi
+    fi
 
-	echo 'servers = (' > /home/$MY_USERNAME/.irssi/config
-	echo '  {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  },' >> /home/$MY_USERNAME/.irssi/config
-	echo '  {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  },' >> /home/$MY_USERNAME/.irssi/config
-	echo '  {' >> /home/$MY_USERNAME/.irssi/config
-	echo "    address = \"127.0.0.1\";" >> /home/$MY_USERNAME/.irssi/config
-	if [[ $ONION_ONLY == 'no' ]]; then
-		echo "    port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
-		echo '    use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config
-	else
-		IRC_ONION_HOSTNAME=$(cat $COMPLETION_FILE | grep "IRC onion domain" | awk -F ':' '{print $2}')
-		echo "    port = \"${IRC_ONION_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
-		echo '    use_ssl = "no";' >> /home/$MY_USERNAME/.irssi/config
-	fi
-	echo '    chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
-	if [ $IRC_PASSWORD ]; then
-		echo "    password = \"${IRC_PASSWORD}\";" >> /home/$MY_USERNAME/.irssi/config
-	fi
-	echo '  }' >> /home/$MY_USERNAME/.irssi/config
-	echo ');' >> /home/$MY_USERNAME/.irssi/config
-	echo '' >> /home/$MY_USERNAME/.irssi/config
-	echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config
-	echo '  Freedombone = {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  };' >> /home/$MY_USERNAME/.irssi/config
-	echo '  Freenode = {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  };' >> /home/$MY_USERNAME/.irssi/config
-	echo '  OFTC = {' >> /home/$MY_USERNAME/.irssi/config
-	echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
-	echo '  };' >> /home/$MY_USERNAME/.irssi/config
-	echo '};' >> /home/$MY_USERNAME/.irssi/config
-	echo '' >> /home/$MY_USERNAME/.irssi/config
-	echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config
-	echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config
-	echo ');' >> /home/$MY_USERNAME/.irssi/config
-	echo '' >> /home/$MY_USERNAME/.irssi/config
-	echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config
-	echo "  core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config
-	echo '  "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config
-	echo '};' >> /home/$MY_USERNAME/.irssi/config
-	echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config
+    echo 'servers = (' > /home/$MY_USERNAME/.irssi/config
+    echo '  {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  },' >> /home/$MY_USERNAME/.irssi/config
+    echo '  {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  },' >> /home/$MY_USERNAME/.irssi/config
+    echo '  {' >> /home/$MY_USERNAME/.irssi/config
+    echo "    address = \"127.0.0.1\";" >> /home/$MY_USERNAME/.irssi/config
+    if [[ $ONION_ONLY == 'no' ]]; then
+        echo "    port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
+        echo '    use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config
+    else
+        IRC_ONION_HOSTNAME=$(cat $COMPLETION_FILE | grep "IRC onion domain" | awk -F ':' '{print $2}')
+        echo "    port = \"${IRC_ONION_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
+        echo '    use_ssl = "no";' >> /home/$MY_USERNAME/.irssi/config
+    fi
+    echo '    chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
+    if [ $IRC_PASSWORD ]; then
+        echo "    password = \"${IRC_PASSWORD}\";" >> /home/$MY_USERNAME/.irssi/config
+    fi
+    echo '  }' >> /home/$MY_USERNAME/.irssi/config
+    echo ');' >> /home/$MY_USERNAME/.irssi/config
+    echo '' >> /home/$MY_USERNAME/.irssi/config
+    echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config
+    echo '  Freedombone = {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  };' >> /home/$MY_USERNAME/.irssi/config
+    echo '  Freenode = {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  };' >> /home/$MY_USERNAME/.irssi/config
+    echo '  OFTC = {' >> /home/$MY_USERNAME/.irssi/config
+    echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+    echo '  };' >> /home/$MY_USERNAME/.irssi/config
+    echo '};' >> /home/$MY_USERNAME/.irssi/config
+    echo '' >> /home/$MY_USERNAME/.irssi/config
+    echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config
+    echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config
+    echo ');' >> /home/$MY_USERNAME/.irssi/config
+    echo '' >> /home/$MY_USERNAME/.irssi/config
+    echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config
+    echo "  core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config
+    echo '  "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config
+    echo '};' >> /home/$MY_USERNAME/.irssi/config
+    echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config
 
-	chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi
+    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi
 
-	echo 'install_irc_client' >> $COMPLETION_FILE
+    echo 'install_irc_client' >> $COMPLETION_FILE
 }
 
 function install_irc {
-	if grep -Fxq "install_irc" $COMPLETION_FILE; then
-		return
-	fi
-	install_irc_server
-	install_irc_client
-	echo 'install_irc' >> $COMPLETION_FILE
+    if grep -Fxq "install_irc" $COMPLETION_FILE; then
+        return
+    fi
+    install_irc_server
+    install_irc_client
+    echo 'install_irc' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-librevault

@@ -37,6 +37,10 @@ LIBREVAULT_REPO="https://github.com/Librevault/librevault"
 LIBREVAULT_COMMIT='86a6aefcb5cc458f4d42195368fbcff2871f98e3'
 LIBREVAULT_PORT=42345
 
+function change_password_librevault {
+    echo -n ''
+}
+
 function reconfigure_librevault {
     echo -n ''
     # TODO

src/freedombone-app-mediagoblin

@@ -37,389 +37,393 @@ MEDIAGOBLIN_COMMIT='d1ac2d52fd8859c3f32fa38e4836ffe9615e5bba'
 MEDIAGOBLIN_ADMIN_PASSWORD=
 MEDIAGOBLIN_ONION_PORT=8096
 
+function change_password_mediagoblin {
+    echo -n ''
+}
+
 function reconfigure_mediagoblin {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_mediagoblin {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_local_mediagoblin {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_local_mediagoblin {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_remote_mediagoblin {
-	if grep -q "Mediagoblin domain" $COMPLETION_FILE; then
-		MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}')
-		function_check suspend_site
-		suspend_site ${MEDIAGOBLIN_DOMAIN_NAME}
+    if grep -q "Mediagoblin domain" $COMPLETION_FILE; then
+        MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}')
+        function_check suspend_site
+        suspend_site ${MEDIAGOBLIN_DOMAIN_NAME}
 
-		echo $"Backing up Mediagoblin"
+        echo $"Backing up Mediagoblin"
 
-		backup_directory_to_friend /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs mediagoblin
+        backup_directory_to_friend /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs mediagoblin
 
-		function_check restart_site
-		restart_site
+        function_check restart_site
+        restart_site
 
-		echo $"Backup of Mediagoblin complete"
-	fi
+        echo $"Backup of Mediagoblin complete"
+    fi
 }
 
 function restore_remote_mediagoblin {
-	if grep -q "Mediagoblin domain" $COMPLETION_FILE; then
-		MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}')
-		if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then
-			echo $"Restoring Mediagoblin installation"
-			temp_restore_dir=/root/tempmediagoblin
-			function_check restore_directory_from_friend
-			restore_directory_from_friend $temp_restore_dir mediagoblin
-			cp -r $temp_restore_dir/* /
-			if [ ! "$?" = "0" ]; then
-				exit 5626
-			fi
-			rm -rf $temp_restore_dir
-			echo $"Restore of Mediagoblin complete"
-		fi
-		chown -hR mediagoblin:www-data /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
-	fi
+    if grep -q "Mediagoblin domain" $COMPLETION_FILE; then
+        MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}')
+        if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then
+            echo $"Restoring Mediagoblin installation"
+            temp_restore_dir=/root/tempmediagoblin
+            function_check restore_directory_from_friend
+            restore_directory_from_friend $temp_restore_dir mediagoblin
+            cp -r $temp_restore_dir/* /
+            if [ ! "$?" = "0" ]; then
+                exit 5626
+            fi
+            rm -rf $temp_restore_dir
+            echo $"Restore of Mediagoblin complete"
+        fi
+        chown -hR mediagoblin:www-data /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
+    fi
 }
 
 function remove_mediagoblin {
-	echo -n ''
+    echo -n ''
 }
 
 function install_mediagoblin {
-	if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
-		return
-	fi
-
-	MEDIAGOBLIN_WORKING_DIRECTORY=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
-
-	# update to a new commit if needed
-	function_check set_repo_commit
-	set_repo_commit $MEDIAGOBLIN_WORKING_DIRECTORY "Mediagoblin commit" "$MEDIAGOBLIN_COMMIT" $MEDIAGOBLIN_REPO
-	if [ -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
-		chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
-	fi
-
-	if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then
-		return
-	fi
-
-	apt-get -y install git-core python python-dev python-lxml python-pil
-	apt-get -y install python-virtualenv npm nodejs-legacy automake
-	apt-get -y install fcgiwrap
-
-	#apt-get -y install postgresql postgresql-client python-psycopg2
-	#apt-get -y install python-gst-1.0 libjpeg62-turbo-dev gstreamer1.0-plugins-base python-gobject
-	#apt-get -y install gstreamer1.0-plugins-good gstreamer1.0-libav libav-tools gstreamer0.10-tools
-	#apt-get -y install python-numpy python-scipy libsndfile1-dev python-gst0.10-dev
-	#apt-get -y install gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer1.0-tools
-	#su -c "createuser -A -D mediagoblin" - postgres
-	#su -c "createdb -E UNICODE -O mediagoblin mediagoblin" - postgres
-
-	useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin
-	groupadd mediagoblin
-	usermod --append -G mediagoblin mediagoblin
-
-	if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
-		mkdir -p $MEDIAGOBLIN_WORKING_DIRECTORY
-	fi
-
-	function_check git_clone
-	git_clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_WORKING_DIRECTORY
-	cd $MEDIAGOBLIN_WORKING_DIRECTORY
-	git checkout $MEDIAGOBLIN_COMMIT -b $MEDIAGOBLIN_COMMIT
-	git submodule init
-	git submodule update
-
-	if ! grep -q "Mediagoblin commit" $COMPLETION_FILE; then
-		echo "Mediagoblin commit:$MEDIAGOBLIN_COMMIT" >> $COMPLETION_FILE
-	else
-		sed -i "s/Mediagoblin commit.*/Mediagoblin commit:$MEDIAGOBLIN_COMMIT/g" $COMPLETION_FILE
-	fi
-
-	chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bootstrap.sh" - mediagoblin
-	if [ ! "$?" = "0" ]; then
-		exit 278826
-	fi
-
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./configure" - mediagoblin
-	if [ ! "$?" = "0" ]; then
-		exit 462826
-	fi
-
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && make" - mediagoblin
-	if [ ! "$?" = "0" ]; then
-		exit 738229
-	fi
-
-	if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev ]; then
-		mkdir $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
-	fi
-	chmod 750 $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install flup==1.0.3.dev-20110405" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade billiard" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Paste" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade amqp" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade anyjson" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py-bcrypt" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade wtforms" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade python-dateutil" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alembic" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade waitress" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade imagesize" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alabaster" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade snowballstemmer" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade docutils" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Pygments" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade beautifulsoup4" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade WebOb" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py" - mediagoblin
-	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade execnet" - mediagoblin
-
-	# create some directories
-	mkdir /var/log/mediagoblin
-	chown -hR mediagoblin:www-data /var/log/mediagoblin
-	mkdir /var/run/mediagoblin
-	chown -hR mediagoblin:www-data /var/run/mediagoblin
-
-	if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin.ini ]; then
-		echo $'mediagoblin.ini not found'
-		exit 737529
-	fi
-	if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/paste.ini ]; then
-		echo $'paste.ini not found'
-		exit 52762
-	fi
-
-	cp -av mediagoblin.ini mediagoblin_local.ini
-	cp -av paste.ini paste_local.ini
-
-	chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
-
-	# init with systemd
-	echo '[Unit]' > /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'After=network.target' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '[Service]' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'Type=simple' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin_local.ini \\" >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '    CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/celery worker \\" >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '    --logfile=/var/log/mediagoblin/celery.log \' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '    --loglevel=INFO' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo '[Install]' >> /etc/systemd/system/mediagoblin-celeryd.service
-	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-celeryd.service
-
-	echo '[Unit]' > /etc/systemd/system/mediagoblin-paster.service
-	echo 'Description=Mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'After=network.target' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '[Service]' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'Type=forking' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/mediagoblin-paster.service
-	echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-paster.service
-	echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
-	echo "    $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini \\" >> /etc/systemd/system/mediagoblin-paster.service
-	echo '    --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '    --log-file=/var/log/mediagoblin/mediagoblin.log \' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '    --daemon \' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '    --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543' >> /etc/systemd/system/mediagoblin-paster.service
-	echo "ExecStop=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
-	echo '    --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
-	echo "    $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini stop" >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '' >> /etc/systemd/system/mediagoblin-paster.service
-	echo '[Install]' >> /etc/systemd/system/mediagoblin-paster.service
-	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-paster.service
-	systemctl daemon-reload
-	systemctl enable mediagoblin-celeryd
-	systemctl enable mediagoblin-paster
-	systemctl daemon-reload
-	systemctl start mediagoblin-celeryd
-	systemctl start mediagoblin-paster
-
-	MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT})
-	if ! grep -q "Mediagoblin onion domain" $COMPLETION_FILE; then
-		echo "Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}" >> $COMPLETION_FILE
-	else
-		sed -i "s|Mediagoblin onion domain.*|Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}|g" $COMPLETION_FILE
-	fi
-	if [[ $MEDIAGOBLIN_ONION_HOSTNAME == *"not found"* ]]; then
-		echo $'Problem creating onion address for mediagoblin'
-		exit 672652
-	fi
-
-	# web config
-	MEDIAGOBLIN_VIRTUAL_HOST=/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-	function_check nginx_http_redirect
-	nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME
-	if [[ $ONION_ONLY == 'no' ]]; then
-		echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  listen 443 ssl;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  default_type  application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		function_check nginx_limits
-		nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
-		function_check nginx_ssl
-		nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
-		function_check nginx_disable_sniffing
-		nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo "  server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '    fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '    include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '    # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '      # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '    fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '    fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
-		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	else
-		echo -n '' > $MEDIAGOBLIN_VIRTUAL_HOST
-	fi
-
-	echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo "  listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  default_type  application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	function_check nginx_limits
-	nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
-	function_check nginx_disable_sniffing
-	nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
-	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo "  server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '    fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '    include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '    # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '      # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '    fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '    fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
-
-	function_check create_site_certificate
-	create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME
-
-	nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
-	systemctl restart php5-fpm
-	systemctl restart nginx
-
-	add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
-
-	if ! grep -q "Mediagoblin domain" $COMPLETION_FILE; then
-		echo "Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME" >> $COMPLETION_FILE
-	else
-		sed -i "s/Mediagoblin domain.*/Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME/g" $COMPLETION_FILE
-	fi
-
-	echo 'install_mediagoblin' >> $COMPLETION_FILE
+    if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
+        return
+    fi
+
+    MEDIAGOBLIN_WORKING_DIRECTORY=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
+
+    # update to a new commit if needed
+    function_check set_repo_commit
+    set_repo_commit $MEDIAGOBLIN_WORKING_DIRECTORY "Mediagoblin commit" "$MEDIAGOBLIN_COMMIT" $MEDIAGOBLIN_REPO
+    if [ -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
+        chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
+    fi
+
+    if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then
+        return
+    fi
+
+    apt-get -y install git-core python python-dev python-lxml python-pil
+    apt-get -y install python-virtualenv npm nodejs-legacy automake
+    apt-get -y install fcgiwrap
+
+    #apt-get -y install postgresql postgresql-client python-psycopg2
+    #apt-get -y install python-gst-1.0 libjpeg62-turbo-dev gstreamer1.0-plugins-base python-gobject
+    #apt-get -y install gstreamer1.0-plugins-good gstreamer1.0-libav libav-tools gstreamer0.10-tools
+    #apt-get -y install python-numpy python-scipy libsndfile1-dev python-gst0.10-dev
+    #apt-get -y install gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer1.0-tools
+    #su -c "createuser -A -D mediagoblin" - postgres
+    #su -c "createdb -E UNICODE -O mediagoblin mediagoblin" - postgres
+
+    useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin
+    groupadd mediagoblin
+    usermod --append -G mediagoblin mediagoblin
+
+    if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
+        mkdir -p $MEDIAGOBLIN_WORKING_DIRECTORY
+    fi
+
+    function_check git_clone
+    git_clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_WORKING_DIRECTORY
+    cd $MEDIAGOBLIN_WORKING_DIRECTORY
+    git checkout $MEDIAGOBLIN_COMMIT -b $MEDIAGOBLIN_COMMIT
+    git submodule init
+    git submodule update
+
+    if ! grep -q "Mediagoblin commit" $COMPLETION_FILE; then
+        echo "Mediagoblin commit:$MEDIAGOBLIN_COMMIT" >> $COMPLETION_FILE
+    else
+        sed -i "s/Mediagoblin commit.*/Mediagoblin commit:$MEDIAGOBLIN_COMMIT/g" $COMPLETION_FILE
+    fi
+
+    chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bootstrap.sh" - mediagoblin
+    if [ ! "$?" = "0" ]; then
+        exit 278826
+    fi
+
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./configure" - mediagoblin
+    if [ ! "$?" = "0" ]; then
+        exit 462826
+    fi
+
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && make" - mediagoblin
+    if [ ! "$?" = "0" ]; then
+        exit 738229
+    fi
+
+    if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev ]; then
+        mkdir $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
+    fi
+    chmod 750 $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install flup==1.0.3.dev-20110405" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade billiard" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Paste" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade amqp" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade anyjson" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py-bcrypt" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade wtforms" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade python-dateutil" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alembic" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade waitress" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade imagesize" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alabaster" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade snowballstemmer" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade docutils" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Pygments" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade beautifulsoup4" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade WebOb" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py" - mediagoblin
+    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade execnet" - mediagoblin
+
+    # create some directories
+    mkdir /var/log/mediagoblin
+    chown -hR mediagoblin:www-data /var/log/mediagoblin
+    mkdir /var/run/mediagoblin
+    chown -hR mediagoblin:www-data /var/run/mediagoblin
+
+    if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin.ini ]; then
+        echo $'mediagoblin.ini not found'
+        exit 737529
+    fi
+    if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/paste.ini ]; then
+        echo $'paste.ini not found'
+        exit 52762
+    fi
+
+    cp -av mediagoblin.ini mediagoblin_local.ini
+    cp -av paste.ini paste_local.ini
+
+    chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
+
+    # init with systemd
+    echo '[Unit]' > /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'After=network.target' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '[Service]' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'Type=simple' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin_local.ini \\" >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '    CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/celery worker \\" >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '    --logfile=/var/log/mediagoblin/celery.log \' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '    --loglevel=INFO' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo '[Install]' >> /etc/systemd/system/mediagoblin-celeryd.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-celeryd.service
+
+    echo '[Unit]' > /etc/systemd/system/mediagoblin-paster.service
+    echo 'Description=Mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'After=network.target' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '[Service]' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'Type=forking' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/mediagoblin-paster.service
+    echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-paster.service
+    echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
+    echo "    $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini \\" >> /etc/systemd/system/mediagoblin-paster.service
+    echo '    --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '    --log-file=/var/log/mediagoblin/mediagoblin.log \' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '    --daemon \' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '    --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543' >> /etc/systemd/system/mediagoblin-paster.service
+    echo "ExecStop=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
+    echo '    --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
+    echo "    $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini stop" >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '' >> /etc/systemd/system/mediagoblin-paster.service
+    echo '[Install]' >> /etc/systemd/system/mediagoblin-paster.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-paster.service
+    systemctl daemon-reload
+    systemctl enable mediagoblin-celeryd
+    systemctl enable mediagoblin-paster
+    systemctl daemon-reload
+    systemctl start mediagoblin-celeryd
+    systemctl start mediagoblin-paster
+
+    MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT})
+    if ! grep -q "Mediagoblin onion domain" $COMPLETION_FILE; then
+        echo "Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}" >> $COMPLETION_FILE
+    else
+        sed -i "s|Mediagoblin onion domain.*|Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}|g" $COMPLETION_FILE
+    fi
+    if [[ $MEDIAGOBLIN_ONION_HOSTNAME == *"not found"* ]]; then
+        echo $'Problem creating onion address for mediagoblin'
+        exit 672652
+    fi
+
+    # web config
+    MEDIAGOBLIN_VIRTUAL_HOST=/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+    function_check nginx_http_redirect
+    nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME
+    if [[ $ONION_ONLY == 'no' ]]; then
+        echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  listen 443 ssl;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  default_type  application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        function_check nginx_limits
+        nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
+        function_check nginx_ssl
+        nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
+        function_check nginx_disable_sniffing
+        nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+        echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo "  server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '    fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '    include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '    # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '      # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '    fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '    fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
+        echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    else
+        echo -n '' > $MEDIAGOBLIN_VIRTUAL_HOST
+    fi
+
+    echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo "  listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  default_type  application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    function_check nginx_limits
+    nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
+    function_check nginx_disable_sniffing
+    nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo "  server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '    fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '    include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '    # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '      # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '    fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '    fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+    echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
+
+    function_check create_site_certificate
+    create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME
+
+    nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
+    systemctl restart php5-fpm
+    systemctl restart nginx
+
+    add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
+
+    if ! grep -q "Mediagoblin domain" $COMPLETION_FILE; then
+        echo "Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME" >> $COMPLETION_FILE
+    else
+        sed -i "s/Mediagoblin domain.*/Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME/g" $COMPLETION_FILE
+    fi
+
+    echo 'install_mediagoblin' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-mumble

@@ -39,257 +39,261 @@ VOIP_PORT=64738
 VOIP_DATABASE="mumble-server.sqlite"
 VOIP_CONFIG_FILE="mumble-server.ini"
 
+function change_password_mumble {
+    echo -n ''
+}
+
 function reconfigure_mumble {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_mumble {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_local_mumble {
-	if [ -f /etc/mumble-server.ini ]; then
-		echo $"Backing up Mumble settings"
-		temp_backup_dir=/root/tempvoipbackup
-		if [ ! -d $temp_backup_dir ]; then
-			mkdir -p $temp_backup_dir
-		fi
-		cp -f /etc/mumble-server.ini $temp_backup_dir
-		cp -f /var/lib/mumble-server/mumble-server.sqlite $temp_backup_dir
-		backup_directory_to_usb $temp_backup_dir voip
-		echo $"Mumble settings backup complete"
-	fi
+    if [ -f /etc/mumble-server.ini ]; then
+        echo $"Backing up Mumble settings"
+        temp_backup_dir=/root/tempvoipbackup
+        if [ ! -d $temp_backup_dir ]; then
+            mkdir -p $temp_backup_dir
+        fi
+        cp -f /etc/mumble-server.ini $temp_backup_dir
+        cp -f /var/lib/mumble-server/mumble-server.sqlite $temp_backup_dir
+        backup_directory_to_usb $temp_backup_dir voip
+        echo $"Mumble settings backup complete"
+    fi
 }
 
 function restore_local_mumble {
-	if [ -d $USB_MOUNT/backup/voip ]; then
-		echo $"Restoring VoIP settings"
-		temp_restore_dir=/root/tempvoip
-		function_check restore_directory_from_usb
-		restore_directory_from_usb $temp_restore_dir voip
-		cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
-		if [ ! "$?" = "0" ]; then
-			rm -rf $temp_restore_dir
-			function_check set_user_permissions
-			set_user_permissions
-			function_check backup_unmount_drive
-			backup_unmount_drive
-			exit 3679
-		fi
-		cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
-		if [ ! "$?" = "0" ]; then
-			rm -rf $temp_restore_dir
-			function_check set_user_permissions
-			set_user_permissions
-			function_check backup_unmount_drive
-			backup_unmount_drive
-			exit 276
-		fi
-		rm -rf $temp_restore_dir
-		cp /etc/ssl/certs/mumble* /var/lib/mumble-server
-		cp /etc/ssl/private/mumble* /var/lib/mumble-server
-		chown -R mumble-server:mumble-server /var/lib/mumble-server
-		service mumble-server restart
-	fi
+    if [ -d $USB_MOUNT/backup/voip ]; then
+        echo $"Restoring VoIP settings"
+        temp_restore_dir=/root/tempvoip
+        function_check restore_directory_from_usb
+        restore_directory_from_usb $temp_restore_dir voip
+        cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
+        if [ ! "$?" = "0" ]; then
+            rm -rf $temp_restore_dir
+            function_check set_user_permissions
+            set_user_permissions
+            function_check backup_unmount_drive
+            backup_unmount_drive
+            exit 3679
+        fi
+        cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
+        if [ ! "$?" = "0" ]; then
+            rm -rf $temp_restore_dir
+            function_check set_user_permissions
+            set_user_permissions
+            function_check backup_unmount_drive
+            backup_unmount_drive
+            exit 276
+        fi
+        rm -rf $temp_restore_dir
+        cp /etc/ssl/certs/mumble* /var/lib/mumble-server
+        cp /etc/ssl/private/mumble* /var/lib/mumble-server
+        chown -R mumble-server:mumble-server /var/lib/mumble-server
+        service mumble-server restart
+    fi
 }
 
 function backup_remote_mumble {
-	if [ -f /etc/mumble-server.ini ]; then
-		echo $"Backing up VoIP settings"
-		if [ ! -d /root/tempvoipbackup ]; then
-			mkdir -p /root/tempvoipbackup
-		fi
-		cp -f /etc/mumble-server.ini /root/tempvoipbackup
-		cp -f /var/lib/mumble-server/mumble-server.sqlite /root/tempvoipbackup
-		backup_directory_to_friend /root/tempvoipbackup voip
-		echo $"Backup of VoIP settings complete"
-	fi
+    if [ -f /etc/mumble-server.ini ]; then
+        echo $"Backing up VoIP settings"
+        if [ ! -d /root/tempvoipbackup ]; then
+            mkdir -p /root/tempvoipbackup
+        fi
+        cp -f /etc/mumble-server.ini /root/tempvoipbackup
+        cp -f /var/lib/mumble-server/mumble-server.sqlite /root/tempvoipbackup
+        backup_directory_to_friend /root/tempvoipbackup voip
+        echo $"Backup of VoIP settings complete"
+    fi
 }
 
 function restore_remote_mumble {
-	if [ -d $SERVER_DIRECTORY/backup/voip ]; then
-		echo $"Restoring Mumble settings"
-		temp_restore_dir=/root/tempvoip
-		function_check restore_directory_from_friend
-		restore_directory_from_friend $temp_restore_dir voip
-		cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
-		if [ ! "$?" = "0" ]; then
-			rm -rf $temp_restore_dir
-			exit 7823
-		fi
-		cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
-		if [ ! "$?" = "0" ]; then
-			rm -rf $temp_restore_dir
-			exit 7823
-		fi
-		cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
-		if [ ! "$?" = "0" ]; then
-			rm -rf $temp_restore_dir
-			exit 276
-		fi
-		rm -rf $temp_restore_dir
-		cp /etc/ssl/certs/mumble* /var/lib/mumble-server
-		cp /etc/ssl/private/mumble* /var/lib/mumble-server
-		chown -R mumble-server:mumble-server /var/lib/mumble-server
-		service mumble-server restart
-		echo $"Restore of Mumble complete"
-	fi
+    if [ -d $SERVER_DIRECTORY/backup/voip ]; then
+        echo $"Restoring Mumble settings"
+        temp_restore_dir=/root/tempvoip
+        function_check restore_directory_from_friend
+        restore_directory_from_friend $temp_restore_dir voip
+        cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
+        if [ ! "$?" = "0" ]; then
+            rm -rf $temp_restore_dir
+            exit 7823
+        fi
+        cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
+        if [ ! "$?" = "0" ]; then
+            rm -rf $temp_restore_dir
+            exit 7823
+        fi
+        cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
+        if [ ! "$?" = "0" ]; then
+            rm -rf $temp_restore_dir
+            exit 276
+        fi
+        rm -rf $temp_restore_dir
+        cp /etc/ssl/certs/mumble* /var/lib/mumble-server
+        cp /etc/ssl/private/mumble* /var/lib/mumble-server
+        chown -R mumble-server:mumble-server /var/lib/mumble-server
+        service mumble-server restart
+        echo $"Restore of Mumble complete"
+    fi
 }
 
 function remove_mumble {
-	if !grep -Fxq "install_mumble" $COMPLETION_FILE; then
-		if ! grep -Fxq "install_voip" $COMPLETION_FILE; then
-			return
-		fi
-	fi
-	apt-get -y remove --purge mumble-server
-	if [[ $ONION_ONLY == "no" ]]; then
-		iptables -D INPUT -p udp --dport $VOIP_PORT -j ACCEPT
-		iptables -D INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
-		function_check save_firewall_settings
-		save_firewall_settings
-	fi
-	if [ -f /etc/mumble-server.ini ]; then
-		rm /etc/mumble-server.ini
-	fi
-	function_check remove_onion_service
-	remove_onion_service voip ${VOIP_PORT}
-	sed -i '/install_mumble/d' $COMPLETION_FILE
-	sed -i '/install_voip/d' $COMPLETION_FILE
-	sed -i '/configure_firewall_for_voip/d' $COMPLETION_FILE
-	sed -i '/VoIP /d' $COMPLETION_FILE
+    if !grep -Fxq "install_mumble" $COMPLETION_FILE; then
+        if ! grep -Fxq "install_voip" $COMPLETION_FILE; then
+            return
+        fi
+    fi
+    apt-get -y remove --purge mumble-server
+    if [[ $ONION_ONLY == "no" ]]; then
+        iptables -D INPUT -p udp --dport $VOIP_PORT -j ACCEPT
+        iptables -D INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
+        function_check save_firewall_settings
+        save_firewall_settings
+    fi
+    if [ -f /etc/mumble-server.ini ]; then
+        rm /etc/mumble-server.ini
+    fi
+    function_check remove_onion_service
+    remove_onion_service voip ${VOIP_PORT}
+    sed -i '/install_mumble/d' $COMPLETION_FILE
+    sed -i '/install_voip/d' $COMPLETION_FILE
+    sed -i '/configure_firewall_for_voip/d' $COMPLETION_FILE
+    sed -i '/VoIP /d' $COMPLETION_FILE
 }
 
 function get_voip_server_password {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "VoIP server password" /home/$MY_USERNAME/README; then
-			if [ ! $VOIP_SERVER_PASSWORD ]; then
-				VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
-			fi
-		else
-			if grep -q "Mumble server password" /home/$MY_USERNAME/README; then
-				if [ ! $VOIP_SERVER_PASSWORD ]; then
-					VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Mumble server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
-				fi
-			fi
-		fi
-	fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+        if grep -q "VoIP server password" /home/$MY_USERNAME/README; then
+            if [ ! $VOIP_SERVER_PASSWORD ]; then
+                VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+            fi
+        else
+            if grep -q "Mumble server password" /home/$MY_USERNAME/README; then
+                if [ ! $VOIP_SERVER_PASSWORD ]; then
+                    VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Mumble server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+                fi
+            fi
+        fi
+    fi
 }
 
 function configure_firewall_for_voip {
-	if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $ONION_ONLY != "no" ]]; then
-		return
-	fi
-	iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
-	iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
+    if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
+        return
+    fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
+    iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
 
-	OPEN_PORTS+=("Mumble   $VOIP_PORT")
-	echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
+    OPEN_PORTS+=("Mumble   $VOIP_PORT")
+    echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
 }
 
 function install_mumble {
-	if grep -Fxq "install_mumble" $COMPLETION_FILE; then
-		return
-	fi
-	if grep -Fxq "install_voip" $COMPLETION_FILE; then
-		return
-	fi
-	apt-get -y install mumble-server
+    if grep -Fxq "install_mumble" $COMPLETION_FILE; then
+        return
+    fi
+    if grep -Fxq "install_voip" $COMPLETION_FILE; then
+        return
+    fi
+    apt-get -y install mumble-server
 
-	function_check get_voip_server_password
-	get_voip_server_password
-	if [ ! $VOIP_SERVER_PASSWORD ]; then
-		if [ -f $IMAGE_PASSWORD_FILE ]; then
-			VOIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-		else
-			VOIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-			if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
-				VOIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-			fi
-		fi
-	fi
+    function_check get_voip_server_password
+    get_voip_server_password
+    if [ ! $VOIP_SERVER_PASSWORD ]; then
+        if [ -f $IMAGE_PASSWORD_FILE ]; then
+            VOIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+        else
+            VOIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+                VOIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            fi
+        fi
+    fi
 
-	# Make an ssl cert for the server
-	if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
-		${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
-		function_check check_certificates
-		check_certificates mumble
-	fi
+    # Make an ssl cert for the server
+    if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
+        ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
+        function_check check_certificates
+        check_certificates mumble
+    fi
 
-	# Check that the cert was created
-	if [ ! -f /etc/ssl/certs/mumble.crt ]; then
-		echo $'VoIP server certificate not created'
-		exit 57892
-	fi
-	if [ ! -f /etc/ssl/private/mumble.key ]; then
-		echo $'VoIP server key not created'
-		exit 57893
-	fi
-	if [ ! -d /var/lib/mumble-server ]; then
-		mkdir /var/lib/mumble-server
-	fi
-	cp /etc/ssl/certs/mumble.* /var/lib/mumble-server
-	cp /etc/ssl/private/mumble.key /var/lib/mumble-server
-	chown -R mumble-server:mumble-server /var/lib/mumble-server
+    # Check that the cert was created
+    if [ ! -f /etc/ssl/certs/mumble.crt ]; then
+        echo $'VoIP server certificate not created'
+        exit 57892
+    fi
+    if [ ! -f /etc/ssl/private/mumble.key ]; then
+        echo $'VoIP server key not created'
+        exit 57893
+    fi
+    if [ ! -d /var/lib/mumble-server ]; then
+        mkdir /var/lib/mumble-server
+    fi
+    cp /etc/ssl/certs/mumble.* /var/lib/mumble-server
+    cp /etc/ssl/private/mumble.key /var/lib/mumble-server
+    chown -R mumble-server:mumble-server /var/lib/mumble-server
 
-	sed -i "s|welcometext=.*|welcometext=\"<br />Welcome to $DEFAULT_DOMAIN_NAME <b>VoIP</b>.<br />Chat freely!<br />\"|g" /etc/mumble-server.ini
+    sed -i "s|welcometext=.*|welcometext=\"<br />Welcome to $DEFAULT_DOMAIN_NAME <b>VoIP</b>.<br />Chat freely!<br />\"|g" /etc/mumble-server.ini
 
-	if [[ $VOIP_SERVER_PASSWORD && $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
-		sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini
-	fi
+    if [[ $VOIP_SERVER_PASSWORD && $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+        sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini
+    fi
 
-	sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini
-	sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini
-	sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini
-	sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
-	sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
-	if ! grep -q "allowping" /etc/mumble-server.ini; then
-		echo 'allowping=False' >> /etc/mumble-server.ini
-	fi
-	sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
-	sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.crt|g' /etc/mumble-server.ini
-	sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
-	sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
-	sed -i 's|users=100|users=10|g' /etc/mumble-server.ini
-	sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini
-	sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
-	sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
-	sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini
-	sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
-	sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
-	sed -i "s|port=.*|port=${VOIP_PORT}|g" /etc/mumble-server.ini
+    sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini
+    sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini
+    sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini
+    sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
+    sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
+    if ! grep -q "allowping" /etc/mumble-server.ini; then
+        echo 'allowping=False' >> /etc/mumble-server.ini
+    fi
+    sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
+    sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.crt|g' /etc/mumble-server.ini
+    sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
+    sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
+    sed -i 's|users=100|users=10|g' /etc/mumble-server.ini
+    sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini
+    sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
+    sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
+    sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini
+    sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
+    sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
+    sed -i "s|port=.*|port=${VOIP_PORT}|g" /etc/mumble-server.ini
 
-	VOIP_ONION_HOSTNAME=$(add_onion_service voip ${VOIP_PORT} ${VOIP_PORT})
-	if ! grep -q $"VoIP onion domain" $COMPLETION_FILE; then
-		echo "VoIP onion domain:$VOIP_ONION_HOSTNAME" >> $COMPLETION_FILE
-	fi
+    VOIP_ONION_HOSTNAME=$(add_onion_service voip ${VOIP_PORT} ${VOIP_PORT})
+    if ! grep -q $"VoIP onion domain" $COMPLETION_FILE; then
+        echo "VoIP onion domain:$VOIP_ONION_HOSTNAME" >> $COMPLETION_FILE
+    fi
 
-	systemctl restart mumble-server
+    systemctl restart mumble-server
 
-	if ! grep -q $"Mumble Server" /home/$MY_USERNAME/README; then
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'Mumble Server' >> /home/$MY_USERNAME/README
-		echo '=============' >> /home/$MY_USERNAME/README
-		echo $"Mumble onion domain:$VOIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
-		echo $'Mumble server username: mumble-server' >> /home/$MY_USERNAME/README
-		if [[ $SYSTEM_TYPE != "VARIANT_MESH" ]]; then
-			echo $"Mumble server password: $VOIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
-		fi
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'To connect to the Mumble server use your username and the server password shown above.' >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
+    if ! grep -q $"Mumble Server" /home/$MY_USERNAME/README; then
+        echo '' >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo $'Mumble Server' >> /home/$MY_USERNAME/README
+        echo '=============' >> /home/$MY_USERNAME/README
+        echo $"Mumble onion domain:$VOIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
+        echo $'Mumble server username: mumble-server' >> /home/$MY_USERNAME/README
+        if [[ $SYSTEM_TYPE != "VARIANT_MESH" ]]; then
+            echo $"Mumble server password: $VOIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
+        fi
+        echo '' >> /home/$MY_USERNAME/README
+        echo $'To connect to the Mumble server use your username and the server password shown above.' >> /home/$MY_USERNAME/README
+        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+        chmod 600 /home/$MY_USERNAME/README
+    fi
 
-	function_check configure_firewall_for_voip
-	configure_firewall_for_voip
-	echo 'install_mumble' >> $COMPLETION_FILE
+    function_check configure_firewall_for_voip
+    configure_firewall_for_voip
+    echo 'install_mumble' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-rss

@@ -42,6 +42,10 @@ RSS_READER_PATH=/etc/share/tt-rss
 RSS_READER_GNUSOCIAL_REPO="https://github.com/bashrc/ttrss-gnusocial"
 RSS_READER_GNUSOCIAL_COMMIT='20b2535e3f2b0ddc0117b584bdcaa6bf7a2d9fa2'
 
+function change_password_rss {
+    echo -n ''
+}
+
 function get_mariadb_rss_admin_password {
     if [ -f /home/$MY_USERNAME/README ]; then
         if grep -q "RSS reader admin password" /home/$MY_USERNAME/README; then

src/freedombone-app-searx

@@ -38,259 +38,263 @@ SEARX_ONION_HOSTNAME=
 SEARX_LOGIN_TEXT=$"Search engine login"
 SEARX_PASSWORD=
 
+function change_password_searx {
+    echo -n ''
+}
+
 function reconfigure_searx {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_searx {
-	if ! grep -Fxq "install_searx" $COMPLETION_FILE; then
-		return
-	fi
-
-	set_repo_commit $SEARX_PATH/searx "Search engine commit" "$SEARX_COMMIT" $SEARX_REPO
-	if grep "Search engine key" $COMPLETION_FILE; then
-		if [ -f ${SEARX_PATH}/searx/searx/settings.yml ]; then
-			# note: this might change to a --tor option in a later version
-			if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
-				echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
-				echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
-				echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
-				echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
-			fi
-			SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
-			sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
-			if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then
-				SEARX_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname)
-				sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
-			fi
-		fi
-	fi
+    if ! grep -Fxq "install_searx" $COMPLETION_FILE; then
+        return
+    fi
+
+    set_repo_commit $SEARX_PATH/searx "Search engine commit" "$SEARX_COMMIT" $SEARX_REPO
+    if grep "Search engine key" $COMPLETION_FILE; then
+        if [ -f ${SEARX_PATH}/searx/searx/settings.yml ]; then
+            # note: this might change to a --tor option in a later version
+            if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
+                echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
+                echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
+                echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
+                echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
+            fi
+            SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
+            sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
+            if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then
+                SEARX_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname)
+                sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
+            fi
+        fi
+    fi
 }
 
 function backup_local_searx {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_local_searx {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_remote_searx {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_remote_searx {
-	echo -n ''
+    echo -n ''
 }
 
 function remove_searx {
-	if ! grep -Fxq "install_searx" $COMPLETION_FILE; then
-		return
-	fi
-	systemctl stop searx
-	systemctl disable searx
-	rm /etc/systemd/system/searx.service
-	function_check remove_onion_service
-	remove_onion_service searx ${SEARX_ONION_PORT}
-	userdel -r searx
-	nginx_dissite searx
-	if [ -f /etc/nginx/sites-available/searx ]; then
-		rm /etc/nginx/sites-available/searx
-	fi
-	if [ -d ${SEARX_PATH}/searx ]; then
-		rm -rf ${SEARX_PATH}/searx
-	fi
-	sed -i '/install_searx/d' $COMPLETION_FILE
-	sed -i '/Search engine /d' $COMPLETION_FILE
+    if ! grep -Fxq "install_searx" $COMPLETION_FILE; then
+        return
+    fi
+    systemctl stop searx
+    systemctl disable searx
+    rm /etc/systemd/system/searx.service
+    function_check remove_onion_service
+    remove_onion_service searx ${SEARX_ONION_PORT}
+    userdel -r searx
+    nginx_dissite searx
+    if [ -f /etc/nginx/sites-available/searx ]; then
+        rm /etc/nginx/sites-available/searx
+    fi
+    if [ -d ${SEARX_PATH}/searx ]; then
+        rm -rf ${SEARX_PATH}/searx
+    fi
+    sed -i '/install_searx/d' $COMPLETION_FILE
+    sed -i '/Search engine /d' $COMPLETION_FILE
 }
 
 function install_searx {
-	# Note: currently socks5 outgoing proxies to other search engines does not work
-	if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
-		return
-	fi
-	if [ ! -d /etc/nginx ]; then
-		echo $'Webserver is not installed'
-		exit 62429
-	fi
-
-	if grep -Fxq "install_searx" $COMPLETION_FILE; then
-		return
-	fi
-
-	apt-get -y install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils
-	apt-get -y install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi
-
-	pip install --upgrade pip
-
-	pip install certifi
-	if [ ! "$?" = "0" ]; then
-		echo $'Failed to install certifi'
-		exit 737692
-	fi
-
-	pip install pyyaml
-	if [ ! "$?" = "0" ]; then
-		echo $'Failed to install pyyaml'
-		exit 469242
-	fi
-
-	pip install flask --upgrade
-	if [ ! "$?" = "0" ]; then
-		echo $'Failed to install flask'
-		exit 888575
-	fi
-
-	pip install flask_restless --upgrade
-	if [ ! "$?" = "0" ]; then
-		echo $'Failed to install flask_restless'
-		exit 54835
-	fi
-
-	pip install flask_babel --upgrade
-	if [ ! "$?" = "0" ]; then
-		echo $'Failed to install flask_babel'
-		exit 63738
-	fi
-
-	if [ ! -d $SEARX_PATH ]; then
-		mkdir -p $SEARX_PATH
-	fi
-
-	# clone the repo
-	cd $SEARX_PATH
-	function_check git_clone
-	git_clone $SEARX_REPO searx
-	git checkout $SEARX_COMMIT -b $SEARX_COMMIT
-	if ! grep -q "Search engine commit" $COMPLETION_FILE; then
-		echo "Search engine commit:$SEARX_COMMIT" >> $COMPLETION_FILE
-	else
-		sed -i "s/Search engine commit.*/Search engine commit:$SEARX_COMMIT/g" $COMPLETION_FILE
-	fi
-
-	# create an onion service
-	SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT})
-	if ! grep "Search engine onion domain" $COMPLETION_FILE; then
-		echo "Search engine onion domain:${SEARX_ONION_HOSTNAME}" >> $COMPLETION_FILE
-	else
-		sed -i "s|Search engine onion domain.*|Search engine onion domain:${SEARX_ONION_HOSTNAME}|g" $COMPLETION_FILE
-	fi
-
-	# an unprivileged user to run as
-	useradd -d ${SEARX_PATH}/searx/ -s /bin/false searx
-	adduser searx debian-tor
-
-	# daemon
-	echo '[Unit]' > /etc/systemd/system/searx.service
-	echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service
-	echo 'After=syslog.target' >> /etc/systemd/system/searx.service
-	echo 'After=network.target' >> /etc/systemd/system/searx.service
-	echo '' >> /etc/systemd/system/searx.service
-	echo '[Service]' >> /etc/systemd/system/searx.service
-	echo 'Type=simple' >> /etc/systemd/system/searx.service
-	echo 'User=searx' >> /etc/systemd/system/searx.service
-	echo 'Group=searx' >> /etc/systemd/system/searx.service
-	echo "WorkingDirectory=${SEARX_PATH}/searx" >> /etc/systemd/system/searx.service
-	echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service
-	echo 'Restart=always' >> /etc/systemd/system/searx.service
-	echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service
-	echo '' >> /etc/systemd/system/searx.service
-	echo '[Install]' >> /etc/systemd/system/searx.service
-	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service
-
-	# create a webserver file
-	echo 'server {' > /etc/nginx/sites-available/searx
-	echo "    listen 127.0.0.1:${SEARX_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx
-	echo "    root ${SEARX_PATH}/searx;" >> /etc/nginx/sites-available/searx
-	echo "    server_name ${SEARX_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx
-	echo '    access_log off;' >> /etc/nginx/sites-available/searx
-	echo "    error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx
-	echo '' >> /etc/nginx/sites-available/searx
-	function_check nginx_limits
-	nginx_limits searx '1M'
-	function_check nginx_disable_sniffing
-	nginx_disable_sniffing searx
-	echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx
-	echo '' >> /etc/nginx/sites-available/searx
-	echo '    location / {' >> /etc/nginx/sites-available/searx
-	echo '        proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx
-	echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/searx
-	echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/searx
-	echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/searx
-	echo '        proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx
-	echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx
-	echo '        proxy_redirect off;' >> /etc/nginx/sites-available/searx
-
-	echo "        auth_basic \"${SEARX_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
-	echo '        auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx
-	echo '    }' >> /etc/nginx/sites-available/searx
-	echo '' >> /etc/nginx/sites-available/searx
-	echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
-	echo '' >> /etc/nginx/sites-available/searx
-	echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx
-	echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx
-	echo '' >> /etc/nginx/sites-available/searx
-	echo '    location = /robots.txt {' >> /etc/nginx/sites-available/searx
-	echo '        allow all;' >> /etc/nginx/sites-available/searx
-	echo '        log_not_found off;' >> /etc/nginx/sites-available/searx
-	echo '        access_log off;' >> /etc/nginx/sites-available/searx
-	echo '    }' >> /etc/nginx/sites-available/searx
-	echo '}' >> /etc/nginx/sites-available/searx
-
-	# replace the secret key
-	if ! grep "Search engine key" $COMPLETION_FILE; then
-		SEARX_SECRET_KEY="$(create_password 30)"
-		echo "Search engine key:${SEARX_SECRET_KEY}" >> $COMPLETION_FILE
-	else
-		SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
-	fi
-	sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
-	sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings_robot.yml
-	sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
-	sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings_robot.yml
-
-	# note: this might change to a --tor option in a later version
-	if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
-		echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
-		echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
-		echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
-		echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
-	fi
-
-	chown -R searx:searx ${SEARX_PATH}/searx
-
-	# enable the site
-	nginx_ensite searx
-
-	# restart the web server
-	systemctl restart php5-fpm
-	systemctl restart nginx
-
-	# start the daemon
-	systemctl enable searx.service
-	systemctl daemon-reload
-	systemctl start searx.service
-
-	if ! grep -q "Your search engine password is" /home/$MY_USERNAME/README; then
-		if [ ${#SEARX_PASSWORD} -lt 8 ]; then
-			if [ -f $IMAGE_PASSWORD_FILE ]; then
-				SEARX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-			else
-				SEARX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-			fi
-		fi
-		echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'Search Engine' >> /home/$MY_USERNAME/README
-		echo '=============' >> /home/$MY_USERNAME/README
-		echo $"Search engine onion domain: ${SEARX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
-		echo $"Your search engine password is: $SEARX_PASSWORD" >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
-
-	echo 'install_searx' >> $COMPLETION_FILE
+    # Note: currently socks5 outgoing proxies to other search engines does not work
+    if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+        return
+    fi
+    if [ ! -d /etc/nginx ]; then
+        echo $'Webserver is not installed'
+        exit 62429
+    fi
+
+    if grep -Fxq "install_searx" $COMPLETION_FILE; then
+        return
+    fi
+
+    apt-get -y install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils
+    apt-get -y install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi
+
+    pip install --upgrade pip
+
+    pip install certifi
+    if [ ! "$?" = "0" ]; then
+        echo $'Failed to install certifi'
+        exit 737692
+    fi
+
+    pip install pyyaml
+    if [ ! "$?" = "0" ]; then
+        echo $'Failed to install pyyaml'
+        exit 469242
+    fi
+
+    pip install flask --upgrade
+    if [ ! "$?" = "0" ]; then
+        echo $'Failed to install flask'
+        exit 888575
+    fi
+
+    pip install flask_restless --upgrade
+    if [ ! "$?" = "0" ]; then
+        echo $'Failed to install flask_restless'
+        exit 54835
+    fi
+
+    pip install flask_babel --upgrade
+    if [ ! "$?" = "0" ]; then
+        echo $'Failed to install flask_babel'
+        exit 63738
+    fi
+
+    if [ ! -d $SEARX_PATH ]; then
+        mkdir -p $SEARX_PATH
+    fi
+
+    # clone the repo
+    cd $SEARX_PATH
+    function_check git_clone
+    git_clone $SEARX_REPO searx
+    git checkout $SEARX_COMMIT -b $SEARX_COMMIT
+    if ! grep -q "Search engine commit" $COMPLETION_FILE; then
+        echo "Search engine commit:$SEARX_COMMIT" >> $COMPLETION_FILE
+    else
+        sed -i "s/Search engine commit.*/Search engine commit:$SEARX_COMMIT/g" $COMPLETION_FILE
+    fi
+
+    # create an onion service
+    SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT})
+    if ! grep "Search engine onion domain" $COMPLETION_FILE; then
+        echo "Search engine onion domain:${SEARX_ONION_HOSTNAME}" >> $COMPLETION_FILE
+    else
+        sed -i "s|Search engine onion domain.*|Search engine onion domain:${SEARX_ONION_HOSTNAME}|g" $COMPLETION_FILE
+    fi
+
+    # an unprivileged user to run as
+    useradd -d ${SEARX_PATH}/searx/ -s /bin/false searx
+    adduser searx debian-tor
+
+    # daemon
+    echo '[Unit]' > /etc/systemd/system/searx.service
+    echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service
+    echo 'After=syslog.target' >> /etc/systemd/system/searx.service
+    echo 'After=network.target' >> /etc/systemd/system/searx.service
+    echo '' >> /etc/systemd/system/searx.service
+    echo '[Service]' >> /etc/systemd/system/searx.service
+    echo 'Type=simple' >> /etc/systemd/system/searx.service
+    echo 'User=searx' >> /etc/systemd/system/searx.service
+    echo 'Group=searx' >> /etc/systemd/system/searx.service
+    echo "WorkingDirectory=${SEARX_PATH}/searx" >> /etc/systemd/system/searx.service
+    echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service
+    echo 'Restart=always' >> /etc/systemd/system/searx.service
+    echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service
+    echo '' >> /etc/systemd/system/searx.service
+    echo '[Install]' >> /etc/systemd/system/searx.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service
+
+    # create a webserver file
+    echo 'server {' > /etc/nginx/sites-available/searx
+    echo "    listen 127.0.0.1:${SEARX_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx
+    echo "    root ${SEARX_PATH}/searx;" >> /etc/nginx/sites-available/searx
+    echo "    server_name ${SEARX_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx
+    echo '    access_log off;' >> /etc/nginx/sites-available/searx
+    echo "    error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx
+    echo '' >> /etc/nginx/sites-available/searx
+    function_check nginx_limits
+    nginx_limits searx '1M'
+    function_check nginx_disable_sniffing
+    nginx_disable_sniffing searx
+    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx
+    echo '' >> /etc/nginx/sites-available/searx
+    echo '    location / {' >> /etc/nginx/sites-available/searx
+    echo '        proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx
+    echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/searx
+    echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/searx
+    echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/searx
+    echo '        proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx
+    echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx
+    echo '        proxy_redirect off;' >> /etc/nginx/sites-available/searx
+
+    echo "        auth_basic \"${SEARX_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
+    echo '        auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx
+    echo '    }' >> /etc/nginx/sites-available/searx
+    echo '' >> /etc/nginx/sites-available/searx
+    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
+    echo '' >> /etc/nginx/sites-available/searx
+    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx
+    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx
+    echo '' >> /etc/nginx/sites-available/searx
+    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/searx
+    echo '        allow all;' >> /etc/nginx/sites-available/searx
+    echo '        log_not_found off;' >> /etc/nginx/sites-available/searx
+    echo '        access_log off;' >> /etc/nginx/sites-available/searx
+    echo '    }' >> /etc/nginx/sites-available/searx
+    echo '}' >> /etc/nginx/sites-available/searx
+
+    # replace the secret key
+    if ! grep "Search engine key" $COMPLETION_FILE; then
+        SEARX_SECRET_KEY="$(create_password 30)"
+        echo "Search engine key:${SEARX_SECRET_KEY}" >> $COMPLETION_FILE
+    else
+        SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
+    fi
+    sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
+    sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings_robot.yml
+    sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
+    sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings_robot.yml
+
+    # note: this might change to a --tor option in a later version
+    if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
+        echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
+        echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
+        echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
+        echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
+    fi
+
+    chown -R searx:searx ${SEARX_PATH}/searx
+
+    # enable the site
+    nginx_ensite searx
+
+    # restart the web server
+    systemctl restart php5-fpm
+    systemctl restart nginx
+
+    # start the daemon
+    systemctl enable searx.service
+    systemctl daemon-reload
+    systemctl start searx.service
+
+    if ! grep -q "Your search engine password is" /home/$MY_USERNAME/README; then
+        if [ ${#SEARX_PASSWORD} -lt 8 ]; then
+            if [ -f $IMAGE_PASSWORD_FILE ]; then
+                SEARX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+            else
+                SEARX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            fi
+        fi
+        echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME
+        echo '' >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo $'Search Engine' >> /home/$MY_USERNAME/README
+        echo '=============' >> /home/$MY_USERNAME/README
+        echo $"Search engine onion domain: ${SEARX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+        echo $"Your search engine password is: $SEARX_PASSWORD" >> /home/$MY_USERNAME/README
+        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+        chmod 600 /home/$MY_USERNAME/README
+    fi
+
+    echo 'install_searx' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-sip

@@ -37,416 +37,420 @@ VOIP_TURN_PORT=3478
 VOIP_TURN_TLS_PORT=5349
 VOIP_TURN_NONCE=
 
+function change_password_sip {
+    echo -n ''
+}
+
 function reconfigure_sip {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_sip {
-	# remove the original sipwitch daemon if it exists
-	if [ -f /etc/init.d/sipwitch ]; then
-		rm -f /etc/init.d/sipwitch
-	fi
+    # remove the original sipwitch daemon if it exists
+    if [ -f /etc/init.d/sipwitch ]; then
+        rm -f /etc/init.d/sipwitch
+    fi
 }
 
 function backup_local_sip {
-	if [ -f /etc/sipwitch.conf ]; then
-		echo $"Backing up SIP settings"
-		temp_backup_dir=/root/tempsipbackup
-		if [ ! -d $temp_backup_dir ]; then
-			mkdir -p $temp_backup_dir
-		fi
-		cp -f /etc/sipwitch.conf $temp_backup_dir
-		backup_directory_to_usb $temp_backup_dir sip
-		echo $"SIP settings backup complete"
-	fi
+    if [ -f /etc/sipwitch.conf ]; then
+        echo $"Backing up SIP settings"
+        temp_backup_dir=/root/tempsipbackup
+        if [ ! -d $temp_backup_dir ]; then
+            mkdir -p $temp_backup_dir
+        fi
+        cp -f /etc/sipwitch.conf $temp_backup_dir
+        backup_directory_to_usb $temp_backup_dir sip
+        echo $"SIP settings backup complete"
+    fi
 }
 
 function restore_local_sip {
-	if [ -d $USB_MOUNT/backup/sip ]; then
-		echo $"Restoring SIP settings"
-		temp_restore_dir=/root/tempsip
-		function_check restore_directory_from_usb
-		restore_directory_from_usb $temp_restore_dir sip
-		cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
-		if [ ! "$?" = "0" ]; then
-			rm -rf $temp_restore_dir
-			function_check set_user_permissions
-			set_user_permissions
-			backup_unmount_drive
-			exit 3679
-		fi
-		rm -rf $temp_restore_dir
-		service sipwitch restart
-		echo $"Restore of SIP settings complete"
-	fi
+    if [ -d $USB_MOUNT/backup/sip ]; then
+        echo $"Restoring SIP settings"
+        temp_restore_dir=/root/tempsip
+        function_check restore_directory_from_usb
+        restore_directory_from_usb $temp_restore_dir sip
+        cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
+        if [ ! "$?" = "0" ]; then
+            rm -rf $temp_restore_dir
+            function_check set_user_permissions
+            set_user_permissions
+            backup_unmount_drive
+            exit 3679
+        fi
+        rm -rf $temp_restore_dir
+        service sipwitch restart
+        echo $"Restore of SIP settings complete"
+    fi
 }
 
 function backup_remote_sip {
-	if [ -f /etc/sipwitch.conf ]; then
-		echo $"Backing up SIP settings"
-		temp_backup_dir=/root/tempsipbackup
-		if [ ! -d $temp_backup_dir ]; then
-			mkdir -p $temp_backup_dir
-		fi
-		cp -f /etc/sipwitch.conf $temp_backup_dir
-		backup_directory_to_friend $temp_backup_dir sip
-		echo $"Backup SIP settings complete"
-	fi
+    if [ -f /etc/sipwitch.conf ]; then
+        echo $"Backing up SIP settings"
+        temp_backup_dir=/root/tempsipbackup
+        if [ ! -d $temp_backup_dir ]; then
+            mkdir -p $temp_backup_dir
+        fi
+        cp -f /etc/sipwitch.conf $temp_backup_dir
+        backup_directory_to_friend $temp_backup_dir sip
+        echo $"Backup SIP settings complete"
+    fi
 }
 
 function restore_remote_sip {
-	echo -n ''
+    echo -n ''
 }
 
 function remove_sip {
-	if ! grep -Fxq "install_sip" $COMPLETION_FILE; then
-		return
-	fi
-	iptables -D INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
-	iptables -D INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
-	iptables -D INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
-	iptables -D INPUT -p udp --dport $SIP_PORT -j ACCEPT
-	iptables -D INPUT -p tcp --dport $SIP_PORT -j ACCEPT
-	iptables -D INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
-	iptables -D INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	function_check remove_onion_service
-	remove_onion_service sip ${SIP_PORT}
-
-	apt-get -y remove --purge sipwitch
-	apt-get -y remove --purge turnserver
-	if [ -f /etc/sipwitch.conf ]; then
-		rm /etc/sipwitch.conf
-	fi
-	if [ -d /etc/turnserver ]; then
-		rm -rf /etc/turnserver
-	fi
-	sed -i '/install_sip/d' $COMPLETION_FILE
-	sed -i '/configure_firewall_for_voip_turn/d' $COMPLETION_FILE
-	sed -i '/configure_firewall_for_sip4/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_sip" $COMPLETION_FILE; then
+        return
+    fi
+    iptables -D INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
+    iptables -D INPUT -p udp --dport $SIP_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport $SIP_PORT -j ACCEPT
+    iptables -D INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    function_check remove_onion_service
+    remove_onion_service sip ${SIP_PORT}
+
+    apt-get -y remove --purge sipwitch
+    apt-get -y remove --purge turnserver
+    if [ -f /etc/sipwitch.conf ]; then
+        rm /etc/sipwitch.conf
+    fi
+    if [ -d /etc/turnserver ]; then
+        rm -rf /etc/turnserver
+    fi
+    sed -i '/install_sip/d' $COMPLETION_FILE
+    sed -i '/configure_firewall_for_voip_turn/d' $COMPLETION_FILE
+    sed -i '/configure_firewall_for_sip4/d' $COMPLETION_FILE
 }
 
 function configure_firewall_for_voip_turn {
-	if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $ONION_ONLY != "no" ]]; then
-		return
-	fi
-	iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
-	iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
-	iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	OPEN_PORTS+=("TURN     $VOIP_TURN_PORT")
-	OPEN_PORTS+=("TURN TLS $VOIP_TURN_TLS_PORT")
-	echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE
+    if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then
+        return
+    fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
+    iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    OPEN_PORTS+=("TURN     $VOIP_TURN_PORT")
+    OPEN_PORTS+=("TURN TLS $VOIP_TURN_TLS_PORT")
+    echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE
 }
 
 
 function configure_firewall_for_sip4 {
-	if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
-		return
-	fi
-	if [[ $ONION_ONLY != "no" ]]; then
-		return
-	fi
-	iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
-	iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
-	iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
-	iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-
-	OPEN_PORTS+=("SIP      $SIP_PORT")
-	OPEN_PORTS+=("SIP TLS  $SIP_TLS_PORT")
-	echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
+    if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
+        return
+    fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
+    iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
+    iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+
+    OPEN_PORTS+=("SIP      $SIP_PORT")
+    OPEN_PORTS+=("SIP TLS  $SIP_TLS_PORT")
+    echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
 }
 
 function get_sip_server_password {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "SIP server password" /home/$MY_USERNAME/README; then
-			if [ ! $SIP_SERVER_PASSWORD ]; then
-				SIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "SIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
-			fi
-		fi
-	fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+        if grep -q "SIP server password" /home/$MY_USERNAME/README; then
+            if [ ! $SIP_SERVER_PASSWORD ]; then
+                SIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "SIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+            fi
+        fi
+    fi
 }
 
 function update_sipwitch_daemon {
-	if [ ! -f /etc/init.d/sipwitch ]; then
-		return
-	fi
-	service sipwitch stop
-
-	# remove the original sipwitch daemon if it exists
-	if [ -f /etc/init.d/sipwitch ]; then
-		rm -f /etc/init.d/sipwitch
-	fi
-
-	# daemon
-	echo '[Unit]' > /etc/systemd/system/sipwitch.service
-	echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service
-	echo 'After=network.target' >> /etc/systemd/system/sipwitch.service
-	echo '' >> /etc/systemd/system/sipwitch.service
-	echo '[Service]' >> /etc/systemd/system/sipwitch.service
-	echo 'Type=simple' >> /etc/systemd/system/sipwitch.service
-	echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service
-	echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service
-	echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service
-	echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service
-	echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service
-	echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service
-	echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service
-	echo 'Restart=always' >> /etc/systemd/system/sipwitch.service
-	echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service
-	echo '' >> /etc/systemd/system/sipwitch.service
-	echo '[Install]' >> /etc/systemd/system/sipwitch.service
-	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service
-
-	systemctl enable sipwitch
-	systemctl daemon-reload
-	systemctl start sipwitch
+    if [ ! -f /etc/init.d/sipwitch ]; then
+        return
+    fi
+    service sipwitch stop
+
+    # remove the original sipwitch daemon if it exists
+    if [ -f /etc/init.d/sipwitch ]; then
+        rm -f /etc/init.d/sipwitch
+    fi
+
+    # daemon
+    echo '[Unit]' > /etc/systemd/system/sipwitch.service
+    echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service
+    echo 'After=network.target' >> /etc/systemd/system/sipwitch.service
+    echo '' >> /etc/systemd/system/sipwitch.service
+    echo '[Service]' >> /etc/systemd/system/sipwitch.service
+    echo 'Type=simple' >> /etc/systemd/system/sipwitch.service
+    echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service
+    echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service
+    echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service
+    echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service
+    echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service
+    echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service
+    echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service
+    echo 'Restart=always' >> /etc/systemd/system/sipwitch.service
+    echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service
+    echo '' >> /etc/systemd/system/sipwitch.service
+    echo '[Install]' >> /etc/systemd/system/sipwitch.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service
+
+    systemctl enable sipwitch
+    systemctl daemon-reload
+    systemctl start sipwitch
 }
 
 function install_sip_main {
-	if grep -Fxq "install_sip_main" $COMPLETION_FILE; then
-		return
-	fi
-
-	apt-get -y install sipwitch
-
-	function_check get_sip_server_password
-	get_sip_server_password
-	if [ ! $SIP_SERVER_PASSWORD ]; then
-		if [ -f $IMAGE_PASSWORD_FILE ]; then
-			SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-		else
-			SIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-		fi
-	fi
-
-	echo '<?xml version="1.0"?>' > /etc/sipwitch.conf
-	echo '<sipwitch>' >> /etc/sipwitch.conf
-	echo '<provision>' >> /etc/sipwitch.conf
-
-	echo "<user id=\"$MY_USERNAME\">" >> /etc/sipwitch.conf
-	echo '<extension>201</extension>' >> /etc/sipwitch.conf
-	echo "<secret>$SIP_SERVER_PASSWORD</secret>" >> /etc/sipwitch.conf
-	echo "<display>$MY_USERNAME 201</display>" >> /etc/sipwitch.conf
-	echo '</user>' >> /etc/sipwitch.conf
-
-	echo '</provision>' >> /etc/sipwitch.conf
-	echo '<access>' >> /etc/sipwitch.conf
-	echo '</access>' >> /etc/sipwitch.conf
-	echo '<stack>' >> /etc/sipwitch.conf
-	echo "  <localnames>$DEFAULT_DOMAIN_NAME</localnames>" >> /etc/sipwitch.conf
-	echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
-	echo '  <threading>2</threading>' >> /etc/sipwitch.conf
-	echo '  <interface>*</interface>' >> /etc/sipwitch.conf
-	echo '  <dumping>false</dumping>' >> /etc/sipwitch.conf
-	echo '  <system>system</system>' >> /etc/sipwitch.conf
-	echo '  <anon>anonymous</anon>' >> /etc/sipwitch.conf
-	echo '</stack>' >> /etc/sipwitch.conf
-	echo '<timers>' >> /etc/sipwitch.conf
-	echo '  <!-- ring every 4 seconds -->' >> /etc/sipwitch.conf
-	echo '  <ring>4</ring>' >> /etc/sipwitch.conf
-	echo '  <!-- call forward no answer after x rings -->' >> /etc/sipwitch.conf
-	echo '  <cfna>4</cfna>' >> /etc/sipwitch.conf
-	echo '  <!-- call reset to clear cid in stack, 6 seconds -->' >> /etc/sipwitch.conf
-	echo '  <reset>6</reset>' >> /etc/sipwitch.conf
-	echo '</timers>' >> /etc/sipwitch.conf
-	echo '<!-- we have 2xx numbers plus space for external users -->' >> /etc/sipwitch.conf
-	echo '<registry>' >> /etc/sipwitch.conf
-	echo '  <prefix>200</prefix>' >> /etc/sipwitch.conf
-	echo '  <range>100</range>' >> /etc/sipwitch.conf
-	echo '  <keysize>77</keysize>' >> /etc/sipwitch.conf
-	echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
-	echo '  <!-- <realm>GNU Telephony</realm> -->' >> /etc/sipwitch.conf
-	echo '</registry>' >> /etc/sipwitch.conf
-	echo '<routing>' >> /etc/sipwitch.conf
-	echo '</routing>' >> /etc/sipwitch.conf
-	echo '</sipwitch>' >> /etc/sipwitch.conf
-
-	sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
-	sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch
-	groupadd sipwitch
-	usermod -aG sipwitch $MY_USERNAME
-
-	SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
-	if ! grep -q $"SIP onion domain" $COMPLETION_FILE; then
-		echo "SIP onion domain:$SIP_ONION_HOSTNAME" >> $COMPLETION_FILE
-	fi
-
-	if ! grep -q $"SIP Server" /home/$MY_USERNAME/README; then
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'SIP Server' >> /home/$MY_USERNAME/README
-		echo '==========' >> /home/$MY_USERNAME/README
-		echo $"SIP onion_domain: $SIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
-		echo $"SIP server username: $MY_USERNAME" >> /home/$MY_USERNAME/README
-		echo $"SIP server extension: 201" >> /home/$MY_USERNAME/README
-		echo $"SIP server password: $SIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
-
-	function_check configure_firewall_for_sip4
-	configure_firewall_for_sip4
-	echo 'install_sip_main' >> $COMPLETION_FILE
+    if grep -Fxq "install_sip_main" $COMPLETION_FILE; then
+        return
+    fi
+
+    apt-get -y install sipwitch
+
+    function_check get_sip_server_password
+    get_sip_server_password
+    if [ ! $SIP_SERVER_PASSWORD ]; then
+        if [ -f $IMAGE_PASSWORD_FILE ]; then
+            SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+        else
+            SIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        fi
+    fi
+
+    echo '<?xml version="1.0"?>' > /etc/sipwitch.conf
+    echo '<sipwitch>' >> /etc/sipwitch.conf
+    echo '<provision>' >> /etc/sipwitch.conf
+
+    echo "<user id=\"$MY_USERNAME\">" >> /etc/sipwitch.conf
+    echo '<extension>201</extension>' >> /etc/sipwitch.conf
+    echo "<secret>$SIP_SERVER_PASSWORD</secret>" >> /etc/sipwitch.conf
+    echo "<display>$MY_USERNAME 201</display>" >> /etc/sipwitch.conf
+    echo '</user>' >> /etc/sipwitch.conf
+
+    echo '</provision>' >> /etc/sipwitch.conf
+    echo '<access>' >> /etc/sipwitch.conf
+    echo '</access>' >> /etc/sipwitch.conf
+    echo '<stack>' >> /etc/sipwitch.conf
+    echo "  <localnames>$DEFAULT_DOMAIN_NAME</localnames>" >> /etc/sipwitch.conf
+    echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
+    echo '  <threading>2</threading>' >> /etc/sipwitch.conf
+    echo '  <interface>*</interface>' >> /etc/sipwitch.conf
+    echo '  <dumping>false</dumping>' >> /etc/sipwitch.conf
+    echo '  <system>system</system>' >> /etc/sipwitch.conf
+    echo '  <anon>anonymous</anon>' >> /etc/sipwitch.conf
+    echo '</stack>' >> /etc/sipwitch.conf
+    echo '<timers>' >> /etc/sipwitch.conf
+    echo '  <!-- ring every 4 seconds -->' >> /etc/sipwitch.conf
+    echo '  <ring>4</ring>' >> /etc/sipwitch.conf
+    echo '  <!-- call forward no answer after x rings -->' >> /etc/sipwitch.conf
+    echo '  <cfna>4</cfna>' >> /etc/sipwitch.conf
+    echo '  <!-- call reset to clear cid in stack, 6 seconds -->' >> /etc/sipwitch.conf
+    echo '  <reset>6</reset>' >> /etc/sipwitch.conf
+    echo '</timers>' >> /etc/sipwitch.conf
+    echo '<!-- we have 2xx numbers plus space for external users -->' >> /etc/sipwitch.conf
+    echo '<registry>' >> /etc/sipwitch.conf
+    echo '  <prefix>200</prefix>' >> /etc/sipwitch.conf
+    echo '  <range>100</range>' >> /etc/sipwitch.conf
+    echo '  <keysize>77</keysize>' >> /etc/sipwitch.conf
+    echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
+    echo '  <!-- <realm>GNU Telephony</realm> -->' >> /etc/sipwitch.conf
+    echo '</registry>' >> /etc/sipwitch.conf
+    echo '<routing>' >> /etc/sipwitch.conf
+    echo '</routing>' >> /etc/sipwitch.conf
+    echo '</sipwitch>' >> /etc/sipwitch.conf
+
+    sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
+    sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch
+    groupadd sipwitch
+    usermod -aG sipwitch $MY_USERNAME
+
+    SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
+    if ! grep -q $"SIP onion domain" $COMPLETION_FILE; then
+        echo "SIP onion domain:$SIP_ONION_HOSTNAME" >> $COMPLETION_FILE
+    fi
+
+    if ! grep -q $"SIP Server" /home/$MY_USERNAME/README; then
+        echo '' >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo $'SIP Server' >> /home/$MY_USERNAME/README
+        echo '==========' >> /home/$MY_USERNAME/README
+        echo $"SIP onion_domain: $SIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
+        echo $"SIP server username: $MY_USERNAME" >> /home/$MY_USERNAME/README
+        echo $"SIP server extension: 201" >> /home/$MY_USERNAME/README
+        echo $"SIP server password: $SIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
+        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+        chmod 600 /home/$MY_USERNAME/README
+    fi
+
+    function_check configure_firewall_for_sip4
+    configure_firewall_for_sip4
+    echo 'install_sip_main' >> $COMPLETION_FILE
 }
 
 function install_sip_turn {
-	if grep -Fxq "install_sip_turn" $COMPLETION_FILE; then
-		return
-	fi
-
-	apt-get -y install turnserver
-
-	# create a nonce if needed
-	if [ ! $VOIP_TURN_NONCE ]; then
-		VOIP_TURN_NONCE="$(create_password 30)"
-	fi
-
-	function_check create_site_certificate
-	create_site_certificate $DEFAULT_DOMAIN_NAME
-
-	echo '##' > /etc/turnserver/turnserver.conf
-	echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf
-	echo '#' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf
-	echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf
-	echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf
-	echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf
-	echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf
-	echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf
-	echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf
-	echo "udp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf
-	echo "tcp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf
-	echo "tls_port = $VOIP_TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## TLS support.' >> /etc/turnserver/turnserver.conf
-	echo 'tls = true' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf
-	echo '## standard.' >> /etc/turnserver/turnserver.conf
-	echo 'dtls = false' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf
-	echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf
-	echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf
-	echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf
-	echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf
-	echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf
-	echo 'daemon = true' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf
-	echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf
-	echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf
-	echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Realm value.' >> /etc/turnserver/turnserver.conf
-	echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Nonce key.' >> /etc/turnserver/turnserver.conf
-	echo "nonce_key = \"$VOIP_TURN_NONCE\"" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf
-	echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf
-	echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf
-	echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf
-	echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf
-	echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf
-	echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf
-	echo 'denied_address {' >> /etc/turnserver/turnserver.conf
-	echo '  address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf
-	echo '  mask = "8"' >> /etc/turnserver/turnserver.conf
-	echo '  port = 0' >> /etc/turnserver/turnserver.conf
-	echo '}' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf
-	echo 'denied_address {' >> /etc/turnserver/turnserver.conf
-	echo '  address = "::1"' >> /etc/turnserver/turnserver.conf
-	echo '  mask = "128"' >> /etc/turnserver/turnserver.conf
-	echo '  port = 0' >> /etc/turnserver/turnserver.conf
-	echo '}' >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf
-	echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf
-	if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then
-		echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf
-	else
-		if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then
-			echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf
-		fi
-	fi
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Private key file.' >> /etc/turnserver/turnserver.conf
-	echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Account method.' >> /etc/turnserver/turnserver.conf
-	echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf
-	echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf
-	echo '' >> /etc/turnserver/turnserver.conf
-	echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf
-	echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf
-
-	echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt
-
-	systemctl restart turnserver
-
-	function_check configure_firewall_for_voip_turn
-	configure_firewall_for_voip_turn
-	echo 'install_sip_turn' >> $COMPLETION_FILE
+    if grep -Fxq "install_sip_turn" $COMPLETION_FILE; then
+        return
+    fi
+
+    apt-get -y install turnserver
+
+    # create a nonce if needed
+    if [ ! $VOIP_TURN_NONCE ]; then
+        VOIP_TURN_NONCE="$(create_password 30)"
+    fi
+
+    function_check create_site_certificate
+    create_site_certificate $DEFAULT_DOMAIN_NAME
+
+    echo '##' > /etc/turnserver/turnserver.conf
+    echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf
+    echo '#' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf
+    echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf
+    echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf
+    echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf
+    echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf
+    echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf
+    echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf
+    echo "udp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf
+    echo "tcp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf
+    echo "tls_port = $VOIP_TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## TLS support.' >> /etc/turnserver/turnserver.conf
+    echo 'tls = true' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf
+    echo '## standard.' >> /etc/turnserver/turnserver.conf
+    echo 'dtls = false' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf
+    echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf
+    echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf
+    echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf
+    echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf
+    echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf
+    echo 'daemon = true' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf
+    echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf
+    echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf
+    echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Realm value.' >> /etc/turnserver/turnserver.conf
+    echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Nonce key.' >> /etc/turnserver/turnserver.conf
+    echo "nonce_key = \"$VOIP_TURN_NONCE\"" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf
+    echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf
+    echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf
+    echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf
+    echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf
+    echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf
+    echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf
+    echo 'denied_address {' >> /etc/turnserver/turnserver.conf
+    echo '  address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf
+    echo '  mask = "8"' >> /etc/turnserver/turnserver.conf
+    echo '  port = 0' >> /etc/turnserver/turnserver.conf
+    echo '}' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf
+    echo 'denied_address {' >> /etc/turnserver/turnserver.conf
+    echo '  address = "::1"' >> /etc/turnserver/turnserver.conf
+    echo '  mask = "128"' >> /etc/turnserver/turnserver.conf
+    echo '  port = 0' >> /etc/turnserver/turnserver.conf
+    echo '}' >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf
+    echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf
+    if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then
+        echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf
+    else
+        if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then
+            echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf
+        fi
+    fi
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Private key file.' >> /etc/turnserver/turnserver.conf
+    echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Account method.' >> /etc/turnserver/turnserver.conf
+    echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf
+    echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf
+    echo '' >> /etc/turnserver/turnserver.conf
+    echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf
+    echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf
+
+    echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt
+
+    systemctl restart turnserver
+
+    function_check configure_firewall_for_voip_turn
+    configure_firewall_for_voip_turn
+    echo 'install_sip_turn' >> $COMPLETION_FILE
 }
 
 function install_sip {
-	if grep -Fxq "install_sip" $COMPLETION_FILE; then
-		return
-	fi
-	install_sip_main
-	update_sipwitch_daemon
-	echo 'install_sip' >> $COMPLETION_FILE
+    if grep -Fxq "install_sip" $COMPLETION_FILE; then
+        return
+    fi
+    install_sip_main
+    update_sipwitch_daemon
+    echo 'install_sip' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-syncthing

@@ -39,6 +39,10 @@ SYNCTHING_PORT=22000
 SYNCTHING_SHARED_DATA=/var/lib/syncthing/SyncShared
 SYNCTHING_USER_IDS_FILE='.syncthingids'
 
+function change_password_syncthing {
+    echo -n ''
+}
+
 function reconfigure_syncthing {
     echo -n ''
 }

src/freedombone-app-tahoelafs

@@ -39,6 +39,10 @@ TAHOELAFS_STORAGE_SPACE=1G
 TAHOELAFS_SHARED_DIR='Shared'
 TAHOE_COMMAND="cd /var/lib/tahoelafs && venv/bin/tahoe"
 
+function change_password_tahoelafs {
+    echo -n ''
+}
+
 function reconfigure_tahoelafs {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')

src/freedombone-app-tox

@@ -49,6 +49,10 @@ TOXIC_FILE=/usr/local/bin/toxic
 QTOX_REPO="https://github.com/bashrc/qTox"
 QTOX_COMMIT='27a628a3789fca4f31516c3982e580052dd3c773'
 
+function change_password_qtox {
+    echo -n ''
+}
+
 function mesh_tox_qtox {
     if [ ! ${rootdir}$INSTALL_DIR ]; then
         INSTALL_DIR=${rootdir}/root/build

src/freedombone-app-vpn

@@ -30,53 +30,57 @@
 
 VARIANTS=''
 
+function change_password_vpn {
+    echo -n ''
+}
+
 function reconfigure_vpn {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_vpn {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_local_vpn {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_local_vpn {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_remote_vpn {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_remote_vpn {
-	echo -n ''
+    echo -n ''
 }
 
 function remove_vpn {
-	apt-get -y remove --purge fastd
-	sed -i '/install_vpn/d' $COMPLETION_FILE
+    apt-get -y remove --purge fastd
+    sed -i '/install_vpn/d' $COMPLETION_FILE
 }
 
 function install_vpn {
-	if grep -Fxq "install_vpn" $COMPLETION_FILE; then
-		return
-	fi
-	if ! grep -q "repo.universe-factory.net" /etc/apt/sources.list; then
-		echo 'deb http://repo.universe-factory.net/debian/ sid main' >> /etc/apt/sources.list
-		gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C
-		if [ ! "$?" = "0" ]; then
-			exit 76272
-		fi
-		gpg -a --export 16EF3F64CB201D9C | sudo apt-key add -
-		apt-get update
-		apt-get -y install fastd
-		if [ ! "$?" = "0" ]; then
-			exit 52026
-		fi
-	fi
-	echo 'install_vpn' >> $COMPLETION_FILE
+    if grep -Fxq "install_vpn" $COMPLETION_FILE; then
+        return
+    fi
+    if ! grep -q "repo.universe-factory.net" /etc/apt/sources.list; then
+        echo 'deb http://repo.universe-factory.net/debian/ sid main' >> /etc/apt/sources.list
+        gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C
+        if [ ! "$?" = "0" ]; then
+            exit 76272
+        fi
+        gpg -a --export 16EF3F64CB201D9C | sudo apt-key add -
+        apt-get update
+        apt-get -y install fastd
+        if [ ! "$?" = "0" ]; then
+            exit 52026
+        fi
+    fi
+    echo 'install_vpn' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately there is no "exit 0"

src/freedombone-app-webmail

@@ -38,222 +38,226 @@ WEBMAIL_ADMIN_PASSWORD=
 WEB_PATH=/var/www
 WEBMAIL_PATH=$WEB_PATH/webmail
 
+function change_password_webmail {
+    echo -n ''
+}
+
 function get_mariadb_webmail_admin_password {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "MariaDB webmail admin password" /home/$MY_USERNAME/README; then
-			WEBMAIL_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB webmail admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
-		fi
-	fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+        if grep -q "MariaDB webmail admin password" /home/$MY_USERNAME/README; then
+            WEBMAIL_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB webmail admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+        fi
+    fi
 }
 
 function webmail_create_database {
-	function_check get_mariadb_webmail_admin_password
-	get_mariadb_webmail_admin_password
-	if [ ! $WEBMAIL_ADMIN_PASSWORD ]; then
-		if [ -f $IMAGE_PASSWORD_FILE ]; then
-			WEBMAIL_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-		else
-			WEBMAIL_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-		fi
-	fi
-	if [ ! $WEBMAIL_ADMIN_PASSWORD ]; then
-		return
-	fi
-	function_check create_database
-	create_database webmail "$WEBMAIL_ADMIN_PASSWORD"
+    function_check get_mariadb_webmail_admin_password
+    get_mariadb_webmail_admin_password
+    if [ ! $WEBMAIL_ADMIN_PASSWORD ]; then
+        if [ -f $IMAGE_PASSWORD_FILE ]; then
+            WEBMAIL_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+        else
+            WEBMAIL_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        fi
+    fi
+    if [ ! $WEBMAIL_ADMIN_PASSWORD ]; then
+        return
+    fi
+    function_check create_database
+    create_database webmail "$WEBMAIL_ADMIN_PASSWORD"
 }
 
 function reconfigure_webmail {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_webmail {
-	if ! grep -Fxq "install_webmail" $COMPLETION_FILE; then
-		return
-	fi
-	function_check set_repo_commit
-	set_repo_commit $WEBMAIL_PATH "Webmail commit" "$WEBMAIL_COMMIT" $WEBMAIL_REPO
+    if ! grep -Fxq "install_webmail" $COMPLETION_FILE; then
+        return
+    fi
+    function_check set_repo_commit
+    set_repo_commit $WEBMAIL_PATH "Webmail commit" "$WEBMAIL_COMMIT" $WEBMAIL_REPO
 }
 
 function backup_local_webmail {
-	if ! grep -q "install_webmail" $COMPLETION_FILE; then
-		return
-	fi
-	echo $"Backing up webmail"
+    if ! grep -q "install_webmail" $COMPLETION_FILE; then
+        return
+    fi
+    echo $"Backing up webmail"
 
-	function_check backup_database_to_usb
-	backup_database_to_usb webmail
+    function_check backup_database_to_usb
+    backup_database_to_usb webmail
 
-	echo $"Backing up webmail complete"
+    echo $"Backing up webmail complete"
 }
 
 function restore_local_webmail {
-	if ! grep -q "install_webmail" $COMPLETION_FILE; then
-		return
-	fi
-	echo $"Restoring webmail"
+    if ! grep -q "install_webmail" $COMPLETION_FILE; then
+        return
+    fi
+    echo $"Restoring webmail"
 
-	function_check webmail_create_database
-	webmail_create_database
+    function_check webmail_create_database
+    webmail_create_database
 
-	function_check restore_database
-	restore_database webmail
+    function_check restore_database
+    restore_database webmail
 
-	echo $"Restore of webmail complete"
+    echo $"Restore of webmail complete"
 }
 
 function backup_remote_webmail {
-	echo -n ''
+    echo -n ''
 }
 
 function restore_remote_webmail {
-	echo -n ''
+    echo -n ''
 }
 
 function remove_webmail {
-	if ! grep -Fxq "install_webmail" $COMPLETION_FILE; then
-		return
-	fi
-	nginx_dissite webmail
-	if [ -f /etc/nginx/sites-available/webmail ]; then
-		rm /etc/nginx/sites-available/webmail
-	fi
-	function_check remove_onion_service
-	remove_onion_service webmail ${WEBMAIL_ONION_PORT}
-	function_check drop_database
-	drop_database webmail
-	if [ -d $WEB_PATH/webmail ]; then
-		rm -rf $WEB_PATH/webmail
-	fi
-	sed -i '/Webmail /d' $COMPLETION_FILE
-	sed -i '/install_webmail/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_webmail" $COMPLETION_FILE; then
+        return
+    fi
+    nginx_dissite webmail
+    if [ -f /etc/nginx/sites-available/webmail ]; then
+        rm /etc/nginx/sites-available/webmail
+    fi
+    function_check remove_onion_service
+    remove_onion_service webmail ${WEBMAIL_ONION_PORT}
+    function_check drop_database
+    drop_database webmail
+    if [ -d $WEB_PATH/webmail ]; then
+        rm -rf $WEB_PATH/webmail
+    fi
+    sed -i '/Webmail /d' $COMPLETION_FILE
+    sed -i '/install_webmail/d' $COMPLETION_FILE
 }
 
 function install_webmail {
-	if grep -Fxq "install_webmail" $COMPLETION_FILE; then
-		return
-	fi
-	if [ -d /etc/apache2 ]; then
-		rm -rf /etc/apache2
-		echo $'Removed Apache installation after Dokuwiki install'
-	fi
-
-	function_check install_mariadb
-	install_mariadb
-
-	function_check get_mariadb_password
-	get_mariadb_password
-
-	function_check repair_databases_script
-	repair_databases_script
-
-	apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
-	apt-get -y install php5-dev imagemagick php5-imagick php5-sqlite php-auth-sasl php-net-smtp php-mime-type
-	apt-get -y install php-mail-mime php-mail-mimedecode php-net-ldap3 php5-pspell
-	pear install Net_IDNA2
-
-	if [ ! -f $WEBMAIL_PATH/index.php ]; then
-		cd $WEB_PATH
-		git_clone $WEBMAIL_REPO webmail
-		cd $WEBMAIL_PATH
-		git checkout $WEBMAIL_COMMIT -b $WEBMAIL_COMMIT
-		if ! grep -q "Webmail commit" $COMPLETION_FILE; then
-			echo "Webmail commit:$WEBMAIL_COMMIT" >> $COMPLETION_FILE
-		else
-			sed -i "s/Webmail commit.*/Webmail commit:$WEBMAIL_COMMIT/g" $COMPLETION_FILE
-		fi
-	fi
-	if [ ! -f $WEBMAIL_PATH/index.php ]; then
-		echo $'Did not clone webmail repo'
-		exit 52825
-	fi
-
-	WEBMAIL_ONION_HOSTNAME=$(add_onion_service webmail 80 ${WEBMAIL_ONION_PORT})
-	echo "Webmail onion domain:${WEBMAIL_ONION_HOSTNAME}" >> $COMPLETION_FILE
-
-	webmail_create_database
-
-	mysql -u root --password="$MARIADB_PASSWORD" -D webmail < $WEBMAIL_PATH/SQL/mysql.initial.sql
-
-	if [ ! -d /var/www/$DEFAULT_DOMAIN_NAME/htdocs ]; then
-		mkdir -p /var/www/$DEFAULT_DOMAIN_NAME/htdocs
-	fi
-	ln -s $WEBMAIL_PATH /var/www/$DEFAULT_DOMAIN_NAME/htdocs/webmail
-
-	if [ ! -f /var/www/webmail/config/config.inc.php ]; then
-		# generate the configuration
-		echo '<?php' > /var/www/webmail/config/config.inc.php
-		echo "\$config['db_dsnw'] = 'mysql://root:${MARIADB_PASSWORD}@localhost/webmail';" >> /var/www/webmail/config/config.inc.php
-		echo "\$config['default_host'] = 'localhost';" >> /var/www/webmail/config/config.inc.php
-		echo "\$config['support_url'] = '';" >> /var/www/webmail/config/config.inc.php
-		WEBMAIL_DES_KEY="$(create_password 25)"
-		echo "\$config['des_key'] = '${WEBMAIL_DES_KEY}';" >> /var/www/webmail/config/config.inc.php
-		echo "\$config['product_name'] = '${PROJECT_NAME}';" >> /var/www/webmail/config/config.inc.php
-		echo "\$config['plugins'] = array('enigma');" >> /var/www/webmail/config/config.inc.php
-		echo "\$config['mime_param_folding'] = 0;" >> /var/www/webmail/config/config.inc.php
-		echo "\$config['enable_installer'] = false;" >> /var/www/webmail/config/config.inc.php
-	fi
-
-	chown -R www-data:www-data $WEBMAIL_PATH
-
-	echo 'server {' > /etc/nginx/sites-available/webmail
-	echo "  listen 127.0.0.1:$WEBMAIL_ONION_PORT default_server;" >> /etc/nginx/sites-available/webmail
-	echo "  server_name $WEBMAIL_ONION_HOSTNAME;" >> /etc/nginx/sites-available/webmail
-	echo "  root ${WEBMAIL_PATH};" >> /etc/nginx/sites-available/webmail
-	echo '  index index.php index.html index.htm;' >> /etc/nginx/sites-available/webmail
-	echo '  access_log off;' >> /etc/nginx/sites-available/webmail
-	echo '  error_log off;' >> /etc/nginx/sites-available/webmail
-	echo '  location / {' >> /etc/nginx/sites-available/webmail
-	echo '    try_files $uri $uri/ /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/webmail
-	echo '  }' >> /etc/nginx/sites-available/webmail
-	echo '  error_page 404 /404.html;' >> /etc/nginx/sites-available/webmail
-	echo '  error_page 500 502 503 504 /50x.html;' >> /etc/nginx/sites-available/webmail
-	echo '  location = /50x.html {' >> /etc/nginx/sites-available/webmail
-	echo "    root ${WEBMAIL_PATH};" >> /etc/nginx/sites-available/webmail
-	echo '  }' >> /etc/nginx/sites-available/webmail
-	echo '  location ~ ^/(README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {' >> /etc/nginx/sites-available/webmail
-	echo '    deny all;' >> /etc/nginx/sites-available/webmail
-	echo '  }' >> /etc/nginx/sites-available/webmail
-	echo '  location ~ ^/(config|temp|logs)/ {' >> /etc/nginx/sites-available/webmail
-	echo '    deny all;' >> /etc/nginx/sites-available/webmail
-	echo '  }' >> /etc/nginx/sites-available/webmail
-	echo '  location ~ /\. {' >> /etc/nginx/sites-available/webmail
-	echo '    deny all;' >> /etc/nginx/sites-available/webmail
-	echo '    access_log off;' >> /etc/nginx/sites-available/webmail
-	echo '    log_not_found off;' >> /etc/nginx/sites-available/webmail
-	echo '  }' >> /etc/nginx/sites-available/webmail
-	echo '  location ~ \.php$ {' >> /etc/nginx/sites-available/webmail
-	echo '    try_files $uri =404;' >> /etc/nginx/sites-available/webmail
-	echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/webmail
-	echo '    fastcgi_index index.php;' >> /etc/nginx/sites-available/webmail
-	echo '    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/webmail
-	echo '    include fastcgi_params;' >> /etc/nginx/sites-available/webmail
-	echo '  }' >> /etc/nginx/sites-available/webmail
-	echo '  add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/webmail
-	echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/webmail
-	echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/webmail
-	echo '}' >> /etc/nginx/sites-available/webmail
-
-	nginx_ensite webmail
-	systemctl restart php5-fpm
-	systemctl restart nginx
-
-	if ! grep -q "Webmail" /home/$MY_USERNAME/README; then
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo 'Webmail' >> /home/$MY_USERNAME/README
-		echo '=======' >> /home/$MY_USERNAME/README
-		if [[ $ONION_ONLY == 'no' ]]; then
-			echo $"Open https://$DEFAULT_DOMAIN_NAME/webmail/index.php" >> /home/$MY_USERNAME/README
-		else
-			echo $"Open http://$WEBMAIL_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
-		fi
-		echo $"MariaDB webmail admin password: $WEBMAIL_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
-
-	echo 'install_webmail' >> $COMPLETION_FILE
+    if grep -Fxq "install_webmail" $COMPLETION_FILE; then
+        return
+    fi
+    if [ -d /etc/apache2 ]; then
+        rm -rf /etc/apache2
+        echo $'Removed Apache installation after Dokuwiki install'
+    fi
+
+    function_check install_mariadb
+    install_mariadb
+
+    function_check get_mariadb_password
+    get_mariadb_password
+
+    function_check repair_databases_script
+    repair_databases_script
+
+    apt-get -y install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
+    apt-get -y install php5-dev imagemagick php5-imagick php5-sqlite php-auth-sasl php-net-smtp php-mime-type
+    apt-get -y install php-mail-mime php-mail-mimedecode php-net-ldap3 php5-pspell
+    pear install Net_IDNA2
+
+    if [ ! -f $WEBMAIL_PATH/index.php ]; then
+        cd $WEB_PATH
+        git_clone $WEBMAIL_REPO webmail
+        cd $WEBMAIL_PATH
+        git checkout $WEBMAIL_COMMIT -b $WEBMAIL_COMMIT
+        if ! grep -q "Webmail commit" $COMPLETION_FILE; then
+            echo "Webmail commit:$WEBMAIL_COMMIT" >> $COMPLETION_FILE
+        else
+            sed -i "s/Webmail commit.*/Webmail commit:$WEBMAIL_COMMIT/g" $COMPLETION_FILE
+        fi
+    fi
+    if [ ! -f $WEBMAIL_PATH/index.php ]; then
+        echo $'Did not clone webmail repo'
+        exit 52825
+    fi
+
+    WEBMAIL_ONION_HOSTNAME=$(add_onion_service webmail 80 ${WEBMAIL_ONION_PORT})
+    echo "Webmail onion domain:${WEBMAIL_ONION_HOSTNAME}" >> $COMPLETION_FILE
+
+    webmail_create_database
+
+    mysql -u root --password="$MARIADB_PASSWORD" -D webmail < $WEBMAIL_PATH/SQL/mysql.initial.sql
+
+    if [ ! -d /var/www/$DEFAULT_DOMAIN_NAME/htdocs ]; then
+        mkdir -p /var/www/$DEFAULT_DOMAIN_NAME/htdocs
+    fi
+    ln -s $WEBMAIL_PATH /var/www/$DEFAULT_DOMAIN_NAME/htdocs/webmail
+
+    if [ ! -f /var/www/webmail/config/config.inc.php ]; then
+        # generate the configuration
+        echo '<?php' > /var/www/webmail/config/config.inc.php
+        echo "\$config['db_dsnw'] = 'mysql://root:${MARIADB_PASSWORD}@localhost/webmail';" >> /var/www/webmail/config/config.inc.php
+        echo "\$config['default_host'] = 'localhost';" >> /var/www/webmail/config/config.inc.php
+        echo "\$config['support_url'] = '';" >> /var/www/webmail/config/config.inc.php
+        WEBMAIL_DES_KEY="$(create_password 25)"
+        echo "\$config['des_key'] = '${WEBMAIL_DES_KEY}';" >> /var/www/webmail/config/config.inc.php
+        echo "\$config['product_name'] = '${PROJECT_NAME}';" >> /var/www/webmail/config/config.inc.php
+        echo "\$config['plugins'] = array('enigma');" >> /var/www/webmail/config/config.inc.php
+        echo "\$config['mime_param_folding'] = 0;" >> /var/www/webmail/config/config.inc.php
+        echo "\$config['enable_installer'] = false;" >> /var/www/webmail/config/config.inc.php
+    fi
+
+    chown -R www-data:www-data $WEBMAIL_PATH
+
+    echo 'server {' > /etc/nginx/sites-available/webmail
+    echo "  listen 127.0.0.1:$WEBMAIL_ONION_PORT default_server;" >> /etc/nginx/sites-available/webmail
+    echo "  server_name $WEBMAIL_ONION_HOSTNAME;" >> /etc/nginx/sites-available/webmail
+    echo "  root ${WEBMAIL_PATH};" >> /etc/nginx/sites-available/webmail
+    echo '  index index.php index.html index.htm;' >> /etc/nginx/sites-available/webmail
+    echo '  access_log off;' >> /etc/nginx/sites-available/webmail
+    echo '  error_log off;' >> /etc/nginx/sites-available/webmail
+    echo '  location / {' >> /etc/nginx/sites-available/webmail
+    echo '    try_files $uri $uri/ /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/webmail
+    echo '  }' >> /etc/nginx/sites-available/webmail
+    echo '  error_page 404 /404.html;' >> /etc/nginx/sites-available/webmail
+    echo '  error_page 500 502 503 504 /50x.html;' >> /etc/nginx/sites-available/webmail
+    echo '  location = /50x.html {' >> /etc/nginx/sites-available/webmail
+    echo "    root ${WEBMAIL_PATH};" >> /etc/nginx/sites-available/webmail
+    echo '  }' >> /etc/nginx/sites-available/webmail
+    echo '  location ~ ^/(README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {' >> /etc/nginx/sites-available/webmail
+    echo '    deny all;' >> /etc/nginx/sites-available/webmail
+    echo '  }' >> /etc/nginx/sites-available/webmail
+    echo '  location ~ ^/(config|temp|logs)/ {' >> /etc/nginx/sites-available/webmail
+    echo '    deny all;' >> /etc/nginx/sites-available/webmail
+    echo '  }' >> /etc/nginx/sites-available/webmail
+    echo '  location ~ /\. {' >> /etc/nginx/sites-available/webmail
+    echo '    deny all;' >> /etc/nginx/sites-available/webmail
+    echo '    access_log off;' >> /etc/nginx/sites-available/webmail
+    echo '    log_not_found off;' >> /etc/nginx/sites-available/webmail
+    echo '  }' >> /etc/nginx/sites-available/webmail
+    echo '  location ~ \.php$ {' >> /etc/nginx/sites-available/webmail
+    echo '    try_files $uri =404;' >> /etc/nginx/sites-available/webmail
+    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/webmail
+    echo '    fastcgi_index index.php;' >> /etc/nginx/sites-available/webmail
+    echo '    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/webmail
+    echo '    include fastcgi_params;' >> /etc/nginx/sites-available/webmail
+    echo '  }' >> /etc/nginx/sites-available/webmail
+    echo '  add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/webmail
+    echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/webmail
+    echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/webmail
+    echo '}' >> /etc/nginx/sites-available/webmail
+
+    nginx_ensite webmail
+    systemctl restart php5-fpm
+    systemctl restart nginx
+
+    if ! grep -q "Webmail" /home/$MY_USERNAME/README; then
+        echo '' >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo 'Webmail' >> /home/$MY_USERNAME/README
+        echo '=======' >> /home/$MY_USERNAME/README
+        if [[ $ONION_ONLY == 'no' ]]; then
+            echo $"Open https://$DEFAULT_DOMAIN_NAME/webmail/index.php" >> /home/$MY_USERNAME/README
+        else
+            echo $"Open http://$WEBMAIL_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
+        fi
+        echo $"MariaDB webmail admin password: $WEBMAIL_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+        chmod 600 /home/$MY_USERNAME/README
+    fi
+
+    echo 'install_webmail' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-wiki

@@ -36,502 +36,506 @@ WIKI_TITLE="${PROJECT_NAME} Wiki"
 WIKI_CODE=
 WIKI_ONION_PORT=8089
 
+function change_password_wiki {
+    echo -n ''
+}
+
 function reconfigure_wiki {
-	echo -n ''
+    echo -n ''
 }
 
 function upgrade_wiki {
-	echo -n ''
+    echo -n ''
 }
 
 function backup_local_wiki {
-	source_directory=/var/lib/dokuwiki
-	if [ -d $source_directory ]; then
-		dest_directory=wiki
-		echo $"Backing up $source_directory to $dest_directory"
+    source_directory=/var/lib/dokuwiki
+    if [ -d $source_directory ]; then
+        dest_directory=wiki
+        echo $"Backing up $source_directory to $dest_directory"
 
-		function_check backup_directory_to_usb
-		backup_directory_to_usb $source_directory $dest_directory
-		backup_directory_to_usb /etc/dokuwiki wiki2
+        function_check backup_directory_to_usb
+        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb /etc/dokuwiki wiki2
 
-		echo $"Backup to $dest_directory complete"
-	fi
+        echo $"Backup to $dest_directory complete"
+    fi
 }
 
 function restore_local_wiki {
-	if [ -d /var/lib/dokuwiki ]; then
-		echo $"Restoring Wiki installation"
-		WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}')
-		temp_restore_dir=/root/tempwiki
-		function_check restore_directory_from_usb
-		restore_directory_from_usb $temp_restore_dir wiki
-		cp -r $temp_restore_dir/var/lib/dokuwiki/* /var/lib/dokuwiki/
-		if [ ! "$?" = "0" ]; then
-			function_check restore_directory_from_usb
-			set_user_permissions
-			function_check backup_unmount_drive
-			backup_unmount_drive
-			exit 868
-		fi
-		restore_directory_from_usb ${temp_restore_dir}2 wiki2
-		cp -r ${temp_restore_dir}2/etc/dokuwiki/* /etc/dokuwiki/
-		if [ ! "$?" = "0" ]; then
-			function_check set_user_permissions
-			set_user_permissions
-			function_check backup_unmount_drive
-			backup_unmount_drive
-			exit 869
-		fi
-		rm -rf $temp_restore_dir
-		rm -rf ${temp_restore_dir}2
-		chown -R www-data:www-data /var/lib/dokuwiki/*
-		# Ensure that the bundled SSL cert is being used
-		if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then
-			sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME}
-		fi
-		if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then
-			ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key
-			ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem
-		fi
-		echo $"Restore of Wiki complete"
-	fi
+    if [ -d /var/lib/dokuwiki ]; then
+        echo $"Restoring Wiki installation"
+        WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}')
+        temp_restore_dir=/root/tempwiki
+        function_check restore_directory_from_usb
+        restore_directory_from_usb $temp_restore_dir wiki
+        cp -r $temp_restore_dir/var/lib/dokuwiki/* /var/lib/dokuwiki/
+        if [ ! "$?" = "0" ]; then
+            function_check restore_directory_from_usb
+            set_user_permissions
+            function_check backup_unmount_drive
+            backup_unmount_drive
+            exit 868
+        fi
+        restore_directory_from_usb ${temp_restore_dir}2 wiki2
+        cp -r ${temp_restore_dir}2/etc/dokuwiki/* /etc/dokuwiki/
+        if [ ! "$?" = "0" ]; then
+            function_check set_user_permissions
+            set_user_permissions
+            function_check backup_unmount_drive
+            backup_unmount_drive
+            exit 869
+        fi
+        rm -rf $temp_restore_dir
+        rm -rf ${temp_restore_dir}2
+        chown -R www-data:www-data /var/lib/dokuwiki/*
+        # Ensure that the bundled SSL cert is being used
+        if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then
+            sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME}
+        fi
+        if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then
+            ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key
+            ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem
+        fi
+        echo $"Restore of Wiki complete"
+    fi
 }
 
 function backup_remote_wiki {
-	if [ -d /etc/dokuwiki ]; then
-		echo $"Backing up wiki"
-		backup_directory_to_friend /var/lib/dokuwiki wiki
-		backup_directory_to_friend /etc/dokuwiki wiki2
-	fi
+    if [ -d /etc/dokuwiki ]; then
+        echo $"Backing up wiki"
+        backup_directory_to_friend /var/lib/dokuwiki wiki
+        backup_directory_to_friend /etc/dokuwiki wiki2
+    fi
 }
 
 function restore_remote_wiki {
-	if [ -d $SERVER_DIRECTORY/backup/wiki ]; then
-		WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}')
-		echo $"Restoring Wiki installation $WIKI_DOMAIN_NAME"
-		function_check restore_directory_from_friend
-		restore_directory_from_friend /root/tempwiki wiki
-		cp -r /root/tempwiki/var/lib/dokuwiki/* /var/lib/dokuwiki/
-		if [ ! "$?" = "0" ]; then
-			exit 868
-		fi
-		restore_directory_from_friend /root/tempwiki2 wiki2
-		cp -r /root/tempwiki2/etc/dokuwiki/* /etc/dokuwiki/
-		if [ ! "$?" = "0" ]; then
-			exit 869
-		fi
-		rm -rf /root/tempwiki
-		rm -rf /root/tempwiki2
-		chown -R www-data:www-data /var/lib/dokuwiki/*
-		# Ensure that the bundled SSL cert is being used
-		if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then
-			sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME}
-		fi
-		if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then
-			ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key
-			ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem
-		fi
-		echo $"Restore of Wiki complete"
-	fi
+    if [ -d $SERVER_DIRECTORY/backup/wiki ]; then
+        WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}')
+        echo $"Restoring Wiki installation $WIKI_DOMAIN_NAME"
+        function_check restore_directory_from_friend
+        restore_directory_from_friend /root/tempwiki wiki
+        cp -r /root/tempwiki/var/lib/dokuwiki/* /var/lib/dokuwiki/
+        if [ ! "$?" = "0" ]; then
+            exit 868
+        fi
+        restore_directory_from_friend /root/tempwiki2 wiki2
+        cp -r /root/tempwiki2/etc/dokuwiki/* /etc/dokuwiki/
+        if [ ! "$?" = "0" ]; then
+            exit 869
+        fi
+        rm -rf /root/tempwiki
+        rm -rf /root/tempwiki2
+        chown -R www-data:www-data /var/lib/dokuwiki/*
+        # Ensure that the bundled SSL cert is being used
+        if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then
+            sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME}
+        fi
+        if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then
+            ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key
+            ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem
+        fi
+        echo $"Restore of Wiki complete"
+    fi
 }
 
 function remove_wiki {
-	if ! grep -Fxq "install_wiki" $COMPLETION_FILE; then
-		return
-	fi
-	function_check remove_onion_service
-	remove_onion_service wiki ${WIKI_ONION_PORT}
-	nginx_dissite $WIKI_DOMAIN_NAME
-	if [ -f /etc/nginx/sites-available/$WIKI_DOMAIN_NAME ]; then
-		rm /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	fi
-	apt-get -y remove --purge dokuwiki
-	if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
-		rm -rf /var/www/$WIKI_DOMAIN_NAME
-	fi
-	if [ -d /var/lib/dokuwiki ]; then
-		rm -rf /var/lib/dokuwiki
-	fi
-	if [ -d /etc/dokuwiki ]; then
-		rm -rf /etc/dokuwiki
-	fi
-	if [ -d /usr/share/dokuwiki ]; then
-		rm -rf /usr/share/dokuwiki
-	fi
-	sed -i '/install_wiki/d' $COMPLETION_FILE
+    if ! grep -Fxq "install_wiki" $COMPLETION_FILE; then
+        return
+    fi
+    function_check remove_onion_service
+    remove_onion_service wiki ${WIKI_ONION_PORT}
+    nginx_dissite $WIKI_DOMAIN_NAME
+    if [ -f /etc/nginx/sites-available/$WIKI_DOMAIN_NAME ]; then
+        rm /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    fi
+    apt-get -y remove --purge dokuwiki
+    if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
+        rm -rf /var/www/$WIKI_DOMAIN_NAME
+    fi
+    if [ -d /var/lib/dokuwiki ]; then
+        rm -rf /var/lib/dokuwiki
+    fi
+    if [ -d /etc/dokuwiki ]; then
+        rm -rf /etc/dokuwiki
+    fi
+    if [ -d /usr/share/dokuwiki ]; then
+        rm -rf /usr/share/dokuwiki
+    fi
+    sed -i '/install_wiki/d' $COMPLETION_FILE
 }
 
 function get_wiki_admin_password {
-	if [ -f /home/$MY_USERNAME/README ]; then
-		if grep -q "Wiki password" /home/$MY_USERNAME/README; then
-			WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
-		fi
-	fi
+    if [ -f /home/$MY_USERNAME/README ]; then
+        if grep -q "Wiki password" /home/$MY_USERNAME/README; then
+            WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
+        fi
+    fi
 }
 
 function install_wiki {
-	if grep -Fxq "install_wiki" $COMPLETION_FILE; then
-		return
-	fi
-	if [ ! $WIKI_DOMAIN_NAME ]; then
-		return
-	fi
-	apt-get -y install dokuwiki
-	apt-get -y remove --purge apache*
-	if [ -d /etc/apache2 ]; then
-		rm -rf /etc/apache2
-		echo $'Removed Apache installation after Dokuwiki install'
-	fi
-
-	if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
-		mkdir /var/www/$WIKI_DOMAIN_NAME
-	fi
-	if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
-		rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
-	fi
-
-	ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
-
-	mkdir /var/lib/dokuwiki/custom
-	cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
-	ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
-
-	chown www-data /var/lib/dokuwiki/custom
-	chown www-data /var/lib/dokuwiki/custom/local.php
-	chown -R www-data /etc/dokuwiki
-	chown -R www-data /usr/share/dokuwiki/lib/
-	chmod 600 /var/lib/dokuwiki/custom/local.php
-	chmod -R 755 /usr/share/dokuwiki/lib
-
-	sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
-	sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
-
-	sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php
-
-	# set the admin user
-	sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
-
-	# disallow registration of new users
-	if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
-		echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
-	fi
-	if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
-		echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
-	fi
-
-	if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
-		echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
-	fi
-	if ! grep -q "authtype" /etc/dokuwiki/local.php; then
-		echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
-	fi
-
-	function_check get_wiki_admin_password
-	get_wiki_admin_password
-	if [ ! $WIKI_ADMIN_PASSWORD ]; then
-		if [ -f $IMAGE_PASSWORD_FILE ]; then
-			WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-		else
-			WIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-		fi
-	fi
-	HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
-	echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
-	chmod 640 /var/lib/dokuwiki/acl/users.auth.php
-
-	if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
-		echo 'ogv     video/ogg' >> /etc/dokuwiki/mime.conf
-	fi
-	if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
-		echo 'mp4     video/mp4' >> /etc/dokuwiki/mime.conf
-	fi
-	if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
-		echo 'webm    video/webm' >> /etc/dokuwiki/mime.conf
-	fi
-
-	WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT})
-
-	if [[ $ONION_ONLY == "no" ]]; then
-		echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		function_check nginx_disable_sniffing
-		nginx_disable_sniffing $WIKI_DOMAIN_NAME
-		function_check nginx_limits
-		nginx_limits $WIKI_DOMAIN_NAME
-		echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		function_check nginx_limits
-		nginx_limits $WIKI_DOMAIN_NAME
-		function_check nginx_ssl
-		nginx_ssl $WIKI_DOMAIN_NAME
-		function_check nginx_disable_sniffing
-		nginx_disable_sniffing $WIKI_DOMAIN_NAME
-		echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # webmail' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location /webmail {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        rewrite ^/(.*) /webmail/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        rewrite ^/(.*) /webmail/installer/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	else
-		echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	fi
-	echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "    listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "    server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	function_check nginx_limits
-	nginx_limits $WIKI_DOMAIN_NAME
-	function_check nginx_disable_sniffing
-	nginx_disable_sniffing $WIKI_DOMAIN_NAME
-	echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-
-	function_check create_site_certificate
-	create_site_certificate $WIKI_DOMAIN_NAME
-
-	function_check configure_php
-	configure_php
-
-	nginx_ensite $WIKI_DOMAIN_NAME
-
-	systemctl restart php5-fpm
-	systemctl restart nginx
-
-	echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE
-
-	function_check add_ddns_domain
-	add_ddns_domain $WIKI_DOMAIN_NAME
-
-	# add some post-install instructions
-	if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then
-		echo '' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'Wiki' >> /home/$MY_USERNAME/README
-		echo '====' >> /home/$MY_USERNAME/README
-		echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
-		echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README
-		echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		echo "  rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
-		echo '' >> /home/$MY_USERNAME/README
-		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-		chmod 600 /home/$MY_USERNAME/README
-	fi
-
-	echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE
-	echo 'install_wiki' >> $COMPLETION_FILE
+    if grep -Fxq "install_wiki" $COMPLETION_FILE; then
+        return
+    fi
+    if [ ! $WIKI_DOMAIN_NAME ]; then
+        return
+    fi
+    apt-get -y install dokuwiki
+    apt-get -y remove --purge apache*
+    if [ -d /etc/apache2 ]; then
+        rm -rf /etc/apache2
+        echo $'Removed Apache installation after Dokuwiki install'
+    fi
+
+    if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
+        mkdir /var/www/$WIKI_DOMAIN_NAME
+    fi
+    if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
+        rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
+    fi
+
+    ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
+
+    mkdir /var/lib/dokuwiki/custom
+    cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
+    ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
+
+    chown www-data /var/lib/dokuwiki/custom
+    chown www-data /var/lib/dokuwiki/custom/local.php
+    chown -R www-data /etc/dokuwiki
+    chown -R www-data /usr/share/dokuwiki/lib/
+    chmod 600 /var/lib/dokuwiki/custom/local.php
+    chmod -R 755 /usr/share/dokuwiki/lib
+
+    sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
+    sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
+
+    sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php
+
+    # set the admin user
+    sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
+
+    # disallow registration of new users
+    if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
+        echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
+    fi
+    if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
+        echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
+    fi
+
+    if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
+        echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
+    fi
+    if ! grep -q "authtype" /etc/dokuwiki/local.php; then
+        echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
+    fi
+
+    function_check get_wiki_admin_password
+    get_wiki_admin_password
+    if [ ! $WIKI_ADMIN_PASSWORD ]; then
+        if [ -f $IMAGE_PASSWORD_FILE ]; then
+            WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+        else
+            WIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        fi
+    fi
+    HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
+    echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
+    chmod 640 /var/lib/dokuwiki/acl/users.auth.php
+
+    if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
+        echo 'ogv     video/ogg' >> /etc/dokuwiki/mime.conf
+    fi
+    if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
+        echo 'mp4     video/mp4' >> /etc/dokuwiki/mime.conf
+    fi
+    if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
+        echo 'webm    video/webm' >> /etc/dokuwiki/mime.conf
+    fi
+
+    WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT})
+
+    if [[ $ONION_ONLY == "no" ]]; then
+        echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        function_check nginx_disable_sniffing
+        nginx_disable_sniffing $WIKI_DOMAIN_NAME
+        function_check nginx_limits
+        nginx_limits $WIKI_DOMAIN_NAME
+        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        function_check nginx_limits
+        nginx_limits $WIKI_DOMAIN_NAME
+        function_check nginx_ssl
+        nginx_ssl $WIKI_DOMAIN_NAME
+        function_check nginx_disable_sniffing
+        nginx_disable_sniffing $WIKI_DOMAIN_NAME
+        echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # webmail' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location /webmail {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        rewrite ^/(.*) /webmail/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        rewrite ^/(.*) /webmail/installer/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    else
+        echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    fi
+    echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "    listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "    server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    function_check nginx_limits
+    nginx_limits $WIKI_DOMAIN_NAME
+    function_check nginx_disable_sniffing
+    nginx_disable_sniffing $WIKI_DOMAIN_NAME
+    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+    echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+
+    function_check create_site_certificate
+    create_site_certificate $WIKI_DOMAIN_NAME
+
+    function_check configure_php
+    configure_php
+
+    nginx_ensite $WIKI_DOMAIN_NAME
+
+    systemctl restart php5-fpm
+    systemctl restart nginx
+
+    echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE
+
+    function_check add_ddns_domain
+    add_ddns_domain $WIKI_DOMAIN_NAME
+
+    # add some post-install instructions
+    if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then
+        echo '' >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo $'Wiki' >> /home/$MY_USERNAME/README
+        echo '====' >> /home/$MY_USERNAME/README
+        echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+        echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README
+        echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        echo "  rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
+        echo '' >> /home/$MY_USERNAME/README
+        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+        chmod 600 /home/$MY_USERNAME/README
+    fi
+
+    echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE
+    echo 'install_wiki' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-xmpp

@@ -37,6 +37,10 @@ XMPP_PASSWORD=
 XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"'
 XMPP_ECC_CURVE='"secp384r1"'
 
+function change_password_xmpp {
+    echo -n ''
+}
+
 function reconfigure_xmpp {
     echo -n ''
 }

src/freedombone-app-zeronet

@@ -49,6 +49,10 @@ ZERONET_DEFAULT_MAIL_TAGLINE="Mail for the Mesh"
 ZERONET_ID_REPO="https://github.com/HelloZeroNet/ZeroID"
 ZERONET_ID_COMMIT='ccf14fdc96fa9cdb2ddd8a7ab283a8e17a4f234b'
 
+function change_password_zeronet {
+    echo -n ''
+}
+
 function reconfigure_zeronet {
     echo -n ''
 }

src/freedombone-tests

@@ -34,59 +34,59 @@ export TEXTDOMAIN=${PROJECT_NAME}-tests
 export TEXTDOMAINDIR="/usr/share/locale"
 
 function show_help {
-	echo ''
-	echo $"${PROJECT_NAME}-tests"
-	echo ''
-	echo $'Runs tests on the system'
-	echo ''
-	echo $'     --help                   Show help'
-	echo ''
-	exit 0
+    echo ''
+    echo $"${PROJECT_NAME}-tests"
+    echo ''
+    echo $'Runs tests on the system'
+    echo ''
+    echo $'     --help                   Show help'
+    echo ''
+    exit 0
 }
 
 function test_app_function_type {
-	filename=$1
-	fn_type=$2
-	app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
-	app_function=$(cat "${filename}" | grep "function ${fn_type}_${app_name} {" | awk -F "${fn_type}_" '{print $2}' | awk -F ' ' '{print $1}')
-	if [ ! ${app_function} ]; then
-		echo $"Application ${app_name} does not contain a function called '${fn_type}_${app_name}'"
-		echo ''
-		echo "See ${filename}"
-		exit 72852
-	fi
+    filename=$1
+    fn_type=$2
+    app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
+    app_function=$(cat "${filename}" | grep "function ${fn_type}_${app_name} {" | awk -F "${fn_type}_" '{print $2}' | awk -F ' ' '{print $1}')
+    if [ ! ${app_function} ]; then
+        echo $"Application ${app_name} does not contain a function called '${fn_type}_${app_name}'"
+        echo ''
+        echo "See ${filename}"
+        exit 72852
+    fi
 }
 
 function test_app_functions {
-	FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
 
-	# check that these functions exist
-	interface_functions=( install remove backup_local backup_remote restore_local restore_remote upgrade reconfigure )
+    # check that these functions exist
+    interface_functions=( install remove backup_local backup_remote restore_local restore_remote upgrade reconfigure change_password )
 
-	# for all the app scripts
-	for filename in $FILES
-	do
-		# for each expected interface function
-		for f in "${interface_functions[@]}"
-		do
-			test_app_function_type ${filename} $f
-		done
-	done
+    # for all the app scripts
+    for filename in $FILES
+    do
+        # for each expected interface function
+        for f in "${interface_functions[@]}"
+        do
+            test_app_function_type ${filename} $f
+        done
+    done
 }
 
 while [[ $# > 1 ]]
 do
-	key="$1"
+    key="$1"
 
-	case $key in
-		-h|--help)
-			show_help
-			;;
-		*)
-			# unknown option
-			;;
-	esac
-	shift
+    case $key in
+        -h|--help)
+            show_help
+            ;;
+        *)
+            # unknown option
+            ;;
+    esac
+    shift
 done
 
 echo $'Running tests'