Tidying

src/freedombone-app-batman

@@ -35,10 +35,10 @@ BATMAN_CELLID='any'
 
 function configure_firewall_for_batma {
     if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then
-	return
+		return
     fi
     if [[ $ENABLE_BATMAN != "yes" ]]; then
-	return
+		return
     fi
 
     function_check save_firewall_settings
@@ -72,13 +72,13 @@ function restore_remote_batman {
 
 function remove_batman {
     if ! grep -Fxq "install_batman" $COMPLETION_FILE; then
-	return
+		return
     fi
 
     ${PROJECT_NAME}-mesh-install -f batman --remove yes
     if [ ! "$?" = "0" ]; then
-	echo $'Failed to remove batman'
-	exit 79353
+		echo $'Failed to remove batman'
+		exit 79353
     fi
     sed -i '/install_batman/d' $COMPLETION_FILE
     sed -i '/configure_firewall_for_batman/d' $COMPLETION_FILE
@@ -90,15 +90,15 @@ function mesh_install_batman {
     chroot "$rootdir" apt-get -y install wireless-tools rfkill
 
     if ! grep -q "batman_adv" $rootdir/etc/modules; then
-	echo 'batman_adv' >> $rootdir/etc/modules
+		echo 'batman_adv' >> $rootdir/etc/modules
     fi
 
     BATMAN_SCRIPT=$rootdir/var/lib/batman
 
     if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
-	cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+		cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
     else
-	cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+		cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
     fi
 
     BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
@@ -124,32 +124,32 @@ function mesh_install_batman {
 
 function install_batman {
     if [ $INSTALLING_MESH ]; then
-	mesh_install_batman
-	return
+		mesh_install_batman
+		return
     fi
     if grep -Fxq "install_batman" $COMPLETION_FILE; then
-	return
+		return
     fi
     if [[ $ENABLE_BATMAN != "yes" ]]; then
-	return
+		return
     fi
 
     ${PROJECT_NAME}-mesh-install -f batman
     if [ ! "$?" = "0" ]; then
-	echo $'Failed to install batman'
-	exit 72524
+		echo $'Failed to install batman'
+		exit 72524
     fi
 
     if ! grep -q "Mesh Networking (B.A.T.M.A.N)" /home/$MY_USERNAME/README; then
-	echo '' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README
-	echo '=============================' >> /home/$MY_USERNAME/README
-	echo "Mesh ESSID: $WIFI_SSID" >> /home/$MY_USERNAME/README
-	echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README
-	echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README
-	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-	chmod 600 /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README
+		echo '=============================' >> /home/$MY_USERNAME/README
+		echo "Mesh ESSID: $WIFI_SSID" >> /home/$MY_USERNAME/README
+		echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README
+		echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README
+		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+		chmod 600 /home/$MY_USERNAME/README
     fi
 
     function_check configure_firewall_for_batman

src/freedombone-app-blog

@@ -39,481 +39,481 @@ MY_BLOG_TITLE="My Blog"
 MY_BLOG_SUBTITLE="Another ${PROJECT_NAME} Blog"
 
 function reconfigure_blog {
-    echo -n ''
+	echo -n ''
 }
 
 function upgrade_blog {
-    if ! grep -Fxq "install_blog" $COMPLETION_FILE; then
-	return
-    fi
-    function_check set_repo_commit
-    set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO
-
-    # update blog avatar
-    ${PROJECT_NAME}-blog
+	if ! grep -Fxq "install_blog" $COMPLETION_FILE; then
+		return
+	fi
+	function_check set_repo_commit
+	set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO
+
+	# update blog avatar
+	${PROJECT_NAME}-blog
 }
 
 function backup_local_blog {
-    FULLBLOG_DOMAIN_NAME='blog'
-    if grep -q "Blog domain" $COMPLETION_FILE; then
-	FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')
-    fi
+	FULLBLOG_DOMAIN_NAME='blog'
+	if grep -q "Blog domain" $COMPLETION_FILE; then
+		FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')
+	fi
 
-    source_directory=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
-	dest_directory=blog
-	echo $"Backing up $source_directory to $dest_directory"
+	source_directory=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs
+	if [ -d $source_directory ]; then
+		dest_directory=blog
+		echo $"Backing up $source_directory to $dest_directory"
 
-	function_check suspend_site
-	suspend_site ${FULLBLOG_DOMAIN_NAME}
+		function_check suspend_site
+		suspend_site ${FULLBLOG_DOMAIN_NAME}
 
-	function_check backup_directory_to_usb
-	backup_directory_to_usb $source_directory $dest_directory
+		function_check backup_directory_to_usb
+		backup_directory_to_usb $source_directory $dest_directory
 
-	function_check restart_site
-	restart_site
+		function_check restart_site
+		restart_site
 
-	echo $"Backup to $dest_directory complete"
-    fi
+		echo $"Backup to $dest_directory complete"
+	fi
 }
 
 function restore_local_blog {
-    FULLBLOG_DOMAIN_NAME='blog'
-    if grep -q "Blog domain" $COMPLETION_FILE; then
-	FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')
-    fi
-    if [ $FULLBLOG_DOMAIN_NAME ]; then
-	echo $"Restoring blog installation"
-	temp_restore_dir=/root/tempblog
-	restore_directory_from_usb $temp_restore_dir blog
-	rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs
-	cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/
-	if [ ! "$?" = "0" ]; then
-	    set_user_permissions
-	    backup_unmount_drive
-	    exit 593
-	fi
-	rm -rf $temp_restore_dir
-	if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then
-	    echo $"No content directory found after restoring blog"
-	    set_user_permissions
-	    backup_unmount_drive
-	    exit 287
+	FULLBLOG_DOMAIN_NAME='blog'
+	if grep -q "Blog domain" $COMPLETION_FILE; then
+		FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')
 	fi
-	chown -R www-data:www-data /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs
-	# Ensure that the bundled SSL cert is being used
-	if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then
-	    sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME}
-	fi
-	for d in /home/*/ ; do
-	    USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-	    if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
-		if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then
-		    mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post
+	if [ $FULLBLOG_DOMAIN_NAME ]; then
+		echo $"Restoring blog installation"
+		temp_restore_dir=/root/tempblog
+		restore_directory_from_usb $temp_restore_dir blog
+		rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs
+		cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/
+		if [ ! "$?" = "0" ]; then
+			set_user_permissions
+			backup_unmount_drive
+			exit 593
+		fi
+		rm -rf $temp_restore_dir
+		if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then
+			echo $"No content directory found after restoring blog"
+			set_user_permissions
+			backup_unmount_drive
+			exit 287
+		fi
+		chown -R www-data:www-data /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs
+		# Ensure that the bundled SSL cert is being used
+		if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then
+			sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME}
+		fi
+		for d in /home/*/ ; do
+			USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
+			if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
+				if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then
+					mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post
+				fi
+			fi
+		done
+		if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then
+			ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key
+			ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem
 		fi
-	    fi
-	done
-	if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then
-	    ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key
-	    ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem
 	fi
-    fi
 }
 
 function backup_remote_blog {
-    if grep -q "Blog domain" $COMPLETION_FILE; then
-	FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')
-	temp_backup_dir=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs
-	if [ -d $temp_backup_dir ]; then
-	    echo $"Backing up blog"
-	    backup_directory_to_friend $temp_backup_dir blog
-	    echo $"Backup of blog complete"
-	else
-	    echo $"Blog domain specified but not found in $temp_backup_dir"
-	    exit 2578
+	if grep -q "Blog domain" $COMPLETION_FILE; then
+		FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')
+		temp_backup_dir=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs
+		if [ -d $temp_backup_dir ]; then
+			echo $"Backing up blog"
+			backup_directory_to_friend $temp_backup_dir blog
+			echo $"Backup of blog complete"
+		else
+			echo $"Blog domain specified but not found in $temp_backup_dir"
+			exit 2578
+		fi
 	fi
-    fi
 }
 
 function restore_remote_blog {
-    if [ -d $SERVER_DIRECTORY/backup/blog ]; then
-	FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')
-	echo $"Restoring blog installation $FULLBLOG_DOMAIN_NAME"
-	temp_restore_dir=/root/tempblog
-	mkdir $temp_restore_dir
-	function_check restore_directory_from_friend
-	restore_directory_from_friend $temp_restore_dir blog
-	rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs
-	cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/
-	if [ ! "$?" = "0" ]; then
-	    exit 593
-	fi
-	rm -rf $temp_restore_dir
-	if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then
-	    echo $"No content directory found after restoring blog"
-	    exit 287
-	fi
-	# Ensure that the bundled SSL cert is being used
-	if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then
-	    sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME}
-	fi
-	for d in /home/*/ ; do
-	    USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-	    if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
-		if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then
-		    mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post
+	if [ -d $SERVER_DIRECTORY/backup/blog ]; then
+		FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')
+		echo $"Restoring blog installation $FULLBLOG_DOMAIN_NAME"
+		temp_restore_dir=/root/tempblog
+		mkdir $temp_restore_dir
+		function_check restore_directory_from_friend
+		restore_directory_from_friend $temp_restore_dir blog
+		rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs
+		cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/
+		if [ ! "$?" = "0" ]; then
+			exit 593
+		fi
+		rm -rf $temp_restore_dir
+		if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then
+			echo $"No content directory found after restoring blog"
+			exit 287
 		fi
-	    fi
-	done
-	if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then
-	    ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key
-	    ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem
+		# Ensure that the bundled SSL cert is being used
+		if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then
+			sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME}
+		fi
+		for d in /home/*/ ; do
+			USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
+			if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
+				if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then
+					mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post
+				fi
+			fi
+		done
+		if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then
+			ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key
+			ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem
+		fi
+		echo $"Restore of blog complete"
 	fi
-	echo $"Restore of blog complete"
-    fi
 }
 
 function remove_blog {
-    if ! grep -Fxq "install_blog" $COMPLETION_FILE; then
-	return
-    fi
-    if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then
-	rm -rf /var/www/$FULLBLOG_DOMAIN_NAME
-    fi
-    nginx_dissite $FULLBLOG_DOMAIN_NAME
-    if [ ! -f /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME ]; then
-	rm -rf /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    fi
-    if [ $FULLBLOG_CODE ]; then
-	if [ -f /usr/bin/dynamicdns ]; then
-	    sed -i "/$FULLBLOG_DOMAIN_NAME/d" /usr/bin/dynamicdns
-	    sed -i "/$FULLBLOG_CODE/d" /usr/bin/dynamicdns
+	if ! grep -Fxq "install_blog" $COMPLETION_FILE; then
+		return
+	fi
+	if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then
+		rm -rf /var/www/$FULLBLOG_DOMAIN_NAME
 	fi
-    fi
-    function_check remove_onion_service
-    remove_onion_service blog ${FULLBLOG_ONION_PORT}
-    sed -i '/install_blog/d' $COMPLETION_FILE
-    sed -i '/Blog .*/d' $COMPLETION_FILE
+	nginx_dissite $FULLBLOG_DOMAIN_NAME
+	if [ ! -f /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME ]; then
+		rm -rf /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	fi
+	if [ $FULLBLOG_CODE ]; then
+		if [ -f /usr/bin/dynamicdns ]; then
+			sed -i "/$FULLBLOG_DOMAIN_NAME/d" /usr/bin/dynamicdns
+			sed -i "/$FULLBLOG_CODE/d" /usr/bin/dynamicdns
+		fi
+	fi
+	function_check remove_onion_service
+	remove_onion_service blog ${FULLBLOG_ONION_PORT}
+	sed -i '/install_blog/d' $COMPLETION_FILE
+	sed -i '/Blog .*/d' $COMPLETION_FILE
 }
 
 function get_blog_admin_password {
-    if [ -f /home/$MY_USERNAME/README ]; then
-	if grep -q "Your blog password is" /home/$MY_USERNAME/README; then
-	    FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//')
+	if [ -f /home/$MY_USERNAME/README ]; then
+		if grep -q "Your blog password is" /home/$MY_USERNAME/README; then
+			FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//')
+		fi
 	fi
-    fi
 }
 
 function install_blog_social_networks {
-    # set social networks
-    if grep -q "social.hubzilla" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then
-	sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
-	sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
-    fi
-    if grep -q "social.gnusocial" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then
-	sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
-	sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROBLOG_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
-    fi
-
-    # clear proprietary social network strings
-    sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i 's|social.google.*|social.google = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+	# set social networks
+	if grep -q "social.hubzilla" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then
+		sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+		sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+	fi
+	if grep -q "social.gnusocial" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then
+		sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+		sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROBLOG_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+	fi
+
+	# clear proprietary social network strings
+	sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+	sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+	sed -i 's|social.google.*|social.google = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
 }
 
 function install_blog_user {
-    # create a user password
-    function_check get_blog_admin_password
-    get_blog_admin_password
-    if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then
-	if [ -f $IMAGE_PASSWORD_FILE ]; then
-	    FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-	else
-	    FULLBLOG_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+	# create a user password
+	function_check get_blog_admin_password
+	get_blog_admin_password
+	if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then
+		if [ -f $IMAGE_PASSWORD_FILE ]; then
+			FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+		else
+			FULLBLOG_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+		fi
+		echo '' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'HTMLy Blog' >> /home/$MY_USERNAME/README
+		echo '==========' >> /home/$MY_USERNAME/README
+		echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README
+		echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+		if [[ $ONION_ONLY == 'no' ]]; then
+			echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README
+		fi
+		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+		chmod 600 /home/$MY_USERNAME/README
 	fi
-	echo '' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'HTMLy Blog' >> /home/$MY_USERNAME/README
-	echo '==========' >> /home/$MY_USERNAME/README
-	echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README
-	echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
-	if [[ $ONION_ONLY == 'no' ]]; then
-	    echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README
+
+	# create a user
+	FULLBLOG_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$FULLBLOG_ADMIN_PASSWORD")
+	if [ ${#FULLBLOG_ADMIN_PASSWORD_HASH} -lt 8 ]; then
+		echo $'Blog admin password could not be hashed'
+		exit 625728
 	fi
-	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-	chmod 600 /home/$MY_USERNAME/README
-    fi
-
-    # create a user
-    FULLBLOG_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$FULLBLOG_ADMIN_PASSWORD")
-    if [ ${#FULLBLOG_ADMIN_PASSWORD_HASH} -lt 8 ]; then
-	echo $'Blog admin password could not be hashed'
-	exit 625728
-    fi
-    echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo "password = $FULLBLOG_ADMIN_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+	echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+	echo "password = $FULLBLOG_ADMIN_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+	echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+	echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+	echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
 }
 
 function install_blog_settings {
-    cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+	cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+	sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+	sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+	sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+	sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+	sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
 }
 
 function install_blog_website {
-    function_check nginx_http_redirect
-    nginx_http_redirect $FULLBLOG_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "    root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "    server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "    error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    function_check nginx_limits
-    nginx_limits $FULLBLOG_DOMAIN_NAME
-    function_check nginx_ssl
-    nginx_ssl $FULLBLOG_DOMAIN_NAME
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	function_check nginx_http_redirect
+	nginx_http_redirect $FULLBLOG_DOMAIN_NAME
+	echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "    root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "    server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "    error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	function_check nginx_limits
+	nginx_limits $FULLBLOG_DOMAIN_NAME
+	function_check nginx_ssl
+	nginx_ssl $FULLBLOG_DOMAIN_NAME
+	function_check nginx_disable_sniffing
+	nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
+	echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '      deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '      deny  all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
 }
 
 function install_blog_website_onion {
-    echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "    root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "    server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "    error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    function_check nginx_limits
-    nginx_limits $FULLBLOG_DOMAIN_NAME
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "    listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "    root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "    server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "    error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	function_check nginx_limits
+	nginx_limits $FULLBLOG_DOMAIN_NAME
+	function_check nginx_disable_sniffing
+	nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
+	echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '      deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '      deny  all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
 }
 
 function install_blog_from_repo {
-    if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then
-	mkdir /var/www/$FULLBLOG_DOMAIN_NAME
-    fi
-
-    cd /var/www/$FULLBLOG_DOMAIN_NAME
-    git_clone $FULLBLOG_REPO htdocs
-    cd htdocs
-    git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT
-    if ! grep -q "Blog commit" $COMPLETION_FILE; then
-	echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE
-    else
-	sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE
-    fi
+	if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then
+		mkdir /var/www/$FULLBLOG_DOMAIN_NAME
+	fi
+
+	cd /var/www/$FULLBLOG_DOMAIN_NAME
+	git_clone $FULLBLOG_REPO htdocs
+	cd htdocs
+	git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT
+	if ! grep -q "Blog commit" $COMPLETION_FILE; then
+		echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE
+	else
+		sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE
+	fi
 }
 
 function install_blog {
-    if [ ! $FULLBLOG_DOMAIN_NAME ]; then
-	echo $'The blog domain name was not specified'
-	exit 5062
-    fi
+	if [ ! $FULLBLOG_DOMAIN_NAME ]; then
+		echo $'The blog domain name was not specified'
+		exit 5062
+	fi
 
-    if grep -Fxq "install_blog" $COMPLETION_FILE; then
-	return
-    fi
+	if grep -Fxq "install_blog" $COMPLETION_FILE; then
+		return
+	fi
 
-    # for the avatar changing command
-    apt-get -y install imagemagick
+	# for the avatar changing command
+	apt-get -y install imagemagick
 
-    function_check install_blog_from_repo
-    install_blog_from_repo
+	function_check install_blog_from_repo
+	install_blog_from_repo
 
-    if [[ $ONION_ONLY == "no" ]]; then
-	function_check install_blog_website
-	install_blog_website
-    else
-	echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
-    fi
-    function_check install_blog_website_onion
-    install_blog_website_onion
+	if [[ $ONION_ONLY == "no" ]]; then
+		function_check install_blog_website
+		install_blog_website
+	else
+		echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+	fi
+	function_check install_blog_website_onion
+	install_blog_website_onion
 
-    function_check create_site_certificate
-    create_site_certificate $FULLBLOG_DOMAIN_NAME 'yes'
+	function_check create_site_certificate
+	create_site_certificate $FULLBLOG_DOMAIN_NAME 'yes'
 
-    function_check configure_php
-    configure_php
+	function_check configure_php
+	configure_php
 
-    function_check install_blog_settings
-    install_blog_settings
+	function_check install_blog_settings
+	install_blog_settings
 
-    function_check install_blog_social_networks
-    install_blog_social_networks
+	function_check install_blog_social_networks
+	install_blog_social_networks
 
-    function_check install_blog_user
-    install_blog_user
+	function_check install_blog_user
+	install_blog_user
 
-    chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
+	chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
 
-    FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT})
+	FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT})
 
-    function_check nginx_ensite
-    nginx_ensite $FULLBLOG_DOMAIN_NAME
+	function_check nginx_ensite
+	nginx_ensite $FULLBLOG_DOMAIN_NAME
 
-    systemctl restart php5-fpm
-    systemctl restart nginx
+	systemctl restart php5-fpm
+	systemctl restart nginx
 
-    if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then
-	echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
-	echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-	chmod 600 /home/$MY_USERNAME/README
-    fi
-    echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
+	if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then
+		echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+		echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+		chmod 600 /home/$MY_USERNAME/README
+	fi
+	echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
 
-    function_check add_ddns_domain
-    add_ddns_domain $FULLBLOG_DOMAIN_NAME
+	function_check add_ddns_domain
+	add_ddns_domain $FULLBLOG_DOMAIN_NAME
 
-    if ! grep -q "Blog domain:" $COMPLETION_FILE; then
-	echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
-    fi
+	if ! grep -q "Blog domain:" $COMPLETION_FILE; then
+		echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
+	fi
 
-    echo 'install_blog' >> $COMPLETION_FILE
+	echo 'install_blog' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-cjdns

@@ -42,498 +42,498 @@ CJDCMD_REPO="https://github.com/inhies/cjdcmd"
 CJDCMD_COMMIT='973cca6ed0eecf9041c3403a40193c0b1291b808'
 
 function reconfigure_cjdns {
-    echo -n ''
+	echo -n ''
 }
 
 function upgrade_cjdns {
-    if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then
-	return
-    fi
-    function_check set_repo_commit
-    set_repo_commit /etc/cjdns "cjdns commit" "$CJDNS_COMMIT" $CJDNS_REPO
+	if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then
+		return
+	fi
+	function_check set_repo_commit
+	set_repo_commit /etc/cjdns "cjdns commit" "$CJDNS_COMMIT" $CJDNS_REPO
 }
 
 function configure_firewall_for_cjdns {
-    if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
-	return
-    fi
-    if [[ $ENABLE_CJDNS != "yes" ]]; then
-	return
-    fi
-    ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
-    ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-    ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
-    ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
-
-    function_check save_firewall_settings
-    save_firewall_settings
-    echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
+	if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
+		return
+	fi
+	if [[ $ENABLE_CJDNS != "yes" ]]; then
+		return
+	fi
+	ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
+	ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+	ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
+	ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
+
+	function_check save_firewall_settings
+	save_firewall_settings
+	echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
 }
 
 function get_cjdns_public_key {
-    if [ -f /home/$MY_USERNAME/README ]; then
-	if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
-	    if [ ! $CJDNS_PUBLIC_KEY ]; then
-		CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//')
-	    fi
+	if [ -f /home/$MY_USERNAME/README ]; then
+		if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
+			if [ ! $CJDNS_PUBLIC_KEY ]; then
+				CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//')
+			fi
+		fi
 	fi
-    fi
 }
 
 function get_cjdns_private_key {
-    if [ -f /home/$MY_USERNAME/README ]; then
-	if grep -q "cjdns private key" /home/$MY_USERNAME/README; then
-	    if [ ! $CJDNS_PRIVATE_KEY ]; then
-		CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//')
-	    fi
+	if [ -f /home/$MY_USERNAME/README ]; then
+		if grep -q "cjdns private key" /home/$MY_USERNAME/README; then
+			if [ ! $CJDNS_PRIVATE_KEY ]; then
+				CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//')
+			fi
+		fi
 	fi
-    fi
 }
 
 function get_cjdns_ipv6_address {
-    if [ -f /home/$MY_USERNAME/README ]; then
-	if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then
-	    if [ ! $CJDNS_IPV6 ]; then
-		CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//')
-	    fi
+	if [ -f /home/$MY_USERNAME/README ]; then
+		if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then
+			if [ ! $CJDNS_IPV6 ]; then
+				CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//')
+			fi
+		fi
 	fi
-    fi
 }
 
 function get_cjdns_port {
-    if [ -f /home/$MY_USERNAME/README ]; then
-	if grep -q "cjdns port" /home/$MY_USERNAME/README; then
-	    if [ ! $CJDNS_PORT ]; then
-		CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//')
-	    fi
+	if [ -f /home/$MY_USERNAME/README ]; then
+		if grep -q "cjdns port" /home/$MY_USERNAME/README; then
+			if [ ! $CJDNS_PORT ]; then
+				CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//')
+			fi
+		fi
 	fi
-    fi
 }
 
 function get_cjdns_password {
-    if [ -f /home/$MY_USERNAME/README ]; then
-	if grep -q "cjdns password" /home/$MY_USERNAME/README; then
-	    if [ ! $CJDNS_PASSWORD ]; then
-		CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
-	    fi
+	if [ -f /home/$MY_USERNAME/README ]; then
+		if grep -q "cjdns password" /home/$MY_USERNAME/README; then
+			if [ ! $CJDNS_PASSWORD ]; then
+				CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+			fi
+		fi
 	fi
-    fi
 }
 
 function backup_local_cjdns {
-    echo -n ''
+	echo -n ''
 }
 
 function restore_local_cjdns {
-    if [ -d $USB_MOUNT/backup/cjdns ]; then
-	echo $"Restoring cjdns installation"
-	temp_restore_dir=/root/tempcjdns
-	function_check restore_directory_from_usb
-	restore_directory_from_usb $temp_restore_dir cjdns
-	rm -rf /etc/cjdns
-	cp -r $temp_restore_dir/etc/cjdns /etc/
-	if [ ! "$?" = "0" ]; then
-	    function_check set_user_permissions
-	    set_user_permissions
-	    function_check backup_unmount_drive
-	    backup_unmount_drive
-	    exit 8472
-	fi
-	rm -rf $temp_restore_dir
-    fi
+	if [ -d $USB_MOUNT/backup/cjdns ]; then
+		echo $"Restoring cjdns installation"
+		temp_restore_dir=/root/tempcjdns
+		function_check restore_directory_from_usb
+		restore_directory_from_usb $temp_restore_dir cjdns
+		rm -rf /etc/cjdns
+		cp -r $temp_restore_dir/etc/cjdns /etc/
+		if [ ! "$?" = "0" ]; then
+			function_check set_user_permissions
+			set_user_permissions
+			function_check backup_unmount_drive
+			backup_unmount_drive
+			exit 8472
+		fi
+		rm -rf $temp_restore_dir
+	fi
 }
 
 function backup_remote_cjdns {
-    echo -n ''
+	echo -n ''
 }
 
 function restore_remote_cjdns {
-    if [ -d $SERVER_DIRECTORY/backup/cjdns ]; then
-	echo $"Restoring cjdns installation"
-	temp_restore_dir=/root/tempcjdns
-	function_check restore_directory_from_friend
-	restore_directory_from_friend $temp_restore_dir cjdns
-	rm -rf /etc/cjdns
-	cp -r $temp_restore_dir/etc/cjdns /etc/
-	if [ ! "$?" = "0" ]; then
-	    exit 7438
+	if [ -d $SERVER_DIRECTORY/backup/cjdns ]; then
+		echo $"Restoring cjdns installation"
+		temp_restore_dir=/root/tempcjdns
+		function_check restore_directory_from_friend
+		restore_directory_from_friend $temp_restore_dir cjdns
+		rm -rf /etc/cjdns
+		cp -r $temp_restore_dir/etc/cjdns /etc/
+		if [ ! "$?" = "0" ]; then
+			exit 7438
+		fi
+		rm -rf $temp_restore_dir
 	fi
-	rm -rf $temp_restore_dir
-    fi
 }
 
 function remove_cjdns {
-    if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then
-	return
-    fi
-    service cjdns stop
-    ip6tables -D nat -D POSTROUTING -o tun0 -j MASQUERADE
-    ip6tables -D FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-    ip6tables -D INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
-    ip6tables -D INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-
-    rm -rf /etc/cjdns
-    sed -i '/install_cjdns/d' $COMPLETION_FILE
-    sed -i '/cjdns /d' $COMPLETION_FILE
-    sed -i '/configure_firewall_for_cjdns/d' $COMPLETION_FILE
+	if ! grep -Fxq "install_cjdns" $COMPLETION_FILE; then
+		return
+	fi
+	service cjdns stop
+	ip6tables -D nat -D POSTROUTING -o tun0 -j MASQUERADE
+	ip6tables -D FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+	ip6tables -D INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
+	ip6tables -D INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
+
+	rm -rf /etc/cjdns
+	sed -i '/install_cjdns/d' $COMPLETION_FILE
+	sed -i '/cjdns /d' $COMPLETION_FILE
+	sed -i '/configure_firewall_for_cjdns/d' $COMPLETION_FILE
 }
 
 function install_cjdns_main {
-    if [[ $ENABLE_CJDNS != "yes" ]]; then
-	return
-    fi
+	if [[ $ENABLE_CJDNS != "yes" ]]; then
+		return
+	fi
+
+	if grep -Fxq "install_cjdns_main" $COMPLETION_FILE; then
+		return
+	fi
 
-    if grep -Fxq "install_cjdns_main" $COMPLETION_FILE; then
-	return
-    fi
+	apt-get -y install nodejs git build-essential nmap
 
-    apt-get -y install nodejs git build-essential nmap
+	# if a README exists then obtain the cjdns parameters
+	function_check get_cjdns_ipv6_address
+	get_cjdns_ipv6_address
 
-    # if a README exists then obtain the cjdns parameters
-    function_check get_cjdns_ipv6_address
-    get_cjdns_ipv6_address
+	function_check get_cjdns_public_key
+	get_cjdns_public_key
 
-    function_check get_cjdns_public_key
-    get_cjdns_public_key
+	function_check get_cjdns_private_key
+	get_cjdns_private_key
 
-    function_check get_cjdns_private_key
-    get_cjdns_private_key
+	function_check get_cjdns_port
+	get_cjdns_port
 
-    function_check get_cjdns_port
-    get_cjdns_port
+	function_check get_cjdns_password
+	get_cjdns_password
 
-    function_check get_cjdns_password
-    get_cjdns_password
+	# special compile settings for running ./do on the Beaglebone Black
+	if [[ $INSTALLING_ON_BBB == "yes" ]]; then
+		CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized"
+		export LDFLAGS="$CFLAGS"
+	fi
 
-    # special compile settings for running ./do on the Beaglebone Black
-    if [[ $INSTALLING_ON_BBB == "yes" ]]; then
-	CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized"
-	export LDFLAGS="$CFLAGS"
-    fi
+	if [ ! -d /etc/cjdns ]; then
+		function_check git_pull
+		git_clone $CJDNS_REPO /etc/cjdns
+		cd /etc/cjdns
+
+		git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT
+		if ! grep -q "cjdns commit" $COMPLETION_FILE; then
+			echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE
+		else
+			sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
+		fi
+
+		./do
+		if [ ! "$?" = "0" ]; then
+			exit 7439
+		fi
+		# create a configuration
+		if [ ! -f /etc/cjdns/cjdroute.conf ]; then
+			./cjdroute --genconf > /etc/cjdns/cjdroute.conf
+			if [ ! "$?" = "0" ]; then
+				exit 5922
+			fi
+		fi
+		# create a user to run as
+		useradd cjdns
+	else
+		cd /etc/cjdns
+		function_check git_pull
+		git_pull $CJDNS_REPO
+		./do
+		if [ ! "$?" = "0" ]; then
+			exit 9926
+		fi
+	fi
 
-    if [ ! -d /etc/cjdns ]; then
-	function_check git_pull
-	git_clone $CJDNS_REPO /etc/cjdns
-	cd /etc/cjdns
+	# set permissions
+	chown -R cjdns:cjdns /etc/cjdns
+	chmod 600 /etc/cjdns/cjdroute.conf
 
-	git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT
-	if ! grep -q "cjdns commit" $COMPLETION_FILE; then
-	    echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE
+	/sbin/ip tuntap add mode tun user cjdns dev cjdroute0
+
+	# insert values into the configuration file
+	if [ $CJDNS_PRIVATE_KEY ]; then
+		sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf
+	else
+		CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p)
+	fi
+	if [ $CJDNS_PUBLIC_KEY ]; then
+		sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf
+	else
+		CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p)
+	fi
+	if [ $CJDNS_IPV6 ]; then
+		sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf
+	else
+		CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p)
+	fi
+	if [ $CJDNS_PASSWORD ]; then
+		sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf
+	else
+		CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p)
+	fi
+	if [ $CJDNS_PORT ]; then
+		sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf
 	else
-	    sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
+		CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p)
 	fi
 
-	./do
+	function_check enable_ipv6
+	enable_ipv6
+
+	echo '#!/bin/sh -e' > /etc/init.d/cjdns
+	echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns
+	echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns
+	echo '# Provides:          cjdroute' >> /etc/init.d/cjdns
+	echo '# Required-Start:    $remote_fs $network' >> /etc/init.d/cjdns
+	echo '# Required-Stop:     $remote_fs $network' >> /etc/init.d/cjdns
+	echo '# Default-Start:     2 3 4 5' >> /etc/init.d/cjdns
+	echo '# Default-Stop:      0 1 6' >> /etc/init.d/cjdns
+	echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns
+	echo '# Description:       A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns
+	echo '# cjdns git repo:    https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns
+	echo '### END INIT INFO' >> /etc/init.d/cjdns
+	echo '' >> /etc/init.d/cjdns
+	echo 'PROG="cjdroute"' >> /etc/init.d/cjdns
+	echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
+	echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
+	echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns
+	echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns
+	echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns
+	echo '' >> /etc/init.d/cjdns
+	echo 'start() {' >> /etc/init.d/cjdns
+	echo '     # Start it up with the user cjdns' >> /etc/init.d/cjdns
+	echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
+	echo '     then' >> /etc/init.d/cjdns
+	echo '         echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns
+	echo '     else' >> /etc/init.d/cjdns
+	echo '         echo " * Starting cjdroute"' >> /etc/init.d/cjdns
+	echo '         su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns
+	echo '         /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns
+	echo '         /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns
+	echo '         /sbin/ip link set tun0 up' >> /etc/init.d/cjdns
+	echo '         /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns
+	echo '     fi' >> /etc/init.d/cjdns
+	echo '}' >> /etc/init.d/cjdns
+	echo '' >> /etc/init.d/cjdns
+	echo 'stop() {' >> /etc/init.d/cjdns
+	echo '' >> /etc/init.d/cjdns
+	echo '     if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns
+	echo '     then' >> /etc/init.d/cjdns
+	echo '         echo "cjdns isnt running."' >> /etc/init.d/cjdns
+	echo '     else' >> /etc/init.d/cjdns
+	echo '         echo "Killing cjdroute"' >> /etc/init.d/cjdns
+	echo '         killall cjdroute' >> /etc/init.d/cjdns
+	echo '     fi' >> /etc/init.d/cjdns
+	echo '}' >> /etc/init.d/cjdns
+	echo '' >> /etc/init.d/cjdns
+	echo 'status() {' >> /etc/init.d/cjdns
+	echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
+	echo '     then' >> /etc/init.d/cjdns
+	echo '         echo "Cjdns is running"' >> /etc/init.d/cjdns
+	echo '     else' >> /etc/init.d/cjdns
+	echo '         echo "Cjdns is not running"' >> /etc/init.d/cjdns
+	echo '     fi' >> /etc/init.d/cjdns
+	echo '}' >> /etc/init.d/cjdns
+	echo '' >> /etc/init.d/cjdns
+	echo ' update() {' >> /etc/init.d/cjdns
+	echo '     cd $GIT_PATH' >> /etc/init.d/cjdns
+	echo '     echo "Updating..."' >> /etc/init.d/cjdns
+	echo '     git pull' >> /etc/init.d/cjdns
+	echo '     ./do' >> /etc/init.d/cjdns
+	echo '}' >> /etc/init.d/cjdns
+	echo '' >> /etc/init.d/cjdns
+	echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns
+	echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns
+	echo '    echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns
+	echo '    exit 1' >> /etc/init.d/cjdns
+	echo 'fi' >> /etc/init.d/cjdns
+	echo '' >> /etc/init.d/cjdns
+	echo 'case $1 in' >> /etc/init.d/cjdns
+	echo '     start)' >> /etc/init.d/cjdns
+	echo '         start' >> /etc/init.d/cjdns
+	echo '         exit 0' >> /etc/init.d/cjdns
+	echo '     ;;' >> /etc/init.d/cjdns
+	echo '     stop)' >> /etc/init.d/cjdns
+	echo '         stop' >> /etc/init.d/cjdns
+	echo '         exit 0' >> /etc/init.d/cjdns
+	echo '     ;;' >> /etc/init.d/cjdns
+	echo '     reload|restart|force-reload)' >> /etc/init.d/cjdns
+	echo '         stop' >> /etc/init.d/cjdns
+	echo '         sleep 1' >> /etc/init.d/cjdns
+	echo '         start' >> /etc/init.d/cjdns
+	echo '         exit 0' >> /etc/init.d/cjdns
+	echo '     ;;' >> /etc/init.d/cjdns
+	echo '     status)' >> /etc/init.d/cjdns
+	echo '         status' >> /etc/init.d/cjdns
+	echo '         exit 0' >> /etc/init.d/cjdns
+	echo '     ;;' >> /etc/init.d/cjdns
+	echo '     update|upgrade)' >> /etc/init.d/cjdns
+	echo '         update' >> /etc/init.d/cjdns
+	echo '         stop' >> /etc/init.d/cjdns
+	echo '         sleep 2' >> /etc/init.d/cjdns
+	echo '         start' >> /etc/init.d/cjdns
+	echo '         exit 0' >> /etc/init.d/cjdns
+	echo '     ;;' >> /etc/init.d/cjdns
+	echo '     **)' >> /etc/init.d/cjdns
+	echo '         echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns
+	echo '         exit 1' >> /etc/init.d/cjdns
+	echo '     ;;' >> /etc/init.d/cjdns
+	echo 'esac' >> /etc/init.d/cjdns
+	chmod +x /etc/init.d/cjdns
+	update-rc.d cjdns defaults
+	service cjdns start
 	if [ ! "$?" = "0" ]; then
-	    exit 7439
-	fi
-	# create a configuration
-	if [ ! -f /etc/cjdns/cjdroute.conf ]; then
-	    ./cjdroute --genconf > /etc/cjdns/cjdroute.conf
-	    if [ ! "$?" = "0" ]; then
-		exit 5922
-	    fi
-	fi
-	# create a user to run as
-	useradd cjdns
-    else
-	cd /etc/cjdns
-	function_check git_pull
-	git_pull $CJDNS_REPO
-	./do
-	if [ ! "$?" = "0" ]; then
-	    exit 9926
-	fi
-    fi
-
-    # set permissions
-    chown -R cjdns:cjdns /etc/cjdns
-    chmod 600 /etc/cjdns/cjdroute.conf
-
-    /sbin/ip tuntap add mode tun user cjdns dev cjdroute0
-
-    # insert values into the configuration file
-    if [ $CJDNS_PRIVATE_KEY ]; then
-	sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf
-    else
-	CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p)
-    fi
-    if [ $CJDNS_PUBLIC_KEY ]; then
-	sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf
-    else
-	CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p)
-    fi
-    if [ $CJDNS_IPV6 ]; then
-	sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf
-    else
-	CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p)
-    fi
-    if [ $CJDNS_PASSWORD ]; then
-	sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf
-    else
-	CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p)
-    fi
-    if [ $CJDNS_PORT ]; then
-	sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf
-    else
-	CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p)
-    fi
-
-    function_check enable_ipv6
-    enable_ipv6
-
-    echo '#!/bin/sh -e' > /etc/init.d/cjdns
-    echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns
-    echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns
-    echo '# Provides:          cjdroute' >> /etc/init.d/cjdns
-    echo '# Required-Start:    $remote_fs $network' >> /etc/init.d/cjdns
-    echo '# Required-Stop:     $remote_fs $network' >> /etc/init.d/cjdns
-    echo '# Default-Start:     2 3 4 5' >> /etc/init.d/cjdns
-    echo '# Default-Stop:      0 1 6' >> /etc/init.d/cjdns
-    echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns
-    echo '# Description:       A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns
-    echo '# cjdns git repo:    https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns
-    echo '### END INIT INFO' >> /etc/init.d/cjdns
-    echo '' >> /etc/init.d/cjdns
-    echo 'PROG="cjdroute"' >> /etc/init.d/cjdns
-    echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
-    echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
-    echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns
-    echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns
-    echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns
-    echo '' >> /etc/init.d/cjdns
-    echo 'start() {' >> /etc/init.d/cjdns
-    echo '     # Start it up with the user cjdns' >> /etc/init.d/cjdns
-    echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
-    echo '     then' >> /etc/init.d/cjdns
-    echo '         echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns
-    echo '     else' >> /etc/init.d/cjdns
-    echo '         echo " * Starting cjdroute"' >> /etc/init.d/cjdns
-    echo '         su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns
-    echo '         /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns
-    echo '         /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns
-    echo '         /sbin/ip link set tun0 up' >> /etc/init.d/cjdns
-    echo '         /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns
-    echo '     fi' >> /etc/init.d/cjdns
-    echo '}' >> /etc/init.d/cjdns
-    echo '' >> /etc/init.d/cjdns
-    echo 'stop() {' >> /etc/init.d/cjdns
-    echo '' >> /etc/init.d/cjdns
-    echo '     if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns
-    echo '     then' >> /etc/init.d/cjdns
-    echo '         echo "cjdns isnt running."' >> /etc/init.d/cjdns
-    echo '     else' >> /etc/init.d/cjdns
-    echo '         echo "Killing cjdroute"' >> /etc/init.d/cjdns
-    echo '         killall cjdroute' >> /etc/init.d/cjdns
-    echo '     fi' >> /etc/init.d/cjdns
-    echo '}' >> /etc/init.d/cjdns
-    echo '' >> /etc/init.d/cjdns
-    echo 'status() {' >> /etc/init.d/cjdns
-    echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
-    echo '     then' >> /etc/init.d/cjdns
-    echo '         echo "Cjdns is running"' >> /etc/init.d/cjdns
-    echo '     else' >> /etc/init.d/cjdns
-    echo '         echo "Cjdns is not running"' >> /etc/init.d/cjdns
-    echo '     fi' >> /etc/init.d/cjdns
-    echo '}' >> /etc/init.d/cjdns
-    echo '' >> /etc/init.d/cjdns
-    echo ' update() {' >> /etc/init.d/cjdns
-    echo '     cd $GIT_PATH' >> /etc/init.d/cjdns
-    echo '     echo "Updating..."' >> /etc/init.d/cjdns
-    echo '     git pull' >> /etc/init.d/cjdns
-    echo '     ./do' >> /etc/init.d/cjdns
-    echo '}' >> /etc/init.d/cjdns
-    echo '' >> /etc/init.d/cjdns
-    echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns
-    echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns
-    echo '    echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns
-    echo '    exit 1' >> /etc/init.d/cjdns
-    echo 'fi' >> /etc/init.d/cjdns
-    echo '' >> /etc/init.d/cjdns
-    echo 'case $1 in' >> /etc/init.d/cjdns
-    echo '     start)' >> /etc/init.d/cjdns
-    echo '         start' >> /etc/init.d/cjdns
-    echo '         exit 0' >> /etc/init.d/cjdns
-    echo '     ;;' >> /etc/init.d/cjdns
-    echo '     stop)' >> /etc/init.d/cjdns
-    echo '         stop' >> /etc/init.d/cjdns
-    echo '         exit 0' >> /etc/init.d/cjdns
-    echo '     ;;' >> /etc/init.d/cjdns
-    echo '     reload|restart|force-reload)' >> /etc/init.d/cjdns
-    echo '         stop' >> /etc/init.d/cjdns
-    echo '         sleep 1' >> /etc/init.d/cjdns
-    echo '         start' >> /etc/init.d/cjdns
-    echo '         exit 0' >> /etc/init.d/cjdns
-    echo '     ;;' >> /etc/init.d/cjdns
-    echo '     status)' >> /etc/init.d/cjdns
-    echo '         status' >> /etc/init.d/cjdns
-    echo '         exit 0' >> /etc/init.d/cjdns
-    echo '     ;;' >> /etc/init.d/cjdns
-    echo '     update|upgrade)' >> /etc/init.d/cjdns
-    echo '         update' >> /etc/init.d/cjdns
-    echo '         stop' >> /etc/init.d/cjdns
-    echo '         sleep 2' >> /etc/init.d/cjdns
-    echo '         start' >> /etc/init.d/cjdns
-    echo '         exit 0' >> /etc/init.d/cjdns
-    echo '     ;;' >> /etc/init.d/cjdns
-    echo '     **)' >> /etc/init.d/cjdns
-    echo '         echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns
-    echo '         exit 1' >> /etc/init.d/cjdns
-    echo '     ;;' >> /etc/init.d/cjdns
-    echo 'esac' >> /etc/init.d/cjdns
-    chmod +x /etc/init.d/cjdns
-    update-rc.d cjdns defaults
-    service cjdns start
-    if [ ! "$?" = "0" ]; then
-	systemctl status cjdns.service
-	exit 8260
-    fi
-
-    apt-get -y install radvd
-    echo 'interface eth0' > /etc/radvd.conf
-    echo '{' >> /etc/radvd.conf
-    echo '    AdvSendAdvert on;' >> /etc/radvd.conf
-    echo '    prefix fdfc::1/64' >> /etc/radvd.conf
-    echo '    {' >> /etc/radvd.conf
-    echo '        AdvRouterAddr on;' >> /etc/radvd.conf
-    echo '    };' >> /etc/radvd.conf
-    echo '};' >> /etc/radvd.conf
-    systemctl restart radvd
-    if [ ! "$?" = "0" ]; then
-	systemctl status radvd.service
-	exit 4395
-    fi
-
-    if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then
-	echo '' >> /etc/network/interfaces
-	echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces
-	echo 'iface eth0 inet6 static' >> /etc/network/interfaces
-	echo '    pre-up modprobe ipv6' >> /etc/network/interfaces
-	echo '    address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces
-	echo '    netmask 64' >> /etc/network/interfaces
-	service network-manager restart
+		systemctl status cjdns.service
+		exit 8260
+	fi
+
+	apt-get -y install radvd
+	echo 'interface eth0' > /etc/radvd.conf
+	echo '{' >> /etc/radvd.conf
+	echo '    AdvSendAdvert on;' >> /etc/radvd.conf
+	echo '    prefix fdfc::1/64' >> /etc/radvd.conf
+	echo '    {' >> /etc/radvd.conf
+	echo '        AdvRouterAddr on;' >> /etc/radvd.conf
+	echo '    };' >> /etc/radvd.conf
+	echo '};' >> /etc/radvd.conf
+	systemctl restart radvd
 	if [ ! "$?" = "0" ]; then
-	    systemctl status networking.service
-	    exit 6949
-	fi
-    fi
-
-    if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
-	CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}')
-
-	echo '' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README
-	echo '=======================' >> /home/$MY_USERNAME/README
-	echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README
-	echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README
-	echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README
-	echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README
-	echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README
-	echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README
-	echo $'to you using your default password' >> /home/$MY_USERNAME/README
-	echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README
-	echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README
-	echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README
-	echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README
-	echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README
-	echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README
-	echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README
-	echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README
-	echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README
-	echo $'each password is for.' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README
-	echo '    http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README
-	echo '    http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README
-	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-	chmod 600 /home/$MY_USERNAME/README
-    fi
-
-    function_check configure_firewall_for_cjdns
-    configure_firewall_for_cjdns
-
-    echo 'install_cjdns_main' >> $COMPLETION_FILE
+		systemctl status radvd.service
+		exit 4395
+	fi
+
+	if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then
+		echo '' >> /etc/network/interfaces
+		echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces
+		echo 'iface eth0 inet6 static' >> /etc/network/interfaces
+		echo '    pre-up modprobe ipv6' >> /etc/network/interfaces
+		echo '    address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces
+		echo '    netmask 64' >> /etc/network/interfaces
+		service network-manager restart
+		if [ ! "$?" = "0" ]; then
+			systemctl status networking.service
+			exit 6949
+		fi
+	fi
+
+	if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
+		CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}')
+
+		echo '' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README
+		echo '=======================' >> /home/$MY_USERNAME/README
+		echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README
+		echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README
+		echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README
+		echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README
+		echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README
+		echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README
+		echo $'to you using your default password' >> /home/$MY_USERNAME/README
+		echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README
+		echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README
+		echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README
+		echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README
+		echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README
+		echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README
+		echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README
+		echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README
+		echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README
+		echo $'each password is for.' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README
+		echo '    http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README
+		echo '    http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README
+		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+		chmod 600 /home/$MY_USERNAME/README
+	fi
+
+	function_check configure_firewall_for_cjdns
+	configure_firewall_for_cjdns
+
+	echo 'install_cjdns_main' >> $COMPLETION_FILE
 }
 
 function install_cjdns_tools {
-    if grep -Fxq "install_cjdns_tools" $COMPLETION_FILE; then
-	return
-    fi
-    if [[ $ENABLE_CJDNS != "yes" ]]; then
-	return
-    fi
-    if [ ! -d /etc/cjdns ]; then
-	install_cjdns
-    fi
-
-    function_check select_go_version
-    select_go_version
-
-    apt-get -y install golang mercurial
-    if [ ! -f ~/.bashrc ]; then
-	touch ~/.bashrc
-    fi
-
-    if [ ! -d /home/git ]; then
-	# add a gogs user account
-	adduser --disabled-login --gecos 'Gogs' git
-
-	# install Go
+	if grep -Fxq "install_cjdns_tools" $COMPLETION_FILE; then
+		return
+	fi
+	if [[ $ENABLE_CJDNS != "yes" ]]; then
+		return
+	fi
+	if [ ! -d /etc/cjdns ]; then
+		install_cjdns
+	fi
+
+	function_check select_go_version
+	select_go_version
+
+	apt-get -y install golang mercurial
+	if [ ! -f ~/.bashrc ]; then
+		touch ~/.bashrc
+	fi
+
+	if [ ! -d /home/git ]; then
+		# add a gogs user account
+		adduser --disabled-login --gecos 'Gogs' git
+
+		# install Go
+		if ! grep -q "export GOPATH=" ~/.bashrc; then
+			echo "export GOPATH=$GOPATH" >> ~/.bashrc
+		fi
+		systemctl set-environment GOPATH=$GOPATH
+		if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
+			echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
+		fi
+		if [ ! -d $GOPATH ]; then
+			mkdir -p $GOPATH
+		fi
+	fi
+
 	if ! grep -q "export GOPATH=" ~/.bashrc; then
-	    echo "export GOPATH=$GOPATH" >> ~/.bashrc
-	fi
-	systemctl set-environment GOPATH=$GOPATH
-	if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
-	    echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
-	fi
-	if [ ! -d $GOPATH ]; then
-	    mkdir -p $GOPATH
-	fi
-    fi
-
-    if ! grep -q "export GOPATH=" ~/.bashrc; then
-	echo "export GOPATH=$GOPATH" >> ~/.bashrc
-    fi
-    expected_go_path='export PATH=$PATH:'${GOPATH}'/bin'
-    export PATH=$PATH:${GOPATH}/bin
-    if ! grep -q "$expected_go_path" ~/.bashrc; then
-	echo "$expected_go_path" >> ~/.bashrc
-    fi
-    export PATH=$PATH:$GOPATH/bin
-    CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g')
-    go get $CJDCMD_REPO2
-    if [ ! -f $GOPATH/bin/cjdcmd ]; then
-	echo $'cjdcmd was not compiled. Check your golang installation'
-	exit 7439
-    fi
-    cp $GOPATH/bin/cjdcmd /usr/bin
-
-    # initialise from the cjdns config
-    /usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf
-
-    echo 'install_cjdns_tools' >> $COMPLETION_FILE
+		echo "export GOPATH=$GOPATH" >> ~/.bashrc
+	fi
+	expected_go_path='export PATH=$PATH:'${GOPATH}'/bin'
+	export PATH=$PATH:${GOPATH}/bin
+	if ! grep -q "$expected_go_path" ~/.bashrc; then
+		echo "$expected_go_path" >> ~/.bashrc
+	fi
+	export PATH=$PATH:$GOPATH/bin
+	CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g')
+	go get $CJDCMD_REPO2
+	if [ ! -f $GOPATH/bin/cjdcmd ]; then
+		echo $'cjdcmd was not compiled. Check your golang installation'
+		exit 7439
+	fi
+	cp $GOPATH/bin/cjdcmd /usr/bin
+
+	# initialise from the cjdns config
+	/usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf
+
+	echo 'install_cjdns_tools' >> $COMPLETION_FILE
 }
 
 function install_cjdns {
-    if grep -Fxq "install_cjdns" $COMPLETION_FILE; then
-	return
-    fi
-    install_cjdns_main
-    install_cjdns_tools
-    echo 'install_cjdns' >> $COMPLETION_FILE
+	if grep -Fxq "install_cjdns" $COMPLETION_FILE; then
+		return
+	fi
+	install_cjdns_main
+	install_cjdns_tools
+	echo 'install_cjdns' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-dlna

@@ -31,205 +31,205 @@
 VARIANTS='full media'
 
 function reconfigure_dlna {
-    echo ''
+	echo ''
 }
 
 function upgrade_dlna {
-    echo ''
+	echo ''
 }
 
 function configure_firewall_for_dlna {
-    if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
-	return
-    fi
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-	# docker does its own firewalling
-	return
-    fi
-    iptables -A INPUT -p udp --dport 1900 -j ACCEPT
-    iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-
-    OPEN_PORTS+=('DLNA     1900')
-    OPEN_PORTS+=('DLNA     8200')
-    echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
+	if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
+		return
+	fi
+	if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+		# docker does its own firewalling
+		return
+	fi
+	iptables -A INPUT -p udp --dport 1900 -j ACCEPT
+	iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
+
+	OPEN_PORTS+=('DLNA     1900')
+	OPEN_PORTS+=('DLNA     8200')
+	echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
 }
 
 function backup_local_dlna {
-    source_directory=/var/cache/minidlna
-    if [ -d $source_directory ]; then
-	dest_directory=dlna
-	echo $"Backing up $source_directory to $dest_directory"
+	source_directory=/var/cache/minidlna
+	if [ -d $source_directory ]; then
+		dest_directory=dlna
+		echo $"Backing up $source_directory to $dest_directory"
 
-	function_check backup_directory_to_usb
-	backup_directory_to_usb $source_directory $dest_directory
+		function_check backup_directory_to_usb
+		backup_directory_to_usb $source_directory $dest_directory
 
-	echo $"Backup to $dest_directory complete"
-    fi
+		echo $"Backup to $dest_directory complete"
+	fi
 }
 
 function restore_local_dlna {
-    if [ -d /var/cache/minidlna ]; then
-	if [ -d $USB_MOUNT/backup/dlna ]; then
-	    echo $"Restoring DLNA cache"
-	    temp_restore_dir=/root/tempdlna
-	    function_check restore_directory_from_usb
-	    restore_directory_from_usb $temp_restore_dir dlna
-	    cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/
-	    if [ ! "$?" = "0" ]; then
-		rm -rf $temp_restore_dir
-		function_check set_user_permissions
-		set_user_permissions
-		function_check backup_unmount_drive
-		backup_unmount_drive
-		exit 982572
-	    fi
-	    rm -rf $temp_restore_dir
-	fi
-    fi
+	if [ -d /var/cache/minidlna ]; then
+		if [ -d $USB_MOUNT/backup/dlna ]; then
+			echo $"Restoring DLNA cache"
+			temp_restore_dir=/root/tempdlna
+			function_check restore_directory_from_usb
+			restore_directory_from_usb $temp_restore_dir dlna
+			cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/
+			if [ ! "$?" = "0" ]; then
+				rm -rf $temp_restore_dir
+				function_check set_user_permissions
+				set_user_permissions
+				function_check backup_unmount_drive
+				backup_unmount_drive
+				exit 982572
+			fi
+			rm -rf $temp_restore_dir
+		fi
+	fi
 }
 
 function backup_remote_dlna {
-    if [ -d /var/cache/minidlna ]; then
-	echo $"Backing up DLNA cache"
-	backup_directory_to_friend /var/cache/minidlna dlna
-	echo $"Backup of DLNA cache complete"
-    fi
+	if [ -d /var/cache/minidlna ]; then
+		echo $"Backing up DLNA cache"
+		backup_directory_to_friend /var/cache/minidlna dlna
+		echo $"Backup of DLNA cache complete"
+	fi
 }
 
 function restore_remote_dlna {
-    if [ -d /var/cache/minidlna ]; then
-	if [ -d $SERVER_DIRECTORY/backup/dlna ]; then
-	    echo $"Restoring DLNA cache"
-	    temp_restore_dir=/root/tempdlna
-	    function_check restore_directory_from_friend
-	    restore_directory_from_friend $temp_restore_dir dlna
-	    cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/
-	    if [ ! "$?" = "0" ]; then
-		exit 982
-	    fi
-	    rm -rf $temp_restore_dir
-	    echo $"Restore of DLNA complete"
-	fi
-    fi
+	if [ -d /var/cache/minidlna ]; then
+		if [ -d $SERVER_DIRECTORY/backup/dlna ]; then
+			echo $"Restoring DLNA cache"
+			temp_restore_dir=/root/tempdlna
+			function_check restore_directory_from_friend
+			restore_directory_from_friend $temp_restore_dir dlna
+			cp -r $temp_restore_dir/var/cache/minidlna/* /var/cache/minidlna/
+			if [ ! "$?" = "0" ]; then
+				exit 982
+			fi
+			rm -rf $temp_restore_dir
+			echo $"Restore of DLNA complete"
+		fi
+	fi
 }
 
 function remove_dlna {
-    if ! grep -Fxq "install_dlna" $COMPLETION_FILE; then
-	return
-    fi
-    service minidlna stop
-    apt-get -y remove --purge minidlna
-    if [ -f /etc/minidlna.conf ]; then
-	rm /etc/minidlna.conf
-    fi
-    iptables -D INPUT -p udp --dport 1900 -j ACCEPT
-    iptables -D INPUT -p tcp --dport 8200 -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-    sed -i '/install_dlna/d' $COMPLETION_FILE
+	if ! grep -Fxq "install_dlna" $COMPLETION_FILE; then
+		return
+	fi
+	service minidlna stop
+	apt-get -y remove --purge minidlna
+	if [ -f /etc/minidlna.conf ]; then
+		rm /etc/minidlna.conf
+	fi
+	iptables -D INPUT -p udp --dport 1900 -j ACCEPT
+	iptables -D INPUT -p tcp --dport 8200 -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
+	sed -i '/install_dlna/d' $COMPLETION_FILE
 }
 
 function install_dlna_main {
-    if grep -Fxq "install_dlna_main" $COMPLETION_FILE; then
-	return
-    fi
-
-    apt-get -y install minidlna
-
-    if [ ! -f /etc/minidlna.conf ]; then
-	echo $"ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE"
-	exit 55
-    fi
-
-    sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf
-    if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then
-	echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf
-    fi
-    if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then
-	echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf
-    fi
-    if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then
-	echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf
-    fi
-    if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then
-	echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf
-    fi
-    if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then
-	echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf
-    fi
-    sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
-    if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
-	sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
-    else
-	sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf
-    fi
-    sed -i "s/#friendly_name=/friendly_name=\"${PROJECT_NAME} Media\"/g" /etc/minidlna.conf
-    sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
-    sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
-    sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf
-    sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
-    service minidlna force-reload
-    service minidlna reload
-
-    sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
-    if ! grep -q "max_user_watches" $COMPLETION_FILE; then
-	echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
-    fi
-    /sbin/sysctl -p
-
-    function_check configure_firewall_for_dlna
-    configure_firewall_for_dlna
-    echo 'install_dlna_main' >> $COMPLETION_FILE
+	if grep -Fxq "install_dlna_main" $COMPLETION_FILE; then
+		return
+	fi
+
+	apt-get -y install minidlna
+
+	if [ ! -f /etc/minidlna.conf ]; then
+		echo $"ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE"
+		exit 55
+	fi
+
+	sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf
+	if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then
+		echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf
+	fi
+	if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then
+		echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf
+	fi
+	if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then
+		echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf
+	fi
+	if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then
+		echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf
+	fi
+	if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then
+		echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf
+	fi
+	sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
+	if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+		sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
+	else
+		sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf
+	fi
+	sed -i "s/#friendly_name=/friendly_name=\"${PROJECT_NAME} Media\"/g" /etc/minidlna.conf
+	sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
+	sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
+	sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf
+	sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
+	service minidlna force-reload
+	service minidlna reload
+
+	sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
+	if ! grep -q "max_user_watches" $COMPLETION_FILE; then
+		echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
+	fi
+	/sbin/sysctl -p
+
+	function_check configure_firewall_for_dlna
+	configure_firewall_for_dlna
+	echo 'install_dlna_main' >> $COMPLETION_FILE
 }
 
 function script_for_attaching_usb_drive {
-    if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
-	return
-    fi
-    echo '#!/bin/bash' > /usr/bin/attach-music
-    echo 'remove-music' >> /usr/bin/attach-music
-    echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
-    echo "  mkdir $USB_MOUNT" >> /usr/bin/attach-music
-    echo 'fi' >> /usr/bin/attach-music
-    echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music
-    echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music
-    echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music
-    echo 'service minidlna restart' >> /usr/bin/attach-music
-    echo 'minidlnad -R' >> /usr/bin/attach-music
-    chmod +x /usr/bin/attach-music
-    ln -s /usr/bin/attach-music /usr/bin/attach-usb
-    ln -s /usr/bin/attach-music /usr/bin/attach-videos
-    ln -s /usr/bin/attach-music /usr/bin/attach-pictures
-    ln -s /usr/bin/attach-music /usr/bin/attach-media
-
-    echo '#!/bin/bash' > /usr/bin/remove-music
-    echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music
-    echo "  umount $USB_MOUNT" >> /usr/bin/remove-music
-    echo "  rm -rf $USB_MOUNT" >> /usr/bin/remove-music
-    echo 'fi' >> /usr/bin/remove-music
-    chmod +x /usr/bin/remove-music
-    ln -s /usr/bin/remove-music /usr/bin/detach-music
-    ln -s /usr/bin/remove-music /usr/bin/detach-usb
-    ln -s /usr/bin/remove-music /usr/bin/remove-usb
-    ln -s /usr/bin/remove-music /usr/bin/detach-media
-    ln -s /usr/bin/remove-music /usr/bin/remove-media
-    ln -s /usr/bin/remove-music /usr/bin/detach-videos
-    ln -s /usr/bin/remove-music /usr/bin/remove-videos
-    ln -s /usr/bin/remove-music /usr/bin/detach-pictures
-    ln -s /usr/bin/remove-music /usr/bin/remove-pictures
-
-    echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
+	if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
+		return
+	fi
+	echo '#!/bin/bash' > /usr/bin/attach-music
+	echo 'remove-music' >> /usr/bin/attach-music
+	echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
+	echo "  mkdir $USB_MOUNT" >> /usr/bin/attach-music
+	echo 'fi' >> /usr/bin/attach-music
+	echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music
+	echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music
+	echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music
+	echo 'service minidlna restart' >> /usr/bin/attach-music
+	echo 'minidlnad -R' >> /usr/bin/attach-music
+	chmod +x /usr/bin/attach-music
+	ln -s /usr/bin/attach-music /usr/bin/attach-usb
+	ln -s /usr/bin/attach-music /usr/bin/attach-videos
+	ln -s /usr/bin/attach-music /usr/bin/attach-pictures
+	ln -s /usr/bin/attach-music /usr/bin/attach-media
+
+	echo '#!/bin/bash' > /usr/bin/remove-music
+	echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music
+	echo "  umount $USB_MOUNT" >> /usr/bin/remove-music
+	echo "  rm -rf $USB_MOUNT" >> /usr/bin/remove-music
+	echo 'fi' >> /usr/bin/remove-music
+	chmod +x /usr/bin/remove-music
+	ln -s /usr/bin/remove-music /usr/bin/detach-music
+	ln -s /usr/bin/remove-music /usr/bin/detach-usb
+	ln -s /usr/bin/remove-music /usr/bin/remove-usb
+	ln -s /usr/bin/remove-music /usr/bin/detach-media
+	ln -s /usr/bin/remove-music /usr/bin/remove-media
+	ln -s /usr/bin/remove-music /usr/bin/detach-videos
+	ln -s /usr/bin/remove-music /usr/bin/remove-videos
+	ln -s /usr/bin/remove-music /usr/bin/detach-pictures
+	ln -s /usr/bin/remove-music /usr/bin/remove-pictures
+
+	echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
 }
 
 function install_dlna {
-    if grep -Fxq "install_dlna" $COMPLETION_FILE; then
-	return
-    fi
-    install_dlna_main
-    script_for_attaching_usb_drive
-    echo 'install_dlna' >> $COMPLETION_FILE
+	if grep -Fxq "install_dlna" $COMPLETION_FILE; then
+		return
+	fi
+	install_dlna_main
+	script_for_attaching_usb_drive
+	echo 'install_dlna' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-emacs

@@ -31,154 +31,154 @@
 VARIANTS='all'
 
 function reconfigure_emacs {
-    echo -n ''
+	echo -n ''
 }
 
 function upgrade_emacs {
-    echo -n ''
+	echo -n ''
 }
 
 function backup_local_emacs {
-    for d in /home/*/ ; do
-	USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-	if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
-	    if [ -d /home/$USERNAME/.emacs.d ]; then
-		echo $"Backing up Emacs config for $USERNAME"
-		if [ -f /home/$USERNAME/.emacs ]; then
-		    cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
+	for d in /home/*/ ; do
+		USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
+		if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
+			if [ -d /home/$USERNAME/.emacs.d ]; then
+				echo $"Backing up Emacs config for $USERNAME"
+				if [ -f /home/$USERNAME/.emacs ]; then
+					cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
+				fi
+				function_check backup_directory_to_usb
+				backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME
+			fi
 		fi
-		function_check backup_directory_to_usb
-		backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME
-	    fi
-	fi
-    done
+	done
 }
 
 function restore_local_emacs {
-    temp_restore_dir=/root/tempemacs
-    if [ -d $USB_MOUNT/backup/emacs ]; then
-	for d in $USB_MOUNT/backup/emacs/*/ ; do
-	    USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
-	    if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
-		if [ ! -d /home/$USERNAME ]; then
-		    ${PROJECT_NAME}-adduser $USERNAME
-		fi
-		echo $"Restoring Emacs config for $USERNAME"
-		function_check restore_directory_from_usb
-		restore_directory_from_usb $temp_restore_dir emacs/$USERNAME
-		cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/
-		if [ ! "$?" = "0" ]; then
-		    rm -rf $temp_restore_dir
-		    function_check set_user_permissions
-		    set_user_permissions
-		    function_check backup_unmount_drive
-		    backup_unmount_drive
-		    exit 664
-		fi
-		cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs
-		rm -rf $temp_restore_dir
-	    fi
-	done
-    fi
+	temp_restore_dir=/root/tempemacs
+	if [ -d $USB_MOUNT/backup/emacs ]; then
+		for d in $USB_MOUNT/backup/emacs/*/ ; do
+			USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
+			if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
+				if [ ! -d /home/$USERNAME ]; then
+					${PROJECT_NAME}-adduser $USERNAME
+				fi
+				echo $"Restoring Emacs config for $USERNAME"
+				function_check restore_directory_from_usb
+				restore_directory_from_usb $temp_restore_dir emacs/$USERNAME
+				cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/
+				if [ ! "$?" = "0" ]; then
+					rm -rf $temp_restore_dir
+					function_check set_user_permissions
+					set_user_permissions
+					function_check backup_unmount_drive
+					backup_unmount_drive
+					exit 664
+				fi
+				cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs
+				rm -rf $temp_restore_dir
+			fi
+		done
+	fi
 }
 
 function backup_remote_emacs {
-    echo -n ''
+	echo -n ''
 }
 
 function restore_remote_emacs {
-    echo -n ''
+	echo -n ''
 }
 
 function remove_emacs {
-    if ! grep -Fxq "install_emacs" $COMPLETION_FILE; then
-	return
-    fi
-    apt-get -y remove --purge emacs24
-    update-alternatives --set editor /usr/bin/nano
-    sed -i '/install_emacs/d' $COMPLETION_FILE
+	if ! grep -Fxq "install_emacs" $COMPLETION_FILE; then
+		return
+	fi
+	apt-get -y remove --purge emacs24
+	update-alternatives --set editor /usr/bin/nano
+	sed -i '/install_emacs/d' $COMPLETION_FILE
 }
 
 function install_emacs {
-    if grep -Fxq "install_emacs" $COMPLETION_FILE; then
-	return
-    fi
-    update-alternatives --set editor /usr/bin/emacs24
+	if grep -Fxq "install_emacs" $COMPLETION_FILE; then
+		return
+	fi
+	update-alternatives --set editor /usr/bin/emacs24
 
-    # A minimal emacs configuration
-    #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
-    #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
-    #echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
-    echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
-    echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
-    echo "           '(lambda ()" >> /home/$MY_USERNAME/.emacs
-    echo "              (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
-    echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
-    echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
-    echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
-    echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
-    echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
-    cp /home/$MY_USERNAME/.emacs /root/.emacs
-    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
+	# A minimal emacs configuration
+	#echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
+	#echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
+	#echo '' >> /home/$MY_USERNAME/.emacs
+	echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
+	echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
+	echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
+	echo "           '(lambda ()" >> /home/$MY_USERNAME/.emacs
+	echo "              (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
+	echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
+	echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
+	echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
+	echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
+	echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
+	echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
+	echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
+	echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
+	echo '' >> /home/$MY_USERNAME/.emacs
+	echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
+	echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
+	cp /home/$MY_USERNAME/.emacs /root/.emacs
+	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
 
-    echo 'install_emacs' >> $COMPLETION_FILE
+	echo 'install_emacs' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-ipfs

@@ -35,251 +35,251 @@ IPFS_COMMIT='20b06a4cbce8884f5b194da6e98cb11f2c77f166'
 IPFS_PORT=4001
 
 function reconfigure_ipfs {
-    echo -n ''
+	echo -n ''
 }
 
 function upgrade_ipfs {
-    if ! grep -Fxq "install_ipfs" $COMPLETION_FILE; then
-	return
-    fi
+	if ! grep -Fxq "install_ipfs" $COMPLETION_FILE; then
+		return
+	fi
 
-    function_check select_go_version
-    select_go_version
+	function_check select_go_version
+	select_go_version
 
-    function_check set_repo_commit
-    set_repo_commit $GOPATH/src/github.com/ipfs/go-ipfs "ipfs commit" "$IPFS_COMMIT" $IPFS_REPO
+	function_check set_repo_commit
+	set_repo_commit $GOPATH/src/github.com/ipfs/go-ipfs "ipfs commit" "$IPFS_COMMIT" $IPFS_REPO
 }
 
 function backup_local_ipfs {
-    if ! grep -q "Admin user" $COMPLETION_FILE; then
-	return
-    fi
-    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
-    source_directory=/home/$ADMIN_USERNAME/.ipfs
-    if [ -d $source_directory ]; then
-	dest_directory=ipfs
-	echo $"Backing up $source_directory to $dest_directory"
-
-	function_check backup_directory_to_usb
-	backup_directory_to_usb $source_directory $dest_directory
-
-	echo $"Backup to $dest_directory complete"
-    fi
+	if ! grep -q "Admin user" $COMPLETION_FILE; then
+		return
+	fi
+	ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+	source_directory=/home/$ADMIN_USERNAME/.ipfs
+	if [ -d $source_directory ]; then
+		dest_directory=ipfs
+		echo $"Backing up $source_directory to $dest_directory"
+
+		function_check backup_directory_to_usb
+		backup_directory_to_usb $source_directory $dest_directory
+
+		echo $"Backup to $dest_directory complete"
+	fi
 }
 
 function restore_local_ipfs {
-    if ! grep -q "Admin user" $COMPLETION_FILE; then
-	return
-    fi
-    if [ -d $USB_MOUNT/backup/ipfs ]; then
-	echo $"Restoring IPFS"
-	temp_restore_dir=/root/tempipfs
-	function_check restore_directory_from_usb
-	restore_directory_from_usb $temp_restore_dir ipfs
-	ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
-	cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
-	if [ ! "$?" = "0" ]; then
-	    rm -rf $temp_restore_dir
-	    function_check set_user_permissions
-	    set_user_permissions
-	    function_check backup_unmount_drive
-	    backup_unmount_drive
-	    exit 27627
+	if ! grep -q "Admin user" $COMPLETION_FILE; then
+		return
+	fi
+	if [ -d $USB_MOUNT/backup/ipfs ]; then
+		echo $"Restoring IPFS"
+		temp_restore_dir=/root/tempipfs
+		function_check restore_directory_from_usb
+		restore_directory_from_usb $temp_restore_dir ipfs
+		ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+		cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
+		if [ ! "$?" = "0" ]; then
+			rm -rf $temp_restore_dir
+			function_check set_user_permissions
+			set_user_permissions
+			function_check backup_unmount_drive
+			backup_unmount_drive
+			exit 27627
+		fi
+		rm -rf $temp_restore_dir
+		echo $"Restore of IPFS complete"
 	fi
-	rm -rf $temp_restore_dir
-	echo $"Restore of IPFS complete"
-    fi
 }
 
 function backup_remote_ipfs {
-    if ! grep -q "Admin user" $COMPLETION_FILE; then
-	return
-    fi
-    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
-    if [ -d /home/$ADMIN_USERNAME/.ipfs ]; then
-	echo $"Backing up IPFS"
-	backup_directory_to_friend /home/$ADMIN_USERNAME/.ipfs ipfs
-	echo $"Backup of IPFS complete"
-    fi
+	if ! grep -q "Admin user" $COMPLETION_FILE; then
+		return
+	fi
+	ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+	if [ -d /home/$ADMIN_USERNAME/.ipfs ]; then
+		echo $"Backing up IPFS"
+		backup_directory_to_friend /home/$ADMIN_USERNAME/.ipfs ipfs
+		echo $"Backup of IPFS complete"
+	fi
 }
 
 function restore_remote_ipfs {
-    if [ -d $SERVER_DIRECTORY/backup/ipfs ]; then
-	echo $"Restoring IPFS"
-	temp_restore_dir=/root/tempipfs
-	function_check restore_directory_from_friend
-	restore_directory_from_friend $temp_restore_dir ipfs
-	cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
-	if [ ! "$?" = "0" ]; then
-	    function_check set_user_permissions
-	    set_user_permissions
-	    rm -rf $temp_restore_dir
-	    exit 276357
+	if [ -d $SERVER_DIRECTORY/backup/ipfs ]; then
+		echo $"Restoring IPFS"
+		temp_restore_dir=/root/tempipfs
+		function_check restore_directory_from_friend
+		restore_directory_from_friend $temp_restore_dir ipfs
+		cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
+		if [ ! "$?" = "0" ]; then
+			function_check set_user_permissions
+			set_user_permissions
+			rm -rf $temp_restore_dir
+			exit 276357
+		fi
+		rm -rf $temp_restore_dir
+		echo $"Restore of IPFS complete"
 	fi
-	rm -rf $temp_restore_dir
-	echo $"Restore of IPFS complete"
-    fi
 }
 
 function remove_ipfs {
-    if ! grep -Fxq "install_ipfs" $COMPLETION_FILE; then
-	return
-    fi
-    function_check select_go_version
-    select_go_version
-    systemctl stop ipfs
-    systemctl disable ipfs
-    systemctl daemon-reload
-    rm /etc/systemd/system/ipfs.service
-    rm -rf $GOPATH/src/github.com/ipfs
-    iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-    sed -i '/install_ipfs/d' $COMPLETION_FILE
-    sed -i '/ipfs /d' $COMPLETION_FILE
-    sed -i '/configure_firewall_for_ipfs/d' $COMPLETION_FILE
+	if ! grep -Fxq "install_ipfs" $COMPLETION_FILE; then
+		return
+	fi
+	function_check select_go_version
+	select_go_version
+	systemctl stop ipfs
+	systemctl disable ipfs
+	systemctl daemon-reload
+	rm /etc/systemd/system/ipfs.service
+	rm -rf $GOPATH/src/github.com/ipfs
+	iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
+	sed -i '/install_ipfs/d' $COMPLETION_FILE
+	sed -i '/ipfs /d' $COMPLETION_FILE
+	sed -i '/configure_firewall_for_ipfs/d' $COMPLETION_FILE
 }
 
 function configure_firewall_for_ipfs {
-    if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
-	return
-    fi
-    if [[ $ONION_ONLY != "no" ]]; then
-	return
-    fi
-    iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-
-    OPEN_PORTS+=("IPFS     $IPFS_PORT")
-    echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
+	if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
+		return
+	fi
+	if [[ $ONION_ONLY != "no" ]]; then
+		return
+	fi
+	iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
+
+	OPEN_PORTS+=("IPFS     $IPFS_PORT")
+	echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
 }
 
 function install_ipfs {
-    if grep -Fxq "install_ipfs" $COMPLETION_FILE; then
-	return
-    fi
-
-    function_check select_go_version
-    select_go_version
+	if grep -Fxq "install_ipfs" $COMPLETION_FILE; then
+		return
+	fi
 
-    apt-get -y install golang libpam0g-dev fuse
+	function_check select_go_version
+	select_go_version
+
+	apt-get -y install golang libpam0g-dev fuse
+
+	if [ ! -d /home/git ]; then
+		# add a gogs user account
+		adduser --disabled-login --gecos 'Gogs' git
+
+		# install Go
+		if ! grep -q "export GOPATH=" ~/.bashrc; then
+			echo "export GOPATH=$GOPATH" >> ~/.bashrc
+		else
+			sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc
+		fi
+		systemctl set-environment GOPATH=$GOPATH
+		if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
+			echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
+		else
+			sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
+		fi
+		if [ ! -d $GOPATH ]; then
+			mkdir -p $GOPATH
+		fi
+	fi
 
-    if [ ! -d /home/git ]; then
-	# add a gogs user account
-	adduser --disabled-login --gecos 'Gogs' git
+	IPFS_PATH=$GOPATH/bin
+	export PATH="$GOPATH/bin:$PATH:"
+	if ! grep -q 'GOPATH/bin' ~/.bashrc; then
+		echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc
+	else
+		sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
+	fi
 
-	# install Go
-	if ! grep -q "export GOPATH=" ~/.bashrc; then
-	    echo "export GOPATH=$GOPATH" >> ~/.bashrc
+	# set gopath for the user
+	if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then
+		echo "export GOPATH=$GOPATH" >> /home/$MY_USERNAME/.bashrc
+		echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc
 	else
-	    sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc
+		sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" /home/$MY_USERNAME/.bashrc
+	fi
+	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc
+
+	IPFS_GO_REPO2=$(echo "$IPFS_GO_REPO" | sed 's|https://||g')
+	go get -u ${IPFS_GO_REPO2}/cmd/ipfs
+	if [ ! "$?" = "0" ]; then
+		exit 8242
 	fi
-	systemctl set-environment GOPATH=$GOPATH
-	if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
-	    echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
+
+	cd $GOPATH/src/$IPFS_GO_REPO2
+	git checkout $IPFS_COMMIT -b $IPFS_COMMIT
+	if ! grep -q "ipfs commit" $COMPLETION_FILE; then
+		echo "ipfs commit:$IPFS_COMMIT" >> $COMPLETION_FILE
 	else
-	    sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
+		sed -i "s/ipfs commit.*/ipfs commit:$IPFS_COMMIT/g" $COMPLETION_FILE
+	fi
+
+	# initialise
+	su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME
+	if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
+		echo "IPFS could not be initialised for user $MY_USERNAME"
+		exit 7358
 	fi
-	if [ ! -d $GOPATH ]; then
-	    mkdir -p $GOPATH
+
+	# directories to mount to
+	if [ ! -d /ipfs ]; then
+		mkdir /ipfs
+		mkdir /ipns
+		chown $MY_USERNAME:$MY_USERNAME /ipfs
+		chown $MY_USERNAME:$MY_USERNAME /ipns
+	fi
+
+	if [ -f /etc/fuse.conf ]; then
+		chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
 	fi
-    fi
-
-    IPFS_PATH=$GOPATH/bin
-    export PATH="$GOPATH/bin:$PATH:"
-    if ! grep -q 'GOPATH/bin' ~/.bashrc; then
-	echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc
-    else
-	sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
-    fi
-
-    # set gopath for the user
-    if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then
-	echo "export GOPATH=$GOPATH" >> /home/$MY_USERNAME/.bashrc
-	echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc
-    else
-	sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" /home/$MY_USERNAME/.bashrc
-    fi
-    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc
-
-    IPFS_GO_REPO2=$(echo "$IPFS_GO_REPO" | sed 's|https://||g')
-    go get -u ${IPFS_GO_REPO2}/cmd/ipfs
-    if [ ! "$?" = "0" ]; then
-	exit 8242
-    fi
-
-    cd $GOPATH/src/$IPFS_GO_REPO2
-    git checkout $IPFS_COMMIT -b $IPFS_COMMIT
-    if ! grep -q "ipfs commit" $COMPLETION_FILE; then
-	echo "ipfs commit:$IPFS_COMMIT" >> $COMPLETION_FILE
-    else
-	sed -i "s/ipfs commit.*/ipfs commit:$IPFS_COMMIT/g" $COMPLETION_FILE
-    fi
-
-    # initialise
-    su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME
-    if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
-	echo "IPFS could not be initialised for user $MY_USERNAME"
-	exit 7358
-    fi
-
-    # directories to mount to
-    if [ ! -d /ipfs ]; then
-	mkdir /ipfs
-	mkdir /ipns
-	chown $MY_USERNAME:$MY_USERNAME /ipfs
-	chown $MY_USERNAME:$MY_USERNAME /ipns
-    fi
-
-    if [ -f /etc/fuse.conf ]; then
-	chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
-    fi
-    if [ -f /dev/fuse ]; then
-	chown $MY_USERNAME:$MY_USERNAME /dev/fuse
-    fi
-
-    echo '[Unit]' > /etc/systemd/system/ipfs.service
-    echo 'Description=IPFS daemon' >> /etc/systemd/system/ipfs.service
-    echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service
-    echo 'After=network.target' >> /etc/systemd/system/ipfs.service
-    echo '' >> /etc/systemd/system/ipfs.service
-    echo '[Service]' >> /etc/systemd/system/ipfs.service
-    echo 'Type=simple' >> /etc/systemd/system/ipfs.service
-    echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-    echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-    echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-    echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service
-    echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"" >> /etc/systemd/system/ipfs.service
-    echo '' >> /etc/systemd/system/ipfs.service
-    echo '[Install]' >> /etc/systemd/system/ipfs.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service
-
-    systemctl enable ipfs
-    systemctl daemon-reload
-    systemctl restart ipfs
-
-    if [ -d /etc/avahi ]; then
-	su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME
-	if [ ! -f /tmp/ipfsid ]; then
-	    echo 'No IPFS identity was created'
-	    exit 37895
+	if [ -f /dev/fuse ]; then
+		chown $MY_USERNAME:$MY_USERNAME /dev/fuse
 	fi
-	IPFS_PEER_ID=$(cat /tmp/ipfsid)
-	if [ ${#IPFS_PEER_ID} -lt 10 ]; then
-	    echo 'Invalid IPFS peer ID'
-	    echo "$IPFS_PEER_ID"
-	    exit 74782
+
+	echo '[Unit]' > /etc/systemd/system/ipfs.service
+	echo 'Description=IPFS daemon' >> /etc/systemd/system/ipfs.service
+	echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service
+	echo 'After=network.target' >> /etc/systemd/system/ipfs.service
+	echo '' >> /etc/systemd/system/ipfs.service
+	echo '[Service]' >> /etc/systemd/system/ipfs.service
+	echo 'Type=simple' >> /etc/systemd/system/ipfs.service
+	echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
+	echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
+	echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service
+	echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service
+	echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service
+	echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"" >> /etc/systemd/system/ipfs.service
+	echo '' >> /etc/systemd/system/ipfs.service
+	echo '[Install]' >> /etc/systemd/system/ipfs.service
+	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service
+
+	systemctl enable ipfs
+	systemctl daemon-reload
+	systemctl restart ipfs
+
+	if [ -d /etc/avahi ]; then
+		su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME
+		if [ ! -f /tmp/ipfsid ]; then
+			echo 'No IPFS identity was created'
+			exit 37895
+		fi
+		IPFS_PEER_ID=$(cat /tmp/ipfsid)
+		if [ ${#IPFS_PEER_ID} -lt 10 ]; then
+			echo 'Invalid IPFS peer ID'
+			echo "$IPFS_PEER_ID"
+			exit 74782
+		fi
+		# Add an avahi service
+		function_check create_avahi_service
+		create_avahi_service ipfs "ipfs" udp $IPFS_PORT "$IPFS_PEER_ID"
+		rm /tmp/ipfsid
 	fi
-	# Add an avahi service
-	function_check create_avahi_service
-	create_avahi_service ipfs "ipfs" udp $IPFS_PORT "$IPFS_PEER_ID"
-	rm /tmp/ipfsid
-    fi
 
-    function_check configure_firewall_for_ipfs
-    configure_firewall_for_ipfs
+	function_check configure_firewall_for_ipfs
+	configure_firewall_for_ipfs
 
-    echo 'install_ipfs' >> $COMPLETION_FILE
+	echo 'install_ipfs' >> $COMPLETION_FILE
 }

src/freedombone-app-irc

@@ -37,276 +37,276 @@ IRC_ONION_PORT=6697
 IRC_PASSWORD=
 
 function reconfigure_irc {
-    echo -n ''
+	echo -n ''
 }
 
 function upgrade_irc {
-    echo -n ''
+	echo -n ''
 }
 
 function backup_local_irc {
-    echo -n ''
+	echo -n ''
 }
 
 function restore_local_irc {
-    echo -n ''
+	echo -n ''
 }
 
 function backup_remote_irc {
-    echo -n ''
+	echo -n ''
 }
 
 function restore_remote_irc {
-    echo -n ''
+	echo -n ''
 }
 
 function remove_irc {
-    if ! grep -Fxq "install_irc" $COMPLETION_FILE; then
-	return
-    fi
-    systemctl stop ngircd
-    apt-get -y remove --purge ngircd
-    apt-get -y remove --purge irssi
-    if [ -d /etc/ngircd ]; then
-	rm -rf /etc/ngircd
-    fi
-    iptables -D INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
-    iptables -D INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-    function_check remove_onion_service
-    remove_onion_service irc ${IRC_ONION_PORT}
-    sed -i '/install_irc/d' $COMPLETION_FILE
-    sed -i '/IRC /d' $COMPLETION_FILE
-    sed -i '/configure_firewall_for_irc/d' $COMPLETION_FILE
+	if ! grep -Fxq "install_irc" $COMPLETION_FILE; then
+		return
+	fi
+	systemctl stop ngircd
+	apt-get -y remove --purge ngircd
+	apt-get -y remove --purge irssi
+	if [ -d /etc/ngircd ]; then
+		rm -rf /etc/ngircd
+	fi
+	iptables -D INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
+	iptables -D INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
+	function_check remove_onion_service
+	remove_onion_service irc ${IRC_ONION_PORT}
+	sed -i '/install_irc/d' $COMPLETION_FILE
+	sed -i '/IRC /d' $COMPLETION_FILE
+	sed -i '/configure_firewall_for_irc/d' $COMPLETION_FILE
 }
 
 function configure_firewall_for_irc {
-    if [ ! -d /etc/ngircd ]; then
-	return
-    fi
-    if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
-	return
-    fi
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-	# docker does its own firewalling
-	return
-    fi
-    if [[ $ONION_ONLY != "no" ]]; then
-	return
-    fi
-    iptables -A INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
-    iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
+	if [ ! -d /etc/ngircd ]; then
+		return
+	fi
+	if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
+		return
+	fi
+	if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+		# docker does its own firewalling
+		return
+	fi
+	if [[ $ONION_ONLY != "no" ]]; then
+		return
+	fi
+	iptables -A INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
+	iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
 
-    OPEN_PORTS+=("IRC      $IRC_PORT")
-    echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
+	OPEN_PORTS+=("IRC      $IRC_PORT")
+	echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
 }
 
 function install_irc_server {
-    if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
-	return
-    fi
-    apt-get -y install ngircd
+	if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
+		return
+	fi
+	apt-get -y install ngircd
 
-    if [ ! -d /etc/ngircd ]; then
-	echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
-	exit 53
-    fi
+	if [ ! -d /etc/ngircd ]; then
+		echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
+		exit 53
+	fi
 
-    if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
-	${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH
-	function_check check_certificates
-	check_certificates ngircd
-    fi
+	if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
+		${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH
+		function_check check_certificates
+		check_certificates ngircd
+	fi
 
-    DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME
-    if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
-	DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local"
-    fi
+	DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME
+	if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+		DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local"
+	fi
 
-    # create a login password if needed
-    if [ ! $IRC_PASSWORD ]; then
-	IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-    fi
+	# create a login password if needed
+	if [ ! $IRC_PASSWORD ]; then
+		IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+	fi
 
-    echo '**************************************************' > /etc/ngircd/motd
-    echo $'*           F R E E D O M B O N E   I R C        *' >> /etc/ngircd/motd
-    echo '*                                                *' >> /etc/ngircd/motd
-    echo $'*               Freedom in the Cloud             *' >> /etc/ngircd/motd
-    echo '**************************************************' >> /etc/ngircd/motd
-    sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
-    sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
-    sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
-    sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf
-    sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
-    sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
-    sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
-    sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
-    sed -i "s/;Ports =.*/Ports = $IRC_PORT/1" /etc/ngircd/ngircd.conf
-    sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf
-    sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
-    sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf
-    sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
-    sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
-    sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
-    IRC_SALT="$(create_password 30)"
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-	IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-    else
-	IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-    fi
-    sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
-    sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
-    sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
-    sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
-    sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
-    sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
-    sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
-    if [ $IRC_PASSWORD ]; then
-	sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf
-    fi
-    # If we are on a mesh then DNS is not available
-    if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
-	sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf
-    fi
-    # upgrade a cypher
-    sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf
-    mkdir /var/run/ircd
-    chown -R irc:irc /var/run/ircd
-    mkdir /var/run/ngircd
-    touch /var/run/ngircd/ngircd.pid
-    chown -R irc:irc /var/run/ngircd
+	echo '**************************************************' > /etc/ngircd/motd
+	echo $'*           F R E E D O M B O N E   I R C        *' >> /etc/ngircd/motd
+	echo '*                                                *' >> /etc/ngircd/motd
+	echo $'*               Freedom in the Cloud             *' >> /etc/ngircd/motd
+	echo '**************************************************' >> /etc/ngircd/motd
+	sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
+	sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
+	sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
+	sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf
+	sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
+	sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
+	sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
+	sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
+	sed -i "s/;Ports =.*/Ports = $IRC_PORT/1" /etc/ngircd/ngircd.conf
+	sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf
+	sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
+	sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf
+	sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
+	sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
+	sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
+	IRC_SALT="$(create_password 30)"
+	if [ -f $IMAGE_PASSWORD_FILE ]; then
+		IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+	else
+		IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+	fi
+	sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
+	sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
+	sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
+	sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
+	sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
+	sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
+	sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
+	if [ $IRC_PASSWORD ]; then
+		sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf
+	fi
+	# If we are on a mesh then DNS is not available
+	if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+		sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf
+	fi
+	# upgrade a cypher
+	sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf
+	mkdir /var/run/ircd
+	chown -R irc:irc /var/run/ircd
+	mkdir /var/run/ngircd
+	touch /var/run/ngircd/ngircd.pid
+	chown -R irc:irc /var/run/ngircd
 
-    IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT})
-    if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then
-	echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE
-    fi
+	IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT})
+	if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then
+		echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE
+	fi
 
-    systemctl restart ngircd
+	systemctl restart ngircd
 
-    # keep the daemon running
-    echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+	# keep the daemon running
+	echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+	echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+	echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+	echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+	echo '  systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+	echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+	echo '  echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+	echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
 
-    if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then
-	echo '' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'IRC Server' >> /home/$MY_USERNAME/README
-	echo '==========' >> /home/$MY_USERNAME/README
-	echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	if [[ $ONION_ONLY != 'yes' ]]; then
-	    echo "  irssi" >> /home/$MY_USERNAME/README
-	    echo "  /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README
-	    echo "  /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
-	else
-	    echo "  usetorwith irssi" >> /home/$MY_USERNAME/README
-	    echo "  /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README
-	    echo "  /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
+	if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then
+		echo '' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'IRC Server' >> /home/$MY_USERNAME/README
+		echo '==========' >> /home/$MY_USERNAME/README
+		echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		if [[ $ONION_ONLY != 'yes' ]]; then
+			echo "  irssi" >> /home/$MY_USERNAME/README
+			echo "  /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README
+			echo "  /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
+		else
+			echo "  usetorwith irssi" >> /home/$MY_USERNAME/README
+			echo "  /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README
+			echo "  /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
+		fi
+		echo "  /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README
+		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+		chmod 600 /home/$MY_USERNAME/README
 	fi
-	echo "  /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README
-	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-	chmod 600 /home/$MY_USERNAME/README
-    fi
 
-    function_check configure_firewall_for_irc
-    configure_firewall_for_irc
-    echo 'install_irc_server' >> $COMPLETION_FILE
+	function_check configure_firewall_for_irc
+	configure_firewall_for_irc
+	echo 'install_irc_server' >> $COMPLETION_FILE
 }
 
 function install_irc_client {
-    if grep -Fxq "install_irc_client" $COMPLETION_FILE; then
-	return
-    fi
-    apt-get -y install irssi
+	if grep -Fxq "install_irc_client" $COMPLETION_FILE; then
+		return
+	fi
+	apt-get -y install irssi
 
-    if [ ! -d /home/$MY_USERNAME/.irssi ]; then
-	mkdir /home/$MY_USERNAME/.irssi
-    fi
+	if [ ! -d /home/$MY_USERNAME/.irssi ]; then
+		mkdir /home/$MY_USERNAME/.irssi
+	fi
 
-    echo 'servers = (' > /home/$MY_USERNAME/.irssi/config
-    echo '  {' >> /home/$MY_USERNAME/.irssi/config
-    echo '    address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config
-    echo '  },' >> /home/$MY_USERNAME/.irssi/config
-    echo '  {' >> /home/$MY_USERNAME/.irssi/config
-    echo '    address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
-    echo '  },' >> /home/$MY_USERNAME/.irssi/config
-    echo '  {' >> /home/$MY_USERNAME/.irssi/config
-    echo "    address = \"127.0.0.1\";" >> /home/$MY_USERNAME/.irssi/config
-    if [[ $ONION_ONLY == 'no' ]]; then
-	echo "    port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
-	echo '    use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config
-    else
-	IRC_ONION_HOSTNAME=$(cat $COMPLETION_FILE | grep "IRC onion domain" | awk -F ':' '{print $2}')
-	echo "    port = \"${IRC_ONION_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
-	echo '    use_ssl = "no";' >> /home/$MY_USERNAME/.irssi/config
-    fi
-    echo '    chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
-    if [ $IRC_PASSWORD ]; then
-	echo "    password = \"${IRC_PASSWORD}\";" >> /home/$MY_USERNAME/.irssi/config
-    fi
-    echo '  }' >> /home/$MY_USERNAME/.irssi/config
-    echo ');' >> /home/$MY_USERNAME/.irssi/config
-    echo '' >> /home/$MY_USERNAME/.irssi/config
-    echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config
-    echo '  Freedombone = {' >> /home/$MY_USERNAME/.irssi/config
-    echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
-    echo '  };' >> /home/$MY_USERNAME/.irssi/config
-    echo '  Freenode = {' >> /home/$MY_USERNAME/.irssi/config
-    echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
-    echo '  };' >> /home/$MY_USERNAME/.irssi/config
-    echo '  OFTC = {' >> /home/$MY_USERNAME/.irssi/config
-    echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config
-    echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
-    echo '  };' >> /home/$MY_USERNAME/.irssi/config
-    echo '};' >> /home/$MY_USERNAME/.irssi/config
-    echo '' >> /home/$MY_USERNAME/.irssi/config
-    echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config
-    echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config
-    echo ');' >> /home/$MY_USERNAME/.irssi/config
-    echo '' >> /home/$MY_USERNAME/.irssi/config
-    echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config
-    echo "  core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config
-    echo '  "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config
-    echo '};' >> /home/$MY_USERNAME/.irssi/config
-    echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config
+	echo 'servers = (' > /home/$MY_USERNAME/.irssi/config
+	echo '  {' >> /home/$MY_USERNAME/.irssi/config
+	echo '    address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config
+	echo '  },' >> /home/$MY_USERNAME/.irssi/config
+	echo '  {' >> /home/$MY_USERNAME/.irssi/config
+	echo '    address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    port = "6667";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
+	echo '  },' >> /home/$MY_USERNAME/.irssi/config
+	echo '  {' >> /home/$MY_USERNAME/.irssi/config
+	echo "    address = \"127.0.0.1\";" >> /home/$MY_USERNAME/.irssi/config
+	if [[ $ONION_ONLY == 'no' ]]; then
+		echo "    port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
+		echo '    use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config
+	else
+		IRC_ONION_HOSTNAME=$(cat $COMPLETION_FILE | grep "IRC onion domain" | awk -F ':' '{print $2}')
+		echo "    port = \"${IRC_ONION_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
+		echo '    use_ssl = "no";' >> /home/$MY_USERNAME/.irssi/config
+	fi
+	echo '    chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
+	if [ $IRC_PASSWORD ]; then
+		echo "    password = \"${IRC_PASSWORD}\";" >> /home/$MY_USERNAME/.irssi/config
+	fi
+	echo '  }' >> /home/$MY_USERNAME/.irssi/config
+	echo ');' >> /home/$MY_USERNAME/.irssi/config
+	echo '' >> /home/$MY_USERNAME/.irssi/config
+	echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config
+	echo '  Freedombone = {' >> /home/$MY_USERNAME/.irssi/config
+	echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+	echo '  };' >> /home/$MY_USERNAME/.irssi/config
+	echo '  Freenode = {' >> /home/$MY_USERNAME/.irssi/config
+	echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+	echo '  };' >> /home/$MY_USERNAME/.irssi/config
+	echo '  OFTC = {' >> /home/$MY_USERNAME/.irssi/config
+	echo '    type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config
+	echo '    max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
+	echo '  };' >> /home/$MY_USERNAME/.irssi/config
+	echo '};' >> /home/$MY_USERNAME/.irssi/config
+	echo '' >> /home/$MY_USERNAME/.irssi/config
+	echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config
+	echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config
+	echo ');' >> /home/$MY_USERNAME/.irssi/config
+	echo '' >> /home/$MY_USERNAME/.irssi/config
+	echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config
+	echo "  core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config
+	echo '  "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config
+	echo '};' >> /home/$MY_USERNAME/.irssi/config
+	echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config
 
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi
+	chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi
 
-    echo 'install_irc_client' >> $COMPLETION_FILE
+	echo 'install_irc_client' >> $COMPLETION_FILE
 }
 
 function install_irc {
-    if grep -Fxq "install_irc" $COMPLETION_FILE; then
-	return
-    fi
-    install_irc_server
-    install_irc_client
-    echo 'install_irc' >> $COMPLETION_FILE
+	if grep -Fxq "install_irc" $COMPLETION_FILE; then
+		return
+	fi
+	install_irc_server
+	install_irc_client
+	echo 'install_irc' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-mediagoblin

@@ -38,242 +38,311 @@ MEDIAGOBLIN_ADMIN_PASSWORD=
 MEDIAGOBLIN_ONION_PORT=8096
 
 function reconfigure_mediagoblin {
-    echo -n ''
+	echo -n ''
 }
 
 function upgrade_mediagoblin {
-    echo -n ''
+	echo -n ''
 }
 
 function backup_local_mediagoblin {
-    echo -n ''
+	echo -n ''
 }
 
 function restore_local_mediagoblin {
-    echo -n ''
+	echo -n ''
 }
 
 function backup_remote_mediagoblin {
-    if grep -q "Mediagoblin domain" $COMPLETION_FILE; then
-	MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}')
-	function_check suspend_site
-	suspend_site ${MEDIAGOBLIN_DOMAIN_NAME}
+	if grep -q "Mediagoblin domain" $COMPLETION_FILE; then
+		MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}')
+		function_check suspend_site
+		suspend_site ${MEDIAGOBLIN_DOMAIN_NAME}
 
-	echo $"Backing up Mediagoblin"
+		echo $"Backing up Mediagoblin"
 
-	backup_directory_to_friend /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs mediagoblin
+		backup_directory_to_friend /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs mediagoblin
 
-	function_check restart_site
-	restart_site
+		function_check restart_site
+		restart_site
 
-	echo $"Backup of Mediagoblin complete"
-    fi
+		echo $"Backup of Mediagoblin complete"
+	fi
 }
 
 function restore_remote_mediagoblin {
-    if grep -q "Mediagoblin domain" $COMPLETION_FILE; then
-	MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}')
-	if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then
-	    echo $"Restoring Mediagoblin installation"
-	    temp_restore_dir=/root/tempmediagoblin
-	    function_check restore_directory_from_friend
-	    restore_directory_from_friend $temp_restore_dir mediagoblin
-	    cp -r $temp_restore_dir/* /
-	    if [ ! "$?" = "0" ]; then
-		exit 5626
-	    fi
-	    rm -rf $temp_restore_dir
-	    echo $"Restore of Mediagoblin complete"
+	if grep -q "Mediagoblin domain" $COMPLETION_FILE; then
+		MEDIAGOBLIN_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Mediagoblin domain" | awk -F ':' '{print $2}')
+		if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then
+			echo $"Restoring Mediagoblin installation"
+			temp_restore_dir=/root/tempmediagoblin
+			function_check restore_directory_from_friend
+			restore_directory_from_friend $temp_restore_dir mediagoblin
+			cp -r $temp_restore_dir/* /
+			if [ ! "$?" = "0" ]; then
+				exit 5626
+			fi
+			rm -rf $temp_restore_dir
+			echo $"Restore of Mediagoblin complete"
+		fi
+		chown -hR mediagoblin:www-data /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
 	fi
-	chown -hR mediagoblin:www-data /var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
-    fi
 }
 
 function remove_mediagoblin {
-    echo -n ''
+	echo -n ''
 }
 
 function install_mediagoblin {
-    if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
-	return
-    fi
+	if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
+		return
+	fi
+
+	MEDIAGOBLIN_WORKING_DIRECTORY=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
+
+	# update to a new commit if needed
+	function_check set_repo_commit
+	set_repo_commit $MEDIAGOBLIN_WORKING_DIRECTORY "Mediagoblin commit" "$MEDIAGOBLIN_COMMIT" $MEDIAGOBLIN_REPO
+	if [ -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
+		chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
+	fi
+
+	if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then
+		return
+	fi
+
+	apt-get -y install git-core python python-dev python-lxml python-pil
+	apt-get -y install python-virtualenv npm nodejs-legacy automake
+	apt-get -y install fcgiwrap
+
+	#apt-get -y install postgresql postgresql-client python-psycopg2
+	#apt-get -y install python-gst-1.0 libjpeg62-turbo-dev gstreamer1.0-plugins-base python-gobject
+	#apt-get -y install gstreamer1.0-plugins-good gstreamer1.0-libav libav-tools gstreamer0.10-tools
+	#apt-get -y install python-numpy python-scipy libsndfile1-dev python-gst0.10-dev
+	#apt-get -y install gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer1.0-tools
+	#su -c "createuser -A -D mediagoblin" - postgres
+	#su -c "createdb -E UNICODE -O mediagoblin mediagoblin" - postgres
+
+	useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin
+	groupadd mediagoblin
+	usermod --append -G mediagoblin mediagoblin
+
+	if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
+		mkdir -p $MEDIAGOBLIN_WORKING_DIRECTORY
+	fi
+
+	function_check git_clone
+	git_clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_WORKING_DIRECTORY
+	cd $MEDIAGOBLIN_WORKING_DIRECTORY
+	git checkout $MEDIAGOBLIN_COMMIT -b $MEDIAGOBLIN_COMMIT
+	git submodule init
+	git submodule update
+
+	if ! grep -q "Mediagoblin commit" $COMPLETION_FILE; then
+		echo "Mediagoblin commit:$MEDIAGOBLIN_COMMIT" >> $COMPLETION_FILE
+	else
+		sed -i "s/Mediagoblin commit.*/Mediagoblin commit:$MEDIAGOBLIN_COMMIT/g" $COMPLETION_FILE
+	fi
+
+	chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bootstrap.sh" - mediagoblin
+	if [ ! "$?" = "0" ]; then
+		exit 278826
+	fi
+
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./configure" - mediagoblin
+	if [ ! "$?" = "0" ]; then
+		exit 462826
+	fi
 
-    MEDIAGOBLIN_WORKING_DIRECTORY=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && make" - mediagoblin
+	if [ ! "$?" = "0" ]; then
+		exit 738229
+	fi
+
+	if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev ]; then
+		mkdir $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
+	fi
+	chmod 750 $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install flup==1.0.3.dev-20110405" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade billiard" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Paste" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade amqp" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade anyjson" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py-bcrypt" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade wtforms" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade python-dateutil" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alembic" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade waitress" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade imagesize" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alabaster" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade snowballstemmer" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade docutils" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Pygments" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade beautifulsoup4" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade WebOb" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py" - mediagoblin
+	su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade execnet" - mediagoblin
+
+	# create some directories
+	mkdir /var/log/mediagoblin
+	chown -hR mediagoblin:www-data /var/log/mediagoblin
+	mkdir /var/run/mediagoblin
+	chown -hR mediagoblin:www-data /var/run/mediagoblin
+
+	if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin.ini ]; then
+		echo $'mediagoblin.ini not found'
+		exit 737529
+	fi
+	if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/paste.ini ]; then
+		echo $'paste.ini not found'
+		exit 52762
+	fi
+
+	cp -av mediagoblin.ini mediagoblin_local.ini
+	cp -av paste.ini paste_local.ini
 
-    # update to a new commit if needed
-    function_check set_repo_commit
-    set_repo_commit $MEDIAGOBLIN_WORKING_DIRECTORY "Mediagoblin commit" "$MEDIAGOBLIN_COMMIT" $MEDIAGOBLIN_REPO
-    if [ -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
 	chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
-    fi
-
-    if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then
-	return
-    fi
-
-    apt-get -y install git-core python python-dev python-lxml python-pil
-    apt-get -y install python-virtualenv npm nodejs-legacy automake
-    apt-get -y install fcgiwrap
-
-    #apt-get -y install postgresql postgresql-client python-psycopg2
-    #apt-get -y install python-gst-1.0 libjpeg62-turbo-dev gstreamer1.0-plugins-base python-gobject
-    #apt-get -y install gstreamer1.0-plugins-good gstreamer1.0-libav libav-tools gstreamer0.10-tools
-    #apt-get -y install python-numpy python-scipy libsndfile1-dev python-gst0.10-dev
-    #apt-get -y install gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer1.0-tools
-    #su -c "createuser -A -D mediagoblin" - postgres
-    #su -c "createdb -E UNICODE -O mediagoblin mediagoblin" - postgres
-
-    useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin
-    groupadd mediagoblin
-    usermod --append -G mediagoblin mediagoblin
-
-    if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY ]; then
-	mkdir -p $MEDIAGOBLIN_WORKING_DIRECTORY
-    fi
-
-    function_check git_clone
-    git_clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_WORKING_DIRECTORY
-    cd $MEDIAGOBLIN_WORKING_DIRECTORY
-    git checkout $MEDIAGOBLIN_COMMIT -b $MEDIAGOBLIN_COMMIT
-    git submodule init
-    git submodule update
-
-    if ! grep -q "Mediagoblin commit" $COMPLETION_FILE; then
-	echo "Mediagoblin commit:$MEDIAGOBLIN_COMMIT" >> $COMPLETION_FILE
-    else
-	sed -i "s/Mediagoblin commit.*/Mediagoblin commit:$MEDIAGOBLIN_COMMIT/g" $COMPLETION_FILE
-    fi
-
-    chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bootstrap.sh" - mediagoblin
-    if [ ! "$?" = "0" ]; then
-	exit 278826
-    fi
-
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./configure" - mediagoblin
-    if [ ! "$?" = "0" ]; then
-	exit 462826
-    fi
-
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && make" - mediagoblin
-    if [ ! "$?" = "0" ]; then
-	exit 738229
-    fi
-
-    if [ ! -d $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev ]; then
-	mkdir $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
-    fi
-    chmod 750 $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install flup==1.0.3.dev-20110405" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade billiard" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Paste" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade amqp" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade anyjson" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py-bcrypt" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade wtforms" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade python-dateutil" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alembic" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade waitress" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade imagesize" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade alabaster" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade snowballstemmer" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade docutils" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade Pygments" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade beautifulsoup4" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade WebOb" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade py" - mediagoblin
-    su -c "cd $MEDIAGOBLIN_WORKING_DIRECTORY && ./bin/easy_install --upgrade execnet" - mediagoblin
-
-    # create some directories
-    mkdir /var/log/mediagoblin
-    chown -hR mediagoblin:www-data /var/log/mediagoblin
-    mkdir /var/run/mediagoblin
-    chown -hR mediagoblin:www-data /var/run/mediagoblin
-
-    if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin.ini ]; then
-	echo $'mediagoblin.ini not found'
-	exit 737529
-    fi
-    if [ ! -f $MEDIAGOBLIN_WORKING_DIRECTORY/paste.ini ]; then
-	echo $'paste.ini not found'
-	exit 52762
-    fi
-
-    cp -av mediagoblin.ini mediagoblin_local.ini
-    cp -av paste.ini paste_local.ini
-
-    chown -hR mediagoblin:www-data $MEDIAGOBLIN_WORKING_DIRECTORY
-
-    # init with systemd
-    echo '[Unit]' > /etc/systemd/system/mediagoblin-celeryd.service
-    echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo 'After=network.target' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo '[Service]' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo 'Type=simple' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin_local.ini \\" >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo '    CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/celery worker \\" >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo '    --logfile=/var/log/mediagoblin/celery.log \' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo '    --loglevel=INFO' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo '[Install]' >> /etc/systemd/system/mediagoblin-celeryd.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-celeryd.service
-
-    echo '[Unit]' > /etc/systemd/system/mediagoblin-paster.service
-    echo 'Description=Mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
-    echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-paster.service
-    echo 'After=network.target' >> /etc/systemd/system/mediagoblin-paster.service
-    echo '' >> /etc/systemd/system/mediagoblin-paster.service
-    echo '[Service]' >> /etc/systemd/system/mediagoblin-paster.service
-    echo 'Type=forking' >> /etc/systemd/system/mediagoblin-paster.service
-    echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
-    echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
-    echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/mediagoblin-paster.service
-    echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-paster.service
-    echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
-    echo "    $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini \\" >> /etc/systemd/system/mediagoblin-paster.service
-    echo '    --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
-    echo '    --log-file=/var/log/mediagoblin/mediagoblin.log \' >> /etc/systemd/system/mediagoblin-paster.service
-    echo '    --daemon \' >> /etc/systemd/system/mediagoblin-paster.service
-    echo '    --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543' >> /etc/systemd/system/mediagoblin-paster.service
-    echo "ExecStop=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
-    echo '    --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
-    echo "    $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini stop" >> /etc/systemd/system/mediagoblin-paster.service
-    echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/mediagoblin-paster.service
-    echo '' >> /etc/systemd/system/mediagoblin-paster.service
-    echo '[Install]' >> /etc/systemd/system/mediagoblin-paster.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-paster.service
-    systemctl daemon-reload
-    systemctl enable mediagoblin-celeryd
-    systemctl enable mediagoblin-paster
-    systemctl daemon-reload
-    systemctl start mediagoblin-celeryd
-    systemctl start mediagoblin-paster
-
-    MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT})
-    if ! grep -q "Mediagoblin onion domain" $COMPLETION_FILE; then
-	echo "Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}" >> $COMPLETION_FILE
-    else
-	sed -i "s|Mediagoblin onion domain.*|Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}|g" $COMPLETION_FILE
-    fi
-    if [[ $MEDIAGOBLIN_ONION_HOSTNAME == *"not found"* ]]; then
-	echo $'Problem creating onion address for mediagoblin'
-	exit 672652
-    fi
-
-    # web config
-    MEDIAGOBLIN_VIRTUAL_HOST=/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    function_check nginx_http_redirect
-    nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME
-    if [[ $ONION_ONLY == 'no' ]]; then
+
+	# init with systemd
+	echo '[Unit]' > /etc/systemd/system/mediagoblin-celeryd.service
+	echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo 'After=network.target' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo '[Service]' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo 'Type=simple' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin_local.ini \\" >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo '    CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/celery worker \\" >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo '    --logfile=/var/log/mediagoblin/celery.log \' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo '    --loglevel=INFO' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo '' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo '[Install]' >> /etc/systemd/system/mediagoblin-celeryd.service
+	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-celeryd.service
+
+	echo '[Unit]' > /etc/systemd/system/mediagoblin-paster.service
+	echo 'Description=Mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
+	echo 'After=syslog.target' >> /etc/systemd/system/mediagoblin-paster.service
+	echo 'After=network.target' >> /etc/systemd/system/mediagoblin-paster.service
+	echo '' >> /etc/systemd/system/mediagoblin-paster.service
+	echo '[Service]' >> /etc/systemd/system/mediagoblin-paster.service
+	echo 'Type=forking' >> /etc/systemd/system/mediagoblin-paster.service
+	echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
+	echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin-paster.service
+	echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/mediagoblin-paster.service
+	echo "WorkingDirectory=$MEDIAGOBLIN_WORKING_DIRECTORY" >> /etc/systemd/system/mediagoblin-paster.service
+	echo "ExecStart=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
+	echo "    $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini \\" >> /etc/systemd/system/mediagoblin-paster.service
+	echo '    --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
+	echo '    --log-file=/var/log/mediagoblin/mediagoblin.log \' >> /etc/systemd/system/mediagoblin-paster.service
+	echo '    --daemon \' >> /etc/systemd/system/mediagoblin-paster.service
+	echo '    --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543' >> /etc/systemd/system/mediagoblin-paster.service
+	echo "ExecStop=$MEDIAGOBLIN_WORKING_DIRECTORY/bin/paster serve \\" >> /etc/systemd/system/mediagoblin-paster.service
+	echo '    --pid-file=/var/run/mediagoblin/mediagoblin.pid \' >> /etc/systemd/system/mediagoblin-paster.service
+	echo "    $MEDIAGOBLIN_WORKING_DIRECTORY/paste_local.ini stop" >> /etc/systemd/system/mediagoblin-paster.service
+	echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/mediagoblin-paster.service
+	echo '' >> /etc/systemd/system/mediagoblin-paster.service
+	echo '[Install]' >> /etc/systemd/system/mediagoblin-paster.service
+	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin-paster.service
+	systemctl daemon-reload
+	systemctl enable mediagoblin-celeryd
+	systemctl enable mediagoblin-paster
+	systemctl daemon-reload
+	systemctl start mediagoblin-celeryd
+	systemctl start mediagoblin-paster
+
+	MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT})
+	if ! grep -q "Mediagoblin onion domain" $COMPLETION_FILE; then
+		echo "Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}" >> $COMPLETION_FILE
+	else
+		sed -i "s|Mediagoblin onion domain.*|Mediagoblin onion domain:${MEDIAGOBLIN_ONION_HOSTNAME}|g" $COMPLETION_FILE
+	fi
+	if [[ $MEDIAGOBLIN_ONION_HOSTNAME == *"not found"* ]]; then
+		echo $'Problem creating onion address for mediagoblin'
+		exit 672652
+	fi
+
+	# web config
+	MEDIAGOBLIN_VIRTUAL_HOST=/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+	function_check nginx_http_redirect
+	nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME
+	if [[ $ONION_ONLY == 'no' ]]; then
+		echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  listen 443 ssl;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  default_type  application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		function_check nginx_limits
+		nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
+		function_check nginx_ssl
+		nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
+		function_check nginx_disable_sniffing
+		nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo "  server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '    fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '    include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '    # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '      # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '    fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '    fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
+		echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
+	else
+		echo -n '' > $MEDIAGOBLIN_VIRTUAL_HOST
+	fi
+
 	echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '  listen 443 ssl;' >> $MEDIAGOBLIN_VIRTUAL_HOST
+	echo "  listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
@@ -285,8 +354,6 @@ function install_mediagoblin {
 	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	function_check nginx_limits
 	nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
-	function_check nginx_ssl
-	nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
 	function_check nginx_disable_sniffing
 	nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
 	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
@@ -301,7 +368,7 @@ function install_mediagoblin {
 	echo '  # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo "  server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
+	echo "  server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
@@ -336,90 +403,23 @@ function install_mediagoblin {
 	echo '    fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
 	echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
-	echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    else
-	echo -n '' > $MEDIAGOBLIN_VIRTUAL_HOST
-    fi
-
-    echo 'server {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo "  listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  # Stock useful config options, but ignore them :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  #################################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  include /etc/nginx/mime.types;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  autoindex off;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  default_type  application/octet-stream;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  sendfile on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    function_check nginx_limits
-    nginx_limits $MEDIAGOBLIN_DOMAIN_NAME '20m'
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  # Gzip' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  gzip on;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  gzip_min_length 1024;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  gzip_buffers 4 32k;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  # Mounting MediaGoblin stuff' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  # This is the section you should read' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  #####################################' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo "  server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  access_log /var/log/nginx/mediagoblin.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  error_log /var/log/nginx/mediagoblin.error.log;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  # MediaGoblins stock static files: CSS, JS, etc.' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  location /mgoblin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/mediagoblin/static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  # Instance specific media:' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  location /mgoblin_media/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/media/public/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  # Theme static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  location /theme_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/theme_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  # Plugin static files (usually symlinked in)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  location /plugin_static/ {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo "    alias $MEDIAGOBLIN_WORKING_DIRECTORY/user_dev/plugin_static/;" >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  # Mounting MediaGoblin itself via FastCGI.' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  location / {' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '    fastcgi_pass 127.0.0.1:26543;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '    include /etc/nginx/fastcgi_params;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '    # our understanding vs nginxs handling of script_name vs' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '      # path_info dont match :)' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '    fastcgi_param PATH_INFO $fastcgi_script_name;' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '    fastcgi_param SCRIPT_NAME "";' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '  }' >> $MEDIAGOBLIN_VIRTUAL_HOST
-    echo '}' >> $MEDIAGOBLIN_VIRTUAL_HOST
-
-    function_check create_site_certificate
-    create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME
-
-    nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
-    systemctl restart php5-fpm
-    systemctl restart nginx
-
-    add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
-
-    if ! grep -q "Mediagoblin domain" $COMPLETION_FILE; then
-	echo "Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME" >> $COMPLETION_FILE
-    else
-	sed -i "s/Mediagoblin domain.*/Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME/g" $COMPLETION_FILE
-    fi
-
-    echo 'install_mediagoblin' >> $COMPLETION_FILE
+
+	function_check create_site_certificate
+	create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME
+
+	nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
+	systemctl restart php5-fpm
+	systemctl restart nginx
+
+	add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
+
+	if ! grep -q "Mediagoblin domain" $COMPLETION_FILE; then
+		echo "Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME" >> $COMPLETION_FILE
+	else
+		sed -i "s/Mediagoblin domain.*/Mediagoblin domain:$MEDIAGOBLIN_DOMAIN_NAME/g" $COMPLETION_FILE
+	fi
+
+	echo 'install_mediagoblin' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-mumble

@@ -40,256 +40,256 @@ VOIP_DATABASE="mumble-server.sqlite"
 VOIP_CONFIG_FILE="mumble-server.ini"
 
 function reconfigure_mumble {
-    echo -n ''
+	echo -n ''
 }
 
 function upgrade_mumble {
-    echo -n ''
+	echo -n ''
 }
 
 function backup_local_mumble {
-    if [ -f /etc/mumble-server.ini ]; then
-	echo $"Backing up Mumble settings"
-	temp_backup_dir=/root/tempvoipbackup
-	if [ ! -d $temp_backup_dir ]; then
-	    mkdir -p $temp_backup_dir
+	if [ -f /etc/mumble-server.ini ]; then
+		echo $"Backing up Mumble settings"
+		temp_backup_dir=/root/tempvoipbackup
+		if [ ! -d $temp_backup_dir ]; then
+			mkdir -p $temp_backup_dir
+		fi
+		cp -f /etc/mumble-server.ini $temp_backup_dir
+		cp -f /var/lib/mumble-server/mumble-server.sqlite $temp_backup_dir
+		backup_directory_to_usb $temp_backup_dir voip
+		echo $"Mumble settings backup complete"
 	fi
-	cp -f /etc/mumble-server.ini $temp_backup_dir
-	cp -f /var/lib/mumble-server/mumble-server.sqlite $temp_backup_dir
-	backup_directory_to_usb $temp_backup_dir voip
-	echo $"Mumble settings backup complete"
-    fi
 }
 
 function restore_local_mumble {
-    if [ -d $USB_MOUNT/backup/voip ]; then
-	echo $"Restoring VoIP settings"
-	temp_restore_dir=/root/tempvoip
-	function_check restore_directory_from_usb
-	restore_directory_from_usb $temp_restore_dir voip
-	cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
-	if [ ! "$?" = "0" ]; then
-	    rm -rf $temp_restore_dir
-	    function_check set_user_permissions
-	    set_user_permissions
-	    function_check backup_unmount_drive
-	    backup_unmount_drive
-	    exit 3679
-	fi
-	cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
-	if [ ! "$?" = "0" ]; then
-	    rm -rf $temp_restore_dir
-	    function_check set_user_permissions
-	    set_user_permissions
-	    function_check backup_unmount_drive
-	    backup_unmount_drive
-	    exit 276
+	if [ -d $USB_MOUNT/backup/voip ]; then
+		echo $"Restoring VoIP settings"
+		temp_restore_dir=/root/tempvoip
+		function_check restore_directory_from_usb
+		restore_directory_from_usb $temp_restore_dir voip
+		cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
+		if [ ! "$?" = "0" ]; then
+			rm -rf $temp_restore_dir
+			function_check set_user_permissions
+			set_user_permissions
+			function_check backup_unmount_drive
+			backup_unmount_drive
+			exit 3679
+		fi
+		cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
+		if [ ! "$?" = "0" ]; then
+			rm -rf $temp_restore_dir
+			function_check set_user_permissions
+			set_user_permissions
+			function_check backup_unmount_drive
+			backup_unmount_drive
+			exit 276
+		fi
+		rm -rf $temp_restore_dir
+		cp /etc/ssl/certs/mumble* /var/lib/mumble-server
+		cp /etc/ssl/private/mumble* /var/lib/mumble-server
+		chown -R mumble-server:mumble-server /var/lib/mumble-server
+		service mumble-server restart
 	fi
-	rm -rf $temp_restore_dir
-	cp /etc/ssl/certs/mumble* /var/lib/mumble-server
-	cp /etc/ssl/private/mumble* /var/lib/mumble-server
-	chown -R mumble-server:mumble-server /var/lib/mumble-server
-	service mumble-server restart
-    fi
 }
 
 function backup_remote_mumble {
-    if [ -f /etc/mumble-server.ini ]; then
-	echo $"Backing up VoIP settings"
-	if [ ! -d /root/tempvoipbackup ]; then
-	    mkdir -p /root/tempvoipbackup
+	if [ -f /etc/mumble-server.ini ]; then
+		echo $"Backing up VoIP settings"
+		if [ ! -d /root/tempvoipbackup ]; then
+			mkdir -p /root/tempvoipbackup
+		fi
+		cp -f /etc/mumble-server.ini /root/tempvoipbackup
+		cp -f /var/lib/mumble-server/mumble-server.sqlite /root/tempvoipbackup
+		backup_directory_to_friend /root/tempvoipbackup voip
+		echo $"Backup of VoIP settings complete"
 	fi
-	cp -f /etc/mumble-server.ini /root/tempvoipbackup
-	cp -f /var/lib/mumble-server/mumble-server.sqlite /root/tempvoipbackup
-	backup_directory_to_friend /root/tempvoipbackup voip
-	echo $"Backup of VoIP settings complete"
-    fi
 }
 
 function restore_remote_mumble {
-    if [ -d $SERVER_DIRECTORY/backup/voip ]; then
-	echo $"Restoring Mumble settings"
-	temp_restore_dir=/root/tempvoip
-	function_check restore_directory_from_friend
-	restore_directory_from_friend $temp_restore_dir voip
-	cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
-	if [ ! "$?" = "0" ]; then
-	    rm -rf $temp_restore_dir
-	    exit 7823
-	fi
-	cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
-	if [ ! "$?" = "0" ]; then
-	    rm -rf $temp_restore_dir
-	    exit 7823
-	fi
-	cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
-	if [ ! "$?" = "0" ]; then
-	    rm -rf $temp_restore_dir
-	    exit 276
+	if [ -d $SERVER_DIRECTORY/backup/voip ]; then
+		echo $"Restoring Mumble settings"
+		temp_restore_dir=/root/tempvoip
+		function_check restore_directory_from_friend
+		restore_directory_from_friend $temp_restore_dir voip
+		cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
+		if [ ! "$?" = "0" ]; then
+			rm -rf $temp_restore_dir
+			exit 7823
+		fi
+		cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
+		if [ ! "$?" = "0" ]; then
+			rm -rf $temp_restore_dir
+			exit 7823
+		fi
+		cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
+		if [ ! "$?" = "0" ]; then
+			rm -rf $temp_restore_dir
+			exit 276
+		fi
+		rm -rf $temp_restore_dir
+		cp /etc/ssl/certs/mumble* /var/lib/mumble-server
+		cp /etc/ssl/private/mumble* /var/lib/mumble-server
+		chown -R mumble-server:mumble-server /var/lib/mumble-server
+		service mumble-server restart
+		echo $"Restore of Mumble complete"
 	fi
-	rm -rf $temp_restore_dir
-	cp /etc/ssl/certs/mumble* /var/lib/mumble-server
-	cp /etc/ssl/private/mumble* /var/lib/mumble-server
-	chown -R mumble-server:mumble-server /var/lib/mumble-server
-	service mumble-server restart
-	echo $"Restore of Mumble complete"
-    fi
 }
 
 function remove_mumble {
-    if !grep -Fxq "install_mumble" $COMPLETION_FILE; then
-	if ! grep -Fxq "install_voip" $COMPLETION_FILE; then
-	    return
+	if !grep -Fxq "install_mumble" $COMPLETION_FILE; then
+		if ! grep -Fxq "install_voip" $COMPLETION_FILE; then
+			return
+		fi
 	fi
-    fi
-    apt-get -y remove --purge mumble-server
-    if [[ $ONION_ONLY == "no" ]]; then
-	iptables -D INPUT -p udp --dport $VOIP_PORT -j ACCEPT
-	iptables -D INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
-	function_check save_firewall_settings
-	save_firewall_settings
-    fi
-    if [ -f /etc/mumble-server.ini ]; then
-	rm /etc/mumble-server.ini
-    fi
-    function_check remove_onion_service
-    remove_onion_service voip ${VOIP_PORT}
-    sed -i '/install_mumble/d' $COMPLETION_FILE
-    sed -i '/install_voip/d' $COMPLETION_FILE
-    sed -i '/configure_firewall_for_voip/d' $COMPLETION_FILE
-    sed -i '/VoIP /d' $COMPLETION_FILE
+	apt-get -y remove --purge mumble-server
+	if [[ $ONION_ONLY == "no" ]]; then
+		iptables -D INPUT -p udp --dport $VOIP_PORT -j ACCEPT
+		iptables -D INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
+		function_check save_firewall_settings
+		save_firewall_settings
+	fi
+	if [ -f /etc/mumble-server.ini ]; then
+		rm /etc/mumble-server.ini
+	fi
+	function_check remove_onion_service
+	remove_onion_service voip ${VOIP_PORT}
+	sed -i '/install_mumble/d' $COMPLETION_FILE
+	sed -i '/install_voip/d' $COMPLETION_FILE
+	sed -i '/configure_firewall_for_voip/d' $COMPLETION_FILE
+	sed -i '/VoIP /d' $COMPLETION_FILE
 }
 
 function get_voip_server_password {
-    if [ -f /home/$MY_USERNAME/README ]; then
-	if grep -q "VoIP server password" /home/$MY_USERNAME/README; then
-	    if [ ! $VOIP_SERVER_PASSWORD ]; then
-		VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
-	    fi
-	else
-	    if grep -q "Mumble server password" /home/$MY_USERNAME/README; then
-		if [ ! $VOIP_SERVER_PASSWORD ]; then
-		    VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Mumble server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+	if [ -f /home/$MY_USERNAME/README ]; then
+		if grep -q "VoIP server password" /home/$MY_USERNAME/README; then
+			if [ ! $VOIP_SERVER_PASSWORD ]; then
+				VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "VoIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+			fi
+		else
+			if grep -q "Mumble server password" /home/$MY_USERNAME/README; then
+				if [ ! $VOIP_SERVER_PASSWORD ]; then
+					VOIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Mumble server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+				fi
+			fi
 		fi
-	    fi
 	fi
-    fi
 }
 
 function configure_firewall_for_voip {
-    if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
-	return
-    fi
-    if [[ $ONION_ONLY != "no" ]]; then
-	return
-    fi
-    iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
+	if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
+		return
+	fi
+	if [[ $ONION_ONLY != "no" ]]; then
+		return
+	fi
+	iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
+	iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
 
-    OPEN_PORTS+=("Mumble   $VOIP_PORT")
-    echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
+	OPEN_PORTS+=("Mumble   $VOIP_PORT")
+	echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
 }
 
 function install_mumble {
-    if grep -Fxq "install_mumble" $COMPLETION_FILE; then
-	return
-    fi
-    if grep -Fxq "install_voip" $COMPLETION_FILE; then
-	return
-    fi
-    apt-get -y install mumble-server
+	if grep -Fxq "install_mumble" $COMPLETION_FILE; then
+		return
+	fi
+	if grep -Fxq "install_voip" $COMPLETION_FILE; then
+		return
+	fi
+	apt-get -y install mumble-server
 
-    function_check get_voip_server_password
-    get_voip_server_password
-    if [ ! $VOIP_SERVER_PASSWORD ]; then
-	if [ -f $IMAGE_PASSWORD_FILE ]; then
-	    VOIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-	else
-	    VOIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-	    if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
-		VOIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-	    fi
+	function_check get_voip_server_password
+	get_voip_server_password
+	if [ ! $VOIP_SERVER_PASSWORD ]; then
+		if [ -f $IMAGE_PASSWORD_FILE ]; then
+			VOIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+		else
+			VOIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+			if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+				VOIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+			fi
+		fi
 	fi
-    fi
 
-    # Make an ssl cert for the server
-    if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
-	${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
-	function_check check_certificates
-	check_certificates mumble
-    fi
+	# Make an ssl cert for the server
+	if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
+		${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
+		function_check check_certificates
+		check_certificates mumble
+	fi
 
-    # Check that the cert was created
-    if [ ! -f /etc/ssl/certs/mumble.crt ]; then
-	echo $'VoIP server certificate not created'
-	exit 57892
-    fi
-    if [ ! -f /etc/ssl/private/mumble.key ]; then
-	echo $'VoIP server key not created'
-	exit 57893
-    fi
-    if [ ! -d /var/lib/mumble-server ]; then
-	mkdir /var/lib/mumble-server
-    fi
-    cp /etc/ssl/certs/mumble.* /var/lib/mumble-server
-    cp /etc/ssl/private/mumble.key /var/lib/mumble-server
-    chown -R mumble-server:mumble-server /var/lib/mumble-server
+	# Check that the cert was created
+	if [ ! -f /etc/ssl/certs/mumble.crt ]; then
+		echo $'VoIP server certificate not created'
+		exit 57892
+	fi
+	if [ ! -f /etc/ssl/private/mumble.key ]; then
+		echo $'VoIP server key not created'
+		exit 57893
+	fi
+	if [ ! -d /var/lib/mumble-server ]; then
+		mkdir /var/lib/mumble-server
+	fi
+	cp /etc/ssl/certs/mumble.* /var/lib/mumble-server
+	cp /etc/ssl/private/mumble.key /var/lib/mumble-server
+	chown -R mumble-server:mumble-server /var/lib/mumble-server
 
-    sed -i "s|welcometext=.*|welcometext=\"<br />Welcome to $DEFAULT_DOMAIN_NAME <b>VoIP</b>.<br />Chat freely!<br />\"|g" /etc/mumble-server.ini
+	sed -i "s|welcometext=.*|welcometext=\"<br />Welcome to $DEFAULT_DOMAIN_NAME <b>VoIP</b>.<br />Chat freely!<br />\"|g" /etc/mumble-server.ini
 
-    if [[ $VOIP_SERVER_PASSWORD && $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
-	sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini
-    fi
+	if [[ $VOIP_SERVER_PASSWORD && $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
+		sed -i "s|serverpassword=.*|serverpassword=$VOIP_SERVER_PASSWORD|g" /etc/mumble-server.ini
+	fi
 
-    sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini
-    sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini
-    sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini
-    sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
-    sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
-    if ! grep -q "allowping" /etc/mumble-server.ini; then
-	echo 'allowping=False' >> /etc/mumble-server.ini
-    fi
-    sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
-    sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.crt|g' /etc/mumble-server.ini
-    sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
-    sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
-    sed -i 's|users=100|users=10|g' /etc/mumble-server.ini
-    sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini
-    sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
-    sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
-    sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini
-    sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
-    sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
-    sed -i "s|port=.*|port=${VOIP_PORT}|g" /etc/mumble-server.ini
+	sed -i 's|#autobanAttempts.*|autobanAttempts = 10|g' /etc/mumble-server.ini
+	sed -i 's|#autobanTimeframe.*|autobanTimeframe = 120|g' /etc/mumble-server.ini
+	sed -i 's|#autobanTime.*|autobanTime = 300|g' /etc/mumble-server.ini
+	sed -i 's|#sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
+	sed -i 's|sendversion=.*|sendversion=False|g' /etc/mumble-server.ini
+	if ! grep -q "allowping" /etc/mumble-server.ini; then
+		echo 'allowping=False' >> /etc/mumble-server.ini
+	fi
+	sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
+	sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.crt|g' /etc/mumble-server.ini
+	sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
+	sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
+	sed -i 's|users=100|users=10|g' /etc/mumble-server.ini
+	sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini
+	sed -i 's|#textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
+	sed -i 's|textmessagelength=.*|textmessagelength=1000|g' /etc/mumble-server.ini
+	sed -i 's|#imagemessagelength=.*|imagemessagelength=131072|g' /etc/mumble-server.ini
+	sed -i 's|#allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
+	sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
+	sed -i "s|port=.*|port=${VOIP_PORT}|g" /etc/mumble-server.ini
 
-    VOIP_ONION_HOSTNAME=$(add_onion_service voip ${VOIP_PORT} ${VOIP_PORT})
-    if ! grep -q $"VoIP onion domain" $COMPLETION_FILE; then
-	echo "VoIP onion domain:$VOIP_ONION_HOSTNAME" >> $COMPLETION_FILE
-    fi
+	VOIP_ONION_HOSTNAME=$(add_onion_service voip ${VOIP_PORT} ${VOIP_PORT})
+	if ! grep -q $"VoIP onion domain" $COMPLETION_FILE; then
+		echo "VoIP onion domain:$VOIP_ONION_HOSTNAME" >> $COMPLETION_FILE
+	fi
 
-    systemctl restart mumble-server
+	systemctl restart mumble-server
 
-    if ! grep -q $"Mumble Server" /home/$MY_USERNAME/README; then
-	echo '' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'Mumble Server' >> /home/$MY_USERNAME/README
-	echo '=============' >> /home/$MY_USERNAME/README
-	echo $"Mumble onion domain:$VOIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
-	echo $'Mumble server username: mumble-server' >> /home/$MY_USERNAME/README
-	if [[ $SYSTEM_TYPE != "VARIANT_MESH" ]]; then
-	    echo $"Mumble server password: $VOIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
+	if ! grep -q $"Mumble Server" /home/$MY_USERNAME/README; then
+		echo '' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'Mumble Server' >> /home/$MY_USERNAME/README
+		echo '=============' >> /home/$MY_USERNAME/README
+		echo $"Mumble onion domain:$VOIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
+		echo $'Mumble server username: mumble-server' >> /home/$MY_USERNAME/README
+		if [[ $SYSTEM_TYPE != "VARIANT_MESH" ]]; then
+			echo $"Mumble server password: $VOIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
+		fi
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'To connect to the Mumble server use your username and the server password shown above.' >> /home/$MY_USERNAME/README
+		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+		chmod 600 /home/$MY_USERNAME/README
 	fi
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'To connect to the Mumble server use your username and the server password shown above.' >> /home/$MY_USERNAME/README
-	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-	chmod 600 /home/$MY_USERNAME/README
-    fi
 
-    function_check configure_firewall_for_voip
-    configure_firewall_for_voip
-    echo 'install_mumble' >> $COMPLETION_FILE
+	function_check configure_firewall_for_voip
+	configure_firewall_for_voip
+	echo 'install_mumble' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-searx

@@ -39,258 +39,258 @@ SEARX_LOGIN_TEXT=$"Search engine login"
 SEARX_PASSWORD=
 
 function reconfigure_searx {
-    echo -n ''
+	echo -n ''
 }
 
 function upgrade_searx {
-    if ! grep -Fxq "install_searx" $COMPLETION_FILE; then
-	return
-    fi
-
-    set_repo_commit $SEARX_PATH/searx "Search engine commit" "$SEARX_COMMIT" $SEARX_REPO
-    if grep "Search engine key" $COMPLETION_FILE; then
-	if [ -f ${SEARX_PATH}/searx/searx/settings.yml ]; then
-	    # note: this might change to a --tor option in a later version
-	    if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
-		echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
-		echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
-		echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
-		echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
-	    fi
-	    SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
-	    sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
-	    if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then
-		SEARX_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname)
-		sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
-	    fi
+	if ! grep -Fxq "install_searx" $COMPLETION_FILE; then
+		return
+	fi
+
+	set_repo_commit $SEARX_PATH/searx "Search engine commit" "$SEARX_COMMIT" $SEARX_REPO
+	if grep "Search engine key" $COMPLETION_FILE; then
+		if [ -f ${SEARX_PATH}/searx/searx/settings.yml ]; then
+			# note: this might change to a --tor option in a later version
+			if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
+				echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
+				echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
+				echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
+				echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
+			fi
+			SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
+			sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
+			if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then
+				SEARX_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname)
+				sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
+			fi
+		fi
 	fi
-    fi
 }
 
 function backup_local_searx {
-    echo -n ''
+	echo -n ''
 }
 
 function restore_local_searx {
-    echo -n ''
+	echo -n ''
 }
 
 function backup_remote_searx {
-    echo -n ''
+	echo -n ''
 }
 
 function restore_remote_searx {
-    echo -n ''
+	echo -n ''
 }
 
 function remove_searx {
-    if ! grep -Fxq "install_searx" $COMPLETION_FILE; then
-	return
-    fi
-    systemctl stop searx
-    systemctl disable searx
-    rm /etc/systemd/system/searx.service
-    function_check remove_onion_service
-    remove_onion_service searx ${SEARX_ONION_PORT}
-    userdel -r searx
-    nginx_dissite searx
-    if [ -f /etc/nginx/sites-available/searx ]; then
-	rm /etc/nginx/sites-available/searx
-    fi
-    if [ -d ${SEARX_PATH}/searx ]; then
-	rm -rf ${SEARX_PATH}/searx
-    fi
-    sed -i '/install_searx/d' $COMPLETION_FILE
-    sed -i '/Search engine /d' $COMPLETION_FILE
+	if ! grep -Fxq "install_searx" $COMPLETION_FILE; then
+		return
+	fi
+	systemctl stop searx
+	systemctl disable searx
+	rm /etc/systemd/system/searx.service
+	function_check remove_onion_service
+	remove_onion_service searx ${SEARX_ONION_PORT}
+	userdel -r searx
+	nginx_dissite searx
+	if [ -f /etc/nginx/sites-available/searx ]; then
+		rm /etc/nginx/sites-available/searx
+	fi
+	if [ -d ${SEARX_PATH}/searx ]; then
+		rm -rf ${SEARX_PATH}/searx
+	fi
+	sed -i '/install_searx/d' $COMPLETION_FILE
+	sed -i '/Search engine /d' $COMPLETION_FILE
 }
 
 function install_searx {
-    # Note: currently socks5 outgoing proxies to other search engines does not work
-    if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
-	return
-    fi
-    if [ ! -d /etc/nginx ]; then
-	echo $'Webserver is not installed'
-	exit 62429
-    fi
-
-    if grep -Fxq "install_searx" $COMPLETION_FILE; then
-	return
-    fi
-
-    apt-get -y install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils
-    apt-get -y install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi
-
-    pip install --upgrade pip
-
-    pip install certifi
-    if [ ! "$?" = "0" ]; then
-	echo $'Failed to install certifi'
-	exit 737692
-    fi
-
-    pip install pyyaml
-    if [ ! "$?" = "0" ]; then
-	echo $'Failed to install pyyaml'
-	exit 469242
-    fi
-
-    pip install flask --upgrade
-    if [ ! "$?" = "0" ]; then
-	echo $'Failed to install flask'
-	exit 888575
-    fi
-
-    pip install flask_restless --upgrade
-    if [ ! "$?" = "0" ]; then
-	echo $'Failed to install flask_restless'
-	exit 54835
-    fi
-
-    pip install flask_babel --upgrade
-    if [ ! "$?" = "0" ]; then
-	echo $'Failed to install flask_babel'
-	exit 63738
-    fi
-
-    if [ ! -d $SEARX_PATH ]; then
-	mkdir -p $SEARX_PATH
-    fi
-
-    # clone the repo
-    cd $SEARX_PATH
-    function_check git_clone
-    git_clone $SEARX_REPO searx
-    git checkout $SEARX_COMMIT -b $SEARX_COMMIT
-    if ! grep -q "Search engine commit" $COMPLETION_FILE; then
-	echo "Search engine commit:$SEARX_COMMIT" >> $COMPLETION_FILE
-    else
-	sed -i "s/Search engine commit.*/Search engine commit:$SEARX_COMMIT/g" $COMPLETION_FILE
-    fi
-
-    # create an onion service
-    SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT})
-    if ! grep "Search engine onion domain" $COMPLETION_FILE; then
-	echo "Search engine onion domain:${SEARX_ONION_HOSTNAME}" >> $COMPLETION_FILE
-    else
-	sed -i "s|Search engine onion domain.*|Search engine onion domain:${SEARX_ONION_HOSTNAME}|g" $COMPLETION_FILE
-    fi
-
-    # an unprivileged user to run as
-    useradd -d ${SEARX_PATH}/searx/ -s /bin/false searx
-    adduser searx debian-tor
-
-    # daemon
-    echo '[Unit]' > /etc/systemd/system/searx.service
-    echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service
-    echo 'After=syslog.target' >> /etc/systemd/system/searx.service
-    echo 'After=network.target' >> /etc/systemd/system/searx.service
-    echo '' >> /etc/systemd/system/searx.service
-    echo '[Service]' >> /etc/systemd/system/searx.service
-    echo 'Type=simple' >> /etc/systemd/system/searx.service
-    echo 'User=searx' >> /etc/systemd/system/searx.service
-    echo 'Group=searx' >> /etc/systemd/system/searx.service
-    echo "WorkingDirectory=${SEARX_PATH}/searx" >> /etc/systemd/system/searx.service
-    echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service
-    echo 'Restart=always' >> /etc/systemd/system/searx.service
-    echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service
-    echo '' >> /etc/systemd/system/searx.service
-    echo '[Install]' >> /etc/systemd/system/searx.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service
-
-    # create a webserver file
-    echo 'server {' > /etc/nginx/sites-available/searx
-    echo "    listen 127.0.0.1:${SEARX_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx
-    echo "    root ${SEARX_PATH}/searx;" >> /etc/nginx/sites-available/searx
-    echo "    server_name ${SEARX_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx
-    echo '    access_log off;' >> /etc/nginx/sites-available/searx
-    echo "    error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx
-    echo '' >> /etc/nginx/sites-available/searx
-    function_check nginx_limits
-    nginx_limits searx '1M'
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing searx
-    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx
-    echo '' >> /etc/nginx/sites-available/searx
-    echo '    location / {' >> /etc/nginx/sites-available/searx
-    echo '        proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx
-    echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/searx
-    echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/searx
-    echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/searx
-    echo '        proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx
-    echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx
-    echo '        proxy_redirect off;' >> /etc/nginx/sites-available/searx
-
-    echo "        auth_basic \"${SEARX_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
-    echo '        auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx
-    echo '    }' >> /etc/nginx/sites-available/searx
-    echo '' >> /etc/nginx/sites-available/searx
-    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
-    echo '' >> /etc/nginx/sites-available/searx
-    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx
-    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx
-    echo '' >> /etc/nginx/sites-available/searx
-    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/searx
-    echo '        allow all;' >> /etc/nginx/sites-available/searx
-    echo '        log_not_found off;' >> /etc/nginx/sites-available/searx
-    echo '        access_log off;' >> /etc/nginx/sites-available/searx
-    echo '    }' >> /etc/nginx/sites-available/searx
-    echo '}' >> /etc/nginx/sites-available/searx
-
-    # replace the secret key
-    if ! grep "Search engine key" $COMPLETION_FILE; then
-	SEARX_SECRET_KEY="$(create_password 30)"
-	echo "Search engine key:${SEARX_SECRET_KEY}" >> $COMPLETION_FILE
-    else
-	SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
-    fi
-    sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
-    sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings_robot.yml
-    sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
-    sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings_robot.yml
-
-    # note: this might change to a --tor option in a later version
-    if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
-	echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
-	echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
-	echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
-	echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
-    fi
-
-    chown -R searx:searx ${SEARX_PATH}/searx
-
-    # enable the site
-    nginx_ensite searx
-
-    # restart the web server
-    systemctl restart php5-fpm
-    systemctl restart nginx
-
-    # start the daemon
-    systemctl enable searx.service
-    systemctl daemon-reload
-    systemctl start searx.service
-
-    if ! grep -q "Your search engine password is" /home/$MY_USERNAME/README; then
-	if [ ${#SEARX_PASSWORD} -lt 8 ]; then
-	    if [ -f $IMAGE_PASSWORD_FILE ]; then
-		SEARX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-	    else
-		SEARX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-	    fi
+	# Note: currently socks5 outgoing proxies to other search engines does not work
+	if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+		return
 	fi
-	echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME
-	echo '' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'Search Engine' >> /home/$MY_USERNAME/README
-	echo '=============' >> /home/$MY_USERNAME/README
-	echo $"Search engine onion domain: ${SEARX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
-	echo $"Your search engine password is: $SEARX_PASSWORD" >> /home/$MY_USERNAME/README
-	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-	chmod 600 /home/$MY_USERNAME/README
-    fi
-
-    echo 'install_searx' >> $COMPLETION_FILE
+	if [ ! -d /etc/nginx ]; then
+		echo $'Webserver is not installed'
+		exit 62429
+	fi
+
+	if grep -Fxq "install_searx" $COMPLETION_FILE; then
+		return
+	fi
+
+	apt-get -y install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils
+	apt-get -y install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi
+
+	pip install --upgrade pip
+
+	pip install certifi
+	if [ ! "$?" = "0" ]; then
+		echo $'Failed to install certifi'
+		exit 737692
+	fi
+
+	pip install pyyaml
+	if [ ! "$?" = "0" ]; then
+		echo $'Failed to install pyyaml'
+		exit 469242
+	fi
+
+	pip install flask --upgrade
+	if [ ! "$?" = "0" ]; then
+		echo $'Failed to install flask'
+		exit 888575
+	fi
+
+	pip install flask_restless --upgrade
+	if [ ! "$?" = "0" ]; then
+		echo $'Failed to install flask_restless'
+		exit 54835
+	fi
+
+	pip install flask_babel --upgrade
+	if [ ! "$?" = "0" ]; then
+		echo $'Failed to install flask_babel'
+		exit 63738
+	fi
+
+	if [ ! -d $SEARX_PATH ]; then
+		mkdir -p $SEARX_PATH
+	fi
+
+	# clone the repo
+	cd $SEARX_PATH
+	function_check git_clone
+	git_clone $SEARX_REPO searx
+	git checkout $SEARX_COMMIT -b $SEARX_COMMIT
+	if ! grep -q "Search engine commit" $COMPLETION_FILE; then
+		echo "Search engine commit:$SEARX_COMMIT" >> $COMPLETION_FILE
+	else
+		sed -i "s/Search engine commit.*/Search engine commit:$SEARX_COMMIT/g" $COMPLETION_FILE
+	fi
+
+	# create an onion service
+	SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT})
+	if ! grep "Search engine onion domain" $COMPLETION_FILE; then
+		echo "Search engine onion domain:${SEARX_ONION_HOSTNAME}" >> $COMPLETION_FILE
+	else
+		sed -i "s|Search engine onion domain.*|Search engine onion domain:${SEARX_ONION_HOSTNAME}|g" $COMPLETION_FILE
+	fi
+
+	# an unprivileged user to run as
+	useradd -d ${SEARX_PATH}/searx/ -s /bin/false searx
+	adduser searx debian-tor
+
+	# daemon
+	echo '[Unit]' > /etc/systemd/system/searx.service
+	echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service
+	echo 'After=syslog.target' >> /etc/systemd/system/searx.service
+	echo 'After=network.target' >> /etc/systemd/system/searx.service
+	echo '' >> /etc/systemd/system/searx.service
+	echo '[Service]' >> /etc/systemd/system/searx.service
+	echo 'Type=simple' >> /etc/systemd/system/searx.service
+	echo 'User=searx' >> /etc/systemd/system/searx.service
+	echo 'Group=searx' >> /etc/systemd/system/searx.service
+	echo "WorkingDirectory=${SEARX_PATH}/searx" >> /etc/systemd/system/searx.service
+	echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service
+	echo 'Restart=always' >> /etc/systemd/system/searx.service
+	echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service
+	echo '' >> /etc/systemd/system/searx.service
+	echo '[Install]' >> /etc/systemd/system/searx.service
+	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service
+
+	# create a webserver file
+	echo 'server {' > /etc/nginx/sites-available/searx
+	echo "    listen 127.0.0.1:${SEARX_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx
+	echo "    root ${SEARX_PATH}/searx;" >> /etc/nginx/sites-available/searx
+	echo "    server_name ${SEARX_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx
+	echo '    access_log off;' >> /etc/nginx/sites-available/searx
+	echo "    error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx
+	echo '' >> /etc/nginx/sites-available/searx
+	function_check nginx_limits
+	nginx_limits searx '1M'
+	function_check nginx_disable_sniffing
+	nginx_disable_sniffing searx
+	echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx
+	echo '' >> /etc/nginx/sites-available/searx
+	echo '    location / {' >> /etc/nginx/sites-available/searx
+	echo '        proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx
+	echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/searx
+	echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/searx
+	echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/searx
+	echo '        proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx
+	echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx
+	echo '        proxy_redirect off;' >> /etc/nginx/sites-available/searx
+
+	echo "        auth_basic \"${SEARX_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
+	echo '        auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx
+	echo '    }' >> /etc/nginx/sites-available/searx
+	echo '' >> /etc/nginx/sites-available/searx
+	echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
+	echo '' >> /etc/nginx/sites-available/searx
+	echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx
+	echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx
+	echo '' >> /etc/nginx/sites-available/searx
+	echo '    location = /robots.txt {' >> /etc/nginx/sites-available/searx
+	echo '        allow all;' >> /etc/nginx/sites-available/searx
+	echo '        log_not_found off;' >> /etc/nginx/sites-available/searx
+	echo '        access_log off;' >> /etc/nginx/sites-available/searx
+	echo '    }' >> /etc/nginx/sites-available/searx
+	echo '}' >> /etc/nginx/sites-available/searx
+
+	# replace the secret key
+	if ! grep "Search engine key" $COMPLETION_FILE; then
+		SEARX_SECRET_KEY="$(create_password 30)"
+		echo "Search engine key:${SEARX_SECRET_KEY}" >> $COMPLETION_FILE
+	else
+		SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
+	fi
+	sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
+	sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings_robot.yml
+	sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
+	sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings_robot.yml
+
+	# note: this might change to a --tor option in a later version
+	if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
+		echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
+		echo '    proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
+		echo '        http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
+		echo '        https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
+	fi
+
+	chown -R searx:searx ${SEARX_PATH}/searx
+
+	# enable the site
+	nginx_ensite searx
+
+	# restart the web server
+	systemctl restart php5-fpm
+	systemctl restart nginx
+
+	# start the daemon
+	systemctl enable searx.service
+	systemctl daemon-reload
+	systemctl start searx.service
+
+	if ! grep -q "Your search engine password is" /home/$MY_USERNAME/README; then
+		if [ ${#SEARX_PASSWORD} -lt 8 ]; then
+			if [ -f $IMAGE_PASSWORD_FILE ]; then
+				SEARX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+			else
+				SEARX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+			fi
+		fi
+		echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME
+		echo '' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'Search Engine' >> /home/$MY_USERNAME/README
+		echo '=============' >> /home/$MY_USERNAME/README
+		echo $"Search engine onion domain: ${SEARX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+		echo $"Your search engine password is: $SEARX_PASSWORD" >> /home/$MY_USERNAME/README
+		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+		chmod 600 /home/$MY_USERNAME/README
+	fi
+
+	echo 'install_searx' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-sip

@@ -38,415 +38,415 @@ VOIP_TURN_TLS_PORT=5349
 VOIP_TURN_NONCE=
 
 function reconfigure_sip {
-    echo -n ''
+	echo -n ''
 }
 
 function upgrade_sip {
-    # remove the original sipwitch daemon if it exists
-    if [ -f /etc/init.d/sipwitch ]; then
-	rm -f /etc/init.d/sipwitch
-    fi
+	# remove the original sipwitch daemon if it exists
+	if [ -f /etc/init.d/sipwitch ]; then
+		rm -f /etc/init.d/sipwitch
+	fi
 }
 
 function backup_local_sip {
-    if [ -f /etc/sipwitch.conf ]; then
-	echo $"Backing up SIP settings"
-	temp_backup_dir=/root/tempsipbackup
-	if [ ! -d $temp_backup_dir ]; then
-	    mkdir -p $temp_backup_dir
+	if [ -f /etc/sipwitch.conf ]; then
+		echo $"Backing up SIP settings"
+		temp_backup_dir=/root/tempsipbackup
+		if [ ! -d $temp_backup_dir ]; then
+			mkdir -p $temp_backup_dir
+		fi
+		cp -f /etc/sipwitch.conf $temp_backup_dir
+		backup_directory_to_usb $temp_backup_dir sip
+		echo $"SIP settings backup complete"
 	fi
-	cp -f /etc/sipwitch.conf $temp_backup_dir
-	backup_directory_to_usb $temp_backup_dir sip
-	echo $"SIP settings backup complete"
-    fi
 }
 
 function restore_local_sip {
-    if [ -d $USB_MOUNT/backup/sip ]; then
-	echo $"Restoring SIP settings"
-	temp_restore_dir=/root/tempsip
-	function_check restore_directory_from_usb
-	restore_directory_from_usb $temp_restore_dir sip
-	cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
-	if [ ! "$?" = "0" ]; then
-	    rm -rf $temp_restore_dir
-	    function_check set_user_permissions
-	    set_user_permissions
-	    backup_unmount_drive
-	    exit 3679
+	if [ -d $USB_MOUNT/backup/sip ]; then
+		echo $"Restoring SIP settings"
+		temp_restore_dir=/root/tempsip
+		function_check restore_directory_from_usb
+		restore_directory_from_usb $temp_restore_dir sip
+		cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
+		if [ ! "$?" = "0" ]; then
+			rm -rf $temp_restore_dir
+			function_check set_user_permissions
+			set_user_permissions
+			backup_unmount_drive
+			exit 3679
+		fi
+		rm -rf $temp_restore_dir
+		service sipwitch restart
+		echo $"Restore of SIP settings complete"
 	fi
-	rm -rf $temp_restore_dir
-	service sipwitch restart
-	echo $"Restore of SIP settings complete"
-    fi
 }
 
 function backup_remote_sip {
-    if [ -f /etc/sipwitch.conf ]; then
-	echo $"Backing up SIP settings"
-	temp_backup_dir=/root/tempsipbackup
-	if [ ! -d $temp_backup_dir ]; then
-	    mkdir -p $temp_backup_dir
+	if [ -f /etc/sipwitch.conf ]; then
+		echo $"Backing up SIP settings"
+		temp_backup_dir=/root/tempsipbackup
+		if [ ! -d $temp_backup_dir ]; then
+			mkdir -p $temp_backup_dir
+		fi
+		cp -f /etc/sipwitch.conf $temp_backup_dir
+		backup_directory_to_friend $temp_backup_dir sip
+		echo $"Backup SIP settings complete"
 	fi
-	cp -f /etc/sipwitch.conf $temp_backup_dir
-	backup_directory_to_friend $temp_backup_dir sip
-	echo $"Backup SIP settings complete"
-    fi
 }
 
 function restore_remote_sip {
-    echo -n ''
+	echo -n ''
 }
 
 function remove_sip {
-    if ! grep -Fxq "install_sip" $COMPLETION_FILE; then
-	return
-    fi
-    iptables -D INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
-    iptables -D INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
-    iptables -D INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
-    iptables -D INPUT -p udp --dport $SIP_PORT -j ACCEPT
-    iptables -D INPUT -p tcp --dport $SIP_PORT -j ACCEPT
-    iptables -D INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
-    iptables -D INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-
-    function_check remove_onion_service
-    remove_onion_service sip ${SIP_PORT}
-
-    apt-get -y remove --purge sipwitch
-    apt-get -y remove --purge turnserver
-    if [ -f /etc/sipwitch.conf ]; then
-	rm /etc/sipwitch.conf
-    fi
-    if [ -d /etc/turnserver ]; then
-	rm -rf /etc/turnserver
-    fi
-    sed -i '/install_sip/d' $COMPLETION_FILE
-    sed -i '/configure_firewall_for_voip_turn/d' $COMPLETION_FILE
-    sed -i '/configure_firewall_for_sip4/d' $COMPLETION_FILE
+	if ! grep -Fxq "install_sip" $COMPLETION_FILE; then
+		return
+	fi
+	iptables -D INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
+	iptables -D INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
+	iptables -D INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
+	iptables -D INPUT -p udp --dport $SIP_PORT -j ACCEPT
+	iptables -D INPUT -p tcp --dport $SIP_PORT -j ACCEPT
+	iptables -D INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
+	iptables -D INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
+
+	function_check remove_onion_service
+	remove_onion_service sip ${SIP_PORT}
+
+	apt-get -y remove --purge sipwitch
+	apt-get -y remove --purge turnserver
+	if [ -f /etc/sipwitch.conf ]; then
+		rm /etc/sipwitch.conf
+	fi
+	if [ -d /etc/turnserver ]; then
+		rm -rf /etc/turnserver
+	fi
+	sed -i '/install_sip/d' $COMPLETION_FILE
+	sed -i '/configure_firewall_for_voip_turn/d' $COMPLETION_FILE
+	sed -i '/configure_firewall_for_sip4/d' $COMPLETION_FILE
 }
 
 function configure_firewall_for_voip_turn {
-    if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then
-	return
-    fi
-    if [[ $ONION_ONLY != "no" ]]; then
-	return
-    fi
-    iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-
-    OPEN_PORTS+=("TURN     $VOIP_TURN_PORT")
-    OPEN_PORTS+=("TURN TLS $VOIP_TURN_TLS_PORT")
-    echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE
+	if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then
+		return
+	fi
+	if [[ $ONION_ONLY != "no" ]]; then
+		return
+	fi
+	iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
+	iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
+	iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
+
+	OPEN_PORTS+=("TURN     $VOIP_TURN_PORT")
+	OPEN_PORTS+=("TURN TLS $VOIP_TURN_TLS_PORT")
+	echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE
 }
 
 
 function configure_firewall_for_sip4 {
-    if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
-	return
-    fi
-    if [[ $ONION_ONLY != "no" ]]; then
-	return
-    fi
-    iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
-    iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-
-    OPEN_PORTS+=("SIP      $SIP_PORT")
-    OPEN_PORTS+=("SIP TLS  $SIP_TLS_PORT")
-    echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
+	if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
+		return
+	fi
+	if [[ $ONION_ONLY != "no" ]]; then
+		return
+	fi
+	iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
+	iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
+	iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
+	iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
+
+	OPEN_PORTS+=("SIP      $SIP_PORT")
+	OPEN_PORTS+=("SIP TLS  $SIP_TLS_PORT")
+	echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
 }
 
 function get_sip_server_password {
-    if [ -f /home/$MY_USERNAME/README ]; then
-	if grep -q "SIP server password" /home/$MY_USERNAME/README; then
-	    if [ ! $SIP_SERVER_PASSWORD ]; then
-		SIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "SIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
-	    fi
+	if [ -f /home/$MY_USERNAME/README ]; then
+		if grep -q "SIP server password" /home/$MY_USERNAME/README; then
+			if [ ! $SIP_SERVER_PASSWORD ]; then
+				SIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "SIP server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
+			fi
+		fi
 	fi
-    fi
 }
 
 function update_sipwitch_daemon {
-    if [ ! -f /etc/init.d/sipwitch ]; then
-	return
-    fi
-    service sipwitch stop
-
-    # remove the original sipwitch daemon if it exists
-    if [ -f /etc/init.d/sipwitch ]; then
-	rm -f /etc/init.d/sipwitch
-    fi
-
-    # daemon
-    echo '[Unit]' > /etc/systemd/system/sipwitch.service
-    echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service
-    echo 'After=network.target' >> /etc/systemd/system/sipwitch.service
-    echo '' >> /etc/systemd/system/sipwitch.service
-    echo '[Service]' >> /etc/systemd/system/sipwitch.service
-    echo 'Type=simple' >> /etc/systemd/system/sipwitch.service
-    echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service
-    echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service
-    echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service
-    echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service
-    echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service
-    echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service
-    echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service
-    echo 'Restart=always' >> /etc/systemd/system/sipwitch.service
-    echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service
-    echo '' >> /etc/systemd/system/sipwitch.service
-    echo '[Install]' >> /etc/systemd/system/sipwitch.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service
-
-    systemctl enable sipwitch
-    systemctl daemon-reload
-    systemctl start sipwitch
+	if [ ! -f /etc/init.d/sipwitch ]; then
+		return
+	fi
+	service sipwitch stop
+
+	# remove the original sipwitch daemon if it exists
+	if [ -f /etc/init.d/sipwitch ]; then
+		rm -f /etc/init.d/sipwitch
+	fi
+
+	# daemon
+	echo '[Unit]' > /etc/systemd/system/sipwitch.service
+	echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service
+	echo 'After=network.target' >> /etc/systemd/system/sipwitch.service
+	echo '' >> /etc/systemd/system/sipwitch.service
+	echo '[Service]' >> /etc/systemd/system/sipwitch.service
+	echo 'Type=simple' >> /etc/systemd/system/sipwitch.service
+	echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service
+	echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service
+	echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service
+	echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service
+	echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service
+	echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service
+	echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service
+	echo 'Restart=always' >> /etc/systemd/system/sipwitch.service
+	echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service
+	echo '' >> /etc/systemd/system/sipwitch.service
+	echo '[Install]' >> /etc/systemd/system/sipwitch.service
+	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service
+
+	systemctl enable sipwitch
+	systemctl daemon-reload
+	systemctl start sipwitch
 }
 
 function install_sip_main {
-    if grep -Fxq "install_sip_main" $COMPLETION_FILE; then
-	return
-    fi
+	if grep -Fxq "install_sip_main" $COMPLETION_FILE; then
+		return
+	fi
 
-    apt-get -y install sipwitch
+	apt-get -y install sipwitch
 
-    function_check get_sip_server_password
-    get_sip_server_password
-    if [ ! $SIP_SERVER_PASSWORD ]; then
-	if [ -f $IMAGE_PASSWORD_FILE ]; then
-	    SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-	else
-	    SIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+	function_check get_sip_server_password
+	get_sip_server_password
+	if [ ! $SIP_SERVER_PASSWORD ]; then
+		if [ -f $IMAGE_PASSWORD_FILE ]; then
+			SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+		else
+			SIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+		fi
+	fi
+
+	echo '<?xml version="1.0"?>' > /etc/sipwitch.conf
+	echo '<sipwitch>' >> /etc/sipwitch.conf
+	echo '<provision>' >> /etc/sipwitch.conf
+
+	echo "<user id=\"$MY_USERNAME\">" >> /etc/sipwitch.conf
+	echo '<extension>201</extension>' >> /etc/sipwitch.conf
+	echo "<secret>$SIP_SERVER_PASSWORD</secret>" >> /etc/sipwitch.conf
+	echo "<display>$MY_USERNAME 201</display>" >> /etc/sipwitch.conf
+	echo '</user>' >> /etc/sipwitch.conf
+
+	echo '</provision>' >> /etc/sipwitch.conf
+	echo '<access>' >> /etc/sipwitch.conf
+	echo '</access>' >> /etc/sipwitch.conf
+	echo '<stack>' >> /etc/sipwitch.conf
+	echo "  <localnames>$DEFAULT_DOMAIN_NAME</localnames>" >> /etc/sipwitch.conf
+	echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
+	echo '  <threading>2</threading>' >> /etc/sipwitch.conf
+	echo '  <interface>*</interface>' >> /etc/sipwitch.conf
+	echo '  <dumping>false</dumping>' >> /etc/sipwitch.conf
+	echo '  <system>system</system>' >> /etc/sipwitch.conf
+	echo '  <anon>anonymous</anon>' >> /etc/sipwitch.conf
+	echo '</stack>' >> /etc/sipwitch.conf
+	echo '<timers>' >> /etc/sipwitch.conf
+	echo '  <!-- ring every 4 seconds -->' >> /etc/sipwitch.conf
+	echo '  <ring>4</ring>' >> /etc/sipwitch.conf
+	echo '  <!-- call forward no answer after x rings -->' >> /etc/sipwitch.conf
+	echo '  <cfna>4</cfna>' >> /etc/sipwitch.conf
+	echo '  <!-- call reset to clear cid in stack, 6 seconds -->' >> /etc/sipwitch.conf
+	echo '  <reset>6</reset>' >> /etc/sipwitch.conf
+	echo '</timers>' >> /etc/sipwitch.conf
+	echo '<!-- we have 2xx numbers plus space for external users -->' >> /etc/sipwitch.conf
+	echo '<registry>' >> /etc/sipwitch.conf
+	echo '  <prefix>200</prefix>' >> /etc/sipwitch.conf
+	echo '  <range>100</range>' >> /etc/sipwitch.conf
+	echo '  <keysize>77</keysize>' >> /etc/sipwitch.conf
+	echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
+	echo '  <!-- <realm>GNU Telephony</realm> -->' >> /etc/sipwitch.conf
+	echo '</registry>' >> /etc/sipwitch.conf
+	echo '<routing>' >> /etc/sipwitch.conf
+	echo '</routing>' >> /etc/sipwitch.conf
+	echo '</sipwitch>' >> /etc/sipwitch.conf
+
+	sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
+	sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch
+	groupadd sipwitch
+	usermod -aG sipwitch $MY_USERNAME
+
+	SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
+	if ! grep -q $"SIP onion domain" $COMPLETION_FILE; then
+		echo "SIP onion domain:$SIP_ONION_HOSTNAME" >> $COMPLETION_FILE
 	fi
-    fi
-
-    echo '<?xml version="1.0"?>' > /etc/sipwitch.conf
-    echo '<sipwitch>' >> /etc/sipwitch.conf
-    echo '<provision>' >> /etc/sipwitch.conf
-
-    echo "<user id=\"$MY_USERNAME\">" >> /etc/sipwitch.conf
-    echo '<extension>201</extension>' >> /etc/sipwitch.conf
-    echo "<secret>$SIP_SERVER_PASSWORD</secret>" >> /etc/sipwitch.conf
-    echo "<display>$MY_USERNAME 201</display>" >> /etc/sipwitch.conf
-    echo '</user>' >> /etc/sipwitch.conf
-
-    echo '</provision>' >> /etc/sipwitch.conf
-    echo '<access>' >> /etc/sipwitch.conf
-    echo '</access>' >> /etc/sipwitch.conf
-    echo '<stack>' >> /etc/sipwitch.conf
-    echo "  <localnames>$DEFAULT_DOMAIN_NAME</localnames>" >> /etc/sipwitch.conf
-    echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
-    echo '  <threading>2</threading>' >> /etc/sipwitch.conf
-    echo '  <interface>*</interface>' >> /etc/sipwitch.conf
-    echo '  <dumping>false</dumping>' >> /etc/sipwitch.conf
-    echo '  <system>system</system>' >> /etc/sipwitch.conf
-    echo '  <anon>anonymous</anon>' >> /etc/sipwitch.conf
-    echo '</stack>' >> /etc/sipwitch.conf
-    echo '<timers>' >> /etc/sipwitch.conf
-    echo '  <!-- ring every 4 seconds -->' >> /etc/sipwitch.conf
-    echo '  <ring>4</ring>' >> /etc/sipwitch.conf
-    echo '  <!-- call forward no answer after x rings -->' >> /etc/sipwitch.conf
-    echo '  <cfna>4</cfna>' >> /etc/sipwitch.conf
-    echo '  <!-- call reset to clear cid in stack, 6 seconds -->' >> /etc/sipwitch.conf
-    echo '  <reset>6</reset>' >> /etc/sipwitch.conf
-    echo '</timers>' >> /etc/sipwitch.conf
-    echo '<!-- we have 2xx numbers plus space for external users -->' >> /etc/sipwitch.conf
-    echo '<registry>' >> /etc/sipwitch.conf
-    echo '  <prefix>200</prefix>' >> /etc/sipwitch.conf
-    echo '  <range>100</range>' >> /etc/sipwitch.conf
-    echo '  <keysize>77</keysize>' >> /etc/sipwitch.conf
-    echo '  <mapped>200</mapped>' >> /etc/sipwitch.conf
-    echo '  <!-- <realm>GNU Telephony</realm> -->' >> /etc/sipwitch.conf
-    echo '</registry>' >> /etc/sipwitch.conf
-    echo '<routing>' >> /etc/sipwitch.conf
-    echo '</routing>' >> /etc/sipwitch.conf
-    echo '</sipwitch>' >> /etc/sipwitch.conf
-
-    sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
-    sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch
-    groupadd sipwitch
-    usermod -aG sipwitch $MY_USERNAME
-
-    SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
-    if ! grep -q $"SIP onion domain" $COMPLETION_FILE; then
-	echo "SIP onion domain:$SIP_ONION_HOSTNAME" >> $COMPLETION_FILE
-    fi
-
-    if ! grep -q $"SIP Server" /home/$MY_USERNAME/README; then
-	echo '' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'SIP Server' >> /home/$MY_USERNAME/README
-	echo '==========' >> /home/$MY_USERNAME/README
-	echo $"SIP onion_domain: $SIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
-	echo $"SIP server username: $MY_USERNAME" >> /home/$MY_USERNAME/README
-	echo $"SIP server extension: 201" >> /home/$MY_USERNAME/README
-	echo $"SIP server password: $SIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
-	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-	chmod 600 /home/$MY_USERNAME/README
-    fi
-
-    function_check configure_firewall_for_sip4
-    configure_firewall_for_sip4
-    echo 'install_sip_main' >> $COMPLETION_FILE
+
+	if ! grep -q $"SIP Server" /home/$MY_USERNAME/README; then
+		echo '' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'SIP Server' >> /home/$MY_USERNAME/README
+		echo '==========' >> /home/$MY_USERNAME/README
+		echo $"SIP onion_domain: $SIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
+		echo $"SIP server username: $MY_USERNAME" >> /home/$MY_USERNAME/README
+		echo $"SIP server extension: 201" >> /home/$MY_USERNAME/README
+		echo $"SIP server password: $SIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
+		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+		chmod 600 /home/$MY_USERNAME/README
+	fi
+
+	function_check configure_firewall_for_sip4
+	configure_firewall_for_sip4
+	echo 'install_sip_main' >> $COMPLETION_FILE
 }
 
 function install_sip_turn {
-    if grep -Fxq "install_sip_turn" $COMPLETION_FILE; then
-	return
-    fi
-
-    apt-get -y install turnserver
-
-    # create a nonce if needed
-    if [ ! $VOIP_TURN_NONCE ]; then
-	VOIP_TURN_NONCE="$(create_password 30)"
-    fi
-
-    function_check create_site_certificate
-    create_site_certificate $DEFAULT_DOMAIN_NAME
-
-    echo '##' > /etc/turnserver/turnserver.conf
-    echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf
-    echo '#' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf
-    echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf
-    echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf
-    echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf
-    echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf
-    echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf
-    echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf
-    echo "udp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf
-    echo "tcp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf
-    echo "tls_port = $VOIP_TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## TLS support.' >> /etc/turnserver/turnserver.conf
-    echo 'tls = true' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf
-    echo '## standard.' >> /etc/turnserver/turnserver.conf
-    echo 'dtls = false' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf
-    echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf
-    echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf
-    echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf
-    echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf
-    echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf
-    echo 'daemon = true' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf
-    echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf
-    echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf
-    echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Realm value.' >> /etc/turnserver/turnserver.conf
-    echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Nonce key.' >> /etc/turnserver/turnserver.conf
-    echo "nonce_key = \"$VOIP_TURN_NONCE\"" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf
-    echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf
-    echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf
-    echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf
-    echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf
-    echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf
-    echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf
-    echo 'denied_address {' >> /etc/turnserver/turnserver.conf
-    echo '  address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf
-    echo '  mask = "8"' >> /etc/turnserver/turnserver.conf
-    echo '  port = 0' >> /etc/turnserver/turnserver.conf
-    echo '}' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf
-    echo 'denied_address {' >> /etc/turnserver/turnserver.conf
-    echo '  address = "::1"' >> /etc/turnserver/turnserver.conf
-    echo '  mask = "128"' >> /etc/turnserver/turnserver.conf
-    echo '  port = 0' >> /etc/turnserver/turnserver.conf
-    echo '}' >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf
-    echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf
-    if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then
-	echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf
-    else
-	if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then
-	    echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf
+	if grep -Fxq "install_sip_turn" $COMPLETION_FILE; then
+		return
 	fi
-    fi
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Private key file.' >> /etc/turnserver/turnserver.conf
-    echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Account method.' >> /etc/turnserver/turnserver.conf
-    echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf
-    echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf
-    echo '' >> /etc/turnserver/turnserver.conf
-    echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf
-    echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf
-
-    echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt
-
-    systemctl restart turnserver
-
-    function_check configure_firewall_for_voip_turn
-    configure_firewall_for_voip_turn
-    echo 'install_sip_turn' >> $COMPLETION_FILE
+
+	apt-get -y install turnserver
+
+	# create a nonce if needed
+	if [ ! $VOIP_TURN_NONCE ]; then
+		VOIP_TURN_NONCE="$(create_password 30)"
+	fi
+
+	function_check create_site_certificate
+	create_site_certificate $DEFAULT_DOMAIN_NAME
+
+	echo '##' > /etc/turnserver/turnserver.conf
+	echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf
+	echo '#' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf
+	echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf
+	echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf
+	echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf
+	echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf
+	echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf
+	echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf
+	echo "udp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf
+	echo "tcp_port = $VOIP_TURN_PORT" >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf
+	echo "tls_port = $VOIP_TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## TLS support.' >> /etc/turnserver/turnserver.conf
+	echo 'tls = true' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf
+	echo '## standard.' >> /etc/turnserver/turnserver.conf
+	echo 'dtls = false' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf
+	echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf
+	echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf
+	echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf
+	echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf
+	echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf
+	echo 'daemon = true' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf
+	echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf
+	echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf
+	echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Realm value.' >> /etc/turnserver/turnserver.conf
+	echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Nonce key.' >> /etc/turnserver/turnserver.conf
+	echo "nonce_key = \"$VOIP_TURN_NONCE\"" >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf
+	echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf
+	echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf
+	echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf
+	echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf
+	echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf
+	echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf
+	echo 'denied_address {' >> /etc/turnserver/turnserver.conf
+	echo '  address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf
+	echo '  mask = "8"' >> /etc/turnserver/turnserver.conf
+	echo '  port = 0' >> /etc/turnserver/turnserver.conf
+	echo '}' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf
+	echo 'denied_address {' >> /etc/turnserver/turnserver.conf
+	echo '  address = "::1"' >> /etc/turnserver/turnserver.conf
+	echo '  mask = "128"' >> /etc/turnserver/turnserver.conf
+	echo '  port = 0' >> /etc/turnserver/turnserver.conf
+	echo '}' >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf
+	echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf
+	if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then
+		echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf
+	else
+		if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then
+			echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf
+		fi
+	fi
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Private key file.' >> /etc/turnserver/turnserver.conf
+	echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Account method.' >> /etc/turnserver/turnserver.conf
+	echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf
+	echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf
+	echo '' >> /etc/turnserver/turnserver.conf
+	echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf
+	echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf
+
+	echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt
+
+	systemctl restart turnserver
+
+	function_check configure_firewall_for_voip_turn
+	configure_firewall_for_voip_turn
+	echo 'install_sip_turn' >> $COMPLETION_FILE
 }
 
 function install_sip {
-    if grep -Fxq "install_sip" $COMPLETION_FILE; then
-	return
-    fi
-    install_sip_main
-    update_sipwitch_daemon
-    echo 'install_sip' >> $COMPLETION_FILE
+	if grep -Fxq "install_sip" $COMPLETION_FILE; then
+		return
+	fi
+	install_sip_main
+	update_sipwitch_daemon
+	echo 'install_sip' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-syncthing

@@ -40,300 +40,300 @@ SYNCTHING_SHARED_DATA=/var/lib/syncthing/SyncShared
 SYNCTHING_USER_IDS_FILE='.syncthingids'
 
 function reconfigure_syncthing {
-    echo -n ''
+	echo -n ''
 }
 
 function upgrade_syncthing {
-    echo -n ''
+	echo -n ''
 }
 
 function backup_local_syncthing {
-    if [ -d /var/lib/syncthing/SyncShared ]; then
-	echo $"Backing up syncthing"
+	if [ -d /var/lib/syncthing/SyncShared ]; then
+		echo $"Backing up syncthing"
 
-	function_check backup_directory_to_usb
-	backup_directory_to_usb /var/lib/syncthing/SyncShared syncthingshared
-	backup_directory_to_usb /root/.config/syncthing syncthingconfig
+		function_check backup_directory_to_usb
+		backup_directory_to_usb /var/lib/syncthing/SyncShared syncthingshared
+		backup_directory_to_usb /root/.config/syncthing syncthingconfig
 
-	echo $"Backup to syncthing complete"
-    fi
+		echo $"Backup to syncthing complete"
+	fi
 }
 
 function restore_local_syncthing {
-    if [ -f /etc/systemd/system/syncthing.service ]; then
-	systemctl stop syncthing
-	systemctl stop cron
-    fi
-
-    temp_restore_dir=/root/tempsyncthing
-    if [ -d $USB_MOUNT/backup/syncthingconfig ]; then
-	echo $"Restoring syncthing configuration"
-	function_check restore_directory_from_usb
-	restore_directory_from_usb ${temp_restore_dir}config syncthingconfig
-	cp -r ${temp_restore_dir}config/* /
-	if [ ! "$?" = "0" ]; then
-	    set_user_permissions
-	    backup_unmount_drive
-	    systemctl start syncthing
-	    systemctl start cron
-	    exit 6833
-	fi
-	rm -rf ${temp_restore_dir}config
-    fi
-
-    if [ -d $USB_MOUNT/backup/syncthingshared ]; then
-	echo $"Restoring syncthing shared files"
-	restore_directory_from_usb ${temp_restore_dir}shared syncthingshared
-	cp -r ${temp_restore_dir}shared/* /
-	if [ ! "$?" = "0" ]; then
-	    set_user_permissions
-	    backup_unmount_drive
-	    systemctl start syncthing
-	    systemctl start cron
-	    exit 37904
+	if [ -f /etc/systemd/system/syncthing.service ]; then
+		systemctl stop syncthing
+		systemctl stop cron
 	fi
-	rm -rf ${temp_restore_dir}shared
-    fi
-
-    if [ -d $USB_MOUNT/backup/syncthing ]; then
-	for d in $USB_MOUNT/backup/syncthing/*/ ; do
-	    USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
-	    if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
-		if [ ! -d /home/$USERNAME ]; then
-		    ${PROJECT_NAME}-adduser $USERNAME
-		fi
-		echo $"Restoring syncthing files for $USERNAME"
-		restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME
-		cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/
+
+	temp_restore_dir=/root/tempsyncthing
+	if [ -d $USB_MOUNT/backup/syncthingconfig ]; then
+		echo $"Restoring syncthing configuration"
+		function_check restore_directory_from_usb
+		restore_directory_from_usb ${temp_restore_dir}config syncthingconfig
+		cp -r ${temp_restore_dir}config/* /
 		if [ ! "$?" = "0" ]; then
-		    rm -rf ${temp_restore_dir}
-		    set_user_permissions
-		    backup_unmount_drive
-		    systemctl start syncthing
-		    systemctl start cron
-		    exit 68438
+			set_user_permissions
+			backup_unmount_drive
+			systemctl start syncthing
+			systemctl start cron
+			exit 6833
 		fi
-		rm -rf ${temp_restore_dir}
+		rm -rf ${temp_restore_dir}config
+	fi
 
-		# restore device IDs from config settings
-		if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
-		    cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
-		    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
-		fi
-		if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
-		    cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
-		    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+	if [ -d $USB_MOUNT/backup/syncthingshared ]; then
+		echo $"Restoring syncthing shared files"
+		restore_directory_from_usb ${temp_restore_dir}shared syncthingshared
+		cp -r ${temp_restore_dir}shared/* /
+		if [ ! "$?" = "0" ]; then
+			set_user_permissions
+			backup_unmount_drive
+			systemctl start syncthing
+			systemctl start cron
+			exit 37904
 		fi
-	    fi
-	done
-    fi
+		rm -rf ${temp_restore_dir}shared
+	fi
 
-    if [ -f /etc/systemd/system/syncthing.service ]; then
-	systemctl start syncthing
-	systemctl start cron
-    fi
+	if [ -d $USB_MOUNT/backup/syncthing ]; then
+		for d in $USB_MOUNT/backup/syncthing/*/ ; do
+			USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
+			if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
+				if [ ! -d /home/$USERNAME ]; then
+					${PROJECT_NAME}-adduser $USERNAME
+				fi
+				echo $"Restoring syncthing files for $USERNAME"
+				restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME
+				cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/
+				if [ ! "$?" = "0" ]; then
+					rm -rf ${temp_restore_dir}
+					set_user_permissions
+					backup_unmount_drive
+					systemctl start syncthing
+					systemctl start cron
+					exit 68438
+				fi
+				rm -rf ${temp_restore_dir}
+
+				# restore device IDs from config settings
+				if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
+					cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
+					chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+				fi
+				if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
+					cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
+					chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+				fi
+			fi
+		done
+	fi
+
+	if [ -f /etc/systemd/system/syncthing.service ]; then
+		systemctl start syncthing
+		systemctl start cron
+	fi
 }
 
 function backup_remote_syncthing {
-    if [ -d /root/.config/syncthing ]; then
-	echo $"Backing up syncthing configuration"
-	function_check backup_directory_to_friend
-	backup_directory_to_friend /root/.config/syncthing syncthingconfig
-	echo $"Backup of syncthing configuration complete"
-    fi
-    if [ -d /var/lib/syncthing/SyncShared ]; then
-	echo $"Backing up syncthing shared files"
-	function_check backup_directory_to_friend
-	backup_directory_to_friend /var/lib/syncthing/SyncShared syncthingshared
-	echo $"Backup of syncthing shared files complete"
-    fi
+	if [ -d /root/.config/syncthing ]; then
+		echo $"Backing up syncthing configuration"
+		function_check backup_directory_to_friend
+		backup_directory_to_friend /root/.config/syncthing syncthingconfig
+		echo $"Backup of syncthing configuration complete"
+	fi
+	if [ -d /var/lib/syncthing/SyncShared ]; then
+		echo $"Backing up syncthing shared files"
+		function_check backup_directory_to_friend
+		backup_directory_to_friend /var/lib/syncthing/SyncShared syncthingshared
+		echo $"Backup of syncthing shared files complete"
+	fi
 }
 
 function restore_remote_syncthing {
-    if [ -f /etc/systemd/system/syncthing.service ]; then
-	systemctl stop syncthing
-	systemctl stop cron
-    fi
-
-    if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then
-	echo $"Restoring syncthing configuration"
-	temp_restore_dir=/root/tempsyncthingconfig
-	function_check restore_directory_from_friend
-	restore_directory_from_friend $temp_restore_dir syncthingconfig
-	cp -r $temp_restore_dir/* /
-	if [ ! "$?" = "0" ]; then
-	    systemctl start syncthing
-	    systemctl start cron
-	    exit 6833
-	fi
-	rm -rf $temp_restore_dir
-    fi
-
-    if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then
-	echo $"Restoring syncthing shared files"
-	temp_restore_dir=/root/tempsyncthingshared
-	function_check restore_directory_from_friend
-	restore_directory_from_friend $temp_restore_dir syncthingshared
-	cp -r $temp_restore_dir/* /
-	if [ ! "$?" = "0" ]; then
-	    systemctl start syncthing
-	    systemctl start cron
-	    exit 37904
+	if [ -f /etc/systemd/system/syncthing.service ]; then
+		systemctl stop syncthing
+		systemctl stop cron
 	fi
-	rm -rf $temp_restore_dir
-    fi
-
-    if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then
-	for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do
-	    USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
-	    if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
-		if [ ! -d /home/$USERNAME ]; then
-		    ${PROJECT_NAME}-adduser $USERNAME
-		fi
-		echo $"Restoring syncthing files for $USERNAME"
-		temp_restore_dir=/root/tempsyncthing
+
+	if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then
+		echo $"Restoring syncthing configuration"
+		temp_restore_dir=/root/tempsyncthingconfig
 		function_check restore_directory_from_friend
-		restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME
-		cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/
+		restore_directory_from_friend $temp_restore_dir syncthingconfig
+		cp -r $temp_restore_dir/* /
 		if [ ! "$?" = "0" ]; then
-		    rm -rf $temp_restore_dir
-		    systemctl start syncthing
-		    systemctl start cron
-		    exit 68438
+			systemctl start syncthing
+			systemctl start cron
+			exit 6833
 		fi
 		rm -rf $temp_restore_dir
+	fi
 
-		# restore device IDs from config settings
-		if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
-		    cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
-		    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
-		fi
-		if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
-		    cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
-		    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+	if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then
+		echo $"Restoring syncthing shared files"
+		temp_restore_dir=/root/tempsyncthingshared
+		function_check restore_directory_from_friend
+		restore_directory_from_friend $temp_restore_dir syncthingshared
+		cp -r $temp_restore_dir/* /
+		if [ ! "$?" = "0" ]; then
+			systemctl start syncthing
+			systemctl start cron
+			exit 37904
 		fi
-		echo $"Restore of syncthing files for $USERNAME complete"
-	    fi
-	done
-    fi
+		rm -rf $temp_restore_dir
+	fi
 
-    if [ -f /etc/systemd/system/syncthing.service ]; then
-	systemctl start syncthing
-	systemctl start cron
-    fi
+	if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then
+		for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do
+			USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
+			if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
+				if [ ! -d /home/$USERNAME ]; then
+					${PROJECT_NAME}-adduser $USERNAME
+				fi
+				echo $"Restoring syncthing files for $USERNAME"
+				temp_restore_dir=/root/tempsyncthing
+				function_check restore_directory_from_friend
+				restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME
+				cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/
+				if [ ! "$?" = "0" ]; then
+					rm -rf $temp_restore_dir
+					systemctl start syncthing
+					systemctl start cron
+					exit 68438
+				fi
+				rm -rf $temp_restore_dir
+
+				# restore device IDs from config settings
+				if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
+					cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
+					chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+				fi
+				if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
+					cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
+					chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+				fi
+				echo $"Restore of syncthing files for $USERNAME complete"
+			fi
+		done
+	fi
+
+	if [ -f /etc/systemd/system/syncthing.service ]; then
+		systemctl start syncthing
+		systemctl start cron
+	fi
 }
 
 function remove_syncthing {
-    if ! grep -Fxq "install_syncthing" $COMPLETION_FILE; then
-	return
-    fi
-    iptables -D INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
-    iptables -D INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-
-    systemctl stop syncthing
-    systemctl disable syncthing
-    apt-get -y remove --purge syncthing
-    rm /etc/systemd/system/syncthing.service
-    sed -i "/${PROJECT_NAME}-syncthing/d" /etc/crontab
-    sed -i '/install_syncthing/d' $COMPLETION_FILE
-    sed -i '/configure_firewall_for_syncthing/d' $COMPLETION_FILE
-    systemctl restart cron
+	if ! grep -Fxq "install_syncthing" $COMPLETION_FILE; then
+		return
+	fi
+	iptables -D INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
+	iptables -D INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
+
+	systemctl stop syncthing
+	systemctl disable syncthing
+	apt-get -y remove --purge syncthing
+	rm /etc/systemd/system/syncthing.service
+	sed -i "/${PROJECT_NAME}-syncthing/d" /etc/crontab
+	sed -i '/install_syncthing/d' $COMPLETION_FILE
+	sed -i '/configure_firewall_for_syncthing/d' $COMPLETION_FILE
+	systemctl restart cron
 }
 
 function configure_firewall_for_syncthing {
-    if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then
-	return
-    fi
-    iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-
-    OPEN_PORTS+=("Syncthing $SYNCTHING_PORT")
-    echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE
+	if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then
+		return
+	fi
+	iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
+	iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
+
+	OPEN_PORTS+=("Syncthing $SYNCTHING_PORT")
+	echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE
 }
 
 function mesh_install_syncthing {
-    chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add -
-
-    echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list
-    chroot "$rootdir" apt-get update
-    chroot "$rootdir" apt-get -y --force-yes install syncthing
-
-    # This probably does need to run as root so that it can access the Sync directories
-    # in each user's home directory
-    echo '[Unit]' > $rootdir/etc/systemd/system/syncthing.service
-    echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> $rootdir/etc/systemd/system/syncthing.service
-    echo 'Documentation=man:syncthing(1)' >> $rootdir/etc/systemd/system/syncthing.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/syncthing.service
-    echo 'Wants=syncthing-inotify@.service' >> $rootdir/etc/systemd/system/syncthing.service
-    echo '' >> $rootdir/etc/systemd/system/syncthing.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/syncthing.service
-    echo 'User=root' >> $rootdir/etc/systemd/system/syncthing.service
-    echo "Environment='all_proxy=socks5://localhost:9050'" >> $rootdir/etc/systemd/system/syncthing.service
-    echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> $rootdir/etc/systemd/system/syncthing.service
-    echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/syncthing.service
-    echo 'SuccessExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service
-    echo 'RestartForceExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service
-    echo '' >> $rootdir/etc/systemd/system/syncthing.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/syncthing.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/syncthing.service
-    chroot "$rootdir" systemctl enable syncthing
-
-    if ! grep -q "syncthing" $rootdir/etc/crontab; then
-	echo "*/1            * *   *   *   root /usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" >> $rootdir/etc/crontab
-    fi
-
-    echo 'mesh_install_syncthing'
+	chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add -
+
+	echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list
+	chroot "$rootdir" apt-get update
+	chroot "$rootdir" apt-get -y --force-yes install syncthing
+
+	# This probably does need to run as root so that it can access the Sync directories
+	# in each user's home directory
+	echo '[Unit]' > $rootdir/etc/systemd/system/syncthing.service
+	echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> $rootdir/etc/systemd/system/syncthing.service
+	echo 'Documentation=man:syncthing(1)' >> $rootdir/etc/systemd/system/syncthing.service
+	echo 'After=network.target' >> $rootdir/etc/systemd/system/syncthing.service
+	echo 'Wants=syncthing-inotify@.service' >> $rootdir/etc/systemd/system/syncthing.service
+	echo '' >> $rootdir/etc/systemd/system/syncthing.service
+	echo '[Service]' >> $rootdir/etc/systemd/system/syncthing.service
+	echo 'User=root' >> $rootdir/etc/systemd/system/syncthing.service
+	echo "Environment='all_proxy=socks5://localhost:9050'" >> $rootdir/etc/systemd/system/syncthing.service
+	echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> $rootdir/etc/systemd/system/syncthing.service
+	echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/syncthing.service
+	echo 'SuccessExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service
+	echo 'RestartForceExitStatus=3 4' >> $rootdir/etc/systemd/system/syncthing.service
+	echo '' >> $rootdir/etc/systemd/system/syncthing.service
+	echo '[Install]' >> $rootdir/etc/systemd/system/syncthing.service
+	echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/syncthing.service
+	chroot "$rootdir" systemctl enable syncthing
+
+	if ! grep -q "syncthing" $rootdir/etc/crontab; then
+		echo "*/1            * *   *   *   root /usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" >> $rootdir/etc/crontab
+	fi
+
+	echo 'mesh_install_syncthing'
 }
 
 function install_syncthing {
-    if [ $INSTALLING_MESH ]; then
-	mesh_install_syncthing
-	return
-    fi
-
-    if grep -Fxq "install_syncthing" $COMPLETION_FILE; then
-	return
-    fi
-
-    apt-get -y install curl
-
-    curl -s https://syncthing.net/release-key.txt | apt-key add -
-    echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list
-    apt-get update
-    apt-get -y install syncthing
-
-    # This probably does need to run as root so that it can access the Sync directories
-    # in each user's home directory
-    echo '[Unit]' > /etc/systemd/system/syncthing.service
-    echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service
-    echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service
-    echo 'After=network.target' >> /etc/systemd/system/syncthing.service
-    echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service
-    echo '' >> /etc/systemd/system/syncthing.service
-    echo '[Service]' >> /etc/systemd/system/syncthing.service
-    echo 'User=root' >> /etc/systemd/system/syncthing.service
-    echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service
-    echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service
-    echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service
-    echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service
-    echo '' >> /etc/systemd/system/syncthing.service
-    echo '[Install]' >> /etc/systemd/system/syncthing.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service
-    systemctl enable syncthing
-    systemctl daemon-reload
-    systemctl start syncthing
-
-    function_check cron_add_mins
-    cron_add_mins 1 "/usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null"
-
-    function_check configure_firewall_for_syncthing
-    configure_firewall_for_syncthing
-    echo 'install_syncthing' >> $COMPLETION_FILE
+	if [ $INSTALLING_MESH ]; then
+		mesh_install_syncthing
+		return
+	fi
+
+	if grep -Fxq "install_syncthing" $COMPLETION_FILE; then
+		return
+	fi
+
+	apt-get -y install curl
+
+	curl -s https://syncthing.net/release-key.txt | apt-key add -
+	echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list
+	apt-get update
+	apt-get -y install syncthing
+
+	# This probably does need to run as root so that it can access the Sync directories
+	# in each user's home directory
+	echo '[Unit]' > /etc/systemd/system/syncthing.service
+	echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service
+	echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service
+	echo 'After=network.target' >> /etc/systemd/system/syncthing.service
+	echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service
+	echo '' >> /etc/systemd/system/syncthing.service
+	echo '[Service]' >> /etc/systemd/system/syncthing.service
+	echo 'User=root' >> /etc/systemd/system/syncthing.service
+	echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service
+	echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service
+	echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service
+	echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service
+	echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service
+	echo '' >> /etc/systemd/system/syncthing.service
+	echo '[Install]' >> /etc/systemd/system/syncthing.service
+	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service
+	systemctl enable syncthing
+	systemctl daemon-reload
+	systemctl start syncthing
+
+	function_check cron_add_mins
+	cron_add_mins 1 "/usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null"
+
+	function_check configure_firewall_for_syncthing
+	configure_firewall_for_syncthing
+	echo 'install_syncthing' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-vpn

@@ -31,52 +31,52 @@
 VARIANTS=''
 
 function reconfigure_vpn {
-    echo -n ''
+	echo -n ''
 }
 
 function upgrade_vpn {
-    echo -n ''
+	echo -n ''
 }
 
 function backup_local_vpn {
-    echo -n ''
+	echo -n ''
 }
 
 function restore_local_vpn {
-    echo -n ''
+	echo -n ''
 }
 
 function backup_remote_vpn {
-    echo -n ''
+	echo -n ''
 }
 
 function restore_remote_vpn {
-    echo -n ''
+	echo -n ''
 }
 
 function remove_vpn {
-    apt-get -y remove --purge fastd
-    sed -i '/install_vpn/d' $COMPLETION_FILE
+	apt-get -y remove --purge fastd
+	sed -i '/install_vpn/d' $COMPLETION_FILE
 }
 
 function install_vpn {
-    if grep -Fxq "install_vpn" $COMPLETION_FILE; then
-	return
-    fi
-    if ! grep -q "repo.universe-factory.net" /etc/apt/sources.list; then
-	echo 'deb http://repo.universe-factory.net/debian/ sid main' >> /etc/apt/sources.list
-	gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C
-	if [ ! "$?" = "0" ]; then
-	    exit 76272
+	if grep -Fxq "install_vpn" $COMPLETION_FILE; then
+		return
 	fi
-	gpg -a --export 16EF3F64CB201D9C | sudo apt-key add -
-	apt-get update
-	apt-get -y install fastd
-	if [ ! "$?" = "0" ]; then
-	    exit 52026
+	if ! grep -q "repo.universe-factory.net" /etc/apt/sources.list; then
+		echo 'deb http://repo.universe-factory.net/debian/ sid main' >> /etc/apt/sources.list
+		gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C
+		if [ ! "$?" = "0" ]; then
+			exit 76272
+		fi
+		gpg -a --export 16EF3F64CB201D9C | sudo apt-key add -
+		apt-get update
+		apt-get -y install fastd
+		if [ ! "$?" = "0" ]; then
+			exit 52026
+		fi
 	fi
-    fi
-    echo 'install_vpn' >> $COMPLETION_FILE
+	echo 'install_vpn' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately there is no "exit 0"

src/freedombone-app-wiki

@@ -37,302 +37,391 @@ WIKI_CODE=
 WIKI_ONION_PORT=8089
 
 function reconfigure_wiki {
-    echo -n ''
+	echo -n ''
 }
 
 function upgrade_wiki {
-    echo -n ''
+	echo -n ''
 }
 
 function backup_local_wiki {
-    source_directory=/var/lib/dokuwiki
-    if [ -d $source_directory ]; then
-	dest_directory=wiki
-	echo $"Backing up $source_directory to $dest_directory"
+	source_directory=/var/lib/dokuwiki
+	if [ -d $source_directory ]; then
+		dest_directory=wiki
+		echo $"Backing up $source_directory to $dest_directory"
 
-	function_check backup_directory_to_usb
-	backup_directory_to_usb $source_directory $dest_directory
-	backup_directory_to_usb /etc/dokuwiki wiki2
+		function_check backup_directory_to_usb
+		backup_directory_to_usb $source_directory $dest_directory
+		backup_directory_to_usb /etc/dokuwiki wiki2
 
-	echo $"Backup to $dest_directory complete"
-    fi
+		echo $"Backup to $dest_directory complete"
+	fi
 }
 
 function restore_local_wiki {
-    if [ -d /var/lib/dokuwiki ]; then
-	echo $"Restoring Wiki installation"
-	WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}')
-	temp_restore_dir=/root/tempwiki
-	function_check restore_directory_from_usb
-	restore_directory_from_usb $temp_restore_dir wiki
-	cp -r $temp_restore_dir/var/lib/dokuwiki/* /var/lib/dokuwiki/
-	if [ ! "$?" = "0" ]; then
-	    function_check restore_directory_from_usb
-	    set_user_permissions
-	    function_check backup_unmount_drive
-	    backup_unmount_drive
-	    exit 868
-	fi
-	restore_directory_from_usb ${temp_restore_dir}2 wiki2
-	cp -r ${temp_restore_dir}2/etc/dokuwiki/* /etc/dokuwiki/
-	if [ ! "$?" = "0" ]; then
-	    function_check set_user_permissions
-	    set_user_permissions
-	    function_check backup_unmount_drive
-	    backup_unmount_drive
-	    exit 869
-	fi
-	rm -rf $temp_restore_dir
-	rm -rf ${temp_restore_dir}2
-	chown -R www-data:www-data /var/lib/dokuwiki/*
-	# Ensure that the bundled SSL cert is being used
-	if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then
-	    sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME}
-	fi
-	if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then
-	    ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key
-	    ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem
+	if [ -d /var/lib/dokuwiki ]; then
+		echo $"Restoring Wiki installation"
+		WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}')
+		temp_restore_dir=/root/tempwiki
+		function_check restore_directory_from_usb
+		restore_directory_from_usb $temp_restore_dir wiki
+		cp -r $temp_restore_dir/var/lib/dokuwiki/* /var/lib/dokuwiki/
+		if [ ! "$?" = "0" ]; then
+			function_check restore_directory_from_usb
+			set_user_permissions
+			function_check backup_unmount_drive
+			backup_unmount_drive
+			exit 868
+		fi
+		restore_directory_from_usb ${temp_restore_dir}2 wiki2
+		cp -r ${temp_restore_dir}2/etc/dokuwiki/* /etc/dokuwiki/
+		if [ ! "$?" = "0" ]; then
+			function_check set_user_permissions
+			set_user_permissions
+			function_check backup_unmount_drive
+			backup_unmount_drive
+			exit 869
+		fi
+		rm -rf $temp_restore_dir
+		rm -rf ${temp_restore_dir}2
+		chown -R www-data:www-data /var/lib/dokuwiki/*
+		# Ensure that the bundled SSL cert is being used
+		if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then
+			sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME}
+		fi
+		if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then
+			ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key
+			ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem
+		fi
+		echo $"Restore of Wiki complete"
 	fi
-	echo $"Restore of Wiki complete"
-    fi
 }
 
 function backup_remote_wiki {
-    if [ -d /etc/dokuwiki ]; then
-	echo $"Backing up wiki"
-	backup_directory_to_friend /var/lib/dokuwiki wiki
-	backup_directory_to_friend /etc/dokuwiki wiki2
-    fi
+	if [ -d /etc/dokuwiki ]; then
+		echo $"Backing up wiki"
+		backup_directory_to_friend /var/lib/dokuwiki wiki
+		backup_directory_to_friend /etc/dokuwiki wiki2
+	fi
 }
 
 function restore_remote_wiki {
-    if [ -d $SERVER_DIRECTORY/backup/wiki ]; then
-	WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}')
-	echo $"Restoring Wiki installation $WIKI_DOMAIN_NAME"
-	function_check restore_directory_from_friend
-	restore_directory_from_friend /root/tempwiki wiki
-	cp -r /root/tempwiki/var/lib/dokuwiki/* /var/lib/dokuwiki/
-	if [ ! "$?" = "0" ]; then
-	    exit 868
-	fi
-	restore_directory_from_friend /root/tempwiki2 wiki2
-	cp -r /root/tempwiki2/etc/dokuwiki/* /etc/dokuwiki/
-	if [ ! "$?" = "0" ]; then
-	    exit 869
-	fi
-	rm -rf /root/tempwiki
-	rm -rf /root/tempwiki2
-	chown -R www-data:www-data /var/lib/dokuwiki/*
-	# Ensure that the bundled SSL cert is being used
-	if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then
-	    sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME}
-	fi
-	if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then
-	    ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key
-	    ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem
+	if [ -d $SERVER_DIRECTORY/backup/wiki ]; then
+		WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}')
+		echo $"Restoring Wiki installation $WIKI_DOMAIN_NAME"
+		function_check restore_directory_from_friend
+		restore_directory_from_friend /root/tempwiki wiki
+		cp -r /root/tempwiki/var/lib/dokuwiki/* /var/lib/dokuwiki/
+		if [ ! "$?" = "0" ]; then
+			exit 868
+		fi
+		restore_directory_from_friend /root/tempwiki2 wiki2
+		cp -r /root/tempwiki2/etc/dokuwiki/* /etc/dokuwiki/
+		if [ ! "$?" = "0" ]; then
+			exit 869
+		fi
+		rm -rf /root/tempwiki
+		rm -rf /root/tempwiki2
+		chown -R www-data:www-data /var/lib/dokuwiki/*
+		# Ensure that the bundled SSL cert is being used
+		if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then
+			sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME}
+		fi
+		if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then
+			ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key
+			ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem
+		fi
+		echo $"Restore of Wiki complete"
 	fi
-	echo $"Restore of Wiki complete"
-    fi
 }
 
 function remove_wiki {
-    if ! grep -Fxq "install_wiki" $COMPLETION_FILE; then
-	return
-    fi
-    function_check remove_onion_service
-    remove_onion_service wiki ${WIKI_ONION_PORT}
-    nginx_dissite $WIKI_DOMAIN_NAME
-    if [ -f /etc/nginx/sites-available/$WIKI_DOMAIN_NAME ]; then
-	rm /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    fi
-    apt-get -y remove --purge dokuwiki
-    if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
-	rm -rf /var/www/$WIKI_DOMAIN_NAME
-    fi
-    if [ -d /var/lib/dokuwiki ]; then
-	rm -rf /var/lib/dokuwiki
-    fi
-    if [ -d /etc/dokuwiki ]; then
-	rm -rf /etc/dokuwiki
-    fi
-    if [ -d /usr/share/dokuwiki ]; then
-	rm -rf /usr/share/dokuwiki
-    fi
-    sed -i '/install_wiki/d' $COMPLETION_FILE
+	if ! grep -Fxq "install_wiki" $COMPLETION_FILE; then
+		return
+	fi
+	function_check remove_onion_service
+	remove_onion_service wiki ${WIKI_ONION_PORT}
+	nginx_dissite $WIKI_DOMAIN_NAME
+	if [ -f /etc/nginx/sites-available/$WIKI_DOMAIN_NAME ]; then
+		rm /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	fi
+	apt-get -y remove --purge dokuwiki
+	if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
+		rm -rf /var/www/$WIKI_DOMAIN_NAME
+	fi
+	if [ -d /var/lib/dokuwiki ]; then
+		rm -rf /var/lib/dokuwiki
+	fi
+	if [ -d /etc/dokuwiki ]; then
+		rm -rf /etc/dokuwiki
+	fi
+	if [ -d /usr/share/dokuwiki ]; then
+		rm -rf /usr/share/dokuwiki
+	fi
+	sed -i '/install_wiki/d' $COMPLETION_FILE
 }
 
 function get_wiki_admin_password {
-    if [ -f /home/$MY_USERNAME/README ]; then
-	if grep -q "Wiki password" /home/$MY_USERNAME/README; then
-	    WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
+	if [ -f /home/$MY_USERNAME/README ]; then
+		if grep -q "Wiki password" /home/$MY_USERNAME/README; then
+			WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
+		fi
 	fi
-    fi
 }
 
 function install_wiki {
-    if grep -Fxq "install_wiki" $COMPLETION_FILE; then
-	return
-    fi
-    if [ ! $WIKI_DOMAIN_NAME ]; then
-	return
-    fi
-    apt-get -y install dokuwiki
-    apt-get -y remove --purge apache*
-    if [ -d /etc/apache2 ]; then
-	rm -rf /etc/apache2
-	echo $'Removed Apache installation after Dokuwiki install'
-    fi
-
-    if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
-	mkdir /var/www/$WIKI_DOMAIN_NAME
-    fi
-    if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
-	rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
-    fi
-
-    ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
-
-    mkdir /var/lib/dokuwiki/custom
-    cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
-    ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
-
-    chown www-data /var/lib/dokuwiki/custom
-    chown www-data /var/lib/dokuwiki/custom/local.php
-    chown -R www-data /etc/dokuwiki
-    chown -R www-data /usr/share/dokuwiki/lib/
-    chmod 600 /var/lib/dokuwiki/custom/local.php
-    chmod -R 755 /usr/share/dokuwiki/lib
-
-    sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
-    sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
-
-    sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php
-
-    # set the admin user
-    sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
-
-    # disallow registration of new users
-    if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
-	echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
-    fi
-    if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
-	echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
-    fi
-
-    if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
-	echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
-    fi
-    if ! grep -q "authtype" /etc/dokuwiki/local.php; then
-	echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
-    fi
-
-    function_check get_wiki_admin_password
-    get_wiki_admin_password
-    if [ ! $WIKI_ADMIN_PASSWORD ]; then
-	if [ -f $IMAGE_PASSWORD_FILE ]; then
-	    WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+	if grep -Fxq "install_wiki" $COMPLETION_FILE; then
+		return
+	fi
+	if [ ! $WIKI_DOMAIN_NAME ]; then
+		return
+	fi
+	apt-get -y install dokuwiki
+	apt-get -y remove --purge apache*
+	if [ -d /etc/apache2 ]; then
+		rm -rf /etc/apache2
+		echo $'Removed Apache installation after Dokuwiki install'
+	fi
+
+	if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
+		mkdir /var/www/$WIKI_DOMAIN_NAME
+	fi
+	if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
+		rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
+	fi
+
+	ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
+
+	mkdir /var/lib/dokuwiki/custom
+	cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
+	ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
+
+	chown www-data /var/lib/dokuwiki/custom
+	chown www-data /var/lib/dokuwiki/custom/local.php
+	chown -R www-data /etc/dokuwiki
+	chown -R www-data /usr/share/dokuwiki/lib/
+	chmod 600 /var/lib/dokuwiki/custom/local.php
+	chmod -R 755 /usr/share/dokuwiki/lib
+
+	sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
+	sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
+
+	sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php
+
+	# set the admin user
+	sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
+
+	# disallow registration of new users
+	if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
+		echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
+	fi
+	if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
+		echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
+	fi
+
+	if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
+		echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
+	fi
+	if ! grep -q "authtype" /etc/dokuwiki/local.php; then
+		echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
+	fi
+
+	function_check get_wiki_admin_password
+	get_wiki_admin_password
+	if [ ! $WIKI_ADMIN_PASSWORD ]; then
+		if [ -f $IMAGE_PASSWORD_FILE ]; then
+			WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+		else
+			WIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+		fi
+	fi
+	HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
+	echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
+	chmod 640 /var/lib/dokuwiki/acl/users.auth.php
+
+	if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
+		echo 'ogv     video/ogg' >> /etc/dokuwiki/mime.conf
+	fi
+	if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
+		echo 'mp4     video/mp4' >> /etc/dokuwiki/mime.conf
+	fi
+	if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
+		echo 'webm    video/webm' >> /etc/dokuwiki/mime.conf
+	fi
+
+	WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT})
+
+	if [[ $ONION_ONLY == "no" ]]; then
+		echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		function_check nginx_disable_sniffing
+		nginx_disable_sniffing $WIKI_DOMAIN_NAME
+		function_check nginx_limits
+		nginx_limits $WIKI_DOMAIN_NAME
+		echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		function_check nginx_limits
+		nginx_limits $WIKI_DOMAIN_NAME
+		function_check nginx_ssl
+		nginx_ssl $WIKI_DOMAIN_NAME
+		function_check nginx_disable_sniffing
+		nginx_disable_sniffing $WIKI_DOMAIN_NAME
+		echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # webmail' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location /webmail {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        rewrite ^/(.*) /webmail/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        rewrite ^/(.*) /webmail/installer/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+		echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	else
-	    WIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+		echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	fi
-    fi
-    HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
-    echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
-    chmod 640 /var/lib/dokuwiki/acl/users.auth.php
-
-    if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
-	echo 'ogv     video/ogg' >> /etc/dokuwiki/mime.conf
-    fi
-    if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
-	echo 'mp4     video/mp4' >> /etc/dokuwiki/mime.conf
-    fi
-    if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
-	echo 'webm    video/webm' >> /etc/dokuwiki/mime.conf
-    fi
-
-    WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT})
-
-    if [[ $ONION_ONLY == "no" ]]; then
-	echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	function_check nginx_disable_sniffing
-	nginx_disable_sniffing $WIKI_DOMAIN_NAME
-	function_check nginx_limits
-	nginx_limits $WIKI_DOMAIN_NAME
-	echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo "    listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo "    server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+	echo "    server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
@@ -340,18 +429,10 @@ function install_wiki {
 	echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	function_check nginx_limits
 	nginx_limits $WIKI_DOMAIN_NAME
-	function_check nginx_ssl
-	nginx_ssl $WIKI_DOMAIN_NAME
 	function_check nginx_disable_sniffing
 	nginx_disable_sniffing $WIKI_DOMAIN_NAME
 	echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    # webmail' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    location /webmail {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        rewrite ^/(.*) /webmail/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '        rewrite ^/(.*) /webmail/installer/index.php last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
@@ -414,124 +495,43 @@ function install_wiki {
 	echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
 	echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-	echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    else
-	echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    fi
-    echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo "    root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo "    server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo "    error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    function_check nginx_limits
-    nginx_limits $WIKI_DOMAIN_NAME
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $WIKI_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
-
-    function_check create_site_certificate
-    create_site_certificate $WIKI_DOMAIN_NAME
-
-    function_check configure_php
-    configure_php
-
-    nginx_ensite $WIKI_DOMAIN_NAME
-
-    systemctl restart php5-fpm
-    systemctl restart nginx
-
-    echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE
-
-    function_check add_ddns_domain
-    add_ddns_domain $WIKI_DOMAIN_NAME
-
-    # add some post-install instructions
-    if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then
-	echo '' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'Wiki' >> /home/$MY_USERNAME/README
-	echo '====' >> /home/$MY_USERNAME/README
-	echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
-	echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README
-	echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo "  rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-	chmod 600 /home/$MY_USERNAME/README
-    fi
-
-    echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE
-    echo 'install_wiki' >> $COMPLETION_FILE
+
+	function_check create_site_certificate
+	create_site_certificate $WIKI_DOMAIN_NAME
+
+	function_check configure_php
+	configure_php
+
+	nginx_ensite $WIKI_DOMAIN_NAME
+
+	systemctl restart php5-fpm
+	systemctl restart nginx
+
+	echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE
+
+	function_check add_ddns_domain
+	add_ddns_domain $WIKI_DOMAIN_NAME
+
+	# add some post-install instructions
+	if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then
+		echo '' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'Wiki' >> /home/$MY_USERNAME/README
+		echo '====' >> /home/$MY_USERNAME/README
+		echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+		echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README
+		echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo "  rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+		chmod 600 /home/$MY_USERNAME/README
+	fi
+
+	echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE
+	echo 'install_wiki' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-app-xmpp

@@ -38,444 +38,444 @@ XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+
 XMPP_ECC_CURVE='"secp384r1"'
 
 function reconfigure_xmpp {
-    echo -n ''
+	echo -n ''
 }
 
 function update_prosody_modules {
-    if [ ! -d $INSTALL_DIR/prosody-modules ]; then
-	return
-    fi
-    if [ ! -d /usr/lib/prosody ]; then
-	return
-    fi
-
-    cd $INSTALL_DIR/prosody-modules
-    hg pull
-    hg update
-
-    # support onion addresses
-    if [ -f $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua ]; then
-	cp $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua /usr/lib/prosody/modules/mod_onions.lua
-    fi
-
-    # XEP-0313 message archive management
-    # https://modules.prosody.im/mod_mam.html
-    # Allows you to download your previous messages onto a new client
-    # This only applies if you are not using forward secret crypto
-    # such as OTR or OMEMO (eg. OpenPGP)
-    if [ -d $INSTALL_DIR/prosody-modules/mod_mam ]; then
-	cp $INSTALL_DIR/prosody-modules/mod_mam/*.lua /usr/lib/prosody/modules
-    fi
-
-    # XEP-0352 Client State Indication
-    # Notifies the server if the app is in the background or not
-    if [ -d $INSTALL_DIR/prosody-modules/mod_csi ]; then
-	cp $INSTALL_DIR/prosody-modules/mod_csi/*.lua /usr/lib/prosody/modules
-    fi
-
-    # XEP-0280 Message Carbons
-    # Ensures all messages get delivered to all clients (if you have a mobile and desktop client)
-    if [ -d $INSTALL_DIR/prosody-modules/mod_carbons ]; then
-	cp $INSTALL_DIR/prosody-modules/mod_carbons/*.lua /usr/lib/prosody/modules
-    fi
-
-    # XEP-0198 Stream management
-    # Helps mobile apps recover when a device switches networks.
-    if [ -d $INSTALL_DIR/prosody-modules/mod_smacks ]; then
-	cp $INSTALL_DIR/prosody-modules/mod_smacks/*.lua /usr/lib/prosody/modules
-    fi
-    if [ -d $INSTALL_DIR/prosody-modules/mod_smacks_offline ]; then
-	cp $INSTALL_DIR/prosody-modules/mod_smacks_offline/*.lua /usr/lib/prosody/modules
-    fi
-
-    # XEP-0191: blocking
-    if [ -d $INSTALL_DIR/prosody-modules/mod_blocking ]; then
-	cp $INSTALL_DIR/prosody-modules/mod_blocking/*.lua /usr/lib/prosody/modules
-    fi
-
-    # XEP-0016 Privacy lists
-    if [ -d $INSTALL_DIR/prosody-modules/mod_privacy_lists ]; then
-	cp $INSTALL_DIR/prosody-modules/mod_privacy_lists/*.lua /usr/lib/prosody/modules
-    fi
+	if [ ! -d $INSTALL_DIR/prosody-modules ]; then
+		return
+	fi
+	if [ ! -d /usr/lib/prosody ]; then
+		return
+	fi
+
+	cd $INSTALL_DIR/prosody-modules
+	hg pull
+	hg update
+
+	# support onion addresses
+	if [ -f $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua ]; then
+		cp $INSTALL_DIR/prosody-modules/mod_onions/mod_onions.lua /usr/lib/prosody/modules/mod_onions.lua
+	fi
+
+	# XEP-0313 message archive management
+	# https://modules.prosody.im/mod_mam.html
+	# Allows you to download your previous messages onto a new client
+	# This only applies if you are not using forward secret crypto
+	# such as OTR or OMEMO (eg. OpenPGP)
+	if [ -d $INSTALL_DIR/prosody-modules/mod_mam ]; then
+		cp $INSTALL_DIR/prosody-modules/mod_mam/*.lua /usr/lib/prosody/modules
+	fi
+
+	# XEP-0352 Client State Indication
+	# Notifies the server if the app is in the background or not
+	if [ -d $INSTALL_DIR/prosody-modules/mod_csi ]; then
+		cp $INSTALL_DIR/prosody-modules/mod_csi/*.lua /usr/lib/prosody/modules
+	fi
+
+	# XEP-0280 Message Carbons
+	# Ensures all messages get delivered to all clients (if you have a mobile and desktop client)
+	if [ -d $INSTALL_DIR/prosody-modules/mod_carbons ]; then
+		cp $INSTALL_DIR/prosody-modules/mod_carbons/*.lua /usr/lib/prosody/modules
+	fi
+
+	# XEP-0198 Stream management
+	# Helps mobile apps recover when a device switches networks.
+	if [ -d $INSTALL_DIR/prosody-modules/mod_smacks ]; then
+		cp $INSTALL_DIR/prosody-modules/mod_smacks/*.lua /usr/lib/prosody/modules
+	fi
+	if [ -d $INSTALL_DIR/prosody-modules/mod_smacks_offline ]; then
+		cp $INSTALL_DIR/prosody-modules/mod_smacks_offline/*.lua /usr/lib/prosody/modules
+	fi
+
+	# XEP-0191: blocking
+	if [ -d $INSTALL_DIR/prosody-modules/mod_blocking ]; then
+		cp $INSTALL_DIR/prosody-modules/mod_blocking/*.lua /usr/lib/prosody/modules
+	fi
+
+	# XEP-0016 Privacy lists
+	if [ -d $INSTALL_DIR/prosody-modules/mod_privacy_lists ]; then
+		cp $INSTALL_DIR/prosody-modules/mod_privacy_lists/*.lua /usr/lib/prosody/modules
+	fi
 }
 
 function upgrade_xmpp {
-    if ! grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then
-	return
-    fi
-    function_check update_prosody_modules
-    update_prosody_modules
+	if ! grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then
+		return
+	fi
+	function_check update_prosody_modules
+	update_prosody_modules
 }
 
 function backup_local_xmpp {
-    source_directory=/var/lib/prosody xmpp
-    if [ -d $source_directory ]; then
-	dest_directory=xmpp
-	echo $"Backing up $source_directory to $dest_directory"
+	source_directory=/var/lib/prosody xmpp
+	if [ -d $source_directory ]; then
+		dest_directory=xmpp
+		echo $"Backing up $source_directory to $dest_directory"
 
-	function_check backup_directory_to_usb
-	backup_directory_to_usb $source_directory $dest_directory
+		function_check backup_directory_to_usb
+		backup_directory_to_usb $source_directory $dest_directory
 
-	echo $"Backup to $dest_directory complete"
-    fi
+		echo $"Backup to $dest_directory complete"
+	fi
 }
 
 function restore_local_xmpp {
-    if [ -d /var/lib/prosody ]; then
-	echo $"Restoring XMPP settings"
-	temp_restore_dir=/root/tempxmpp
-	function_check restore_directory_from_usb
-	restore_directory_from_usb $temp_restore_dir xmpp
-	cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
-	if [ ! "$?" = "0" ]; then
-	    function_check set_user_permissions
-	    set_user_permissions
-	    function_check backup_unmount_drive
-	    backup_unmount_drive
-	    exit 725
-	fi
-	rm -rf $temp_restore_dir
-	service prosody restart
-	chown -R prosody:prosody /var/lib/prosody/*
-	echo $"Restore of XMPP settings complete"
-    fi
+	if [ -d /var/lib/prosody ]; then
+		echo $"Restoring XMPP settings"
+		temp_restore_dir=/root/tempxmpp
+		function_check restore_directory_from_usb
+		restore_directory_from_usb $temp_restore_dir xmpp
+		cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
+		if [ ! "$?" = "0" ]; then
+			function_check set_user_permissions
+			set_user_permissions
+			function_check backup_unmount_drive
+			backup_unmount_drive
+			exit 725
+		fi
+		rm -rf $temp_restore_dir
+		service prosody restart
+		chown -R prosody:prosody /var/lib/prosody/*
+		echo $"Restore of XMPP settings complete"
+	fi
 }
 
 function backup_remote_xmpp {
-    if [ -d /var/lib/prosody ]; then
-	echo $"Backing up the XMPP settings"
-	backup_directory_to_friend /var/lib/prosody xmpp
-	echo $"Backup of XMPP settings complete"
-    fi
+	if [ -d /var/lib/prosody ]; then
+		echo $"Backing up the XMPP settings"
+		backup_directory_to_friend /var/lib/prosody xmpp
+		echo $"Backup of XMPP settings complete"
+	fi
 }
 
 function restore_remote_xmpp {
-    if [ -d /var/lib/prosody ]; then
-	echo $"Restoring XMPP settings"
-	temp_restore_dir=/root/tempxmpp
-	function_check restore_directory_from_friend
-	restore_directory_from_friend $temp_restore_dir xmpp
-	cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
-	if [ ! "$?" = "0" ]; then
-	    exit 725
-	fi
-	rm -rf $temp_restore_dir
-	service prosody restart
-	chown -R prosody:prosody /var/lib/prosody/*
-	echo $"Restore of XMPP settings complete"
-    fi
+	if [ -d /var/lib/prosody ]; then
+		echo $"Restoring XMPP settings"
+		temp_restore_dir=/root/tempxmpp
+		function_check restore_directory_from_friend
+		restore_directory_from_friend $temp_restore_dir xmpp
+		cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
+		if [ ! "$?" = "0" ]; then
+			exit 725
+		fi
+		rm -rf $temp_restore_dir
+		service prosody restart
+		chown -R prosody:prosody /var/lib/prosody/*
+		echo $"Restore of XMPP settings complete"
+	fi
 }
 
 function configure_firewall_for_xmpp {
-    if [ ! -d /etc/prosody ]; then
-	return
-    fi
-    if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
-	return
-    fi
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-	# docker does its own firewalling
-	return
-    fi
-    if [[ $ONION_ONLY != "no" ]]; then
-	return
-    fi
-    iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
-    iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
-    iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-
-    OPEN_PORTS+=('XMPP     5222-5223')
-    OPEN_PORTS+=('XMPP     5269')
-    OPEN_PORTS+=('XMPP     5280-5281')
-    echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
+	if [ ! -d /etc/prosody ]; then
+		return
+	fi
+	if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
+		return
+	fi
+	if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+		# docker does its own firewalling
+		return
+	fi
+	if [[ $ONION_ONLY != "no" ]]; then
+		return
+	fi
+	iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
+	iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
+	iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
+
+	OPEN_PORTS+=('XMPP     5222-5223')
+	OPEN_PORTS+=('XMPP     5269')
+	OPEN_PORTS+=('XMPP     5280-5281')
+	echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
 }
 
 function remove_xmpp_client {
-    if ! grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
-	return
-    fi
-    apt-get -y remove --purge profanity
-    sed '/install_xmpp_client/d' $COMPLETION_FILE
+	if ! grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
+		return
+	fi
+	apt-get -y remove --purge profanity
+	sed '/install_xmpp_client/d' $COMPLETION_FILE
 }
 
 function remove_xmpp {
-    remove_xmpp_client
-    if ! grep -Fxq "install_xmpp" $COMPLETION_FILE; then
-	return
-    fi
-    iptables -D INPUT -p tcp --dport 5222:5223 -j ACCEPT
-    iptables -D INPUT -p tcp --dport 5269 -j ACCEPT
-    iptables -D INPUT -p tcp --dport 5280:5281 -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-
-    function_check remove_onion_service
-    remove_onion_service xmpp 5222 5223 5269
-
-    apt-get -y remove --purge prosody prosody-modules
-    if [ -d $INSTALL_DIR/prosody-modules ]; then
-	rm -rf $INSTALL_DIR/prosody-modules
-    fi
-    if [ -d /etc/prosody ]; then
-	rm -rf /etc/prosody
-    fi
-
-    sed '/install_xmpp/d' $COMPLETION_FILE
-    sed '/XMPP /d' $COMPLETION_FILE
+	remove_xmpp_client
+	if ! grep -Fxq "install_xmpp" $COMPLETION_FILE; then
+		return
+	fi
+	iptables -D INPUT -p tcp --dport 5222:5223 -j ACCEPT
+	iptables -D INPUT -p tcp --dport 5269 -j ACCEPT
+	iptables -D INPUT -p tcp --dport 5280:5281 -j ACCEPT
+	function_check save_firewall_settings
+	save_firewall_settings
+
+	function_check remove_onion_service
+	remove_onion_service xmpp 5222 5223 5269
+
+	apt-get -y remove --purge prosody prosody-modules
+	if [ -d $INSTALL_DIR/prosody-modules ]; then
+		rm -rf $INSTALL_DIR/prosody-modules
+	fi
+	if [ -d /etc/prosody ]; then
+		rm -rf /etc/prosody
+	fi
+
+	sed '/install_xmpp/d' $COMPLETION_FILE
+	sed '/XMPP /d' $COMPLETION_FILE
 }
 
 function install_xmpp_main {
-    update_prosody_modules
-
-    if grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then
-	return
-    fi
-    apt-get -y install lua-sec lua-bitop
-    apt-get -y install prosody prosody-modules mercurial
-
-    if [ ! -d /etc/prosody ]; then
-	echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
-	exit 52
-    fi
-
-    # obtain the prosody modules
-    cd $INSTALL_DIR
-    hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
-    if [ ! -d $INSTALL_DIR/prosody-modules/mod_onions ]; then
-	echo $'mod_onions prosody module could not be found'
-	exit 73254
-    fi
-
-    # install the onions module
-    update_prosody_modules
-    if [ ! -f /usr/lib/prosody/modules/mod_onions.lua ]; then
-	echo $'mod_onions.lua could not be copied to the prosody modules directory'
-	exit 63952
-    fi
-
-    # create a certificate
-    if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
-	${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
-	check_certificates xmpp
-    fi
-    chown prosody:prosody /etc/ssl/private/xmpp.key
-    chown prosody:prosody /etc/ssl/certs/xmpp.*
-    cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
-
-    sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
-    sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
-    if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-	sed -i '/certificate =/a\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
-    fi
-    if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
-	sed -i '/certificate =/a\        options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
-    fi
-    if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
-	sed -i "/certificate =/a\        ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
-    fi
-    if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
-	sed -i '/certificate =/a\        depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua
-    fi
-    if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
-	sed -i "/certificate =/a\        curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
-    fi
-
-    sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
-    sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
-
-    if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-	echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "mam"; -- Message archive management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "csi"; -- Client state indication' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "carbons"; -- Message carbons' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "smacks"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "smacks_offline"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "privacy"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "privacy_lists"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "blocking"; -- Blocking command' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '  "roster"; -- Roster versioning' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-    fi
-    ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
-
-    sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
-    sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
-    if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
-	sed -i '/certificate =/a\    dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
-    fi
-    if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
-	sed -i '/certificate =/a\    options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
-    fi
-    if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then
-	sed -i "/certificate =/a\    ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua
-    fi
-    if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then
-	sed -i '/certificate =/a\    depth = "1";' /etc/prosody/prosody.cfg.lua
-    fi
-    if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then
-	sed -i "/certificate =/a\    curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua
-    fi
-    sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua
-    if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then
-	sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua
-    fi
-    if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then
-	echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-    fi
-    sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
-    sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
-    sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
-    sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
-    sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
-    sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
-
-    systemctl restart prosody
-    touch /home/$MY_USERNAME/README
-
-    if [ ! -d /var/lib/tor ]; then
-	echo $'No Tor installation found. XMPP onion site cannot be configured.'
-	exit 877367
-    fi
-    if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
-	echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
-	echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
-	echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
-	echo $'Added onion site for XMPP chat'
-    fi
-
-    systemctl restart tor
-    wait_for_onion_service 'xmpp'
-
-    if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
-	echo $'XMPP onion site hostname not found'
-	exit 65349
-    fi
-    XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
-    if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-	echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
-	echo '    modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-    fi
-    if ! grep -q "XMPP onion domain" $COMPLETION_FILE; then
-	echo "XMPP onion domain:${XMPP_ONION_HOSTNAME}" >> $COMPLETION_FILE
-    else
-	sed -i "s|XMPP onion domain.*|XMPP onion domain:${XMPP_ONION_HOSTNAME}|g" $COMPLETION_FILE
-    fi
-
-    if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then
-	if [ ${#XMPP_PASSWORD} -lt 8 ]; then
-	    if [ -f $IMAGE_PASSWORD_FILE ]; then
-		XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-	    else
-		XMPP_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-	    fi
-	fi
-	prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD
-	echo '' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo $'XMPP' >> /home/$MY_USERNAME/README
-	echo '====' >> /home/$MY_USERNAME/README
-	echo $"XMPP onion domain: ${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
-	echo $"Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README
-	echo $'You can change it with: ' >> /home/$MY_USERNAME/README
-	echo '' >> /home/$MY_USERNAME/README
-	echo "    prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
-	chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-	chmod 600 /home/$MY_USERNAME/README
-    fi
-
-    function_check configure_firewall_for_xmpp
-    configure_firewall_for_xmpp
-
-    echo 'install_xmpp_main' >> $COMPLETION_FILE
+	update_prosody_modules
+
+	if grep -Fxq "install_xmpp_main" $COMPLETION_FILE; then
+		return
+	fi
+	apt-get -y install lua-sec lua-bitop
+	apt-get -y install prosody prosody-modules mercurial
+
+	if [ ! -d /etc/prosody ]; then
+		echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
+		exit 52
+	fi
+
+	# obtain the prosody modules
+	cd $INSTALL_DIR
+	hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
+	if [ ! -d $INSTALL_DIR/prosody-modules/mod_onions ]; then
+		echo $'mod_onions prosody module could not be found'
+		exit 73254
+	fi
+
+	# install the onions module
+	update_prosody_modules
+	if [ ! -f /usr/lib/prosody/modules/mod_onions.lua ]; then
+		echo $'mod_onions.lua could not be copied to the prosody modules directory'
+		exit 63952
+	fi
+
+	# create a certificate
+	if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
+		${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
+		check_certificates xmpp
+	fi
+	chown prosody:prosody /etc/ssl/private/xmpp.key
+	chown prosody:prosody /etc/ssl/certs/xmpp.*
+	cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
+
+	sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+	sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+	if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+		sed -i '/certificate =/a\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
+	fi
+	if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
+		sed -i '/certificate =/a\        options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
+	fi
+	if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
+		sed -i "/certificate =/a\        ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
+	fi
+	if ! grep -q 'depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
+		sed -i '/certificate =/a\        depth = "1";' /etc/prosody/conf.avail/xmpp.cfg.lua
+	fi
+	if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
+		sed -i "/certificate =/a\        curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
+	fi
+
+	sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
+	sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
+
+	if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+		echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "mam"; -- Message archive management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "csi"; -- Client state indication' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "carbons"; -- Message carbons' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "smacks"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "smacks_offline"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "privacy"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "privacy_lists"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "blocking"; -- Blocking command' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '  "roster"; -- Roster versioning' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	fi
+	ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
+
+	sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
+	sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
+	if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
+		sed -i '/certificate =/a\    dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
+	fi
+	if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
+		sed -i '/certificate =/a\    options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
+	fi
+	if ! grep -q 'ciphers =' /etc/prosody/prosody.cfg.lua; then
+		sed -i "/certificate =/a\    ciphers = $XMPP_CIPHERS;" /etc/prosody/prosody.cfg.lua
+	fi
+	if ! grep -q 'depth = "1";' /etc/prosody/prosody.cfg.lua; then
+		sed -i '/certificate =/a\    depth = "1";' /etc/prosody/prosody.cfg.lua
+	fi
+	if ! grep -q 'curve =' /etc/prosody/prosody.cfg.lua; then
+		sed -i "/certificate =/a\    curve = $XMPP_ECC_CURVE;" /etc/prosody/prosody.cfg.lua
+	fi
+	sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua
+	if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then
+		sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua
+	fi
+	if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then
+		echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	fi
+	sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
+	sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
+	sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
+	sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
+	sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
+	sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
+
+	systemctl restart prosody
+	touch /home/$MY_USERNAME/README
+
+	if [ ! -d /var/lib/tor ]; then
+		echo $'No Tor installation found. XMPP onion site cannot be configured.'
+		exit 877367
+	fi
+	if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
+		echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
+		echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
+		echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
+		echo $'Added onion site for XMPP chat'
+	fi
+
+	systemctl restart tor
+	wait_for_onion_service 'xmpp'
+
+	if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
+		echo $'XMPP onion site hostname not found'
+		exit 65349
+	fi
+	XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
+	if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+		echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
+		echo '    modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+	fi
+	if ! grep -q "XMPP onion domain" $COMPLETION_FILE; then
+		echo "XMPP onion domain:${XMPP_ONION_HOSTNAME}" >> $COMPLETION_FILE
+	else
+		sed -i "s|XMPP onion domain.*|XMPP onion domain:${XMPP_ONION_HOSTNAME}|g" $COMPLETION_FILE
+	fi
+
+	if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then
+		if [ ${#XMPP_PASSWORD} -lt 8 ]; then
+			if [ -f $IMAGE_PASSWORD_FILE ]; then
+				XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+			else
+				XMPP_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+			fi
+		fi
+		prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD
+		echo '' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo $'XMPP' >> /home/$MY_USERNAME/README
+		echo '====' >> /home/$MY_USERNAME/README
+		echo $"XMPP onion domain: ${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+		echo $"Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README
+		echo $'You can change it with: ' >> /home/$MY_USERNAME/README
+		echo '' >> /home/$MY_USERNAME/README
+		echo "    prosodyctl passwd $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/README
+		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+		chmod 600 /home/$MY_USERNAME/README
+	fi
+
+	function_check configure_firewall_for_xmpp
+	configure_firewall_for_xmpp
+
+	echo 'install_xmpp_main' >> $COMPLETION_FILE
 }
 
 function install_xmpp_client {
-    if grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
-	return
-    fi
-    apt-get -y install profanity
-
-    XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
-    XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
-    if [ ! -d $XMPP_CLIENT_DIR ]; then
-	mkdir -p $XMPP_CLIENT_DIR
-    fi
-
-    if [[ $ONION_ONLY == 'no' ]]; then
-	echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS
-	echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
-	echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
-	echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-	echo "muc.service=conference.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
-	echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
-	echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
-	if [ ${#XMPP_PASSWORD} -gt 2 ]; then
-	    echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
-	fi
-    fi
-
-    if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
-	XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
-	echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS
+	if grep -Fxq "install_xmpp_client" $COMPLETION_FILE; then
+		return
+	fi
+	apt-get -y install profanity
+
+	XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
+	XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
+	if [ ! -d $XMPP_CLIENT_DIR ]; then
+		mkdir -p $XMPP_CLIENT_DIR
+	fi
+
 	if [[ $ONION_ONLY == 'no' ]]; then
-	    echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS
-	else
-	    echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
-	fi
-	echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-	echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-	echo "muc.service=conference.${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-	echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
-	echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-	echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
-	if [ ${#XMPP_PASSWORD} -gt 2 ]; then
-	    echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
-	fi
-    fi
-
-    if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
-	mkdir /home/$MY_USERNAME/.config/profanity
-    fi
-    echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
-    echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
-
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
-
-    echo 'install_xmpp_client' >> $COMPLETION_FILE
+		echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS
+		echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
+		echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
+		echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
+		echo "muc.service=conference.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
+		echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
+		echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
+		echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
+		echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
+		echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
+		echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
+		echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
+		echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+		if [ ${#XMPP_PASSWORD} -gt 2 ]; then
+			echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+		fi
+	fi
+
+	if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
+		XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
+		echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS
+		if [[ $ONION_ONLY == 'no' ]]; then
+			echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS
+		else
+			echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
+		fi
+		echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
+		echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
+		echo "muc.service=conference.${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
+		echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
+		echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
+		echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
+		echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
+		echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
+		echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
+		echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
+		echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+		if [ ${#XMPP_PASSWORD} -gt 2 ]; then
+			echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+		fi
+	fi
+
+	if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
+		mkdir /home/$MY_USERNAME/.config/profanity
+	fi
+	echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
+	echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
+
+	chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
+	chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+
+	echo 'install_xmpp_client' >> $COMPLETION_FILE
 }
 
 function install_xmpp {
-    if grep -Fxq "install_xmpp" $COMPLETION_FILE; then
-	return
-    fi
-    install_xmpp_main
-    install_xmpp_client
-    echo 'install_xmpp' >> $COMPLETION_FILE
+	if grep -Fxq "install_xmpp" $COMPLETION_FILE; then
+		return
+	fi
+	install_xmpp_main
+	install_xmpp_client
+	echo 'install_xmpp' >> $COMPLETION_FILE
 }
 
 # NOTE: deliberately no exit 0