Merge branch 'stretch' of https://github.com/bashrc/freedombone

doc/EN/app_peertube.org

@@ -25,6 +25,8 @@ Using cursor keys, space bar and Enter key select *Administrator controls* and t
 
 Select *Add/Remove Apps* then *peertube*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /video.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
 
+Although PeerTube can handle a few formats *webm* is the currently recommended one. Other formats might not play in some browsers or on some libre distros.
+
 * Initial setup
 Navigate to your site and select *Signup* to create a new account. By default the maximum number of accounts on your system is limited to a small number so that millions of random internet users can't then begin uploading dubious content. After that it's pretty straightforward.
 
@@ -40,7 +42,7 @@ The most convenient way to add new videos to PeerTube is if you have the *syncth
 
 The first line of login.txt should be your username, the second line should be the password and optionally the third line can contain the words *public* and/or *nsfw*, if you want to make imported videos immediately public or mark them as not suitable for work.
 
-Prepare your videos in *ogv*, *mp4* or *webm* format. To minimize bandwidth usage try to keep your videos as small as possible. Giant videos with incredibly high resolution tend to result in a bad user experience. Often just converting your videos to *webm* using *ffmpeg* will keep the size down.
+Prepare your videos preferably in *webm* format. Other formats may be poorly supported, especially on libre distros. To minimize bandwidth usage try to keep your videos as small as possible. Giant videos with incredibly high resolution tend to result in a bad user experience. Often just converting your videos to *webm* using *ffmpeg* will keep the size down.
 
 Now copy or drag and drop your videos into the *~/Sync/peertube_upload* directory. Syncthing will sync to the server and automatically add the videos to PeerTube. Depending on how large the videos are this may take some time.
 

src/freedombone-app-microblogpub

@@ -0,0 +1,465 @@
+#!/bin/bash
+#
+#  _____               _           _
+# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
+# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
+# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
+#
+#                              Freedom in the Cloud
+#
+# This needs python 3.6, which is later than the debian version
+#
+# License
+# =======
+#
+# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+VARIANTS=''
+
+IN_DEFAULT_INSTALL=0
+SHOW_ON_ABOUT=1
+
+MICROBLOGPUB_DOMAIN_NAME=
+MICROBLOGPUB_CODE=
+MICROBLOGPUB_ONION_PORT=9261
+MICROBLOGPUB_REPO="https://github.com/tsileo/microblog.pub"
+MICROBLOGPUB_COMMIT='791e55c7f5eee26792b90b94668d5f0dbbc767f9'
+MICROBLOGPUB_PORT_INTERNAL=5005
+
+# These parameters are used by the FreedomBox mobile app
+MICROBLOGPUB_SHORT_DESCRIPTION=
+MICROBLOGPUB_DESCRIPTION=
+MICROBLOGPUB_MOBILE_APP_URL=
+
+microblogpub_variables=(ONION_ONLY
+                        MICROBLOGPUB_DOMAIN_NAME
+                        MICROBLOGPUB_CODE
+                        DDNS_PROVIDER
+                        MY_USERNAME)
+
+function logging_on_microblogpub {
+    echo -n ''
+}
+
+function logging_off_microblogpub {
+    echo -n ''
+}
+
+function remove_user_microblogpub {
+    remove_username="$1"
+
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp microblogpub
+}
+
+function add_user_microblogpub {
+    new_username="$1"
+    new_user_password="$2"
+
+    "${PROJECT_NAME}-pass" -u "$new_username" -a microblogpub -p "$new_user_password"
+    echo '0'
+}
+
+function install_interactive_microblogpub {
+    if [ ! "$ONION_ONLY" ]; then
+        ONION_ONLY='no'
+    fi
+
+    if [[ "$ONION_ONLY" != "no" ]]; then
+        MICROBLOGPUB_DOMAIN_NAME='microblogpub.local'
+        write_config_param "MICROBLOGPUB_DOMAIN_NAME" "$MICROBLOGPUB_DOMAIN_NAME"
+    else
+        interactive_site_details "microblogpub" "MICROBLOGPUB_DOMAIN_NAME" "MICROBLOGPUB_CODE"
+    fi
+    APP_INSTALLED=1
+}
+
+function change_password_microblogpub {
+    #curr_username="$1"
+    new_user_password="$2"
+
+    read_config_param 'MY_USERNAME'
+    read_config_param 'MICROBLOGPUB_DOMAIN_NAME'
+
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a microblogpub -p "$new_user_password"
+
+    { echo 'import bcrypt';
+      echo "print(bcrypt.hashpw(\"$new_user_password\", bcrypt.gensalt()).decode('utf-8'))"; } > /tmp/microblogpub
+    MICROBLOGPUB_HASHED_PASSWORD=$(python /tmp/microblogpub)
+    rm /tmp/microblogpub
+}
+
+function microblogpub_create_database {
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        MICROBLOGPUB_ADMIN_PASSWORD="$(printf "%d" "$(cat "")")"
+    else
+        if [ ! "$MICROBLOGPUB_ADMIN_PASSWORD" ]; then
+            MICROBLOGPUB_ADMIN_PASSWORD=$(create_password "${MINIMUM_PASSWORD_LENGTH}")
+        fi
+    fi
+    if [ ! "$MICROBLOGPUB_ADMIN_PASSWORD" ]; then
+        return
+    fi
+
+    create_database_mongodb microblogpub "$MICROBLOGPUB_ADMIN_PASSWORD" "$MY_USERNAME"
+}
+
+function reconfigure_microblogpub {
+    # This is used if you need to switch identity. Dump old keys and generate new ones
+    echo -n ''
+}
+
+function configure_interactive_microblogpub {
+    W=(1 $"Option 1"
+       2 $"Option 2")
+
+    while true
+    do
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"microblogpub" --menu $"Choose an operation, or ESC for main menu:" 14 70 3 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+        case $selection in
+            1) # call some function for option 1
+            ;;
+            2) # call some function for option 2
+            ;;
+        esac
+    done
+}
+
+function upgrade_microblogpub {
+    CURR_MICROBLOGPUB_COMMIT=$(get_completion_param "microblogpub commit")
+    if [[ "$CURR_MICROBLOGPUB_COMMIT" == "$MICROBLOGPUB_COMMIT" ]]; then
+        return
+    fi
+
+    if grep -q "microblogpub domain" "$COMPLETION_FILE"; then
+        MICROBLOGPUB_DOMAIN_NAME=$(get_completion_param "microblogpub domain")
+    fi
+
+    # update to the next commit
+    set_repo_commit "/etc/microblogpub" "microblogpub commit" "$MICROBLOGPUB_COMMIT" "$MICROBLOGPUB_REPO"
+    chown -R microblogpub:microblogpub "/etc/microblogpub"
+    systemctl restart microblogpub
+}
+
+function backup_local_microblogpub {
+    MICROBLOGPUB_DOMAIN_NAME='microblogpub'
+    if grep -q "microblogpub domain" "$COMPLETION_FILE"; then
+        MICROBLOGPUB_DOMAIN_NAME=$(get_completion_param "microblogpub domain")
+    fi
+
+    source_directory=/etc/microblogpub
+
+    suspend_site "${MICROBLOGPUB_DOMAIN_NAME}"
+
+    systemctl stop microblogpub
+
+    dest_directory=microblogpub
+    backup_directory_to_usb "$source_directory" $dest_directory
+
+    USE_MONGODB=1
+    backup_database_to_usb microblogpub
+
+    restart_site
+    systemctl start microblogpub
+}
+
+function restore_local_microblogpub {
+    if ! grep -q "microblogpub domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    MICROBLOGPUB_DOMAIN_NAME=$(get_completion_param "microblogpub domain")
+    if [ ! "$MICROBLOGPUB_DOMAIN_NAME" ]; then
+        return
+    fi
+    suspend_site "${MICROBLOGPUB_DOMAIN_NAME}"
+    systemctl stop microblogpub
+
+    temp_restore_dir=/root/tempmicroblogpub
+    microblogpub_dir=/etc/microblogpub
+
+    microblogpub_create_database
+
+    USE_MONGODB=1
+    restore_database microblogpub
+    if [ -d $temp_restore_dir ]; then
+        rm -rf $temp_restore_dir
+    fi
+
+    restore_directory_from_usb $temp_restore_dir microblogpub
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$microblogpub_dir" ]; then
+            cp -rp "$temp_restore_dir$microblogpub_dir"/* "$microblogpub_dir"/
+        else
+            if [ ! -d "$microblogpub_dir" ]; then
+                mkdir "$microblogpub_dir"
+            fi
+            cp -rp "$temp_restore_dir"/* "$microblogpub_dir"/
+        fi
+        chown -R microblogpub:microblogpub "$microblogpub_dir"
+        rm -rf $temp_restore_dir
+    fi
+    systemctl start microblogpub
+
+    restart_site
+}
+
+function backup_remote_microblogpub {
+    MICROBLOGPUB_DOMAIN_NAME='microblogpub'
+    if grep -q "microblogpub domain" "$COMPLETION_FILE"; then
+        MICROBLOGPUB_DOMAIN_NAME=$(get_completion_param "microblogpub domain")
+    fi
+
+    source_directory=/etc/microblogpub
+
+    suspend_site "${MICROBLOGPUB_DOMAIN_NAME}"
+    systemctl stop microblogpub
+
+    dest_directory=microblogpub
+    backup_directory_to_friend "$source_directory" $dest_directory
+    USE_MONGODB=1
+    backup_database_to_friend microblogpub
+
+
+    systemctl start microblogpub
+
+    restart_site
+}
+
+function restore_remote_microblogpub {
+    if ! grep -q "microblogpub domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    MICROBLOGPUB_DOMAIN_NAME=$(get_completion_param "microblogpub domain")
+    if [ ! "$MICROBLOGPUB_DOMAIN_NAME" ]; then
+        return
+    fi
+    suspend_site "${MICROBLOGPUB_DOMAIN_NAME}"
+    systemctl stop microblogpub
+
+    temp_restore_dir=/root/tempmicroblogpub
+    microblogpub_dir=/etc/microblogpub
+
+    microblogpub_create_database
+
+    USE_MONGODB=1
+    restore_database_from_friend microblogpub
+    if [ -d "$temp_restore_dir" ]; then
+        rm -rf $temp_restore_dir
+    fi
+
+    restore_directory_from_friend $temp_restore_dir microblogpub
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$microblogpub_dir" ]; then
+            cp -rp "$temp_restore_dir$microblogpub_dir"/* "$microblogpub_dir"/
+        else
+            if [ ! -d "$microblogpub_dir" ]; then
+                mkdir "$microblogpub_dir"
+            fi
+            cp -rp $temp_restore_dir/* "$microblogpub_dir"/
+        fi
+        chown -R microblogpub:microblogpub "$microblogpub_dir"
+        rm -rf $temp_restore_dir
+    fi
+    systemctl start microblogpub
+
+    restart_site
+}
+
+function remove_microblogpub {
+    nginx_dissite "$MICROBLOGPUB_DOMAIN_NAME"
+    remove_certs "$MICROBLOGPUB_DOMAIN_NAME"
+
+    if [ -f /etc/systemd/system/microblogpub.service ]; then
+        systemctl stop microblogpub
+        systemctl disable microblogpub
+        rm /etc/systemd/system/microblogpub.service
+    fi
+    userdel -r microblogpub
+
+    if [ -d "/var/www/$MICROBLOGPUB_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$MICROBLOGPUB_DOMAIN_NAME"
+    fi
+    if [ -f "/etc/nginx/sites-available/$MICROBLOGPUB_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$MICROBLOGPUB_DOMAIN_NAME"
+    fi
+    drop_database_mongodb microblogpub
+    remove_onion_service microblogpub "${MICROBLOGPUB_ONION_PORT}"
+    if grep -q "microblogpub" /etc/crontab; then
+        sed -i "/microblogpub/d" /etc/crontab
+    fi
+    remove_app microblogpub
+    remove_completion_param install_microblogpub
+    sed -i '/microblogpub/d' "$COMPLETION_FILE"
+
+    remove_ddns_domain "$MICROBLOGPUB_DOMAIN_NAME"
+}
+
+function install_microblogpub {
+    apt-get -yq install python3-pip python3-flask
+
+    install_mongodb
+
+    if [ ! "$MICROBLOGPUB_DOMAIN_NAME" ]; then
+        echo $'No domain name was given'
+        exit 3568356
+    fi
+
+    if [ -d "/var/www/$MICROBLOGPUB_DOMAIN_NAME/htdocs" ]; then
+        rm -rf "/var/www/$MICROBLOGPUB_DOMAIN_NAME/htdocs"
+    fi
+    if [ -d /repos/microblogpub ]; then
+        mkdir "/var/www/$MICROBLOGPUB_DOMAIN_NAME/htdocs"
+        cp -r -p /repos/microblogpub/. "/etc/microblogpub"
+        cd "/etc/microblogpub" || exit 36487365
+        git pull
+    else
+        git_clone "$MICROBLOGPUB_REPO" "/etc/microblogpub"
+    fi
+
+    if [ ! -d "/etc/microblogpub" ]; then
+        echo $'Unable to clone microblogpub repo'
+        exit 87525
+    fi
+
+    cd "/etc/microblogpub" || exit 3463754637
+    git checkout "$MICROBLOGPUB_COMMIT" -b "$MICROBLOGPUB_COMMIT"
+    set_completion_param "microblogpub commit" "$MICROBLOGPUB_COMMIT"
+
+    pip3 install -r requirements.txt
+
+    { echo 'import sass';
+      echo "sass.compile(dirname=('sass', 'static/css'), output_style='compressed')"; } > generate_css.py
+    python3 generate_css.py
+
+    { echo "username: '$MY_USERNAME'";
+      echo "name: '$MY_NAME'";
+      echo "icon_url: 'https://$MICROBLOGPUB_DOMAIN_NAME/me.png'";
+      echo "domain: '$MICROBLOGPUB_DOMAIN_NAME'";
+      echo "summary: 'your summary'";
+      echo 'https: false'; } > config/me.yml
+
+    chmod g+w "/var/www/$MICROBLOGPUB_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$MICROBLOGPUB_DOMAIN_NAME/htdocs"
+
+    microblogpub_create_database
+
+    add_ddns_domain "$MICROBLOGPUB_DOMAIN_NAME"
+
+    MICROBLOGPUB_ONION_HOSTNAME=$(add_onion_service microblogpub 80 "${MICROBLOGPUB_ONION_PORT}")
+
+    microblogpub_nginx_site=/etc/nginx/sites-available/$MICROBLOGPUB_DOMAIN_NAME
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        nginx_http_redirect "$MICROBLOGPUB_DOMAIN_NAME" "index index.html"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $MICROBLOGPUB_DOMAIN_NAME;";
+          echo ''; } >> "$microblogpub_nginx_site"
+        nginx_compress "$MICROBLOGPUB_DOMAIN_NAME"
+        echo '' >> "$microblogpub_nginx_site"
+        echo '  # Security' >> "$microblogpub_nginx_site"
+        nginx_ssl "$MICROBLOGPUB_DOMAIN_NAME"
+
+        nginx_security_options "$MICROBLOGPUB_DOMAIN_NAME"
+
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    access_log /dev/null;';
+          echo '    error_log /dev/null;';
+          echo '';
+          echo "    root /var/www/$MICROBLOGPUB_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.html;';
+          echo '  # Location';
+          echo '  location / {'; } >> "$microblogpub_nginx_site"
+        nginx_limits "$MICROBLOGPUB_DOMAIN_NAME" '15m'
+        { echo "    proxy_pass http://localhost:$MICROBLOGPUB_PORT_INTERNAL;";
+          echo '  }';
+          echo '}'; } >> "$microblogpub_nginx_site"
+    else
+        echo -n '' > "$microblogpub_nginx_site"
+    fi
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$MICROBLOGPUB_ONION_PORT default_server;";
+      echo "    server_name $MICROBLOGPUB_ONION_HOSTNAME;";
+      echo ''; } >> "$microblogpub_nginx_site"
+    nginx_compress "$MICROBLOGPUB_DOMAIN_NAME"
+    echo '' >> "$microblogpub_nginx_site"
+    nginx_security_options "$MICROBLOGPUB_DOMAIN_NAME"
+    { echo '';
+      echo '    access_log /dev/null;';
+      echo '    error_log /dev/null;';
+      echo '';
+      echo "    root /var/www/$MICROBLOGPUB_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.html;';
+      echo '  # Location';
+      echo '  location / {'; } >> "$microblogpub_nginx_site"
+    nginx_limits "$MICROBLOGPUB_DOMAIN_NAME" '15m'
+    { echo "    proxy_pass http://localhost:$MICROBLOGPUB_PORT_INTERNAL;";
+      echo '  }';
+      echo '}'; } >> "$microblogpub_nginx_site"
+
+    adduser --system --home="/etc/microblogpub" --group microblogpub
+
+    { echo '[Unit]';
+      echo 'Description=microblogpub';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo "Documentation=$MICROBLOGPUB_REPO";
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=microblogpub';
+      echo 'Group=microblogpub';
+      echo 'WorkingDirectory=/etc/microblogpub';
+      echo "ExecStart=/usr/local/bin/flask run -p $MICROBLOGPUB_PORT_INTERNAL --with-threads";
+      echo 'Environment=USER=microblogpub';
+      echo 'Environment=FLASK_APP=app.py';
+      echo 'Environment=MICROBLOGPUB_DEBUG=1';
+      echo 'Restart=always';
+      echo 'StandardError=syslog';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "/etc/systemd/system/microblogpub.service"
+    systemctl enable microblogpub
+    chown -R microblogpub:microblogpub "/etc/microblogpub"
+    systemctl start microblogpub
+
+    create_site_certificate "$MICROBLOGPUB_DOMAIN_NAME" 'yes'
+
+    nginx_ensite "$MICROBLOGPUB_DOMAIN_NAME"
+
+    systemctl restart nginx
+
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a microblogpub -p "$MICROBLOGPUB_ADMIN_PASSWORD"
+
+
+    { echo 'import bcrypt';
+      echo "print(bcrypt.hashpw(\"$MICROBLOGPUB_ADMIN_PASSWORD\", bcrypt.gensalt()).decode('utf-8'))"; } > /tmp/microblogpub
+    MICROBLOGPUB_HASHED_PASSWORD=$(python /tmp/microblogpub)
+    rm /tmp/microblogpub
+
+    set_completion_param "microblogpub domain" "$MICROBLOGPUB_DOMAIN_NAME"
+
+    APP_INSTALLED=1
+}
+
+# NOTE: deliberately there is no "exit 0"

src/freedombone-app-peertube

@@ -38,7 +38,7 @@ NOT_ON_ONION=1
 PEERTUBE_DOMAIN_NAME=
 PEERTUBE_CODE=
 PEERTUBE_REPO="https://github.com/Chocobozzz/PeerTube"
-PEERTUBE_COMMIT='f209b32afaffbb8b93c265525ebde182ab66c37a'
+PEERTUBE_COMMIT='50a3f3b821cd255ad8ae43f086aede0d2c9c778a'
 PEERTUBE_ONION_PORT=8136
 PEERTUBE_PORT=9004
 MESH_PEERTUBE_PORT=8500
@@ -434,7 +434,39 @@ function upgrade_peertube {
     function_check set_repo_commit
     set_repo_commit $PEERTUBE_DIR "peertube commit" "$PEERTUBE_COMMIT" $PEERTUBE_REPO
 
-    npm run upgrade-peertube
+    if ! npm install -g yarn@1.5.1; then
+        echo $'Failed to install yarn'
+        exit 79353234
+    fi
+    yarn add -D webpack --network-concurrency 1
+    if ! yarn install; then
+        echo $'Failed to run yarn install'
+        exit 63754235
+    fi
+    if ! npm install -g npm@4; then
+        # https://github.com/KraigM/homebridge-harmonyhub/issues/119
+        echo $'Failed to downgrade npm'
+        npm install -g "npm@${NPM_VERSION}"
+        cp /root/.npm-global/bin/npm /usr/local/bin/npm
+        exit 3476835
+    fi
+    cp /root/.npm-global/bin/npm /usr/local/bin/npm
+    if ! npm install; then
+        echo $'Failed to install peertube'
+        npm install -g "npm@${NPM_VERSION}"
+        cp /root/.npm-global/bin/npm /usr/local/bin/npm
+        exit 7835243
+    fi
+    if ! npm install -g "npm@${NPM_VERSION}"; then
+        echo $'Failed to restore npm after downgrade'
+        exit 5737583
+    fi
+    cp /root/.npm-global/bin/npm /usr/local/bin/npm
+    npm run build
+
+    # This doesn't appear to work
+    #sudo -u peertube ./upgrade.sh $PEERTUBE_DIR
+
     chown -R peertube:peertube $PEERTUBE_DIR
     systemctl start peertube
 }
@@ -848,7 +880,7 @@ function peertube_create_config {
       echo '# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag';
       echo '# Uses a lot of CPU!';
       echo 'transcoding:';
-      echo '  enabled: true';
+      echo '  enabled: false';
       echo '  threads: 2';
       echo '  resolutions: # Only created if the original video has a higher resolution';
       echo '    240p: true';
@@ -1042,10 +1074,7 @@ function install_peertube {
         exit 5737583
     fi
     cp /root/.npm-global/bin/npm /usr/local/bin/npm
-    if ! npm run build; then
-        echo $'Failed to build peertube'
-        exit 5293593
-    fi
+    npm run build
 
     PEERTUBE_ONION_HOSTNAME=$(add_onion_service peertube 80 ${PEERTUBE_ONION_PORT})
 

src/freedombone-app-pihole

@@ -45,7 +45,7 @@ PIHOLE_BLACKLIST=$piholeDir/blacklist.txt
 PIHOLE_WHITELIST=$piholeDir/whitelist.txt
 
 PIHOLE_REPO="https://github.com/pi-hole/pi-hole"
-PIHOLE_COMMIT='e602008459128c233899b1e9d70cca0f38f41670'
+PIHOLE_COMMIT='fbee18e24d56b418e3329a56ae4156dbe8fe5e1f'
 
 pihole_variables=(ONION_ONLY
                   PIHOLE_IFACE
@@ -255,27 +255,23 @@ function pihole_resume {
 }
 
 function configure_interactive_pihole {
+    W=(1 $"Edit ads list"
+       2 $"Edit blacklisted domain names"
+       3 $"Edit whitelisted domain names"
+       4 $"Change upstream DNS servers"
+       5 $"Pause blocker"
+       6 $"Resume blocker")
+
     while true
     do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone Control Panel" \
-               --title $"Ad Blocker" \
-               --radiolist $"Choose an operation:" 16 70 7 \
-               1 $"Edit ads list" off \
-               2 $"Edit blacklisted domain names" off \
-               3 $"Edit whitelisted domain names" off \
-               4 $"Change upstream DNS servers" off \
-               5 $"Pause blocker" off \
-               6 $"Resume blocker" off \
-               7 $"Exit" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               exit 1;;
-            255) rm -f "$data"
-                 exit 1;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Ad blocker" --menu $"Choose an operation, or ESC for main menu:" 13 60 9 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+           break
+        fi
+
+        case $selection in
             1) editor $PIHOLE_CUSTOM_ADLIST
                update_pihole_interactive
                ;;
@@ -292,10 +288,7 @@ function configure_interactive_pihole {
                ;;
             6) pihole_resume
                ;;
-            7) rm -f "$data"
-               break;;
         esac
-        rm -f "$data"
     done
 }
 

src/freedombone-app-pixelfed

@@ -0,0 +1,436 @@
+#!/bin/bash
+#
+#  _____               _           _
+# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
+# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
+# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
+#
+#                              Freedom in the Cloud
+#
+# Pixelfed app
+#
+# Requires php 7.1.3 but debian version is 7.0.27
+#
+# License
+# =======
+#
+# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+VARIANTS=''
+
+IN_DEFAULT_INSTALL=0
+SHOW_ON_ABOUT=1
+
+PIXELFED_DOMAIN_NAME=
+PIXELFED_CODE=
+PIXELFED_ONION_PORT=9324
+PIXELFED_REPO="https://github.com/dansup/pixelfed"
+PIXELFED_COMMIT='9fbc5d0902fbc2042a6d2bb698cc3802e7b25508'
+
+# These parameters are used by the FreedomBox mobile app
+PIXELFED_SHORT_DESCRIPTION='Federated image sharing'
+PIXELFED_DESCRIPTION='Federated image sharing'
+PIXELFED_MOBILE_APP_URL=
+
+pixelfed_variables=(ONION_ONLY
+                    PIXELFED_DOMAIN_NAME
+                    PIXELFED_CODE
+                    DDNS_PROVIDER
+                    MY_USERNAME)
+
+function logging_on_pixelfed {
+    echo -n ''
+}
+
+function logging_off_pixelfed {
+    echo -n ''
+}
+
+function remove_user_pixelfed {
+    remove_username="$1"
+
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp pixelfed
+}
+
+function add_user_pixelfed {
+    new_username="$1"
+    new_user_password="$2"
+
+    "${PROJECT_NAME}-pass" -u "$new_username" -a pixelfed -p "$new_user_password"
+    echo '0'
+}
+
+function install_interactive_pixelfed {
+    if [ ! "$ONION_ONLY" ]; then
+        ONION_ONLY='no'
+    fi
+
+    if [[ "$ONION_ONLY" != "no" ]]; then
+        PIXELFED_DOMAIN_NAME='pixelfed.local'
+        write_config_param "PIXELFED_DOMAIN_NAME" "$PIXELFED_DOMAIN_NAME"
+    else
+        interactive_site_details "pixelfed" "PIXELFED_DOMAIN_NAME" "PIXELFED_CODE"
+    fi
+    APP_INSTALLED=1
+}
+
+function change_password_pixelfed {
+    curr_username="$1"
+    new_user_password="$2"
+
+    read_config_param 'PIXELFED_DOMAIN_NAME'
+
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a pixelfed -p "$new_user_password"
+}
+
+function pixelfed_create_database {
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        PIXELFED_ADMIN_PASSWORD="$(printf "%d" "$(cat "")")"
+    else
+        if [ ! "$PIXELFED_ADMIN_PASSWORD" ]; then
+            PIXELFED_ADMIN_PASSWORD=$(create_password "${MINIMUM_PASSWORD_LENGTH}")
+        fi
+    fi
+    if [ ! "$PIXELFED_ADMIN_PASSWORD" ]; then
+        return
+    fi
+
+    create_database pixelfed "$PIXELFED_ADMIN_PASSWORD" "$MY_USERNAME"
+}
+
+function reconfigure_pixelfed {
+    # This is used if you need to switch identity. Dump old keys and generate new ones
+    echo -n ''
+}
+
+function configure_interactive_pixelfed {
+    W=(1 $"Option 1"
+       2 $"Option 2")
+
+    while true
+    do
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"pixelfed" --menu $"Choose an operation, or ESC for main menu:" 14 70 3 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+           break
+        fi
+        case $selection in
+            1) # call some function for option 1
+               ;;
+            2) # call some function for option 2
+               ;;
+        esac
+    done
+}
+
+function upgrade_pixelfed {
+    CURR_PIXELFED_COMMIT=$(get_completion_param "pixelfed commit")
+    if [[ "$CURR_PIXELFED_COMMIT" == "$PIXELFED_COMMIT" ]]; then
+        return
+    fi
+
+    if grep -q "pixelfed domain" "$COMPLETION_FILE"; then
+        PIXELFED_DOMAIN_NAME=$(get_completion_param "pixelfed domain")
+    fi
+
+    # update to the next commit
+    set_repo_commit "/var/www/$PIXELFED_DOMAIN_NAME/htdocs" "pixelfed commit" "$PIXELFED_COMMIT" "$PIXELFED_REPO"
+
+    cd "/var/www/${PIXELFED_DOMAIN_NAME}/htdocs" || exit 634873561
+    install_composer
+
+    chown -R www-data:www-data "/var/www/${PIXELFED_DOMAIN_NAME}/htdocs"
+}
+
+function backup_local_pixelfed {
+    PIXELFED_DOMAIN_NAME='pixelfed'
+    if grep -q "pixelfed domain" "$COMPLETION_FILE"; then
+        PIXELFED_DOMAIN_NAME=$(get_completion_param "pixelfed domain")
+    fi
+
+    source_directory=/var/www/${PIXELFED_DOMAIN_NAME}/htdocs
+
+    suspend_site "${PIXELFED_DOMAIN_NAME}"
+
+    dest_directory=pixelfed
+    backup_directory_to_usb "$source_directory" $dest_directory
+
+    backup_database_to_usb pixelfed
+
+    restart_site
+}
+
+function restore_local_pixelfed {
+    if ! grep -q "pixelfed domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    PIXELFED_DOMAIN_NAME=$(get_completion_param "pixelfed domain")
+    if [ ! "$PIXELFED_DOMAIN_NAME" ]; then
+        return
+    fi
+    suspend_site "${PIXELFED_DOMAIN_NAME}"
+    temp_restore_dir=/root/temppixelfed
+    pixelfed_dir=/var/www/${PIXELFED_DOMAIN_NAME}/htdocs
+
+    pixelfed_create_database
+
+    restore_database pixelfed
+    if [ -d $temp_restore_dir ]; then
+        rm -rf $temp_restore_dir
+    fi
+
+    restore_directory_from_usb $temp_restore_dir pixelfed
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$pixelfed_dir" ]; then
+            cp -rp "$temp_restore_dir$pixelfed_dir"/* "$pixelfed_dir"/
+        else
+            if [ ! -d "$pixelfed_dir" ]; then
+                mkdir "$pixelfed_dir"
+            fi
+            cp -rp "$temp_restore_dir"/* "$pixelfed_dir"/
+        fi
+        chown -R www-data:www-data "$pixelfed_dir"
+        rm -rf $temp_restore_dir
+    fi
+    restart_site
+}
+
+function backup_remote_pixelfed {
+    PIXELFED_DOMAIN_NAME='pixelfed'
+    if grep -q "pixelfed domain" "$COMPLETION_FILE"; then
+        PIXELFED_DOMAIN_NAME=$(get_completion_param "pixelfed domain")
+    fi
+
+    source_directory=/var/www/${PIXELFED_DOMAIN_NAME}/htdocs
+
+    suspend_site "${PIXELFED_DOMAIN_NAME}"
+
+    dest_directory=pixelfed
+    backup_directory_to_friend "$source_directory" $dest_directory
+    backup_database_to_friend pixelfed
+
+
+    restart_site
+}
+
+function restore_remote_pixelfed {
+    if ! grep -q "pixelfed domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    PIXELFED_DOMAIN_NAME=$(get_completion_param "pixelfed domain")
+    if [ ! "$PIXELFED_DOMAIN_NAME" ]; then
+        return
+    fi
+    suspend_site "${PIXELFED_DOMAIN_NAME}"
+    temp_restore_dir=/root/temppixelfed
+    pixelfed_dir=/var/www/${PIXELFED_DOMAIN_NAME}/htdocs
+
+    pixelfed_create_database
+
+    restore_database_from_friend pixelfed
+    if [ -d "$temp_restore_dir" ]; then
+        rm -rf $temp_restore_dir
+    fi
+
+    restore_directory_from_friend $temp_restore_dir pixelfed
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$pixelfed_dir" ]; then
+            cp -rp "$temp_restore_dir$pixelfed_dir"/* "$pixelfed_dir"/
+        else
+            if [ ! -d "$pixelfed_dir" ]; then
+                mkdir "$pixelfed_dir"
+            fi
+            cp -rp $temp_restore_dir/* "$pixelfed_dir"/
+        fi
+        chown -R www-data:www-data "$pixelfed_dir"
+        rm -rf $temp_restore_dir
+    fi
+    restart_site
+}
+
+function remove_pixelfed {
+    nginx_dissite "$PIXELFED_DOMAIN_NAME"
+    remove_certs "$PIXELFED_DOMAIN_NAME"
+
+
+    if [ -d "/var/www/$PIXELFED_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$PIXELFED_DOMAIN_NAME"
+    fi
+    if [ -f "/etc/nginx/sites-available/$PIXELFED_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$PIXELFED_DOMAIN_NAME"
+    fi
+    drop_database pixelfed
+    remove_onion_service pixelfed "${PIXELFED_ONION_PORT}"
+    if grep -q "pixelfed" /etc/crontab; then
+        sed -i "/pixelfed/d" /etc/crontab
+    fi
+    remove_app pixelfed
+    remove_completion_param install_pixelfed
+    sed -i '/pixelfed/d' "$COMPLETION_FILE"
+
+    remove_ddns_domain "$PIXELFED_DOMAIN_NAME"
+}
+
+function install_pixelfed {
+    install_mariadb
+
+    get_mariadb_password
+
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
+    apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
+    apt-get -yq install redis-server php-redis autoconf imagemagick imagemagick-dev libtool
+
+    if [ ! "$PIXELFED_DOMAIN_NAME" ]; then
+        echo $'No domain name was given'
+        exit 3568356
+    fi
+
+    if [ -d "/var/www/$PIXELFED_DOMAIN_NAME/htdocs" ]; then
+        rm -rf "/var/www/$PIXELFED_DOMAIN_NAME/htdocs"
+    fi
+    if [ -d /repos/pixelfed ]; then
+        mkdir "/var/www/$PIXELFED_DOMAIN_NAME/htdocs"
+        cp -r -p /repos/pixelfed/. "/var/www/$PIXELFED_DOMAIN_NAME/htdocs"
+        cd "/var/www/$PIXELFED_DOMAIN_NAME/htdocs" || exit 324687356
+        git pull
+    else
+        git_clone "$PIXELFED_REPO" "/var/www/$PIXELFED_DOMAIN_NAME/htdocs"
+    fi
+
+    if [ ! -d "/var/www/$PIXELFED_DOMAIN_NAME/htdocs" ]; then
+        echo $'Unable to clone pixelfed repo'
+        exit 87525
+    fi
+
+    cd "/var/www/$PIXELFED_DOMAIN_NAME/htdocs" || exit 36587356
+    git checkout "$PIXELFED_COMMIT" -b "$PIXELFED_COMMIT"
+    set_completion_param "pixelfed commit" "$PIXELFED_COMMIT"
+
+    install_composer
+
+    chmod g+w "/var/www/$PIXELFED_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$PIXELFED_DOMAIN_NAME/htdocs"
+
+    pixelfed_create_database
+
+    add_ddns_domain "$PIXELFED_DOMAIN_NAME"
+
+    PIXELFED_ONION_HOSTNAME=$(add_onion_service pixelfed 80 "${PIXELFED_ONION_PORT}")
+
+    pixelfed_nginx_site=/etc/nginx/sites-available/$PIXELFED_DOMAIN_NAME
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        nginx_http_redirect "$PIXELFED_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $PIXELFED_DOMAIN_NAME;";
+          echo ''; } >> "$pixelfed_nginx_site"
+        nginx_compress "$PIXELFED_DOMAIN_NAME"
+        echo '' >> "$pixelfed_nginx_site"
+        echo '  # Security' >> "$pixelfed_nginx_site"
+        nginx_ssl "$PIXELFED_DOMAIN_NAME"
+
+        nginx_security_options "$PIXELFED_DOMAIN_NAME"
+
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    access_log /dev/null;';
+          echo '    error_log /dev/null;';
+          echo '';
+          echo "    root /var/www/$PIXELFED_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.php;';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '    fastcgi_param HTTPS on;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$pixelfed_nginx_site"
+        nginx_limits "$PIXELFED_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ /index.php?\$args;";
+          echo '  }';
+          echo '}'; } >> "$pixelfed_nginx_site"
+    else
+        echo -n '' > "$pixelfed_nginx_site"
+    fi
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$PIXELFED_ONION_PORT default_server;";
+      echo "    server_name $PIXELFED_ONION_HOSTNAME;";
+      echo ''; } >> "$pixelfed_nginx_site"
+    nginx_compress "$PIXELFED_DOMAIN_NAME"
+    echo '' >> "$pixelfed_nginx_site"
+    nginx_security_options "$PIXELFED_DOMAIN_NAME"
+    { echo '';
+      echo '    access_log /dev/null;';
+      echo '    error_log /dev/null;';
+      echo '';
+      echo "    root /var/www/$PIXELFED_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '    fastcgi_param HTTPS off;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$pixelfed_nginx_site"
+    nginx_limits "$PIXELFED_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ index.php?\$args;";
+      echo '  }';
+      echo '}'; } >> "$pixelfed_nginx_site"
+
+    configure_php
+
+    cd "/var/www/$PIXELFED_DOMAIN_NAME/htdocs" || exit 36587357
+
+    cp "/var/www/$PIXELFED_DOMAIN_NAME/htdocs/.env.example" "/var/www/$PIXELFED_DOMAIN_NAME/htdocs/.env"
+
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        sed -i "s|APP_URL=http://.*|APP_URL=https://\$PIXELFED_DOMAIN_NAME|g" "/var/www/$PIXELFED_DOMAIN_NAME/htdocs/.env"
+    else
+        sed -i "s|APP_URL=http://.*|APP_URL=http://\$PIXELFED_ONION_HOSTNAME|g" "/var/www/$PIXELFED_DOMAIN_NAME/htdocs/.env"
+    fi
+    sed -i "s|DB_DATABASE=.*|DB_DATABASE=pixelfed|g" "/var/www/$PIXELFED_DOMAIN_NAME/htdocs/.env"
+    sed -i "s|DB_USERNAME=.*|DB_USERNAME=root|g" "/var/www/$PIXELFED_DOMAIN_NAME/htdocs/.env"
+    sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" "/var/www/$PIXELFED_DOMAIN_NAME/htdocs/.env"
+    sed -i "s|MAIL_HOST=.*|MAIL_HOST=localhost|g" "/var/www/$PIXELFED_DOMAIN_NAME/htdocs/.env"
+    sed -i "s|MAIL_PORT=.*|MAIL_PORT=25|g" "/var/www/$PIXELFED_DOMAIN_NAME/htdocs/.env"
+
+    chown -R www-data:www-data "/var/www/$PIXELFED_DOMAIN_NAME/htdocs"
+
+    create_site_certificate "$PIXELFED_DOMAIN_NAME" 'yes'
+
+    nginx_ensite "$PIXELFED_DOMAIN_NAME"
+
+    systemctl restart mariadb
+
+    systemctl restart php7.0-fpm
+
+    systemctl restart nginx
+
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a pixelfed -p "$PIXELFED_ADMIN_PASSWORD"
+    set_completion_param "pixelfed domain" "$PIXELFED_DOMAIN_NAME"
+
+    APP_INSTALLED=1
+}
+
+# NOTE: deliberately there is no "exit 0"

src/freedombone-app-pleroma

@@ -36,7 +36,7 @@ PLEROMA_CODE=
 PLEROMA_PORT=4000
 PLEROMA_ONION_PORT=8011
 PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
-PLEROMA_COMMIT='6b9a6838331210dd514d5ecda52783c183bd1bbf'
+PLEROMA_COMMIT='9d054d30bce383437b6bb07c869047f1cb8e164f'
 PLEROMA_ADMIN_PASSWORD=
 PLEROMA_DIR=/etc/pleroma
 PLEROMA_SECRET_KEY=""
@@ -1207,6 +1207,7 @@ function install_pleroma {
           echo '';
           echo '    proxy_cache pleroma_media_cache;';
           echo '    proxy_cache_lock on;';
+          echo '    proxy_ignore_client_abort on;';
           echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
           echo '  }';
           echo '  # include snippets/well-known.conf;';
@@ -1268,6 +1269,7 @@ function install_pleroma {
       echo '';
       echo '    proxy_cache pleroma_media_cache;';
       echo '    proxy_cache_lock on;';
+      echo '    proxy_ignore_client_abort on;';
       echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
       echo '  }';
       echo '  # include snippets/well-known.conf;';
@@ -1380,7 +1382,8 @@ function install_pleroma {
     systemctl start pleroma
 
     cd $PLEROMA_DIR || exit 1935638
-    mix register_user "$MY_USERNAME" "$MY_USERNAME" "$MY_EMAIL_ADDRESS" $"Your bio goes here" "$PLEROMA_ADMIN_PASSWORD"
+    sudo -u pleroma mix register_user "$MY_USERNAME" "$MY_USERNAME" "$MY_EMAIL_ADDRESS" $"Your bio goes here" "$PLEROMA_ADMIN_PASSWORD"
+    sudo -u pleroma mix set_moderator "$MY_USERNAME" true
 
     APP_INSTALLED=1
 }

src/freedombone-app-xmpp

@@ -43,14 +43,14 @@ XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+
 XMPP_ECC_CURVE='"secp384r1"'
 
 prosody_latest_version='0.10'
-prosody_nightly=478
-prosody_nightly_hash='884e773920dbcd0a748d05391235df3ff2b82285357b13cb347c99564512593e'
+prosody_nightly=485
+prosody_nightly_hash='1b1b6a0daf9fdd3a88c8762751f01f561714c0bd5d907af631d7d036c9e19d39'
 prosody_filename=prosody-${prosody_latest_version}-1nightly${prosody_nightly}
 prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest/${prosody_filename}.tar.gz"
 
 # From https://hg.prosody.im/prosody-modules
-prosody_modules_filename='prosody-modules-20180322.tar.gz'
-prosody_modules_hash='982d0dfcef98e9cb9cee4cc3801b8ce9a503a32e44c32b99df6fe94545b90072'
+prosody_modules_filename='prosody-modules-20180602.tar.gz'
+prosody_modules_hash='c8ea99a3c9ed25e6471cd7de991a58715f1478e3bf3c5866b9f34a9ef8a863dd'
 xmpp_encryption_warning=$"For security reasons, OMEMO or PGP encryption is required for conversations on this server."
 
 XMPP_SHORT_DESCRIPTION=$'Chat system'
@@ -435,6 +435,15 @@ function update_prosody_modules {
         sed -i '/"pep";/a "omemo_all_access"; -- Fix for PEP with OMEMO' /etc/prosody/conf.avail/xmpp.cfg.lua
         sed -i 's|"omemo_all_access";|  "omemo_all_access";|g' /etc/prosody/conf.avail/xmpp.cfg.lua
     fi
+
+    if ! grep -q "block_strangers" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+        sed -i '/"pep";/a "block_strangers"; -- Dont allow messages from strangers' /etc/prosody/conf.avail/xmpp.cfg.lua
+        sed -i 's|"block_strangers";|  "block_strangers";|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+    if ! grep -q "block_strangers" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+        sed -i '/"pep";/a "block_strangers"; -- Dont allow messages from strangers' /etc/prosody/conf.avail/xmpp.cfg.lua
+        sed -i 's|"block_strangers";|  "block_strangers";|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
 }
 
 function prosody_daemon_restart_script {
@@ -748,6 +757,7 @@ function xmpp_modules {
       echo '  "blocklist"; -- Privacy lists';
       echo '  "privacy_lists"; -- Privacy lists';
       echo '  "blocking"; -- Blocking command';
+      echo '  "block_strangers"; -- Dont allow messages from strangers';
       echo '  "roster"; -- Roster versioning';
       echo '  "offline_email"; -- If offline send to email';
       echo '  "offline"; -- Store offline messages';

src/freedombone-controlpanel

@@ -1999,7 +1999,16 @@ function menu_top_level {
             2) menu_backup_restore;;
             3) menu_app_settings;;
             4) if ! /usr/local/bin/addremove; then
+                   if [ -d /etc/matrix ]; then
+                       systemctl restart matrix
+                       systemctl restart nginx
+                   fi
                    any_key
+               else
+                   if [ -d /etc/matrix ]; then
+                       systemctl restart matrix
+                       systemctl restart nginx
+                   fi
                fi
                ;;
             5) logging_on_off;;

src/freedombone-template

@@ -999,7 +999,7 @@ if [ $app_daemon ]; then
     echo "      echo 'StandardError=syslog';"
     echo "      echo '';"
     echo "      echo '[Install]';"
-    echo "      echo 'WantedBy=multi-user.target'; } >> \"/etc/systemd/system/${app_name}.service\""
+    echo "      echo 'WantedBy=multi-user.target'; } > \"/etc/systemd/system/${app_name}.service\""
     echo "    systemctl enable ${app_name}"
     if [ "$app_dir" ]; then
         echo "    chown -R ${app_name}:${app_name} \"${app_dir}\""