Tidying

src/freedombone-app-mediagoblin

@@ -71,7 +71,7 @@ function mediagoblin_fix_email {
     if ! grep -q 'import os' $mgfile; then
         sed -i '/import sys/a import os' $mgfile
     fi
-    sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile
+    sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \\| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile
 }
 
 function install_interactive_mediagoblin {
@@ -92,7 +92,7 @@ function configure_interactive_mediagoblin {
     dialog --title $"Mediagoblin" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nAllow registration of new users?" 10 60
+           --yesno $"\\nAllow registration of new users?" 10 60
     sel=$?
     case $sel in
         0)
@@ -139,7 +139,7 @@ function reconfigure_mediagoblin {
 }
 
 function upgrade_mediagoblin {
-    CURR_MEDIAGOBLIN_COMMIT=$(cat $COMPLETION_FILE | grep "mediagoblin commit" | awk -F ':' '{print $2}')
+    CURR_MEDIAGOBLIN_COMMIT=$(grep "mediagoblin commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     if [[ "$CURR_MEDIAGOBLIN_COMMIT" != "$MEDIAGOBLIN_COMMIT" ]]; then
         MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
         su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && git stash && git pull" - mediagoblin
@@ -182,6 +182,7 @@ function restore_local_mediagoblin {
         else
             cp -r ${temp_restore_dir}/* $MEDIAGOBLIN_BASE_DIR/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check restore_directory_from_usb
             set_user_permissions
@@ -195,6 +196,7 @@ function restore_local_mediagoblin {
         else
             cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check set_user_permissions
             set_user_permissions
@@ -214,24 +216,25 @@ function backup_remote_mediagoblin {
     MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
     if [ -d /etc/mediagoblin ]; then
         echo $"Backing up mediagoblin"
-        backup_directory_to_friend $MEDIAGOBLIN_BASE_DIR mediagoblin
+        backup_directory_to_friend "$MEDIAGOBLIN_BASE_DIR" mediagoblin
         backup_directory_to_friend /var/lib/mediagoblin mediagoblindata
     fi
 }
 
 function restore_remote_mediagoblin {
     MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
-    if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/mediagoblin" ]; then
         temp_restore_dir=/root/tempmediagoblin
         function_check get_completion_param
         MEDIAGOBLIN_DOMAIN_NAME=$(get_completion_param "mediagoblin domain")
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir mediagoblin
-        if [ -d ${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR ]; then
-            cp -r ${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR/* $MEDIAGOBLIN_BASE_DIR/
+        if [ -d "${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR" ]; then
+            cp -r "${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR/*" "$MEDIAGOBLIN_BASE_DIR/"
         else
-            cp -r ${temp_restore_dir}/* $MEDIAGOBLIN_BASE_DIR/
+            cp -r "${temp_restore_dir}/*" "$MEDIAGOBLIN_BASE_DIR/"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 264824
         fi
@@ -241,12 +244,13 @@ function restore_remote_mediagoblin {
         else
             cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 268492
         fi
         rm -rf ${temp_restore_dir}
         rm -rf ${temp_restore_dir}2
-        chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR
+        chown -hR mediagoblin:www-data "$MEDIAGOBLIN_BASE_DIR"
         chown -hR mediagoblin:www-data /var/lib/mediagoblin
         chmod -R g+wx /var/lib/mediagoblin
     fi
@@ -264,17 +268,17 @@ function remove_mediagoblin {
 
     function_check remove_onion_service
     remove_onion_service mediagoblin ${MEDIAGOBLIN_ONION_PORT}
-    nginx_dissite $MEDIAGOBLIN_DOMAIN_NAME
-    remove_certs $MEDIAGOBLIN_DOMAIN_NAME
+    nginx_dissite "$MEDIAGOBLIN_DOMAIN_NAME"
+    remove_certs "$MEDIAGOBLIN_DOMAIN_NAME"
     if [ -d /var/lib/mediagoblin ]; then
         rm -rf /var/lib/mediagoblin
     fi
-    if [ -d $MEDIAGOBLIN_BASE_DIR ]; then
-        rm -rf $MEDIAGOBLIN_BASE_DIR
+    if [ -d "$MEDIAGOBLIN_BASE_DIR" ]; then
+        rm -rf "$MEDIAGOBLIN_BASE_DIR"
     fi
     remove_completion_param "install_mediagoblin"
     remove_completion_param "mediagoblin domain"
-    sed -i '/mediagoblin/d' $COMPLETION_FILE
+    sed -i '/mediagoblin/d' "$COMPLETION_FILE"
 
     remove_nodejs mediagoblin
 
@@ -282,11 +286,11 @@ function remove_mediagoblin {
     userdel -r mediagoblin
 
     function_check remove_ddns_domain
-    remove_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
+    remove_ddns_domain "$MEDIAGOBLIN_DOMAIN_NAME"
 }
 
 function install_mediagoblin {
-    if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
+    if [ ! "$MEDIAGOBLIN_DOMAIN_NAME" ]; then
         return
     fi
 
@@ -304,17 +308,17 @@ function install_mediagoblin {
     useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin
     usermod --append -G mediagoblin mediagoblin
     mkdir -p /var/lib/mediagoblin
-    mkdir -p $MEDIAGOBLIN_BASE_DIR
-    chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR
+    mkdir -p "$MEDIAGOBLIN_BASE_DIR"
+    chown -hR mediagoblin:www-data "$MEDIAGOBLIN_BASE_DIR"
     chown -hR mediagoblin:www-data /var/lib/mediagoblin
     chmod -R g+wx /var/lib/mediagoblin
 
     if [ -d /repos/mediagoblin ]; then
-        mkdir -p $MEDIAGOBLIN_BASE_DIR/mediagoblin
-        cp -r -p /repos/mediagoblin/. $MEDIAGOBLIN_BASE_DIR/mediagoblin
-        cd $MEDIAGOBLIN_BASE_DIR/mediagoblin
+        mkdir -p "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
+        cp -r -p /repos/mediagoblin/. "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
+        cd "$MEDIAGOBLIN_BASE_DIR/mediagoblin" || exit 347593563
         git pull
-        chown -R mediagoblin:mediagoblin $MEDIAGOBLIN_BASE_DIR/mediagoblin
+        chown -R mediagoblin:mediagoblin "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
     else
         su -c "cd $MEDIAGOBLIN_BASE_DIR && git clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_BASE_DIR/mediagoblin" - mediagoblin
     fi
@@ -340,7 +344,7 @@ function install_mediagoblin {
             gstreamer1.0-plugins-ugly \
             gstreamer1.0-libav \
             python-gst-1.0 python3-gst-1.0
-    cd $MEDIAGOBLIN_BASE_DIR/mediagoblin
+    cd "$MEDIAGOBLIN_BASE_DIR/mediagoblin" || exit 76345672472
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.video]]' | tee -a mediagoblin_local.ini" - mediagoblin
 
     # Audio plugin
@@ -349,14 +353,14 @@ function install_mediagoblin {
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.audio]]' | tee -a mediagoblin_local.ini" - mediagoblin
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && bin/pip install scikits.audiolab" - mediagoblin
 
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        MEDIAGOBLIN_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        MEDIAGOBLIN_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $MEDIAGOBLIN_ADMIN_PASSWORD ]; then
-            MEDIAGOBLIN_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$MEDIAGOBLIN_ADMIN_PASSWORD" ]; then
+            MEDIAGOBLIN_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a mediagoblin -p "$MEDIAGOBLIN_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a mediagoblin -p "$MEDIAGOBLIN_ADMIN_PASSWORD"
 
     MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT})
     set_completion_param "mediagoblin domain" "${MEDIAGOBLIN_DOMAIN_NAME}"
@@ -365,157 +369,157 @@ function install_mediagoblin {
 
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME
-        echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    default_type  application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+        nginx_http_redirect "$MEDIAGOBLIN_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo '    include /etc/nginx/mime.types;';
+          echo '';
+          echo '    autoindex off;';
+          echo '    default_type  application/octet-stream;';
+          echo '    sendfile on;';
+          echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
         function_check nginx_ssl
-        nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
+        nginx_ssl "$MEDIAGOBLIN_DOMAIN_NAME"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+        nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    send_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    fastcgi_read_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    fastcgi_send_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "    server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    error_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-
-        echo '    location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+        nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
+        { echo '';
+          echo '    client_header_timeout 10m;';
+          echo '    client_body_timeout 10m;';
+          echo '    send_timeout 10m;';
+          echo '';
+          echo '    fastcgi_read_timeout 600;';
+          echo '    fastcgi_send_timeout 600;';
+          echo '';
+          echo '    gzip on;';
+          echo '    gzip_min_length 1024;';
+          echo '    gzip_buffers 4 32k;';
+          echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;';
+          echo '';
+          echo "    server_name $MEDIAGOBLIN_DOMAIN_NAME;";
+          echo '    access_log /dev/null;';
+          echo '    error_log /dev/null;';
+          echo '';
+
+          echo '    location /mgoblin_static/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;";
+          echo '    }';
+          echo '';
+          echo '    location /mgoblin_media/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;";
+          echo '    }';
+          echo '';
+          echo '    location /theme_static/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;";
+          echo '    }';
+          echo '';
+          echo '    location /plugin_static/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;";
+          echo '    }';
+          echo '';
+          echo '    location / {';
+          echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;";
+          echo '        include /etc/nginx/fastcgi_params;';
+          echo "        fastcgi_param PATH_INFO \$fastcgi_script_name;";
+          echo '        fastcgi_param SCRIPT_NAME "";';
+          echo '        fastcgi_read_timeout 30;';
+          echo '    }';
+          echo '}'; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
     else
-        echo -n '' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+        echo -n '' > "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
     fi
-    echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    default_type  application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;";
+      echo '    include /etc/nginx/mime.types;';
+      echo '';
+      echo '    autoindex off;';
+      echo '    default_type  application/octet-stream;';
+      echo '    sendfile on;';
+      echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+    nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    send_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    fastcgi_read_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    fastcgi_send_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "    server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    error_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-
-    echo '    location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-
-    echo '[Unit]' > /etc/systemd/system/mediagoblin.service
-    echo 'Description=Media service' >> /etc/systemd/system/mediagoblin.service
-    echo 'Requires=network.target' >> /etc/systemd/system/mediagoblin.service
-    echo 'After=network.target' >> /etc/systemd/system/mediagoblin.service
-    echo '' >> /etc/systemd/system/mediagoblin.service
-    echo '[Service]' >> /etc/systemd/system/mediagoblin.service
-    echo 'Type=simple' >> /etc/systemd/system/mediagoblin.service
-    echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin.service
-    echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin.service
-    echo "WorkingDirectory=$MEDIAGOBLIN_BASE_DIR/mediagoblin/" >> /etc/systemd/system/mediagoblin.service
-    echo "ExecStart=$MEDIAGOBLIN_BASE_DIR/mediagoblin/lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=$MEDIAGOBLIN_PORT" >> /etc/systemd/system/mediagoblin.service
-    echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini CELERY_ALWAYS_EAGER=true" >> /etc/systemd/system/mediagoblin.service
-    echo 'Restart=always' >> /etc/systemd/system/mediagoblin.service
-    echo 'RestartSec=10' >> /etc/systemd/system/mediagoblin.service
-    echo '' >> /etc/systemd/system/mediagoblin.service
-    echo '[Install]' >> /etc/systemd/system/mediagoblin.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin.service
+    nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
+    { echo '';
+      echo '    client_header_timeout 10m;';
+      echo '    client_body_timeout 10m;';
+      echo '    send_timeout 10m;';
+      echo '';
+      echo '    fastcgi_read_timeout 600;';
+      echo '    fastcgi_send_timeout 600;';
+      echo '';
+      echo '    gzip on;';
+      echo '    gzip_min_length 1024;';
+      echo '    gzip_buffers 4 32k;';
+      echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;';
+      echo '';
+      echo "    server_name $MEDIAGOBLIN_ONION_HOSTNAME;";
+      echo '    access_log /dev/null;';
+      echo '    error_log /dev/null;';
+      echo '';
+
+      echo '    location /mgoblin_static/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;";
+      echo '    }';
+      echo '';
+      echo '    location /mgoblin_media/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;";
+      echo '    }';
+      echo '';
+      echo '    location /theme_static/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;";
+      echo '    }';
+      echo '';
+      echo '    location /plugin_static/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;";
+      echo '    }';
+      echo '';
+      echo '    location / {';
+      echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;";
+      echo '        include /etc/nginx/fastcgi_params;';
+      echo "        fastcgi_param PATH_INFO \$fastcgi_script_name;";
+      echo '        fastcgi_param SCRIPT_NAME "";';
+      echo '        fastcgi_read_timeout 30;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
+
+    { echo '[Unit]';
+      echo 'Description=Media service';
+      echo 'Requires=network.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=mediagoblin';
+      echo 'Group=mediagoblin';
+      echo "WorkingDirectory=$MEDIAGOBLIN_BASE_DIR/mediagoblin/";
+      echo "ExecStart=$MEDIAGOBLIN_BASE_DIR/mediagoblin/lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=$MEDIAGOBLIN_PORT";
+      echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini CELERY_ALWAYS_EAGER=true";
+      echo 'Restart=always';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/mediagoblin.service
     chmod +x /etc/systemd/system/mediagoblin.service
 
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg dbupdate" - mediagoblin
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg adduser --username $MY_USERNAME --password $MY_USERNAME $MEDIAGOBLIN_ADMIN_PASSWORD" - mediagoblin
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg makeadmin $MY_USERNAME" - mediagoblin
 
-    sed -i 's|email_debug_mode.*|email_debug_mode = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-    sed -i "s|email_sender_address.*|email_sender_address = \"noreply@${DEFAULT_DOMAIN_NAME}\"|g" $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
+    sed -i 's|email_debug_mode.*|email_debug_mode = false|g' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
+    sed -i "s|email_sender_address.*|email_sender_address = \"noreply@${DEFAULT_DOMAIN_NAME}\"|g" "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
 
-    sed -i 's|allow_reporting.*|allow_reporting = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
+    sed -i 's|allow_reporting.*|allow_reporting = false|g' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
 
-    if ! grep -q '[[[skip_transcode]]]' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini; then
-        echo '[[[skip_transcode]]]' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'container_formats = Matroska, Ogg, ISO MP4/M4A' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'video_codecs = VP8 video, VP9 video, Theora, H.264, H.264 / AVC, MPEG-4 video' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'audio_codecs = Vorbis, MPEG-4 AAC' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'dimensions_match = false' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
+    if ! grep -q '[[[skip_transcode]]]' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"; then
+        { echo '[[[skip_transcode]]]';
+          echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex';
+          echo 'container_formats = Matroska, Ogg, ISO MP4/M4A';
+          echo 'video_codecs = VP8 video, VP9 video, Theora, H.264, H.264 / AVC, MPEG-4 video';
+          echo 'audio_codecs = Vorbis, MPEG-4 AAC';
+          echo 'dimensions_match = false'; } >> "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
     fi
 
     systemctl enable mediagoblin
@@ -529,18 +533,18 @@ function install_mediagoblin {
     fi
 
     function_check create_site_certificate
-    create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME 'yes'
+    create_site_certificate "$MEDIAGOBLIN_DOMAIN_NAME" 'yes'
 
     function_check configure_php
     configure_php
 
-    nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
+    nginx_ensite "$MEDIAGOBLIN_DOMAIN_NAME"
 
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
     function_check add_ddns_domain
-    add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
+    add_ddns_domain "$MEDIAGOBLIN_DOMAIN_NAME"
 
     chown -hR mediagoblin:www-data /var/lib/mediagoblin
     chmod -R g+wx /var/lib/mediagoblin

src/freedombone-app-movim

@@ -58,19 +58,19 @@ function logging_off_movim {
 function remove_user_movim {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp movim
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp movim
 }
 
 function add_user_movim {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a movim -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a movim -p "$new_user_password"
     echo '0'
 }
 
 function install_interactive_movim {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -80,39 +80,38 @@ function install_interactive_movim {
         MOVIM_DETAILS_COMPLETE=
         while [ ! $MOVIM_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Movim Configuration" \
-                       --form $"\nPlease enter your Movim details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
+                       --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
                        $"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Code:" 2 1 "$(grep 'MOVIM_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Movim Configuration" \
-                       --form $"\nPlease enter your Movim details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
+                       --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
                        $"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
                 1) exit 1;;
                 255) exit 1;;
             esac
-            MOVIM_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $MOVIM_DOMAIN_NAME ]; then
+            MOVIM_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$MOVIM_DOMAIN_NAME" ]; then
                 TEST_DOMAIN_NAME=$MOVIM_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $MOVIM_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$MOVIM_DOMAIN_NAME" ]]; then
                     MOVIM_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        MOVIM_CODE=$(cat $data | sed -n 2p)
+                        MOVIM_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$MOVIM_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             MOVIM_DOMAIN_NAME=
                         fi
                     fi
@@ -121,6 +120,7 @@ function install_interactive_movim {
             if [ $MOVIM_DOMAIN_NAME ]; then
                 MOVIM_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -136,23 +136,23 @@ function change_password_movim {
 
     read_config_param 'MOVIM_DOMAIN_NAME'
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a movim -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a movim -p "$new_user_password"
 }
 
 function movim_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        MOVIM_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        MOVIM_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $MOVIM_ADMIN_PASSWORD ]; then
-            MOVIM_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$MOVIM_ADMIN_PASSWORD" ]; then
+            MOVIM_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $MOVIM_ADMIN_PASSWORD ]; then
+    if [ ! "$MOVIM_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database movim "$MOVIM_ADMIN_PASSWORD" $MY_USERNAME
+    create_database movim "$MOVIM_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_movim {
@@ -165,35 +165,35 @@ function upgrade_movim {
         return
     fi
 
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
         MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$MOVIM_DOMAIN_NAME/htdocs "movim commit" "$MOVIM_COMMIT" $MOVIM_REPO
+    set_repo_commit "/var/www/$MOVIM_DOMAIN_NAME/htdocs" "movim commit" "$MOVIM_COMMIT" "$MOVIM_REPO"
 
-    cd /var/www/${MOVIM_DOMAIN_NAME}/htdocs
+    cd "/var/www/${MOVIM_DOMAIN_NAME}/htdocs" || exit 6734824522
     php composer.phar install
     php mud.php db --set
-    chown -R www-data:www-data /var/www/${MOVIM_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${MOVIM_DOMAIN_NAME}/htdocs"
 }
 
 
 function backup_local_movim {
     MOVIM_DOMAIN_NAME='movim'
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
         MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
     fi
 
-    source_directory=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/${MOVIM_DOMAIN_NAME}/htdocs"
+    if [ -d "$source_directory" ]; then
         dest_directory=movim
         function_check suspend_site
-        suspend_site ${MOVIM_DOMAIN_NAME}
+        suspend_site "${MOVIM_DOMAIN_NAME}"
 
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check backup_database_to_usb
         backup_database_to_usb movim
@@ -204,28 +204,28 @@ function backup_local_movim {
 }
 
 function restore_local_movim {
-    if ! grep -q "movim domain" $COMPLETION_FILE; then
+    if ! grep -q "movim domain" "$COMPLETION_FILE"; then
         return
     fi
     MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
-    if [ $MOVIM_DOMAIN_NAME ]; then
+    if [ "$MOVIM_DOMAIN_NAME" ]; then
         echo $"Restoring movim"
         temp_restore_dir=/root/tempmovim
         movim_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
         # stop the daemons
-        cd $movim_dir
+        cd "$movim_dir" || exit 7856724252
         su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
 
         function_check movim_create_database
         movim_create_database
 
-        restore_database movim ${MOVIM_DOMAIN_NAME}
+        restore_database movim "${MOVIM_DOMAIN_NAME}"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 2468724682
         sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
         MARIADB_PASSWORD=
 
@@ -234,18 +234,18 @@ function restore_local_movim {
 }
 
 function backup_remote_movim {
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
         MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
         temp_backup_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
             function_check suspend_site
-            suspend_site ${MOVIM_DOMAIN_NAME}
+            suspend_site "${MOVIM_DOMAIN_NAME}"
 
             function_check backup_database_to_friend
             backup_database_to_friend movim
 
             function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir movim
+            backup_directory_to_friend "$temp_backup_dir" movim
 
             function_check restart_site
             restart_site
@@ -256,25 +256,25 @@ function backup_remote_movim {
 }
 
 function restore_remote_movim {
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
         echo $"Restoring movim"
         MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
 
         # stop the daemons
-        cd /var/www/${MOVIM_DOMAIN_NAME}/htdocs
+        cd "/var/www/${MOVIM_DOMAIN_NAME}/htdocs" || exit 524792846827
         su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
 
         function_check movim_create_database
         movim_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend movim ${MOVIM_DOMAIN_NAME}
+        restore_database_from_friend movim "${MOVIM_DOMAIN_NAME}"
         if [ -d /root/tempmovim ]; then
             rm -rf /root/tempmovim
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 4242462487
         sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
         MARIADB_PASSWORD=
 
@@ -298,14 +298,14 @@ function remove_movim {
 
     read_config_param "MY_USERNAME"
     echo "Removing $MOVIM_DOMAIN_NAME"
-    nginx_dissite $MOVIM_DOMAIN_NAME
-    remove_certs $MOVIM_DOMAIN_NAME
+    nginx_dissite "$MOVIM_DOMAIN_NAME"
+    remove_certs "$MOVIM_DOMAIN_NAME"
 
-    if [ -d /var/www/$MOVIM_DOMAIN_NAME ]; then
-        rm -rf /var/www/$MOVIM_DOMAIN_NAME
+    if [ -d "/var/www/$MOVIM_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$MOVIM_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$MOVIM_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$MOVIM_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database movim
@@ -316,15 +316,15 @@ function remove_movim {
     fi
     remove_app movim
     remove_completion_param install_movim
-    sed -i '/movim/d' $COMPLETION_FILE
+    sed -i '/movim/d' "$COMPLETION_FILE"
     remove_backup_database_local movim
 
     function_check remove_ddns_domain
-    remove_ddns_domain $MOVIM_DOMAIN_NAME
+    remove_ddns_domain "$MOVIM_DOMAIN_NAME"
 }
 
 function install_movim {
-    if [ ! $MOVIM_DOMAIN_NAME ]; then
+    if [ ! "$MOVIM_DOMAIN_NAME" ]; then
         echo $'No domain name was given for movim'
         exit 72572
     fi
@@ -333,7 +333,7 @@ function install_movim {
         return
     fi
 
-    movim_hourly_script movim $MOVIM_DOMAIN_NAME
+    movim_hourly_script movim "$MOVIM_DOMAIN_NAME"
 
     function_check install_mariadb
     install_mariadb
@@ -347,221 +347,221 @@ function install_movim {
     apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
     apt-get -yq install php-memcached php-intl exiftool php-imagick libfcgi0ldbl
 
-    if [ ! -d /var/www/$MOVIM_DOMAIN_NAME ]; then
-        mkdir /var/www/$MOVIM_DOMAIN_NAME
+    if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$MOVIM_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/movim ]; then
-            mkdir /var/www/$MOVIM_DOMAIN_NAME/htdocs
-            cp -r -p /repos/movim/. /var/www/$MOVIM_DOMAIN_NAME/htdocs
-            cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/movim/. "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
+            cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 3768568325
             git pull
         else
             function_check git_clone
-            git_clone $MOVIM_REPO /var/www/$MOVIM_DOMAIN_NAME/htdocs
+            git_clone "$MOVIM_REPO" "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone movim repo'
             exit 76285
         fi
     fi
 
-    cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
+    cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 7345247242
     git checkout $MOVIM_COMMIT -b $MOVIM_COMMIT
     set_completion_param "movim commit" "$MOVIM_COMMIT"
 
     # default login
-    if [ ! -f /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php ]; then
+    if [ ! -f "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php" ]; then
         echo $'Unable to find Config.php'
         exit 72352
     fi
-    sed -i "s|'admin'|'${MY_USERNAME}'|g" /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php
-    sed -i "s|'password'|'${MOVIM_ADMIN_PASSWORD}'|g" /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php
+    sed -i "s|'admin'|'${MY_USERNAME}'|g" "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php"
+    sed -i "s|'password'|'${MOVIM_ADMIN_PASSWORD}'|g" "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php"
 
     # Fix typo
     sed -i 's|weksocket|websocket|g' app/widgets/AdminTest/admintest.js
 
-    cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
+    cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 784368245224
     install_composer
 
-    cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+    cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 6428764224
     cp db.example.inc.php db.inc.php
     sed -i "s|'username'.*|'username'    => 'root',|g" db.inc.php
     sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
     sed -i "s|'database'.*|'database'    => 'movim'|g" db.inc.php
     php mud.php db --set
 
-    chmod u+rwx /var/www/$MOVIM_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$MOVIM_DOMAIN_NAME/htdocs
+    chmod u+rwx "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
 
     function_check movim_create_database
     movim_create_database
 
     function_check add_ddns_domain
-    add_ddns_domain $MOVIM_DOMAIN_NAME
+    add_ddns_domain "$MOVIM_DOMAIN_NAME"
 
     MOVIM_ONION_HOSTNAME=$(add_onion_service movim 80 ${MOVIM_ONION_PORT})
 
-    echo '[Unit]' > /etc/systemd/system/movim.service
-    echo 'Description=Movim daemon' >> /etc/systemd/system/movim.service
-    echo 'After=network.target nginx.target' >> /etc/systemd/system/movim.service
-    echo '' >> /etc/systemd/system/movim.service
-    echo '[Service]' >> /etc/systemd/system/movim.service
-    echo 'Type=simple' >> /etc/systemd/system/movim.service
-    echo 'User=www-data' >> /etc/systemd/system/movim.service
-    echo "WorkingDirectory=/var/www/$MOVIM_DOMAIN_NAME/htdocs" >> /etc/systemd/system/movim.service
+    { echo '[Unit]';
+      echo 'Description=Movim daemon';
+      echo 'After=network.target nginx.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=www-data';
+      echo "WorkingDirectory=/var/www/$MOVIM_DOMAIN_NAME/htdocs"; } > /etc/systemd/system/movim.service
     if [[ $ONION_ONLY == 'no' ]]; then
         echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=https://$MOVIM_DOMAIN_NAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service
     else
         echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=http://$MOVIM_ONION_HOSTNAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service
     fi
-    echo 'StandardOutput=syslog' >> /etc/systemd/system/movim.service
-    echo 'SyslogIdentifier=movim' >> /etc/systemd/system/movim.service
-    echo 'PIDFile=/run/movim.pid' >> /etc/systemd/system/movim.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/movim.service
-    echo 'RestartSec=10' >> /etc/systemd/system/movim.service
-    echo '' >> /etc/systemd/system/movim.service
-    echo '[Install]' >> /etc/systemd/system/movim.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/movim.service
+    { echo 'StandardOutput=syslog';
+      echo 'SyslogIdentifier=movim';
+      echo 'PIDFile=/run/movim.pid';
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } >> /etc/systemd/system/movim.service
     systemctl enable movim
     systemctl daemon-reload
 
     movim_nginx_site=/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $MOVIM_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $movim_nginx_site
-        echo '  listen 443 ssl;' >> $movim_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $movim_nginx_site
-        echo "  server_name $MOVIM_DOMAIN_NAME;" >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
+        nginx_http_redirect "$MOVIM_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $MOVIM_DOMAIN_NAME;";
+          echo ''; } >> "$movim_nginx_site"
         function_check nginx_compress
-        nginx_compress $MOVIM_DOMAIN_NAME
-        echo '' >> $movim_nginx_site
-        echo '  # Security' >> $movim_nginx_site
+        nginx_compress "$MOVIM_DOMAIN_NAME"
+        echo '' >> "$movim_nginx_site"
+        echo '  # Security' >> "$movim_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $MOVIM_DOMAIN_NAME
+        nginx_ssl "$MOVIM_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $MOVIM_DOMAIN_NAME
-
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Logs' >> $movim_nginx_site
-        echo '  access_log /dev/null;' >> $movim_nginx_site
-        echo '  error_log /dev/null;' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Root' >> $movim_nginx_site
-        echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;" >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Index' >> $movim_nginx_site
-        echo '  index index.php;' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # PHP' >> $movim_nginx_site
-        echo '  location ~ \.php {' >> $movim_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $movim_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Location' >> $movim_nginx_site
-        echo '  location / {' >> $movim_nginx_site
+        nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
+
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$movim_nginx_site"
         function_check nginx_limits
-        nginx_limits $MOVIM_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @movim;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  location /ws/ {' >> $movim_nginx_site
-        echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;" >> $movim_nginx_site
-        echo '    proxy_http_version 1.1;' >> $movim_nginx_site
-        echo '    proxy_set_header Upgrade $http_upgrade;' >> $movim_nginx_site
-        echo '    proxy_set_header Connection "Upgrade";' >> $movim_nginx_site
-        echo '    proxy_set_header Host $host;' >> $movim_nginx_site
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $movim_nginx_site
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $movim_nginx_site
-        echo '    proxy_set_header X-Forwarded-Proto https;' >> $movim_nginx_site
-        echo '    proxy_redirect off;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Fancy URLs' >> $movim_nginx_site
-        echo '  location @movim {' >> $movim_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $movim_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $movim_nginx_site
-        echo '    deny all;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '}' >> $movim_nginx_site
+        nginx_limits "$MOVIM_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @movim;";
+          echo '  }';
+          echo '';
+          echo '  location /ws/ {';
+          echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;";
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo '    proxy_set_header Connection "Upgrade";';
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '    proxy_set_header X-Forwarded-Proto https;';
+          echo '    proxy_redirect off;';
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @movim {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '}'; } >> "$movim_nginx_site"
     else
-        echo -n '' > $movim_nginx_site
+        echo -n '' > "$movim_nginx_site"
     fi
-    echo 'server {' >> $movim_nginx_site
-    echo "    listen 127.0.0.1:$MOVIM_ONION_PORT default_server;" >> $movim_nginx_site
-    echo "    server_name $MOVIM_DOMAIN_NAME;" >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$MOVIM_ONION_PORT default_server;";
+      echo "    server_name $MOVIM_DOMAIN_NAME;";
+      echo ''; } >> "$movim_nginx_site"
     function_check nginx_compress
-    nginx_compress $MOVIM_DOMAIN_NAME
-    echo '' >> $movim_nginx_site
+    nginx_compress "$MOVIM_DOMAIN_NAME"
+    echo '' >> "$movim_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $MOVIM_DOMAIN_NAME
-    echo '' >> $movim_nginx_site
-    echo '  # Logs' >> $movim_nginx_site
-    echo '  access_log /dev/null;' >> $movim_nginx_site
-    echo '  error_log /dev/null;' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Root' >> $movim_nginx_site
-    echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;" >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Index' >> $movim_nginx_site
-    echo '  index index.php;' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # PHP' >> $movim_nginx_site
-    echo '  location ~ \.php {' >> $movim_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $movim_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Location' >> $movim_nginx_site
-    echo '  location / {' >> $movim_nginx_site
+    nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$movim_nginx_site"
     function_check nginx_limits
-    nginx_limits $MOVIM_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @movim;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  location /ws/ {' >> $movim_nginx_site
-    echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;" >> $movim_nginx_site
-    echo '    proxy_http_version 1.1;' >> $movim_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $movim_nginx_site
-    echo '    proxy_set_header Connection "Upgrade";' >> $movim_nginx_site
-    echo '    proxy_set_header Host $host;' >> $movim_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $movim_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $movim_nginx_site
-    echo '    proxy_set_header X-Forwarded-Proto https;' >> $movim_nginx_site
-    echo '    proxy_redirect off;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Fancy URLs' >> $movim_nginx_site
-    echo '  location @movim {' >> $movim_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $movim_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $movim_nginx_site
-    echo '    deny all;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '}' >> $movim_nginx_site
+    nginx_limits "$MOVIM_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @movim;";
+      echo '  }';
+      echo '';
+      echo '  location /ws/ {';
+      echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection "Upgrade";';
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '    proxy_set_header X-Forwarded-Proto https;';
+      echo '    proxy_redirect off;';
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @movim {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '}'; } >> "$movim_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $MOVIM_DOMAIN_NAME 'yes'
+    create_site_certificate "$MOVIM_DOMAIN_NAME" 'yes'
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -572,9 +572,9 @@ function install_movim {
     backup_database_local movim
 
     function_check nginx_ensite
-    nginx_ensite $MOVIM_DOMAIN_NAME
+    nginx_ensite "$MOVIM_DOMAIN_NAME"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a movim -p "$MOVIM_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a movim -p "$MOVIM_ADMIN_PASSWORD"
 
     set_completion_param "movim domain" "$MOVIM_DOMAIN_NAME"
 

src/freedombone-app-mumble

@@ -86,7 +86,7 @@ function upgrade_mumble {
         usermod -a -G ssl-cert mumble-server
     fi
 
-    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
         if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
             sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
             sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
@@ -117,17 +117,18 @@ function backup_local_mumble {
 }
 
 function restore_local_mumble {
-    if [ -d $USB_MOUNT/backup/mumble ]; then
+    if [ -d "$USB_MOUNT/backup/mumble" ]; then
         echo $"Restoring mumble settings"
         temp_restore_dir=/root/tempmumble
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir voip
         restore_directory_from_usb $temp_restore_dir mumble
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini" /etc/
         else
             cp -f $temp_restore_dir/mumble-server.ini /etc/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             function_check set_user_permissions
@@ -136,11 +137,12 @@ function restore_local_mumble {
             backup_unmount_drive
             exit 3679
         fi
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite" /var/lib/mumble-server/
         else
             cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             function_check set_user_permissions
@@ -171,29 +173,27 @@ function backup_remote_mumble {
 }
 
 function restore_remote_mumble {
-    if [ -d $SERVER_DIRECTORY/backup/mumble ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/mumble" ]; then
         echo $"Restoring Mumble settings"
         temp_restore_dir=/root/tempmumble
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir mumble
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini" /etc/
         else
             cp -f $temp_restore_dir/mumble-server.ini /etc/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             exit 7823
         fi
-        if [ ! "$?" = "0" ]; then
-            rm -rf $temp_restore_dir
-            exit 7823
-        fi
-        if [ $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite" /var/lib/mumble-server/
         else
             cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             exit 276
@@ -221,7 +221,7 @@ function remove_mumble {
     fi
     function_check remove_onion_service
     remove_onion_service mumble ${MUMBLE_PORT}
-    sed -i '/mumble/d' $COMPLETION_FILE
+    sed -i '/mumble/d' "$COMPLETION_FILE"
 }
 
 function configure_firewall_for_mumble {
@@ -238,34 +238,34 @@ function configure_firewall_for_mumble {
 function install_mumble {
     apt-get -yq install mumble-server
 
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        MUMBLE_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        MUMBLE_SERVER_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $MUMBLE_SERVER_PASSWORD ]; then
-            MUMBLE_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-            if [ ${#MUMBLE_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
-                MUMBLE_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$MUMBLE_SERVER_PASSWORD" ]; then
+            MUMBLE_SERVER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+            if [ ${#MUMBLE_SERVER_PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
+                MUMBLE_SERVER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
             fi
         fi
     fi
 
     if [[ ${ONION_ONLY} == 'no' ]]; then
-        if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then
-            mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
+        if [ ! -d "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs" ]; then
+            mkdir "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs"
         fi
-        if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
-                rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt
+        if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
+            if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
+                rm "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt"
             fi
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
-                rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam
+            if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" ]; then
+                rm "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam"
             fi
             echo $'Obtaining certificate for the main domain'
             function_check create_site_certificate
-            create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
-            chmod 755 /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam
+            create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
+            chmod 755 "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam"
 
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
+            if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
                 echo $'Incorrect certificate generated'
                 exit 78352
             fi
@@ -276,9 +276,9 @@ function install_mumble {
 
 
     # Make an ssl cert for the server
-    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
         if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
-            ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
+            "${PROJECT_NAME}-addcert" -h mumble --dhkey "$DH_KEYLENGTH"
             function_check check_certificates
             check_certificates mumble
         fi
@@ -318,7 +318,7 @@ function install_mumble {
         echo 'allowping=False' >> /etc/mumble-server.ini
     fi
     sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
-    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
         sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
         sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
     else
@@ -335,7 +335,8 @@ function install_mumble {
     sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
     sed -i "s|port=.*|port=${MUMBLE_PORT}|g" /etc/mumble-server.ini
 
-    MUMBLE_ONION_HOSTNAME=$(add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT})
+    #MUMBLE_ONION_HOSTNAME=$(add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT})
+    add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT}
 
     # turn off logs by default
     sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini

src/freedombone-app-nextcloud

@@ -60,14 +60,14 @@ function logging_off_nextcloud {
 function remove_user_nextcloud {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp nextcloud
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp nextcloud
 }
 
 function add_user_nextcloud {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a nextcloud -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a nextcloud -p "$new_user_password"
     echo '0'
 }
 
@@ -76,12 +76,12 @@ function change_password_nextcloud {
 
     export OC_PASS="$2"
     su -s /bin/sh www-data -c "php occ user:resetpassword --password-from-env $curr_username"
-    ${PROJECT_NAME}-pass -u $curr_username -a nextcloud -p "$OC_PASS"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$OC_PASS"
     export OC_PASS=""
 }
 
 function install_interactive_nextcloud {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -91,42 +91,40 @@ function install_interactive_nextcloud {
         NEXTCLOUD_DETAILS_COMPLETE=
         while [ ! $NEXTCLOUD_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"NextCloud Configuration" \
-                       --form $"\nPlease enter your NextCloud details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
+                       --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
                        $"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
                        $"Code:" 2 1 "$(grep 'NEXTCLOUD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"NextCloud Configuration" \
-                       --form $"\nPlease enter your NextCloud details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
+                       --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
                        $"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            NEXTCLOUD_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ ${#img_url} -gt 1 ]; then
-                NEXTCLOUD_BACKGROUND_IMAGE_URL=$img_url
-            fi
-            if [ $NEXTCLOUD_DOMAIN_NAME ]; then
+            NEXTCLOUD_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then
                 TEST_DOMAIN_NAME=$NEXTCLOUD_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $NEXTCLOUD_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$NEXTCLOUD_DOMAIN_NAME" ]]; then
                     NEXTCLOUD_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        NEXTCLOUD_CODE=$(cat $data | sed -n 2p)
+                        NEXTCLOUD_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$NEXTCLOUD_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             NEXTCLOUD_DOMAIN_NAME=
                         fi
                     fi
@@ -135,11 +133,12 @@ function install_interactive_nextcloud {
             if [ $NEXTCLOUD_DOMAIN_NAME ]; then
                 NEXTCLOUD_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # remove any invalid characters
         if [ ${#NEXTCLOUD_TITLE} -gt 0 ]; then
-            new_title=$(echo "$NEXTCLOUD_TITLE" | sed "s|'||g")
+            new_title=${"$NEXTCLOUD_TITLE"//\'//}
             NEXTCLOUD_TITLE="$new_title"
         fi
 
@@ -156,23 +155,23 @@ function change_password_nextcloud {
 
     read_config_param ${NEXTCLOUD_DOMAIN_NAME}
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a nextcloud -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$new_user_password"
 }
 
 function nextcloud_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        NEXTCLOUD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        NEXTCLOUD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $NEXTCLOUD_ADMIN_PASSWORD ]; then
-            NEXTCLOUD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then
+            NEXTCLOUD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $NEXTCLOUD_ADMIN_PASSWORD ]; then
+    if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database nextcloud "$NEXTCLOUD_ADMIN_PASSWORD" $MY_USERNAME
+    create_database nextcloud "$NEXTCLOUD_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_nextcloud {
@@ -186,7 +185,7 @@ function configure_interactive_nextcloud {
 function upgrade_nextcloud_base {
     chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
     chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/data
-    cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+    cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 232547985
     sudo -u www-data ./occ maintenance:repair
     sudo -u www-data ./occ files:cleanup
     sudo -u www-data ./occ files:scan --all
@@ -200,13 +199,13 @@ function upgrade_nextcloud {
         return
     fi
 
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs "nextcloud commit" "$NEXTCLOUD_COMMIT" $NEXTCLOUD_REPO
+    set_repo_commit "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" "nextcloud commit" "$NEXTCLOUD_COMMIT" "$NEXTCLOUD_REPO"
 
     upgrade_nextcloud_base
     sudo -u www-data ./occ upgrade
@@ -215,22 +214,22 @@ function upgrade_nextcloud {
 
 function backup_local_nextcloud {
     NEXTCLOUD_DOMAIN_NAME='nextcloud'
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
     fi
 
     source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-    if [ -d $source_directory ]; then
+    if [ -d "$source_directory" ]; then
         function_check suspend_site
-        suspend_site ${NEXTCLOUD_DOMAIN_NAME}
+        suspend_site "${NEXTCLOUD_DOMAIN_NAME}"
 
         dest_directory=nextcloudfiles
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config
         dest_directory=nextcloudconfig
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check backup_database_to_usb
         backup_database_to_usb nextcloud
@@ -241,26 +240,26 @@ function backup_local_nextcloud {
 }
 
 function restore_local_nextcloud {
-    if ! grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if ! grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         return
     fi
     NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
-    if [ $NEXTCLOUD_DOMAIN_NAME ]; then
+    if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then
 
         temp_restore_dir=/root/tempnextcloud
         function_check nextcloud_create_database
         nextcloud_create_database
-        restore_database nextcloud ${NEXTCLOUD_DOMAIN_NAME}
+        restore_database nextcloud "${NEXTCLOUD_DOMAIN_NAME}"
 
         temp_restore_dir=/root/tempnextcloudfiles
         restore_directory_from_usb $temp_restore_dir nextcloudfiles
 
-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
         else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
         fi
-
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -271,12 +270,13 @@ function restore_local_nextcloud {
         temp_restore_dir=/root/tempnextcloudconfig
         restore_directory_from_usb $temp_restore_dir nextcloudconfig
 
-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
         else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/"
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -284,9 +284,9 @@ function restore_local_nextcloud {
         fi
         rm -rf ${temp_restore_dir}
 
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-        cd $nextcloud_dir
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
+        cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 14893545875
         sudo -u www-data ./occ maintenance:repair
         sudo -u www-data ./occ files:cleanup
         sudo -u www-data ./occ files:scan --all
@@ -294,21 +294,21 @@ function restore_local_nextcloud {
 }
 
 function backup_remote_nextcloud {
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
         temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
             function_check suspend_site
-            suspend_site ${NEXTCLOUD_DOMAIN_NAME}
+            suspend_site "${NEXTCLOUD_DOMAIN_NAME}"
 
             function_check backup_database_to_friend
             backup_database_to_friend nextcloud
 
             function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir nextclouddata
+            backup_directory_to_friend "$temp_backup_dir" nextclouddata
 
             temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config
-            backup_directory_to_friend $temp_backup_dir nextcloudconfig
+            backup_directory_to_friend "$temp_backup_dir" nextcloudconfig
 
             function_check restart_site
             restart_site
@@ -319,7 +319,7 @@ function backup_remote_nextcloud {
 }
 
 function restore_remote_nextcloud {
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         echo $"Restoring nextcloud"
         NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
 
@@ -327,7 +327,7 @@ function restore_remote_nextcloud {
         nextcloud_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend nextcloud ${NEXTCLOUD_DOMAIN_NAME}
+        restore_database_from_friend nextcloud "${NEXTCLOUD_DOMAIN_NAME}"
         if [ -d /root/tempnextcloud ]; then
             rm -rf /root/tempnextcloud
         fi
@@ -335,12 +335,12 @@ function restore_remote_nextcloud {
         temp_restore_dir=/root/tempnextcloudfiles
         restore_directory_from_friend $temp_restore_dir nextcloudfiles
 
-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
         else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
         fi
-
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 768254
         fi
@@ -349,20 +349,21 @@ function restore_remote_nextcloud {
         temp_restore_dir=/root/tempnextcloudconfig
         restore_directory_from_friend $temp_restore_dir nextcloudconfig
 
-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
         else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/"
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 573427
         fi
         rm -rf ${temp_restore_dir}
 
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-        cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
+        cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2642846824
         sudo -u www-data ./occ maintenance:repair
         sudo -u www-data ./occ files:cleanup
         sudo -u www-data ./occ files:scan --all
@@ -381,13 +382,13 @@ function remove_nextcloud {
     read_config_param "NEXTCLOUD_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $NEXTCLOUD_DOMAIN_NAME"
-    nginx_dissite $NEXTCLOUD_DOMAIN_NAME
-    remove_certs $NEXTCLOUD_DOMAIN_NAME
-    if [ -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then
-        rm -rf /var/www/$NEXTCLOUD_DOMAIN_NAME
+    nginx_dissite "$NEXTCLOUD_DOMAIN_NAME"
+    remove_certs "$NEXTCLOUD_DOMAIN_NAME"
+    if [ -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$NEXTCLOUD_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database nextcloud
@@ -395,17 +396,17 @@ function remove_nextcloud {
     remove_onion_service nextcloud ${NEXTCLOUD_ONION_PORT}
     remove_app nextcloud
     remove_completion_param install_nextcloud
-    sed -i '/nextcloud/d' $COMPLETION_FILE
+    sed -i '/nextcloud/d' "$COMPLETION_FILE"
     remove_backup_database_local nextcloud
 
     function_check remove_ddns_domain
-    remove_ddns_domain $NEXTCLOUD_DOMAIN_NAME
+    remove_ddns_domain "$NEXTCLOUD_DOMAIN_NAME"
     systemctl restart nginx
     systemctl restart php7.0-fpm
 }
 
 function install_nextcloud_main {
-    if [ ! $NEXTCLOUD_DOMAIN_NAME ]; then
+    if [ ! "$NEXTCLOUD_DOMAIN_NAME" ]; then
         echo $'No domain name was given for nextcloud'
         exit 7359
     fi
@@ -434,34 +435,34 @@ function install_nextcloud_main {
     fi
     sed -i 's|;env[PATH]|env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf
 
-    if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then
-        mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME
+    if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/nextcloud ]; then
-            mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
-            cp -r -p /repos/nextcloud/. /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
-            cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/nextcloud/. "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
+            cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 2783539793
             git pull
         else
             function_check git_clone
-            git_clone $NEXTCLOUD_REPO /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+            git_clone "$NEXTCLOUD_REPO" "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone nextcloud repo'
             exit 87525
         fi
     fi
 
-    cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+    cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 3468346834
     git submodule update --init
     git checkout $NEXTCLOUD_COMMIT -b $NEXTCLOUD_COMMIT
     set_completion_param "nextcloud commit" "$NEXTCLOUD_COMMIT"
 
-    chmod g+w /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
 
     function_check nextcloud_create_database
     nextcloud_create_database
@@ -474,154 +475,154 @@ function install_nextcloud_main {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $NEXTCLOUD_DOMAIN_NAME
+    add_ddns_domain "$NEXTCLOUD_DOMAIN_NAME"
 
     nextcloud_nginx_site=/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $NEXTCLOUD_DOMAIN_NAME
-        echo 'server {' >> $nextcloud_nginx_site
-        echo '  listen 443 ssl;' >> $nextcloud_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $nextcloud_nginx_site
-        echo "  server_name $NEXTCLOUD_DOMAIN_NAME;" >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Security' >> $nextcloud_nginx_site
+        nginx_http_redirect "$NEXTCLOUD_DOMAIN_NAME"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $NEXTCLOUD_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> "$nextcloud_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $NEXTCLOUD_DOMAIN_NAME mobile
+        nginx_ssl "$NEXTCLOUD_DOMAIN_NAME" mobile
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $NEXTCLOUD_DOMAIN_NAME
-
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Logs' >> $nextcloud_nginx_site
-        echo '  access_log /dev/null;' >> $nextcloud_nginx_site
-        echo '  error_log /dev/null;' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Root' >> $nextcloud_nginx_site
-        echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;" >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Index' >> $nextcloud_nginx_site
-        echo '  index index.php;' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-
-        # By default nextcloud advertises highly specific version information
-        # on status.php, which can obviously be used by adversaries.
-        # Blocking status.php prevents this information leak
-        echo '  location = /status.php {' >> $nextcloud_nginx_site
-        echo '    return 404;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-
-        echo '  # PHP' >> $nextcloud_nginx_site
-        echo '  location ~ \.php {' >> $nextcloud_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Location' >> $nextcloud_nginx_site
-        echo '  location / {' >> $nextcloud_nginx_site
+        nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
+
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+
+          # By default nextcloud advertises highly specific version information
+          # on status.php, which can obviously be used by adversaries.
+          # Blocking status.php prevents this information leak
+          echo '  location = /status.php {';
+          echo '    return 404;';
+          echo '  }';
+          echo '';
+
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$nextcloud_nginx_site"
         function_check nginx_limits
-        nginx_limits $NEXTCLOUD_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @nextcloud;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Fancy URLs' >> $nextcloud_nginx_site
-        echo '  location @nextcloud {' >> $nextcloud_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $nextcloud_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $nextcloud_nginx_site
-        echo '    deny all;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  location = /.well-known/carddav {' >> $nextcloud_nginx_site
-        echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '  location = /.well-known/caldav {' >> $nextcloud_nginx_site
-        echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site
-        echo '}' >> $nextcloud_nginx_site
+        nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @nextcloud;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @nextcloud {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '  location = /.well-known/carddav {';
+          echo "    return 301 \$scheme://\$host/remote.php/dav;";
+          echo '  }';
+          echo '  location = /.well-known/caldav {';
+          echo "    return 301 \$scheme://\$host/remote.php/dav;";
+          echo '  }';
+          echo '';
+          echo '  location /.well-known/acme-challenge { }';
+          echo '}'; } >> "$nextcloud_nginx_site"
     else
-        echo -n '' > $nextcloud_nginx_site
+        echo -n '' > "$nextcloud_nginx_site"
     fi
-    echo 'server {' >> $nextcloud_nginx_site
-    echo "    listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;" >> $nextcloud_nginx_site
-    echo "    server_name $NEXTCLOUD_DOMAIN_NAME;" >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;";
+      echo "    server_name $NEXTCLOUD_DOMAIN_NAME;";
+      echo ''; } >> "$nextcloud_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $NEXTCLOUD_DOMAIN_NAME
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Logs' >> $nextcloud_nginx_site
-    echo '  access_log /dev/null;' >> $nextcloud_nginx_site
-    echo '  error_log /dev/null;' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Root' >> $nextcloud_nginx_site
-    echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;" >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Index' >> $nextcloud_nginx_site
-    echo '  index index.php;' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-
-    # By default nextcloud advertises highly specific version information
-    # on status.php, which can obviously be used by adversaries.
-    # Blocking status.php prevents this information leak
-    echo '  location = /status.php {' >> $nextcloud_nginx_site
-    echo '    return 404;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-
-    echo '  # PHP' >> $nextcloud_nginx_site
-    echo '  location ~ \.php {' >> $nextcloud_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Location' >> $nextcloud_nginx_site
-    echo '  location / {' >> $nextcloud_nginx_site
+    nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+
+      # By default nextcloud advertises highly specific version information
+      # on status.php, which can obviously be used by adversaries.
+      # Blocking status.php prevents this information leak
+      echo '  location = /status.php {';
+      echo '    return 404;';
+      echo '  }';
+      echo '';
+
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$nextcloud_nginx_site"
     function_check nginx_limits
-    nginx_limits $NEXTCLOUD_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @nextcloud;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Fancy URLs' >> $nextcloud_nginx_site
-    echo '  location @nextcloud {' >> $nextcloud_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $nextcloud_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $nextcloud_nginx_site
-    echo '    deny all;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  location = /.well-known/carddav {' >> $nextcloud_nginx_site
-    echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '  location = /.well-known/caldav {' >> $nextcloud_nginx_site
-    echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site
-    echo '}' >> $nextcloud_nginx_site
-
-    sed -i 's| DENY;| SAMEORIGIN;|g' $nextcloud_nginx_site
+    nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @nextcloud;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @nextcloud {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '  location = /.well-known/carddav {';
+      echo "    return 301 \$scheme://\$host/remote.php/dav;";
+      echo '  }';
+      echo '  location = /.well-known/caldav {';
+      echo "    return 301 \$scheme://\$host/remote.php/dav;";
+      echo '  }';
+      echo '';
+      echo '  location /.well-known/acme-challenge { }';
+      echo '}'; } >> "$nextcloud_nginx_site"
+
+    sed -i 's| DENY;| SAMEORIGIN;|g' "$nextcloud_nginx_site"
 
     # NextCloud doesn't like content-security-policy at all
-    sed -i '/Content-Security-Policy/d' $nextcloud_nginx_site
+    sed -i '/Content-Security-Policy/d' "$nextcloud_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $NEXTCLOUD_DOMAIN_NAME 'yes'
+    create_site_certificate "$NEXTCLOUD_DOMAIN_NAME" 'yes'
 
-    if [[ $ONION_ONLY == "no" ]]; then
-        if [ ! -f /etc/ssl/certs/${NEXTCLOUD_DOMAIN_NAME}.pem ]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        if [ ! -f "/etc/ssl/certs/${NEXTCLOUD_DOMAIN_NAME}.pem" ]; then
             echo $'Certificate not generated for nextcloud'
             exit 725762
         fi
@@ -636,31 +637,18 @@ function install_nextcloud_main {
     backup_database_local nextcloud
 
     function_check nginx_ensite
-    nginx_ensite $NEXTCLOUD_DOMAIN_NAME
-
-    # NOTE: For the typical case always enable SSL and only
-    # disable it if in onion only mode. This is due to complexities
-    # with the way URLs are generated by nextcloud
-    nextcloud_ssl='always'
-    if [[ $ONION_ONLY != 'no' ]]; then
-        nextcloud_ssl='never'
-    fi
+    nginx_ensite "$NEXTCLOUD_DOMAIN_NAME"
 
     NEXTCLOUD_ONION_HOSTNAME=$(add_onion_service nextcloud 80 ${NEXTCLOUD_ONION_PORT})
 
-    NEXTCLOUD_SERVER=${NEXTCLOUD_DOMAIN_NAME}
-    if [[ $ONION_ONLY != 'no' ]]; then
-        NEXTCLOUD_SERVER=${NEXTCLOUD_ONION_HOSTNAME}
-    fi
-
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD"
 
-    cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+    cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2467245247
     if [ -d config ]; then
         chown -R www-data:www-data config
     fi
@@ -669,7 +657,7 @@ function install_nextcloud_main {
     fi
 
     chmod +x occ
-    ./occ maintenance:install --database-name nextcloud --admin-user ${MY_USERNAME} --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}"
+    ./occ maintenance:install --database-name nextcloud --admin-user "${MY_USERNAME}" --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}"
     if [ ! -d data ]; then
         echo $'Nextcloud data directory was not found. This probably means that the installation failed.'
         echo ''
@@ -683,20 +671,19 @@ function install_nextcloud_main {
     sudo -u www-data ./occ status
     sudo -u www-data ./occ app:list
     sudo -u www-data ./occ app:enable encryption
-    sudo -u www-data ./occ encryption:enable
-    if [ ! "$?" = "0" ]; then
+    if ! sudo -u www-data ./occ encryption:enable; then
         echo $'Encryption not enabled'
         exit 73527
     fi
     sudo -u www-data ./occ encryption:status
     sudo -u www-data ./occ config:system:set appstoreenabled --value=false
-    chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
-    chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+    chmod g+w "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"
+    chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
     chmod 0644 .htaccess
     chmod 0750 data
-    chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-    sudo -u www-data ./occ config:system:set trusted_domains 1 --value=$NEXTCLOUD_DOMAIN_NAME
-    sudo -u www-data ./occ config:system:set trusted_domains 2 --value=$NEXTCLOUD_ONION_HOSTNAME
+    chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
+    sudo -u www-data ./occ config:system:set trusted_domains 1 --value="$NEXTCLOUD_DOMAIN_NAME"
+    sudo -u www-data ./occ config:system:set trusted_domains 2 --value="$NEXTCLOUD_ONION_HOSTNAME"
     sudo -u www-data ./occ files:cleanup
     sudo -u www-data ./occ files:scan --all
     sudo -u www-data ./occ maintenance:repair
@@ -705,8 +692,8 @@ function install_nextcloud_main {
     systemctl restart mariadb
 
     # move the data directory
-    mv /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
-    sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
+    mv "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
+    sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"
 
     set_completion_param "nextcloud domain" "$NEXTCLOUD_DOMAIN_NAME"
 
@@ -714,7 +701,7 @@ function install_nextcloud_main {
 }
 
 function install_nextcloud {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 

src/freedombone-app-peertube

@@ -55,14 +55,14 @@ peertube_variables=(PEERTUBE_DOMAIN_NAME
                     MY_EMAIL_ADDRESS)
 
 function peertube_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        PEERTUBE_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        PEERTUBE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $PEERTUBE_ADMIN_PASSWORD ]; then
-            PEERTUBE_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$PEERTUBE_ADMIN_PASSWORD" ]; then
+            PEERTUBE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $PEERTUBE_ADMIN_PASSWORD ]; then
+    if [ ! "$PEERTUBE_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -82,7 +82,8 @@ function logging_off_peertube {
 }
 
 function remove_user_peertube {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_peertube {
@@ -91,14 +92,14 @@ function add_user_peertube {
         return
     fi
 
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
 
     echo '0'
 }
 
 function install_interactive_peertube {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -113,15 +114,14 @@ function install_interactive_peertube {
 }
 
 function peertube_set_admin_email {
-    read_config_param $MY_EMAIL_ADDRESS
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    read_config_param "$MY_EMAIL_ADDRESS"
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Set PeerTube administrator email address" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Admin email address" 8 75 "$MY_EMAIL_ADDRESS" 2>$data
+           --inputbox $"Admin email address" 8 75 "$MY_EMAIL_ADDRESS" 2>"$data"
     sel=$?
     case $sel in
-        0)  peertube_email=$(<$data)
+        0)  peertube_email=$(<"$data")
             if [[ "$peertube_email" != *' '* && "$peertube_email" != *','* && "$peertube_email" != *';'* && "$peertube_email" == *'@'* && "$peertube_email" == *'.'* ]]; then
                 if [ ${#peertube_email} -gt 8 ]; then
                     sed -i "s|email:.*|email: '${peertube_email}'|g" $PEERTUBE_DIR/config/production.yaml
@@ -132,13 +132,13 @@ function peertube_set_admin_email {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function peertube_disable_signups {
     dialog --title $"Disable PeerTube signups" \
            --backtitle $"Freedombone Control Panel" \
-           --yesno $"\nDo you wish to disable further PeerTube signups?" 8 75
+           --yesno $"\\nDo you wish to disable further PeerTube signups?" 8 75
     sel=$?
     case $sel in
         0) sed -i "0,/enabled:.*/s//enabled: false/" $PEERTUBE_DIR/config/production.yaml;;
@@ -152,35 +152,36 @@ function peertube_disable_signups {
 function configure_interactive_peertube {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"PeerTube" \
                --radiolist $"Choose an operation:" 10 70 4 \
                1 $"Set administrator email address" off \
                2 $"Disable or enable signups" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
             1) break;;
             255) break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) peertube_set_admin_email;;
             2) peertube_disable_signups;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function change_password_peertube {
-    PEERTUBE_USERNAME="$1"
+#    PEERTUBE_USERNAME="$1"
     PEERTUBE_PASSWORD="$2"
     if [ ${#PEERTUBE_PASSWORD} -lt 8 ]; then
         echo $'Peertube password is too short'
         return
     fi
-    #${PROJECT_NAME}-pass -u $PEERTUBE_USERNAME -a peertube -p "$PEERTUBE_PASSWORD"
+    #"${PROJECT_NAME}-pass" -u "$PEERTUBE_USERNAME" -a peertube -p "$PEERTUBE_PASSWORD"
 }
 
 function reconfigure_peertube {
@@ -195,7 +196,7 @@ function upgrade_peertube {
 
     read_config_param PEERTUBE_DOMAIN_NAME
     systemctl stop peertube
-    cd $PEERTUBE_DIR
+    cd "$PEERTUBE_DIR" || exit 7824552627
 
     function_check set_repo_commit
     set_repo_commit $PEERTUBE_DIR "peertube commit" "$PEERTUBE_COMMIT" $PEERTUBE_REPO
@@ -207,7 +208,7 @@ function upgrade_peertube {
 
 function backup_local_peertube {
     PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
         PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
     fi
 
@@ -219,7 +220,7 @@ function backup_local_peertube {
 
     peertube_path=$PEERTUBE_DIR/videos
     if [ -d $peertube_path ]; then
-        suspend_site ${PEERTUBE_DOMAIN_NAME}
+        suspend_site "${PEERTUBE_DOMAIN_NAME}"
         systemctl stop peertube
         backup_directory_to_usb $peertube_path peertubevideos
         systemctl start peertube
@@ -229,11 +230,11 @@ function backup_local_peertube {
 
 function restore_local_peertube {
     PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
         PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
     fi
-    if [ $PEERTUBE_DOMAIN_NAME ]; then
-        suspend_site ${PEERTUBE_DOMAIN_NAME}
+    if [ "$PEERTUBE_DOMAIN_NAME" ]; then
+        suspend_site "${PEERTUBE_DOMAIN_NAME}"
         systemctl stop peertube
 
         USE_POSTGRESQL=1
@@ -259,7 +260,7 @@ function restore_local_peertube {
 
 function backup_remote_peertube {
     PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
         PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
     fi
 
@@ -272,7 +273,7 @@ function backup_remote_peertube {
     temp_backup_dir=$PEERTUBE_DIR/videos
     if [ -d $temp_backup_dir ]; then
         systemctl stop peertube
-        suspend_site ${PEERTUBE_DOMAIN_NAME}
+        suspend_site "${PEERTUBE_DOMAIN_NAME}"
         backup_directory_to_friend $temp_backup_dir peertubevideos
         restart_site
         systemctl start peertube
@@ -284,13 +285,14 @@ function backup_remote_peertube {
 
 function restore_remote_peertube {
     PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
         PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
     fi
-    suspend_site ${PEERTUBE_DOMAIN_NAME}
+    suspend_site "${PEERTUBE_DOMAIN_NAME}"
 
     systemctl stop peertube
 
+    # shellcheck disable=SC2034
     USE_POSTGRESQL=1
     function_check restore_database_from_friend
     restore_database_from_friend peertube
@@ -326,20 +328,20 @@ function remove_peertube {
     remove_nodejs peertube
 
     read_config_param "PEERTUBE_DOMAIN_NAME"
-    nginx_dissite $PEERTUBE_DOMAIN_NAME
-    remove_certs ${PEERTUBE_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME
+    nginx_dissite "$PEERTUBE_DOMAIN_NAME"
+    remove_certs "${PEERTUBE_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$PEERTUBE_DOMAIN_NAME ]; then
-        rm -rf /var/www/$PEERTUBE_DOMAIN_NAME
+    if [ -d "/var/www/$PEERTUBE_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$PEERTUBE_DOMAIN_NAME"
     fi
     remove_config_param PEERTUBE_DOMAIN_NAME
     remove_config_param PEERTUBE_CODE
     function_check remove_onion_service
     remove_onion_service peertube ${PEERTUBE_ONION_PORT}
     remove_completion_param "install_peertube"
-    sed -i '/peertube/d' $COMPLETION_FILE
+    sed -i '/peertube/d' "$COMPLETION_FILE"
 
     function_check drop_database_postgresql
     drop_database_postgresql peertube peertube
@@ -352,188 +354,189 @@ function remove_peertube {
     fi
 
     function_check remove_ddns_domain
-    remove_ddns_domain $PEERTUBE_DOMAIN_NAME
+    remove_ddns_domain "$PEERTUBE_DOMAIN_NAME"
 }
 
 function peertube_setup_web {
     peertube_nginx_file=/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME
 
     if [[ $ONION_ONLY == "no" ]]; then
-        echo 'server {' > $peertube_nginx_file
-        echo '  listen 80;' >> $peertube_nginx_file
-        echo '  listen [::]:80;' >> $peertube_nginx_file
-        echo "  server_name $PEERTUBE_DOMAIN_NAME;" >> $peertube_nginx_file
-        echo '  rewrite ^ https://$server_name$request_uri? permanent;' >> $peertube_nginx_file
-        echo '}' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo 'server {' >> $peertube_nginx_file
-        echo '  listen 443 ssl http2;' >> $peertube_nginx_file
-        echo '  #listen [::]:443 ssl http2;' >> $peertube_nginx_file
-        echo "  server_name $PEERTUBE_DOMAIN_NAME;" >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
+        { echo 'server {';
+          echo '  listen 80;';
+          echo '  listen [::]:80;';
+          echo "  server_name $PEERTUBE_DOMAIN_NAME;";
+          echo "  rewrite ^ https://\$server_name\$request_uri? permanent;";
+          echo '}';
+          echo '';
+          echo 'server {';
+          echo '  listen 443 ssl http2;';
+          echo '  #listen [::]:443 ssl http2;';
+          echo "  server_name $PEERTUBE_DOMAIN_NAME;";
+          echo ''; } > "$peertube_nginx_file"
         function_check nginx_ssl
-        nginx_ssl $PEERTUBE_DOMAIN_NAME mobile
+        nginx_ssl "$PEERTUBE_DOMAIN_NAME" mobile
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $PEERTUBE_DOMAIN_NAME
-
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '  location / {' >> $peertube_nginx_file
-        echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file
-        echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '    # For the video upload' >> $peertube_nginx_file
-        echo '    client_max_body_size 2G;' >> $peertube_nginx_file
-        echo '  }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '  location /static/webseed {' >> $peertube_nginx_file
-        echo "    if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file
-        echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file
-        echo "      add_header 'Content-Length' 0;" >> $peertube_nginx_file
-        echo '      return 204;' >> $peertube_nginx_file
-        echo '    }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo "    if (\$request_method = 'GET') {" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-        echo '    }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo "    alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file
-        echo '  }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '  # Websocket tracker' >> $peertube_nginx_file
-        echo '  location /tracker/socket {' >> $peertube_nginx_file
-        echo '    # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file
-        echo '    # Dont close the websocket before this time' >> $peertube_nginx_file
-        echo '    proxy_read_timeout 1200s;' >> $peertube_nginx_file
-        echo '    proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file
-        echo '    proxy_set_header Connection "upgrade";' >> $peertube_nginx_file
-        echo '    proxy_http_version 1.1;' >> $peertube_nginx_file
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-        echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-        echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-        echo '  }' >> $peertube_nginx_file
-        echo '}' >> $peertube_nginx_file
+        nginx_disable_sniffing "$PEERTUBE_DOMAIN_NAME"
+
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  location / {';
+          echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '';
+          echo '    # For the video upload';
+          echo '    client_max_body_size 2G;';
+          echo '  }';
+          echo '';
+          echo '  location /static/webseed {';
+          echo "    if (\$request_method = 'OPTIONS') {";
+          echo "      add_header 'Access-Control-Allow-Origin' '*';";
+          echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+          echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+          echo "      add_header 'Access-Control-Max-Age' 1728000;";
+          echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';";
+          echo "      add_header 'Content-Length' 0;";
+          echo '      return 204;';
+          echo '    }';
+          echo '';
+          echo "    if (\$request_method = 'GET') {";
+          echo "      add_header 'Access-Control-Allow-Origin' '*';";
+          echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+          echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+          echo '    }';
+          echo '';
+          echo "    alias $PEERTUBE_DIR/videos;";
+          echo '  }';
+          echo '';
+          echo '  # Websocket tracker';
+          echo '  location /tracker/socket {';
+          echo '    # Peers send a message to the tracker every 15 minutes';
+          echo '    # Dont close the websocket before this time';
+          echo '    proxy_read_timeout 1200s;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo '    proxy_set_header Connection "upgrade";';
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+          echo '  }';
+          echo '}'; } >> "$peertube_nginx_file"
     else
-        echo -n '' > $peertube_nginx_file
-    fi
-    echo 'server {' >> $peertube_nginx_file
-    echo "  listen 127.0.0.1:$PEERTUBE_ONION_PORT default_server;" >> $peertube_nginx_file
-    echo "  server_name $PEERTUBE_ONION_HOSTNAME;" >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location / {' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '    # For the video upload' >> $peertube_nginx_file
-    echo '    client_max_body_size 2G;' >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location /static/webseed {' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file
-    echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file
-    echo "      add_header 'Content-Length' 0;" >> $peertube_nginx_file
-    echo '      return 204;' >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'GET') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  # Websocket tracker' >> $peertube_nginx_file
-    echo '  location /tracker/socket {' >> $peertube_nginx_file
-    echo '    # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file
-    echo '    # Dont close the websocket before this time' >> $peertube_nginx_file
-    echo '    proxy_read_timeout 1200s;' >> $peertube_nginx_file
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file
-    echo '    proxy_set_header Connection "upgrade";' >> $peertube_nginx_file
-    echo '    proxy_http_version 1.1;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '}' >> $peertube_nginx_file
+        echo -n '' > "$peertube_nginx_file"
+    fi
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$PEERTUBE_ONION_PORT default_server;";
+      echo "  server_name $PEERTUBE_ONION_HOSTNAME;";
+      echo '';
+      echo '  location / {';
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # For the video upload';
+      echo '    client_max_body_size 2G;';
+      echo '  }';
+      echo '';
+      echo '  location /static/webseed {';
+      echo "    if (\$request_method = 'OPTIONS') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo "      add_header 'Access-Control-Max-Age' 1728000;";
+      echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';";
+      echo "      add_header 'Content-Length' 0;";
+      echo '      return 204;';
+      echo '    }';
+      echo '';
+      echo "    if (\$request_method = 'GET') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo '    }';
+      echo '';
+      echo "    alias $PEERTUBE_DIR/videos;";
+      echo '  }';
+      echo '';
+      echo '  # Websocket tracker';
+      echo '  location /tracker/socket {';
+      echo '    # Peers send a message to the tracker every 15 minutes';
+      echo '    # Dont close the websocket before this time';
+      echo '    proxy_read_timeout 1200s;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection "upgrade";';
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo '  }';
+      echo '}'; } >> "$peertube_nginx_file"
 
     # CSP currently causes an error
-    sed -i '/Content-Security-Policy/d' $peertube_nginx_file
+    sed -i '/Content-Security-Policy/d' "$peertube_nginx_file"
 
     function_check create_site_certificate
-    create_site_certificate $PEERTUBE_DOMAIN_NAME 'yes'
+    create_site_certificate "$PEERTUBE_DOMAIN_NAME" 'yes'
 
     function_check nginx_ensite
-    nginx_ensite $PEERTUBE_DOMAIN_NAME
+    nginx_ensite "$PEERTUBE_DOMAIN_NAME"
 }
 
 function mesh_peertube_setup_web {
+    # shellcheck disable=SC2154
     peertube_nginx_file=$rootdir/etc/nginx/sites-available/peertube
 
-    echo 'server {' >> $peertube_nginx_file
-    echo "  listen $MESH_PEERTUBE_PORT http2;" >> $peertube_nginx_file
-    echo '  listen [::]:$MESH_PEERTUBE_PORT http2;' >> $peertube_nginx_file
-    echo '  server_name $HOSTNAME;' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location / {' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '    # For the video upload' >> $peertube_nginx_file
-    echo '    client_max_body_size 2G;' >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location /static/webseed {' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file
-    echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file
-    echo "      add_header 'Content-Length' 0;" >> $peertube_nginx_file
-    echo '      return 204;' >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'GET') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  # Websocket tracker' >> $peertube_nginx_file
-    echo '  location /tracker/socket {' >> $peertube_nginx_file
-    echo '    # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file
-    echo '    # Dont close the websocket before this time' >> $peertube_nginx_file
-    echo '    proxy_read_timeout 1200s;' >> $peertube_nginx_file
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file
-    echo '    proxy_set_header Connection "upgrade";' >> $peertube_nginx_file
-    echo '    proxy_http_version 1.1;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '}' >> $peertube_nginx_file
+    { echo 'server {';
+      echo "  listen $MESH_PEERTUBE_PORT http2;";
+      echo "  listen [::]:\$MESH_PEERTUBE_PORT http2;";
+      echo "  server_name \$HOSTNAME;";
+      echo '';
+      echo '  location / {';
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # For the video upload';
+      echo '    client_max_body_size 2G;';
+      echo '  }';
+      echo '';
+      echo '  location /static/webseed {';
+      echo "    if (\$request_method = 'OPTIONS') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo "      add_header 'Access-Control-Max-Age' 1728000;";
+      echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';";
+      echo "      add_header 'Content-Length' 0;";
+      echo '      return 204;';
+      echo '    }';
+      echo '';
+      echo "    if (\$request_method = 'GET') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo '    }';
+      echo '';
+      echo "    alias $PEERTUBE_DIR/videos;";
+      echo '  }';
+      echo '';
+      echo '  # Websocket tracker';
+      echo '  location /tracker/socket {';
+      echo '    # Peers send a message to the tracker every 15 minutes';
+      echo '    # Dont close the websocket before this time';
+      echo '    proxy_read_timeout 1200s;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo "    proxy_set_header Connection \"upgrade\";";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo '  }';
+      echo '}'; } > "$peertube_nginx_file"
 }
 
 function peertube_create_config {
@@ -541,84 +544,84 @@ function peertube_create_config {
 
     peertube_config_file=$peertube_prefix$PEERTUBE_DIR/config/production.yaml
 
-    echo 'listen:' > $peertube_config_file
-    echo "  port: $PEERTUBE_PORT" >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo '# Correspond to your reverse proxy "listen" configuration' >> $peertube_config_file
-    echo 'webserver:' >> $peertube_config_file
-    if [ ! $peertube_prefix ]; then
-        if [[ $ONION_ONLY == 'no' ]]; then
-            echo '  https: true' >> $peertube_config_file
-            echo "  hostname: '$PEERTUBE_DOMAIN_NAME'" >> $peertube_config_file
-            echo '  port: 443' >> $peertube_config_file
+    { echo 'listen:';
+      echo "  port: $PEERTUBE_PORT";
+      echo '';
+      echo '# Correspond to your reverse proxy "listen" configuration';
+      echo 'webserver:'; } > "$peertube_config_file"
+    if [ ! "$peertube_prefix" ]; then
+        if [[ "$ONION_ONLY" == 'no' ]]; then
+            { echo '  https: true';
+              echo "  hostname: '$PEERTUBE_DOMAIN_NAME'";
+              echo '  port: 443'; } >> "$peertube_config_file"
         else
-            echo '  https: false' >> $peertube_config_file
-            echo "  hostname: '$PEERTUBE_ONION_HOSTNAME'" >> $peertube_config_file
-            echo '  port: 80' >> $peertube_config_file
+            { echo '  https: false';
+              echo "  hostname: '$PEERTUBE_ONION_HOSTNAME'";
+              echo '  port: 80'; } >> "$peertube_config_file"
         fi
     else
-        echo '  https: false' >> $peertube_config_file
-        echo "  hostname: ''" >> $peertube_config_file
-        echo "  port: $MESH_PEERTUBE_PORT" >> $peertube_config_file
-    fi
-    echo '' >> $peertube_config_file
-    echo '# Your database name will be "peertube"+database.suffix' >> $peertube_config_file
-    echo 'database:' >> $peertube_config_file
-    echo "  hostname: 'localhost'" >> $peertube_config_file
-    echo '  port: 5432' >> $peertube_config_file
-    echo "  suffix: ''" >> $peertube_config_file
-    echo "  username: 'peertube'" >> $peertube_config_file
-    if [ ! $peertube_prefix ]; then
-        echo "  password: '$PEERTUBE_ADMIN_PASSWORD'" >> $peertube_config_file
+        { echo '  https: false';
+          echo "  hostname: ''";
+          echo "  port: $MESH_PEERTUBE_PORT"; } >> "$peertube_config_file"
+    fi
+    { echo '';
+      echo '# Your database name will be "peertube"+database.suffix';
+      echo 'database:';
+      echo "  hostname: 'localhost'";
+      echo '  port: 5432';
+      echo "  suffix: ''";
+      echo "  username: 'peertube'"; } >> "$peertube_config_file"
+    if [ ! "$peertube_prefix" ]; then
+        echo "  password: '$PEERTUBE_ADMIN_PASSWORD'" >> "$peertube_config_file"
     else
-        echo "  password: ''" >> $peertube_config_file
-    fi
-    echo '' >> $peertube_config_file
-    echo '# From the project root directory' >> $peertube_config_file
-    echo 'storage:' >> $peertube_config_file
-    echo "  certs: 'certs/'" >> $peertube_config_file
-    echo "  videos: 'videos/'" >> $peertube_config_file
-    echo "  logs: 'logs/'" >> $peertube_config_file
-    echo "  previews: 'previews/'" >> $peertube_config_file
-    echo "  thumbnails: 'thumbnails/'" >> $peertube_config_file
-    echo "  torrents: 'torrents/'" >> $peertube_config_file
-    echo "  cache: 'cache/'" >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'cache:' >> $peertube_config_file
-    echo '  previews:' >> $peertube_config_file
-    echo '    size: 10 # Max number of previews you want to cache' >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'admin:' >> $peertube_config_file
-    # This is deliberately a dummy email address
-    echo "  email: 'testuser@testdomain.net'" >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'signup:' >> $peertube_config_file
-    echo '  enabled: true' >> $peertube_config_file
-    echo '  limit: 5 # When the limit is reached, registrations are disabled. -1 == unlimited' >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'user:' >> $peertube_config_file
-    echo '  # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).' >> $peertube_config_file
-    echo '  # -1 == unlimited' >> $peertube_config_file
-    echo '  video_quota: -1' >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo '# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag' >> $peertube_config_file
-    echo '# Uses a lot of CPU!' >> $peertube_config_file
-    echo 'transcoding:' >> $peertube_config_file
-    echo '  enabled: true' >> $peertube_config_file
-    echo '  threads: 2' >> $peertube_config_file
-    echo '  resolutions: # Only created if the original video has a higher resolution' >> $peertube_config_file
-    echo '    240p: true' >> $peertube_config_file
-    echo '    360p: false' >> $peertube_config_file
-    echo '    480p: false' >> $peertube_config_file
-    echo '    720p: false' >> $peertube_config_file
-    echo '    1080p: false' >> $peertube_config_file
+        echo "  password: ''" >> "$peertube_config_file"
+    fi
+    { echo '';
+      echo '# From the project root directory';
+      echo 'storage:';
+      echo "  certs: 'certs/'";
+      echo "  videos: 'videos/'";
+      echo "  logs: 'logs/'";
+      echo "  previews: 'previews/'";
+      echo "  thumbnails: 'thumbnails/'";
+      echo "  torrents: 'torrents/'";
+      echo "  cache: 'cache/'";
+      echo '';
+      echo 'cache:';
+      echo '  previews:';
+      echo '    size: 10 # Max number of previews you want to cache';
+      echo '';
+      echo 'admin:';
+      # This is deliberately a dummy email address
+      echo "  email: 'testuser@testdomain.net'";
+      echo '';
+      echo 'signup:';
+      echo '  enabled: true';
+      echo '  limit: 5 # When the limit is reached, registrations are disabled. -1 == unlimited';
+      echo '';
+      echo 'user:';
+      echo '  # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).';
+      echo '  # -1 == unlimited';
+      echo '  video_quota: -1';
+      echo '';
+      echo '# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag';
+      echo '# Uses a lot of CPU!';
+      echo 'transcoding:';
+      echo '  enabled: true';
+      echo '  threads: 2';
+      echo '  resolutions: # Only created if the original video has a higher resolution';
+      echo '    240p: true';
+      echo '    360p: false';
+      echo '    480p: false';
+      echo '    720p: false';
+      echo '    1080p: false'; } >> "$peertube_config_file"
 }
 
 function mesh_install_peertube {
-    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
+    if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
         return
     fi
-    if [[ $ARCHITECTURE != 'x86_64' && $ARCHITECTURE != 'amd64' ]]; then
+    if [[ "$ARCHITECTURE" != 'x86_64' && "$ARCHITECTURE" != 'amd64' ]]; then
         return
     fi
 
@@ -627,22 +630,21 @@ function mesh_install_peertube {
     function_check install_postgresql
     install_postgresql
 
-    if [ -d $rootdir$PEERTUBE_DIR ]; then
-        rm -rf $rootdir$PEERTUBE_DIR
+    if [ -d "$rootdir$PEERTUBE_DIR" ]; then
+        rm -rf "$rootdir$PEERTUBE_DIR"
     fi
 
-    git clone $PEERTUBE_REPO $rootdir$PEERTUBE_DIR
+    git clone "$PEERTUBE_REPO" "$rootdir$PEERTUBE_DIR"
 
     chroot "$rootdir" groupadd peertube
     chroot "$rootdir" useradd -c "PeerTube system account" -d $PEERTUBE_DIR -m -r -g peertube peertube
 
-    cd $rootdir$PEERTUBE_DIR
+    cd "$rootdir$PEERTUBE_DIR" || exit 246824524
     git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT
 
-
     get_npm_arch
 
-    cat <<EOF > $rootdir/usr/bin/install_peertube
+    cat <<EOF > "$rootdir/usr/bin/install_peertube"
 #!/bin/bash
 cd $PEERTUBE_DIR
 curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
@@ -683,34 +685,33 @@ if [ ! "\$?" = "0" ]; then
     exit 5293593
 fi
 EOF
-    chmod +x $rootdir/usr/bin/install_peertube
-    chroot "$rootdir" /usr/bin/install_peertube
-    if [ ! "$?" = "0" ]; then
+    chmod +x "$rootdir/usr/bin/install_peertube"
+    if ! chroot "$rootdir" /usr/bin/install_peertube; then
         echo $'PeerTube install failed'
         exit 735638
     fi
 
-    echo '[Unit]' > $rootdir/etc/systemd/system/peertube.service
-    echo 'Description=PeerTube Decentralized video streaming platform' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/peertube.service
-    echo '' >> $rootdir/etc/systemd/system/peertube.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'User=peertube' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'Group=peertube' >> $rootdir/etc/systemd/system/peertube.service
-    echo "WorkingDirectory=$PEERTUBE_DIR" >> $rootdir/etc/systemd/system/peertube.service
-    echo "ExecStart=/usr/local/bin/npm start" >> $rootdir/etc/systemd/system/peertube.service
-    echo "ExecStop=/usr/local/bin/npm stop" >> $rootdir/etc/systemd/system/peertube.service
-    echo 'StandardOutput=syslog' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'StandardError=syslog' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'SyslogIdentifier=peertube' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'Restart=always' >> $rootdir/etc/systemd/system/peertube.service
-    echo "Environment=NODE_ENV=production" >> $rootdir/etc/systemd/system/peertube.service
-    echo '' >> $rootdir/etc/systemd/system/peertube.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/peertube.service
-
-    peertube_create_config $rootdir
+    { echo '[Unit]';
+      echo 'Description=PeerTube Decentralized video streaming platform';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=peertube';
+      echo 'Group=peertube';
+      echo "WorkingDirectory=$PEERTUBE_DIR";
+      echo "ExecStart=/usr/local/bin/npm start";
+      echo "ExecStop=/usr/local/bin/npm stop";
+      echo 'StandardOutput=syslog';
+      echo 'StandardError=syslog';
+      echo 'SyslogIdentifier=peertube';
+      echo 'Restart=always';
+      echo "Environment=NODE_ENV=production";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/peertube.service"
+
+    peertube_create_config "$rootdir"
 
     chroot "$rootdir" chown -R peertube:peertube $PEERTUBE_DIR
 
@@ -730,7 +731,7 @@ function install_peertube {
         ONION_ONLY='no'
     fi
 
-    if [ ! $PEERTUBE_DOMAIN_NAME ]; then
+    if [ ! "$PEERTUBE_DOMAIN_NAME" ]; then
         echo $'The peertube domain name was not specified'
         exit 783523
     fi
@@ -740,8 +741,8 @@ function install_peertube {
     function_check install_postgresql
     install_postgresql
 
-    if [ ! -d /var/www/$PEERTUBE_DOMAIN_NAME/htdocs ]; then
-        mkdir -p /var/www/$PEERTUBE_DOMAIN_NAME/htdocs
+    if [ ! -d "/var/www/$PEERTUBE_DOMAIN_NAME/htdocs" ]; then
+        mkdir -p "/var/www/$PEERTUBE_DOMAIN_NAME/htdocs"
     fi
 
     if [ -d $PEERTUBE_DIR ]; then
@@ -759,60 +760,56 @@ function install_peertube {
     if [ -d /repos/peertube ]; then
         mkdir -p $PEERTUBE_DIR
         cp -r -p /repos/peertube/. $PEERTUBE_DIR
-        cd $PEERTUBE_DIR
+        cd "$PEERTUBE_DIR" || exit 642874682
         git pull
     else
         function_check git_clone
         git_clone $PEERTUBE_REPO $PEERTUBE_DIR
     fi
 
-    cd $PEERTUBE_DIR
+    cd "$PEERTUBE_DIR" || exit 27492742
     git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT
     set_completion_param "peertube commit" "$PEERTUBE_COMMIT"
 
-    npm install -g yarn
-    if [ ! "$?" = "0" ]; then
+    if ! npm install -g yarn; then
         echo $'Failed to install yarn'
         exit 79353234
     fi
     yarn add -D webpack --network-concurrency 1
-    yarn install
-    if [ ! "$?" = "0" ]; then
+    if ! yarn install; then
         echo $'Failed to run yarn install'
         exit 63754235
     fi
-    npm install
-    if [ ! "$?" = "0" ]; then
+    if ! npm install; then
         echo $'Failed to install peertube'
         exit 7835243
     fi
-    npm run build
-    if [ ! "$?" = "0" ]; then
+    if ! npm run build; then
         echo $'Failed to build peertube'
         exit 5293593
     fi
 
     PEERTUBE_ONION_HOSTNAME=$(add_onion_service peertube 80 ${PEERTUBE_ONION_PORT})
 
-    echo '[Unit]' > /etc/systemd/system/peertube.service
-    echo 'Description=PeerTube Decentralized video streaming platform' >> /etc/systemd/system/peertube.service
-    echo 'After=syslog.target' >> /etc/systemd/system/peertube.service
-    echo 'After=network.target' >> /etc/systemd/system/peertube.service
-    echo '' >> /etc/systemd/system/peertube.service
-    echo '[Service]' >> /etc/systemd/system/peertube.service
-    echo 'User=peertube' >> /etc/systemd/system/peertube.service
-    echo 'Group=peertube' >> /etc/systemd/system/peertube.service
-    echo "WorkingDirectory=$PEERTUBE_DIR" >> /etc/systemd/system/peertube.service
-    echo "ExecStart=/usr/local/bin/npm start" >> /etc/systemd/system/peertube.service
-    echo "ExecStop=/usr/local/bin/npm stop" >> /etc/systemd/system/peertube.service
-    echo 'StandardOutput=syslog' >> /etc/systemd/system/peertube.service
-    echo 'StandardError=syslog' >> /etc/systemd/system/peertube.service
-    echo 'SyslogIdentifier=peertube' >> /etc/systemd/system/peertube.service
-    echo 'Restart=always' >> /etc/systemd/system/peertube.service
-    echo "Environment=NODE_ENV=production" >> /etc/systemd/system/peertube.service
-    echo '' >> /etc/systemd/system/peertube.service
-    echo '[Install]' >> /etc/systemd/system/peertube.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/peertube.service
+    { echo '[Unit]';
+      echo 'Description=PeerTube Decentralized video streaming platform';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=peertube';
+      echo 'Group=peertube';
+      echo "WorkingDirectory=$PEERTUBE_DIR";
+      echo "ExecStart=/usr/local/bin/npm start";
+      echo "ExecStop=/usr/local/bin/npm stop";
+      echo 'StandardOutput=syslog';
+      echo 'StandardError=syslog';
+      echo 'SyslogIdentifier=peertube';
+      echo 'Restart=always';
+      echo "Environment=NODE_ENV=production";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/peertube.service
 
     peertube_create_config
 
@@ -820,10 +817,10 @@ function install_peertube {
 
     peertube_setup_web
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a peertube -p "$PEERTUBE_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a peertube -p "$PEERTUBE_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $PEERTUBE_DOMAIN_NAME
+    add_ddns_domain "$PEERTUBE_DOMAIN_NAME"
 
     systemctl enable peertube
     systemctl daemon-reload

src/freedombone-app-pelican

@@ -50,12 +50,12 @@ pelican_variables=(MY_USERNAME
                    PELICAN_BLOG_CODE)
 
 function pelican_remove_bad_blog_links {
-    find ./ -type f -name *.css -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.css -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/bootstrapcdn/d' {} \;
 }
 
 function logging_on_pelican {
@@ -73,104 +73,104 @@ function install_pelican_website {
     fi
     function_check nginx_http_redirect
     nginx_http_redirect $PELICAN_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    { echo 'server {';
+      echo '    listen 443 ssl;';
+      echo '    #listen [::]:443 ssl;';
+      echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;";
+      echo "    server_name ${PELICAN_DOMAIN_NAME};";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
     function_check nginx_ssl
-    nginx_ssl $PELICAN_DOMAIN_NAME
+    nginx_ssl "$PELICAN_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $PELICAN_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_limits "$PELICAN_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}';
+      echo ''; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
 
     function_check create_site_certificate
-    create_site_certificate $PELICAN_DOMAIN_NAME 'yes'
+    create_site_certificate "$PELICAN_DOMAIN_NAME" 'yes'
 }
 
 function install_pelican_website_onion {
-    echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${PELICAN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${PELICAN_ONION_PORT} default_server;";
+      echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;";
+      echo "    server_name ${PELICAN_DOMAIN_NAME};";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $PELICAN_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_limits "$PELICAN_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
 }
 
 function pelican_editor_config {
     if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican ]; then
-        echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq org-support-shift-select t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq standard-indent 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq-default tab-width 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq c-basic-offset 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(mouse-wheel-mode t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq make-backup-files t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq version-control t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(setq default-major-mode 'text-mode)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(dolist (hook '(text-mode-hook))" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '    (add-hook hook (lambda () (flyspell-mode 1))))' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq-default fill-column 72)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq auto-fill-mode 0)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(setq-default auto-fill-function 'do-auto-fill)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
+        { echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)";
+          echo '(setq org-support-shift-select t)';
+          echo '(setq standard-indent 4)';
+          echo '(setq-default tab-width 4)';
+          echo '(setq c-basic-offset 4)';
+          echo '(mouse-wheel-mode t)';
+          echo '(setq make-backup-files t)';
+          echo '(setq version-control t)';
+          echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
+          echo "(setq default-major-mode 'text-mode)";
+          echo "(dolist (hook '(text-mode-hook))";
+          echo '    (add-hook hook (lambda () (flyspell-mode 1))))';
+          echo '(setq-default fill-column 72)';
+          echo '(setq auto-fill-mode 0)';
+          echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)";
+          echo "(setq-default auto-fill-function 'do-auto-fill)"; } > "$PELICAN_BLOG_INSTALL_DIR/.emacs-pelican"
     fi
 }
 
@@ -179,7 +179,7 @@ function pelican_regenerate_blog {
     echo ''
     echo $'Regenerating blog...'
 
-    cd $PELICAN_BLOG_INSTALL_DIR
+    cd "$PELICAN_BLOG_INSTALL_DIR" || exit 463856348
     make html
     cp -r $PELICAN_BLOG_INSTALL_DIR/output/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
     chown -R www-data:www-data /var/www/$PELICAN_DOMAIN_NAME/htdocs
@@ -189,19 +189,19 @@ function pelican_new_blog {
     DATESTR=$(date "+%Y-%m-%d %H:%M:%S")
 
     if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry ]; then
-        echo $'Title: Blog Post Title' > $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $"Date: ${DATESTR}" >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $"Author: $(toxid --showuser)" >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'Category: default' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'Tags: blog, tag' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'Add your text here' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo -n $'To include an image copy it into the /etc/blog/content/images directory, ' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'then link to it with:' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'![My image]({filename}images/myimage.jpg)' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
+        { echo $'Title: Blog Post Title';
+          echo $"Date: ${DATESTR}";
+          echo $"Author: $(toxid --showuser)";
+          echo $'Category: default';
+          echo $'Tags: blog, tag';
+          echo  '';
+          echo $'Add your text here';
+          echo  '';
+          echo -n $'To include an image copy it into the /etc/blog/content/images directory, ';
+          echo $'then link to it with:';
+          echo  '';
+          echo $'![My image]({filename}images/myimage.jpg)';
+          echo  ''; } > $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
     fi
 
     if [ -f /usr/bin/emacs ]; then
@@ -222,7 +222,7 @@ function pelican_new_blog {
 
     # move to the content directory
     CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
-    mv $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry $BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md
+    mv "$PELICAN_BLOG_INSTALL_DIR/.new-blog-entry" "$BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md"
 
     # increment the index
     CURRENT_INDEX=$((CURRENT_INDEX + 1))
@@ -238,14 +238,14 @@ function pelican_edit_blog {
     CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
-    if [ ! -f $LAST_BLOG_ENTRY ]; then
+    if [ ! -f "$LAST_BLOG_ENTRY" ]; then
         return
     fi
 
     if [ -f /usr/bin/emacs ]; then
-        emacs -q --load $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican $LAST_BLOG_ENTRY
+        emacs -q --load "$PELICAN_BLOG_INSTALL_DIR/.emacs-pelican" "$LAST_BLOG_ENTRY"
     else
-        editor $LAST_BLOG_ENTRY
+        editor "$LAST_BLOG_ENTRY"
     fi
 
     pelican_regenerate_blog
@@ -258,18 +258,18 @@ function pelican_delete_blog {
     CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
-    if [ ! -f $LAST_BLOG_ENTRY ]; then
+    if [ ! -f "$LAST_BLOG_ENTRY" ]; then
         return
     fi
 
     dialog --title $"Delete the previous blog entry" \
            --backtitle $"Freedombone Mesh" \
            --defaultno \
-           --yesno $"\nAre you sure that you wish to delete the previous blog entry?" 8 60
+           --yesno $"\\nAre you sure that you wish to delete the previous blog entry?" 8 60
     sel=$?
     case $sel in
-        0) rm $LAST_BLOG_ENTRY
-           if [ $CURRENT_INDEX -gt 0 ]; then
+        0) rm "$LAST_BLOG_ENTRY"
+           if [ "$CURRENT_INDEX" -gt 0 ]; then
                CURRENT_INDEX=$PREVIOUS_INDEX
                echo "$CURRENT_INDEX" > $PELICAN_CURRENT_BLOG_INDEX
            else
@@ -297,8 +297,8 @@ function pelican_change_theme {
     for a in "${THEMES[@]}"
     do
         is_selected='off'
-        if [ $curr_theme_index ]; then
-            if [ $n -eq $curr_theme_index ]; then
+        if [ "$curr_theme_index" ]; then
+            if [ $n -eq "$curr_theme_index" ]; then
                 is_selected='on'
             fi
         else
@@ -308,28 +308,30 @@ function pelican_change_theme {
         fi
 
         themelist="$themelist $n $a $is_selected"
-        n=$[n+1]
-        theme_index=$[theme_index+1]
+        n=$((n+1))
+        theme_index=$((theme_index+1))
     done
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Mesh" \
            --title $"Select Blog Theme" \
            --radiolist $'Choose:' \
-           80 40 20 $themelist 2> $data
+           80 40 20 "$themelist" 2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    CHOSEN_THEME_INDEX=$(cat $data)
+    CHOSEN_THEME_INDEX=$(cat "$data")
+    rm -f "$data"
     echo "$CHOSEN_THEME_INDEX" > $PELICAN_BLOG_INSTALL_DIR/.blog-theme-index
     CHOSEN_THEME_INDEX=$((CHOSEN_THEME_INDEX - 1))
 
     CHOSEN_THEME=${THEMES[$CHOSEN_THEME_INDEX]}
 
-    cd $PELICAN_BLOG_INSTALL_DIR/themes/$CHOSEN_THEME
+    cd "$PELICAN_BLOG_INSTALL_DIR/themes/$CHOSEN_THEME" || exit 2648268284
     pelican_remove_bad_blog_links
 
     if grep -q "THEME=" $PELICAN_BLOG_INSTALL_DIR/pelicanconf.py; then
@@ -341,8 +343,7 @@ function pelican_change_theme {
 }
 
 function configure_interactive_pelican {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --title $"Pelican Blogging" \
            --radiolist $"Choose an operation:" 18 50 11 \
@@ -350,23 +351,25 @@ function configure_interactive_pelican {
            2 $"Edit the previous blog entry" off \
            3 $"Delete the previous blog entry" off \
            4 $"Change theme" off \
-           5 $"Exit" off 2> $data
+           5 $"Exit" off 2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) pelican_new_blog;;
         2) pelican_edit_blog;;
         3) pelican_delete_blog;;
         4) pelican_change_theme;;
-        5) break;;
     esac
+    rm -f "$data"
 }
 
 function install_interactive_pelican {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -376,42 +379,43 @@ function install_interactive_pelican {
         PELICAN_DETAILS_COMPLETE=
         while [ ! $PELICAN_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Pelican Blog Configuration" \
-                       --form $"\nPlease enter your blog details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your blog details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Code:" 2 1 "$(grep 'PELICAN_BLOG_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Pelican Blog Configuration" \
-                       --form $"\nPlease enter your GNU Social details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your GNU Social details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            PELICAN_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $PELICAN_DOMAIN_NAME ]; then
+            PELICAN_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$PELICAN_DOMAIN_NAME" ]; then
                 if [[ $PELICAN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     PELICAN_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$PELICAN_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $PELICAN_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$PELICAN_DOMAIN_NAME" ]]; then
                     PELICAN_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        PELICAN_BLOG_CODE=$(cat $data | sed -n 2p)
+                        PELICAN_BLOG_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$PELICAN_BLOG_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             PELICAN_DOMAIN_NAME=
                         fi
                     fi
@@ -420,6 +424,7 @@ function install_interactive_pelican {
             if [ $PELICAN_DOMAIN_NAME ]; then
                 PELICAN_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -454,7 +459,7 @@ function backup_local_pelican {
 
 function restore_local_pelican {
     if [ -d /etc/blog ]; then
-        if [ -d $USB_MOUNT_DLNA/backup/pelican ]; then
+        if [ -d "$USB_MOUNT_DLNA/backup/pelican" ]; then
             temp_restore_dir=/root/temppelican
             function_check restore_directory_from_usb
             restore_directory_from_usb $temp_restore_dir pelican
@@ -463,6 +468,7 @@ function restore_local_pelican {
             else
                 cp -r $temp_restore_dir/* /etc/blog/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 rm -rf $temp_restore_dir
                 function_check set_user_permissions
@@ -475,7 +481,7 @@ function restore_local_pelican {
         fi
     fi
     if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
-        if [ -d $USB_MOUNT_DLNA/backup/pelican-site ]; then
+        if [ -d "$USB_MOUNT_DLNA/backup/pelican-site" ]; then
             temp_restore_dir=/root/temppelican-site
             function_check restore_directory_from_usb
             restore_directory_from_usb $temp_restore_dir pelican-site
@@ -484,6 +490,7 @@ function restore_local_pelican {
             else
                 cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 rm -rf $temp_restore_dir
                 function_check set_user_permissions
@@ -508,7 +515,7 @@ function backup_remote_pelican {
 
 function restore_remote_pelican {
     if [ -d /etc/blog ]; then
-        if [ -d $SERVER_DIRECTORY/backup/pelican ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/pelican" ]; then
             temp_restore_dir=/root/temppelican
             function_check restore_directory_from_friend
             restore_directory_from_friend $temp_restore_dir pelican
@@ -517,6 +524,7 @@ function restore_remote_pelican {
             else
                 cp -r $temp_restore_dir/* /etc/blog/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 782352
             fi
@@ -524,7 +532,7 @@ function restore_remote_pelican {
         fi
     fi
     if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
-        if [ -d $SERVER_DIRECTORY/backup/pelican-site ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/pelican-site" ]; then
             temp_restore_dir=/root/temppelican-site
             function_check restore_directory_from_friend
             restore_directory_from_friend $temp_restore_dir pelican-site
@@ -533,6 +541,7 @@ function restore_remote_pelican {
             else
                 cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 76382562
             fi
@@ -561,112 +570,112 @@ function remove_pelican {
 }
 
 function create_pelican_conf {
-    STATIC_BLOG_FILE=$1
-
-    echo '#!/usr/bin/env python' > $STATIC_BLOG_FILE
-    echo '# -*- coding: utf-8 -*- #' >> $STATIC_BLOG_FILE
-    echo 'from __future__ import unicode_literals' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo "AUTHOR=u\"$MY_USERNAME\"" >> $STATIC_BLOG_FILE
-    echo "SITENAME=u'$DEFAULT_BLOG_TITLE'" >> $STATIC_BLOG_FILE
-    echo "SITEURL=''" >> $STATIC_BLOG_FILE
-    echo "PATH='content'" >> $STATIC_BLOG_FILE
-    echo 'TIMEZONE=u"Europe/London"' >> $STATIC_BLOG_FILE
-    echo "DEFAULT_LANG=u'en'" >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'FEED_ALL_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'CATEGORY_FEED_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'TRANSLATION_FEED_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'AUTHOR_FEED_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'AUTHOR_FEED_RSS=None' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'DEFAULT_PAGINATION=False' >> $STATIC_BLOG_FILE
-    echo 'RELATIVE_URLS=True' >> $STATIC_BLOG_FILE
-    echo "THEME='themes/nice-blog'" >> $STATIC_BLOG_FILE
+    STATIC_BLOG_FILE="$1"
+
+    { echo '#!/usr/bin/env python';
+      echo '# -*- coding: utf-8 -*- #';
+      echo 'from __future__ import unicode_literals';
+      echo '';
+      echo "AUTHOR=u\"$MY_USERNAME\"";
+      echo "SITENAME=u'$DEFAULT_BLOG_TITLE'";
+      echo "SITEURL=''";
+      echo "PATH='content'";
+      echo 'TIMEZONE=u"Europe/London"';
+      echo "DEFAULT_LANG=u'en'";
+      echo '';
+      echo 'FEED_ALL_ATOM=None';
+      echo 'CATEGORY_FEED_ATOM=None';
+      echo 'TRANSLATION_FEED_ATOM=None';
+      echo 'AUTHOR_FEED_ATOM=None';
+      echo 'AUTHOR_FEED_RSS=None';
+      echo '';
+      echo 'DEFAULT_PAGINATION=False';
+      echo 'RELATIVE_URLS=True';
+      echo "THEME='themes/nice-blog'"; } > "$STATIC_BLOG_FILE"
 }
 
 function create_pelican_makefile {
-    STATIC_BLOG_FILE=$1
-
-    echo 'PY?=python' > $STATIC_BLOG_FILE
-    echo 'PELICAN?=pelican' >> $STATIC_BLOG_FILE
-    echo 'PELICANOPTS=' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'BASEDIR=$(CURDIR)' >> $STATIC_BLOG_FILE
-    echo 'INPUTDIR=$(BASEDIR)/content' >> $STATIC_BLOG_FILE
-    echo "OUTPUTDIR=$PELICAN_BLOG_PATH" >> $STATIC_BLOG_FILE
-    echo 'CONFFILE=$(BASEDIR)/pelicanconf.py' >> $STATIC_BLOG_FILE
-    echo 'PUBLISHCONF=$(BASEDIR)/publishconf.py' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'DEBUG ?= 0' >> $STATIC_BLOG_FILE
-    echo 'ifeq ($(DEBUG), 1)' >> $STATIC_BLOG_FILE
-    echo -e '\tPELICANOPTS += -D' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'RELATIVE ?= 0' >> $STATIC_BLOG_FILE
-    echo 'ifeq ($(RELATIVE), 1)' >> $STATIC_BLOG_FILE
-    echo -e '\tPELICANOPTS += --relative-urls' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'html:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'clean:' >> $STATIC_BLOG_FILE
-    echo -e '\t[ ! -d $(OUTPUTDIR) ] || rm -rf $(OUTPUTDIR)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'regenerate:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(PELICAN) -r $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'serve:' >> $STATIC_BLOG_FILE
-    echo 'ifdef PORT' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server $(PORT)' >> $STATIC_BLOG_FILE
-    echo 'else' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'serve-global:' >> $STATIC_BLOG_FILE
-    echo 'ifdef SERVER' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server 80 $(SERVER)' >> $STATIC_BLOG_FILE
-    echo 'else' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server 80 0.0.0.0' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'devserver:' >> $STATIC_BLOG_FILE
-    echo 'ifdef PORT' >> $STATIC_BLOG_FILE
-    echo -e '\t$(BASEDIR)/develop_server.sh restart $(PORT)' >> $STATIC_BLOG_FILE
-    echo 'else' >> $STATIC_BLOG_FILE
-    echo -e '\t$(BASEDIR)/develop_server.sh restart' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'stopserver:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(BASEDIR)/develop_server.sh stop' >> $STATIC_BLOG_FILE
-    echo -e '\t@echo "Stopped Pelican and SimpleHTTPServer processes running in background."' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'publish:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(PUBLISHCONF) $(PELICANOPTS)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo '.PHONY: html clean regenerate serve serve-global devserver publish' >> $STATIC_BLOG_FILE
+    STATIC_BLOG_FILE="$1"
+
+    { echo 'PY?=python';
+      echo 'PELICAN?=pelican';
+      echo 'PELICANOPTS=';
+      echo '';
+      echo "BASEDIR=\$(CURDIR)";
+      echo "INPUTDIR=\$(BASEDIR)/content";
+      echo "OUTPUTDIR=$PELICAN_BLOG_PATH";
+      echo "CONFFILE=\$(BASEDIR)/pelicanconf.py";
+      echo "PUBLISHCONF=\$(BASEDIR)/publishconf.py";
+      echo '';
+      echo 'DEBUG ?= 0';
+      echo "ifeq (\$(DEBUG), 1)";
+      echo -e '\tPELICANOPTS += -D';
+      echo 'endif';
+      echo '';
+      echo 'RELATIVE ?= 0';
+      echo "ifeq (\$(RELATIVE), 1)";
+      echo -e '\tPELICANOPTS += --relative-urls';
+      echo 'endif';
+      echo '';
+      echo 'html:';
+      echo -e "\\t\$(PELICAN) \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(CONFFILE) \$(PELICANOPTS)";
+      echo '';
+      echo 'clean:';
+      echo -e "\\t[ ! -d \$(OUTPUTDIR) ] || rm -rf \$(OUTPUTDIR)";
+      echo '';
+      echo 'regenerate:';
+      echo -e "\\t\$(PELICAN) -r \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(CONFFILE) \$(PELICANOPTS)";
+      echo '';
+      echo 'serve:';
+      echo 'ifdef PORT';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server \$(PORT)";
+      echo 'else';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server";
+      echo 'endif';
+      echo '';
+      echo 'serve-global:';
+      echo 'ifdef SERVER';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server 80 \$(SERVER)";
+      echo 'else';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server 80 0.0.0.0";
+      echo 'endif';
+      echo '';
+      echo 'devserver:';
+      echo 'ifdef PORT';
+      echo -e "\\t\$(BASEDIR)/develop_server.sh restart \$(PORT)";
+      echo 'else';
+      echo -e "\\t\$(BASEDIR)/develop_server.sh restart";
+      echo 'endif';
+      echo '';
+      echo 'stopserver:';
+      echo -e "\\t\$(BASEDIR)/develop_server.sh stop";
+      echo -e '\t@echo "Stopped Pelican and SimpleHTTPServer processes running in background."';
+      echo '';
+      echo 'publish:';
+      echo -e "\\t\$(PELICAN) \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(PUBLISHCONF) \$(PELICANOPTS)";
+      echo '';
+      echo '.PHONY: html clean regenerate serve serve-global devserver publish'; } > "$STATIC_BLOG_FILE"
 }
 
 function create_pelican_publish_conf {
     STATIC_BLOG_FILE=$1
 
-    echo '#!/usr/bin/env python' > $STATIC_BLOG_FILE
-    echo '# -*- coding: utf-8 -*- #' >> $STATIC_BLOG_FILE
-    echo 'from __future__ import unicode_literals' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'import os' >> $STATIC_BLOG_FILE
-    echo 'import sys' >> $STATIC_BLOG_FILE
-    echo 'sys.path.append(os.curdir)' >> $STATIC_BLOG_FILE
-    echo 'from pelicanconf import *' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo "SITEURL = ''" >> $STATIC_BLOG_FILE
-    echo 'RELATIVE_URLS = True' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo "FEED_ALL_ATOM = 'feeds/all.atom.xml'" >> $STATIC_BLOG_FILE
-    echo "CATEGORY_FEED_ATOM = 'feeds/%s.atom.xml'" >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'DELETE_OUTPUT_DIRECTORY = True' >> $STATIC_BLOG_FILE
+    { echo '#!/usr/bin/env python';
+      echo '# -*- coding: utf-8 -*- #';
+      echo 'from __future__ import unicode_literals';
+      echo '';
+      echo 'import os';
+      echo 'import sys';
+      echo 'sys.path.append(os.curdir)';
+      echo 'from pelicanconf import *';
+      echo '';
+      echo "SITEURL = ''";
+      echo 'RELATIVE_URLS = True';
+      echo '';
+      echo "FEED_ALL_ATOM = 'feeds/all.atom.xml'";
+      echo "CATEGORY_FEED_ATOM = 'feeds/%s.atom.xml'";
+      echo '';
+      echo 'DELETE_OUTPUT_DIRECTORY = True'; } > "$STATIC_BLOG_FILE"
 }
 
 function pelican_themes {
@@ -747,10 +756,11 @@ function pelican_themes {
 }
 
 function mesh_install_pelican {
-    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then
+    if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" && "$VARIANT" != "usb" ]]; then
         return
     fi
 
+    # shellcheck disable=SC2154
     chroot "$rootdir" apt-get -yq install python-pip
     chroot "$rootdir" pip install ipython
     chroot "$rootdir" pip install Markdown
@@ -760,34 +770,34 @@ function mesh_install_pelican {
     PELICAN_BLOG_INSTALL_DIR=/home/$MY_USERNAME/CreateBlog
     PELICAN_BLOG_PATH=/home/$MY_USERNAME/Public/Blog
 
-    if [ ! -d $rootdir$PELICAN_BLOG_INSTALL_DIR ]; then
-        mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR
+    if [ ! -d "$rootdir$PELICAN_BLOG_INSTALL_DIR" ]; then
+        mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR"
     fi
 
-    if [ ! -d $rootdir$PELICAN_BLOG_PATH ]; then
-        mkdir -p $rootdir$PELICAN_BLOG_PATH
+    if [ ! -d "$rootdir$PELICAN_BLOG_PATH" ]; then
+        mkdir -p "$rootdir$PELICAN_BLOG_PATH"
     fi
 
-    if [ ! -d $rootdir$PELICAN_BLOG_INSTALL_DIR/content/images ]; then
-        mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR/content/images
+    if [ ! -d "$rootdir$PELICAN_BLOG_INSTALL_DIR/content/images" ]; then
+        mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR/content/images"
     fi
 
-    create_pelican_conf $rootdir$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py
-    create_pelican_makefile $rootdir$PELICAN_BLOG_INSTALL_DIR/Makefile
-    create_pelican_publish_conf $rootdir$PELICAN_BLOG_INSTALL_DIR/publishconf.py
+    create_pelican_conf "$rootdir$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py"
+    create_pelican_makefile "$rootdir$PELICAN_BLOG_INSTALL_DIR/Makefile"
+    create_pelican_publish_conf "$rootdir$PELICAN_BLOG_INSTALL_DIR/publishconf.py"
 
-    mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR/themes
-    cd $rootdir$PELICAN_BLOG_INSTALL_DIR/themes
+    mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR/themes"
+    cd "$rootdir$PELICAN_BLOG_INSTALL_DIR/themes" || exit 74624524
     pelican_themes
 
     #git clone --recursive $PELICAN_PLUGINS_REPO $rootdir$PELICAN_BLOG_INSTALL_DIR/plugins
 
-    chroot "$rootdir" chown -R $MY_USERNAME:$MY_USERNAME $PELICAN_BLOG_INSTALL_DIR
-    chroot "$rootdir" chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Public
+    chroot "$rootdir" chown -R "$MY_USERNAME":"$MY_USERNAME" "$PELICAN_BLOG_INSTALL_DIR"
+    chroot "$rootdir" chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/Public"
 }
 
 function install_pelican {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_pelican
         return
     fi
@@ -800,29 +810,29 @@ function install_pelican {
 
     PELICAN_BLOG_PATH=/var/www/$PELICAN_DOMAIN_NAME/htdocs
 
-    if [ ! -d $PELICAN_BLOG_INSTALL_DIR ]; then
-        mkdir -p $PELICAN_BLOG_INSTALL_DIR
+    if [ ! -d "$PELICAN_BLOG_INSTALL_DIR" ]; then
+        mkdir -p "$PELICAN_BLOG_INSTALL_DIR"
     fi
 
     if [ ! -d $PELICAN_BLOG_PATH ]; then
         mkdir -p $PELICAN_BLOG_PATH
     fi
 
-    if [ ! -d $PELICAN_BLOG_INSTALL_DIR/content ]; then
-        mkdir -p $PELICAN_BLOG_INSTALL_DIR/content
+    if [ ! -d "$PELICAN_BLOG_INSTALL_DIR/content" ]; then
+        mkdir -p "$PELICAN_BLOG_INSTALL_DIR/content"
     fi
 
-    create_pelican_conf $PELICAN_BLOG_INSTALL_DIR/pelicanconf.py
-    create_pelican_makefile $PELICAN_BLOG_INSTALL_DIR/Makefile
-    create_pelican_publish_conf $PELICAN_BLOG_INSTALL_DIR/publishconf.py
+    create_pelican_conf "$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py"
+    create_pelican_makefile "$PELICAN_BLOG_INSTALL_DIR/Makefile"
+    create_pelican_publish_conf "$PELICAN_BLOG_INSTALL_DIR/publishconf.py"
 
-    mkdir -p $PELICAN_THEMES_REPO $PELICAN_BLOG_INSTALL_DIR/themes
-    cd $PELICAN_THEMES_REPO $PELICAN_BLOG_INSTALL_DIR/themes
+    mkdir -p "$PELICAN_THEMES_REPO" "$PELICAN_BLOG_INSTALL_DIR/themes"
+    cd "$PELICAN_BLOG_INSTALL_DIR/themes" || exit 45357282883
     pelican_themes
 
     #git clone --recursive $PELICAN_PLUGINS_REPO $PELICAN_BLOG_INSTALL_DIR/plugins
 
-    chown -R $MY_USERNAME:$MY_USERNAME $PELICAN_BLOG_INSTALL_DIR
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "$PELICAN_BLOG_INSTALL_DIR"
     chown -R www-data:www-data $PELICAN_BLOG_PATH
 
     pelican_editor_config
@@ -834,7 +844,7 @@ function install_pelican {
     install_pelican_website_onion
 
     pelican_regenerate_blog
-    if [ ! -d $PELICAN_BLOG_INSTALL_DIR/output ]; then
+    if [ ! -d "$PELICAN_BLOG_INSTALL_DIR/output" ]; then
         echo $'Failed to generate pelican blog'
         exit 521892
     fi

src/freedombone-app-pihole

@@ -66,17 +66,17 @@ function pihole_copy_files {
     if [ ! -d /etc/.pihole ]; then
         mkdir /etc/.pihole
     fi
-    cp $INSTALL_DIR/pihole/adlists.default /etc/.pihole/adlists.default
-    cp $INSTALL_DIR/pihole/adlists.default $piholeDir/adlists.default
+    cp "$INSTALL_DIR/pihole/adlists.default" /etc/.pihole/adlists.default
+    cp "$INSTALL_DIR/pihole/adlists.default" $piholeDir/adlists.default
     if [ ! -f $PIHOLE_CUSTOM_ADLIST ]; then
-        cp $INSTALL_DIR/pihole/adlists.default $PIHOLE_CUSTOM_ADLIST
+        cp "$INSTALL_DIR/pihole/adlists.default" $PIHOLE_CUSTOM_ADLIST
     fi
-    cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename
+    cp "$INSTALL_DIR/pihole/advanced/Scripts/*" /opt/$piholeBasename
     if [ -f /etc/dnsmasq.d/01-pihole.conf ]; then
         rm /etc/dnsmasq.d/01-pihole.conf
     fi
-    cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole
-    cp $INSTALL_DIR/pihole/gravity.sh /opt/$piholeBasename
+    cp "$INSTALL_DIR/pihole/advanced/pihole.cron" /etc/cron.d/pihole
+    cp "$INSTALL_DIR/pihole/gravity.sh" /opt/$piholeBasename
     chmod +x /opt/pihole/*.sh
 }
 
@@ -95,7 +95,7 @@ function pihole_update {
         return
     fi
 
-    if [ ! -f $HOME/${PROJECT_NAME}-wifi.cfg ]; then
+    if [ ! -f "$HOME/${PROJECT_NAME}-wifi.cfg" ]; then
         PIHOLE_IFACE=eth0
     else
         read_config_param WIFI_INTERFACE
@@ -114,13 +114,13 @@ function pihole_update {
     echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars}
     echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars}
 
-    echo 'domain-needed' > /etc/dnsmasq.conf
-    echo 'bogus-priv' >> /etc/dnsmasq.conf
-    echo 'no-resolv' >> /etc/dnsmasq.conf
-    echo "server=${PIHOLE_DNS1}" >> /etc/dnsmasq.conf
-    echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf
-    echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf
-    echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf
+    { echo 'domain-needed';
+      echo 'bogus-priv';
+      echo 'no-resolv';
+      echo "server=${PIHOLE_DNS1}";
+      echo "server=${PIHOLE_DNS2}";
+      echo "interface=${PIHOLE_IFACE}";
+      echo 'listen-address=127.0.0.1'; } > /etc/dnsmasq.conf
 
     pihole -g
     systemctl restart dnsmasq
@@ -132,8 +132,7 @@ function pihole_update {
 }
 
 function pihole_change_upstream_dns {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Ad Blocker Upstream DNS" \
            --radiolist $"Pick a domain name service (DNS):" 28 50 19 \
            1 $"Digital Courage" on \
@@ -154,13 +153,15 @@ function pihole_change_upstream_dns {
            16 $"DNS.Watch" off \
            17 $"uncensoreddns.org" off \
            18 $"Lorraine Data Network" off \
-           19 $"Google" off 2> $data
+           19 $"Google" off 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) PIHOLE_DNS1='85.214.73.63'
            PIHOLE_DNS2='213.73.91.35'
            ;;
@@ -218,10 +219,12 @@ function pihole_change_upstream_dns {
         19) PIHOLE_DNS1='8.8.8.8'
             PIHOLE_DNS2='4.4.4.4'
             dialog --title $"WARNING" \
-                   --msgbox $"\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\n\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
+                   --msgbox $"\\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\\n\\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
             ;;
-        255) exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
+    rm -f "$data"
     write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1"
     write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2"
 }
@@ -252,8 +255,7 @@ function pihole_resume {
 function configure_interactive_pihole {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Ad Blocker" \
                --radiolist $"Choose an operation:" 16 70 7 \
@@ -263,13 +265,15 @@ function configure_interactive_pihole {
                4 $"Change upstream DNS servers" off \
                5 $"Pause blocker" off \
                6 $"Resume blocker" off \
-               7 $"Exit" on 2> $data
+               7 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) editor $PIHOLE_CUSTOM_ADLIST
                update_pihole_interactive
                ;;
@@ -286,8 +290,10 @@ function configure_interactive_pihole {
                ;;
             6) pihole_resume
                ;;
-            7) break;;
+            7) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -306,7 +312,7 @@ function upgrade_pihole {
     fi
 
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
+    set_repo_commit "$INSTALL_DIR/pihole" "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
 
     pihole_copy_files
     pihole_update
@@ -367,8 +373,8 @@ function remove_pihole {
         rm /etc/cron.d/pihole
     fi
 
-    if [ -d $INSTALL_DIR/pihole ]; then
-        rm -rf $INSTALL_DIR/pihole
+    if [ -d "$INSTALL_DIR/pihole" ]; then
+        rm -rf "$INSTALL_DIR/pihole"
     fi
 
     firewall_remove 53
@@ -391,27 +397,27 @@ function install_pihole {
 
     systemctl enable dnsmasq
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
-    if [ ! -d $INSTALL_DIR/pihole ]; then
-        cd $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR/pihole" ]; then
+        cd "$INSTALL_DIR" || exit 78245624527
 
         if [ -d /repos/pihole ]; then
             mkdir pihole
             cp -r -p /repos/pihole/. pihole
-            cd pihole
+            cd pihole || exit 24572424684
             git pull
         else
             git_clone $PIHOLE_REPO pihole
         fi
 
-        if [ ! -d $INSTALL_DIR/pihole ]; then
+        if [ ! -d "$INSTALL_DIR/pihole" ]; then
             exit 523925
         fi
-        cd $INSTALL_DIR/pihole
-        git checkout $PIHOLE_COMMIT -b $PIHOLE_COMMIT
+        cd "$INSTALL_DIR/pihole" || exit 2682468242
+        git checkout "$PIHOLE_COMMIT" -b "$PIHOLE_COMMIT"
         set_completion_param "pihole commit" "$PIHOLE_COMMIT"
     fi
 
@@ -420,21 +426,21 @@ function install_pihole {
     fi
 
     # blank file which takes the place of ads
-    echo '<html>' > /var/www/pihole/htdocs/index.html
-    echo '<body>' >> /var/www/pihole/htdocs/index.html
-    echo '</body>' >> /var/www/pihole/htdocs/index.html
-    echo '</html>' >> /var/www/pihole/htdocs/index.html
+    { echo '<html>';
+      echo '<body>';
+      echo '</body>';
+      echo '</html>'; } > /var/www/pihole/htdocs/index.html
 
-    if [ ! -f $INSTALL_DIR/pihole/gravity.sh ]; then
+    if [ ! -f "$INSTALL_DIR/pihole/gravity.sh" ]; then
         exit 26738
     fi
-    cp $INSTALL_DIR/pihole/gravity.sh /usr/local/bin/gravity.sh
+    cp "$INSTALL_DIR/pihole/gravity.sh" /usr/local/bin/gravity.sh
     chmod 755 /usr/local/bin/gravity.sh
 
-    if [ ! -f $INSTALL_DIR/pihole/pihole ]; then
+    if [ ! -f "$INSTALL_DIR/pihole/pihole" ]; then
         exit 52935
     fi
-    cp $INSTALL_DIR/pihole/pihole /usr/local/bin/pihole
+    cp "$INSTALL_DIR/pihole/pihole" /usr/local/bin/pihole
     chmod 755 /usr/local/bin/pihole
 
     if [ ! -d $piholeDir ]; then

src/freedombone-app-privatebin

@@ -56,7 +56,7 @@ function secure_privatebin {
     find "${pbpath}/" -type d -print0 | xargs -0 chmod 0550
 
     chown -R ${rootuser}:${htgroup} "${pbpath}/"
-    chown -R www-data:www-data ${pbdata}
+    chown -R www-data:www-data "${pbdata}"
 }
 
 function logging_on_privatebin {
@@ -68,63 +68,65 @@ function logging_off_privatebin {
 }
 
 function remove_user_privatebin {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_privatebin {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
 
     echo '0'
 }
 
 function install_interactive_privatebin {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         PRIVATEBIN_DOMAIN_NAME='privatebin.local'
     else
         PRIVATEBIN_DETAILS_COMPLETE=
         while [ ! $PRIVATEBIN_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"PrivateBin Configuration" \
-                       --form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
                        $"Code:" 2 1 "$(grep 'PRIVATEBIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"PrivateBin Configuration" \
-                       --form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            PRIVATEBIN_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $PRIVATEBIN_DOMAIN_NAME ]; then
-                if [[ $PRIVATEBIN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+            PRIVATEBIN_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
+                if [[ "$PRIVATEBIN_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     PRIVATEBIN_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$PRIVATEBIN_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $PRIVATEBIN_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$PRIVATEBIN_DOMAIN_NAME" ]]; then
                     PRIVATEBIN_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        PRIVATEBIN_CODE=$(cat $data | sed -n 2p)
+                        PRIVATEBIN_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$PRIVATEBIN_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             PRIVATEBIN_DOMAIN_NAME=
                         fi
                     fi
@@ -133,6 +135,7 @@ function install_interactive_privatebin {
             if [ $PRIVATEBIN_DOMAIN_NAME ]; then
                 PRIVATEBIN_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         write_config_param "PRIVATEBIN_CODE" "$PRIVATEBIN_CODE"
@@ -142,8 +145,9 @@ function install_interactive_privatebin {
 }
 
 function change_password_privatebin {
-    curr_username="$1"
-    new_user_password="$2"
+#    curr_username="$1"
+#    new_user_password="$2"
+    echo -n ''
 }
 
 function reconfigure_privatebin {
@@ -156,13 +160,13 @@ function upgrade_privatebin {
         return
     fi
 
-    if grep -q "privatebin domain" $COMPLETION_FILE; then
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
         PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs "privatebin commit" "$PRIVATEBIN_COMMIT" $PRIVATEBIN_REPO
+    set_repo_commit "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" "privatebin commit" "$PRIVATEBIN_COMMIT" "$PRIVATEBIN_REPO"
 
     secure_privatebin
 }
@@ -170,40 +174,40 @@ function upgrade_privatebin {
 
 function backup_local_privatebin {
     PRIVATEBIN_DOMAIN_NAME='privatebin'
-    if grep -q "privatebin domain" $COMPLETION_FILE; then
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
         PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
     fi
 
-    source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"
 
     function_check suspend_site
-    suspend_site ${PRIVATEBIN_DOMAIN_NAME}
+    suspend_site "${PRIVATEBIN_DOMAIN_NAME}"
 
     function_check backup_directory_to_usb
     dest_directory=privatebin
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     function_check restart_site
     restart_site
 }
 
 function restore_local_privatebin {
-    if ! grep -q "privatebin domain" $COMPLETION_FILE; then
+    if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then
         return
     fi
     PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
-    if [ $PRIVATEBIN_DOMAIN_NAME ]; then
+    if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
         echo $"Restoring privatebin"
         temp_restore_dir=/root/tempprivatebin
-        privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
+        privatebin_dir="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"
 
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir privatebin
         if [ -d $temp_restore_dir ]; then
-            if [ -d cp $temp_restore_dir$privatebin_dir ]; then
-                cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/
+            if [ -d "$temp_restore_dir$privatebin_dir" ]; then
+                cp -rp "$temp_restore_dir$privatebin_dir/*" "$privatebin_dir/"
             else
-                cp -rp $temp_restore_dir/* $privatebin_dir/
+                cp -rp "$temp_restore_dir/*" "$privatebin_dir/"
             fi
             secure_privatebin
             rm -rf $temp_restore_dir
@@ -215,39 +219,39 @@ function restore_local_privatebin {
 
 function backup_remote_privatebin {
     PRIVATEBIN_DOMAIN_NAME='privatebin'
-    if grep -q "privatebin domain" $COMPLETION_FILE; then
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
         PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
     fi
 
-    source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"
 
     function_check suspend_site
-    suspend_site ${PRIVATEBIN_DOMAIN_NAME}
+    suspend_site "${PRIVATEBIN_DOMAIN_NAME}"
 
     function_check backup_directory_to_friend
     dest_directory=privatebin
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     function_check restart_site
     restart_site
 }
 
 function restore_remote_privatebin {
-    if ! grep -q "privatebin domain" $COMPLETION_FILE; then
+    if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then
         return
     fi
     PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
-    if [ $PRIVATEBIN_DOMAIN_NAME ]; then
+    if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
         temp_restore_dir=/root/tempprivatebin
         privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
 
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir privatebin
         if [ -d $temp_restore_dir ]; then
-            if [ -d cp $temp_restore_dir$privatebin_dir ]; then
-                cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/
+            if [ -d "$temp_restore_dir$privatebin_dir" ]; then
+                cp -rp "$temp_restore_dir$privatebin_dir/*" "$privatebin_dir/"
             else
-                cp -rp $temp_restore_dir/* $privatebin_dir/
+                cp -rp "$temp_restore_dir/*" "$privatebin_dir/"
             fi
             secure_privatebin
             rm -rf $temp_restore_dir
@@ -262,14 +266,14 @@ function remove_privatebin {
     read_config_param "PRIVATEBIN_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $PRIVATEBIN_DOMAIN_NAME"
-    nginx_dissite $PRIVATEBIN_DOMAIN_NAME
-    remove_certs $PRIVATEBIN_DOMAIN_NAME
+    nginx_dissite "$PRIVATEBIN_DOMAIN_NAME"
+    remove_certs "$PRIVATEBIN_DOMAIN_NAME"
 
-    if [ -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then
-        rm -rf /var/www/$PRIVATEBIN_DOMAIN_NAME
+    if [ -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$PRIVATEBIN_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME"
     fi
     function_check remove_onion_service
     remove_onion_service privatebin ${PRIVATEBIN_ONION_PORT}
@@ -278,18 +282,18 @@ function remove_privatebin {
     fi
     remove_app privatebin
     remove_completion_param install_privatebin
-    sed -i '/privatebin/d' $COMPLETION_FILE
+    sed -i '/privatebin/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $PRIVATEBIN_DOMAIN_NAME
+    remove_ddns_domain "$PRIVATEBIN_DOMAIN_NAME"
 }
 
 function install_privatebin {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [ ! $PRIVATEBIN_DOMAIN_NAME ]; then
+    if [ ! "$PRIVATEBIN_DOMAIN_NAME" ]; then
         echo $'No domain name was given for privatebin'
         exit 7359
     fi
@@ -298,153 +302,153 @@ function install_privatebin {
     apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
     apt-get -yq install php-libsodium libsodium18 php-mcrypt
 
-    if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then
-        mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME
+    if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/privatebin ]; then
-            mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-            cp -r -p /repos/privatebin/. /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-            cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/privatebin/. "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
+            cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 3468246824
             git pull
         else
             function_check git_clone
-            git_clone $PRIVATEBIN_REPO /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
+            git_clone "$PRIVATEBIN_REPO" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone privatebin repo'
             exit 63763873
         fi
     fi
 
-    cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-    git checkout $PRIVATEBIN_COMMIT -b $PRIVATEBIN_COMMIT
+    cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 24682462
+    git checkout "$PRIVATEBIN_COMMIT" -b "$PRIVATEBIN_COMMIT"
     set_completion_param "privatebin commit" "$PRIVATEBIN_COMMIT"
 
-    chmod g+w /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
 
     function_check add_ddns_domain
-    add_ddns_domain $PRIVATEBIN_DOMAIN_NAME
+    add_ddns_domain "$PRIVATEBIN_DOMAIN_NAME"
 
     PRIVATEBIN_ONION_HOSTNAME=$(add_onion_service privatebin 80 ${PRIVATEBIN_ONION_PORT})
 
     privatebin_nginx_site=/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $PRIVATEBIN_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $privatebin_nginx_site
-        echo '  listen 443 ssl;' >> $privatebin_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $privatebin_nginx_site
-        echo "  server_name $PRIVATEBIN_DOMAIN_NAME;" >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
+        nginx_http_redirect "$PRIVATEBIN_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $PRIVATEBIN_DOMAIN_NAME;";
+          echo ''; } >> "$privatebin_nginx_site"
         function_check nginx_compress
-        nginx_compress $PRIVATEBIN_DOMAIN_NAME
-        echo '' >> $privatebin_nginx_site
-        echo '  # Security' >> $privatebin_nginx_site
+        nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
+        echo '' >> "$privatebin_nginx_site"
+        echo '  # Security' >> "$privatebin_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $PRIVATEBIN_DOMAIN_NAME
+        nginx_ssl "$PRIVATEBIN_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME
-
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  # Logs' >> $privatebin_nginx_site
-        echo '  access_log /dev/null;' >> $privatebin_nginx_site
-        echo '  error_log /dev/null;' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  index index.php;' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  location ~ \.php {' >> $privatebin_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $privatebin_nginx_site
-        echo '  }' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  # Location' >> $privatebin_nginx_site
-        echo '  location / {' >> $privatebin_nginx_site
+        nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
+
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.php;';
+          echo '';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$privatebin_nginx_site"
         function_check nginx_limits
-        nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site
-        echo '  }' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $privatebin_nginx_site
-        echo '    deny all;' >> $privatebin_nginx_site
-        echo '  }' >> $privatebin_nginx_site
-        echo '}' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
+        nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m'
+        { echo '    try_files $uri $uri/ @privatebin;';
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '}';
+          echo ''; } >> "$privatebin_nginx_site"
     else
-        echo -n '' > $privatebin_nginx_site
+        echo -n '' > "$privatebin_nginx_site"
     fi
-    echo 'server {' >> $privatebin_nginx_site
-    echo "    listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;" >> $privatebin_nginx_site
-    echo "    server_name $PRIVATEBIN_ONION_HOSTNAME;" >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;";
+      echo "    server_name $PRIVATEBIN_ONION_HOSTNAME;";
+      echo ''; } >> "$privatebin_nginx_site"
     function_check nginx_compress
-    nginx_compress $PRIVATEBIN_DOMAIN_NAME
-    echo '' >> $privatebin_nginx_site
+    nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
+    echo '' >> "$privatebin_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME
-    echo '' >> $privatebin_nginx_site
-    echo '  # Logs' >> $privatebin_nginx_site
-    echo '  access_log /dev/null;' >> $privatebin_nginx_site
-    echo '  error_log /dev/null;' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  index index.php;' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  location ~ \.php {' >> $privatebin_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $privatebin_nginx_site
-    echo '  }' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  # Location' >> $privatebin_nginx_site
-    echo '  location / {' >> $privatebin_nginx_site
+    nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$privatebin_nginx_site"
     function_check nginx_limits
-    nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site
-    echo '  }' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $privatebin_nginx_site
-    echo '    deny all;' >> $privatebin_nginx_site
-    echo '  }' >> $privatebin_nginx_site
-    echo '}' >> $privatebin_nginx_site
+    nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m'
+    { echo '    try_files $uri $uri/ @privatebin;';
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$privatebin_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $PRIVATEBIN_DOMAIN_NAME 'yes'
+    create_site_certificate "$PRIVATEBIN_DOMAIN_NAME" 'yes'
 
     function_check nginx_ensite
-    nginx_ensite $PRIVATEBIN_DOMAIN_NAME
+    nginx_ensite "$PRIVATEBIN_DOMAIN_NAME"
 
-    cp /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
+    cp "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
 
     # Change some defaults
-    sed -i 's|; qrcode|qrcode|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|default =.*|default = "1day"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|languagedefault =.*|languagedefault = "en"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|1week =|; 1week =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|1month =|; 1month =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|1year =|; 1year =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|never =|; never =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|limit = 10|limit = 30|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|limit = 300|limit = 0|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|batchsize =.*|batchsize = 100|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|sizelimit =.*|sizelimit = 32768|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-
-    mkdir -p /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data
+    sed -i 's|; qrcode|qrcode|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|default =.*|default = "1day"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|languagedefault =.*|languagedefault = "en"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|1week =|; 1week =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|1month =|; 1month =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|1year =|; 1year =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|never =|; never =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|limit = 10|limit = 30|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|limit = 300|limit = 0|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|batchsize =.*|batchsize = 100|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|sizelimit =.*|sizelimit = 32768|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+
+    mkdir -p "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data"
 
     secure_privatebin
 

src/freedombone-app-profanity

@@ -57,12 +57,13 @@ function logging_off_profanity {
 }
 
 function remove_user_profanity {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_profanity {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
 
     echo '0'
 }
@@ -82,19 +83,19 @@ function change_password_profanity {
 
     read_config_param DEFAULT_DOMAIN_NAME
 
-    ${PROJECT_NAME}-pass -u $curr_username -a xmpp -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a xmpp -p "$new_user_password"
 
     # TODO: this is currently interactive. Really there needs to be a
     # non-interactive password change option for prosodyctl
     clear
     echo ''
     echo $'Currently Prosody requires password changes to be done interactively'
-    prosodyctl passwd ${curr_username}@${DEFAULT_DOMAIN_NAME}
+    prosodyctl passwd "${curr_username}@${DEFAULT_DOMAIN_NAME}"
 
     XMPP_CLIENT_DIR=/home/$curr_username/.local/share/profanity
     XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
-    if [ -f $XMPP_CLIENT_ACCOUNTS ]; then
-        sed -i "s|password=.*|password=$new_user_password|g" $XMPP_CLIENT_ACCOUNTS
+    if [ -f "$XMPP_CLIENT_ACCOUNTS" ]; then
+        sed -i "s|password=.*|password=$new_user_password|g" "$XMPP_CLIENT_ACCOUNTS"
     fi
 }
 
@@ -110,11 +111,11 @@ function upgrade_profanity {
 
     rm -rf /tmp/*
 
-    CURR_LIBMESODE_COMMIT=$(cat $COMPLETION_FILE | grep "libmesode commit" | awk -F ':' '{print $2}')
+    CURR_LIBMESODE_COMMIT=$(grep "libmesode commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     if [[ "$CURR_LIBMESODE_COMMIT" != "$LIBMESODE_COMMIT" ]]; then
         function_check set_repo_commit
-        set_repo_commit $INSTALL_DIR/libmesode "libmesode commit" "$LIBMESODE_COMMIT" $LIBMESODE_REPO
-        cd $INSTALL_DIR/libmesode
+        set_repo_commit "$INSTALL_DIR/libmesode" "libmesode commit" "$LIBMESODE_COMMIT" $LIBMESODE_REPO
+        cd "$INSTALL_DIR/libmesode" || exit 42682682
         ./bootstrap.sh
         ./configure
         make
@@ -124,42 +125,42 @@ function upgrade_profanity {
 
     rm -rf /tmp/*
 
-    CURR_PROFANITY_COMMIT=$(cat $COMPLETION_FILE | grep "profanity commit" | awk -F ':' '{print $2}')
+    CURR_PROFANITY_COMMIT=$(grep "profanity commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     if [[ "$CURR_PROFANITY_COMMIT" != "$PROFANITY_COMMIT" ]]; then
         function_check set_repo_commit
-        set_repo_commit $INSTALL_DIR/profanity "profanity commit" "$PROFANITY_COMMIT" $PROFANITY_REPO
-        cd $INSTALL_DIR/profanity
+        set_repo_commit "$INSTALL_DIR/profanity" "profanity commit" "$PROFANITY_COMMIT" $PROFANITY_REPO
+        cd "$INSTALL_DIR/profanity" || exit 248242684
         ./bootstrap.sh
         ./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver
         make
         make install
     fi
 
-    CURR_PROFANITY_OMEMO_PLUGIN_COMMIT=$(cat $COMPLETION_FILE | grep "profanity omemo plugin commit" | awk -F ':' '{print $2}')
+    CURR_PROFANITY_OMEMO_PLUGIN_COMMIT=$(grep "profanity omemo plugin commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     if [[ "$CURR_PROFANITY_OMEMO_PLUGIN_COMMIT" != "$PROFANITY_OMEMO_PLUGIN_COMMIT" ]]; then
         # upgrade omemo plugins for all users
-        set_repo_commit $INSTALL_DIR/profanity-omemo-plugin "profanity omemo plugin commit" "$PROFANITY_OMEMO_PLUGIN_COMMIT" $PROFANITY_OMEMO_PLUGIN_REPO
-        cd $INSTALL_DIR/profanity-omemo-plugin
-        sed -i 's|python setup.py|python2.7 setup.py|g' $INSTALL_DIR/profanity-omemo-plugin/install.sh
+        set_repo_commit "$INSTALL_DIR/profanity-omemo-plugin" "profanity omemo plugin commit" "$PROFANITY_OMEMO_PLUGIN_COMMIT" $PROFANITY_OMEMO_PLUGIN_REPO
+        cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 2468246284
+        sed -i 's|python setup.py|python2.7 setup.py|g' "$INSTALL_DIR/profanity-omemo-plugin/install.sh"
         pip uninstall -y profanity-omemo-plugin
         ./install.sh
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME/.local/share/profanity/plugins ]; then
-                    mkdir -p /home/$USERNAME/.local/share/profanity/plugins
+                if [ ! -d "/home/$USERNAME/.local/share/profanity/plugins" ]; then
+                    mkdir -p "/home/$USERNAME/.local/share/profanity/plugins"
                 fi
-                if [ -f $INSTALL_DIR/profanity-omemo-plugin/omemo.py ]; then
-                    rm $INSTALL_DIR/profanity-omemo-plugin/omemo.*
+                if [ -f "$INSTALL_DIR/profanity-omemo-plugin/omemo.py" ]; then
+                    rm "$INSTALL_DIR/profanity-omemo-plugin/omemo.*"
                 fi
-                cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /home/$USERNAME/.local/share/profanity/plugins
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/.local
+                cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/home/$USERNAME/.local/share/profanity/plugins"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.local"
             fi
         done
         if [ -f /etc/skel/.local/share/profanity/plugins/omemo.py ]; then
             rm /etc/skel/.local/share/profanity/plugins/omemo.*
         fi
-        cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /etc/skel/.local/share/profanity/plugins
+        cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/etc/skel/.local/share/profanity/plugins"
     fi
 
     chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_*
@@ -183,11 +184,11 @@ function restore_remote_profanity {
 
 function remove_profanity {
     if [ -f /usr/local/bin/profanity ]; then
-        cd $INSTALL_DIR/profanity
+        cd "$INSTALL_DIR/profanity" || exit 4628462848
         make uninstall
 
         remove_completion_param install_profanity
-        sed -i '/profanity/d' $COMPLETION_FILE
+        sed -i '/profanity/d' "$COMPLETION_FILE"
     fi
 }
 
@@ -197,8 +198,8 @@ function install_profanity {
         return
     fi
     # install profanity from source in order to get OMEMO support
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
     apt-get -yq install automake autoconf autoconf-archive libtool build-essential
@@ -207,15 +208,15 @@ function install_profanity {
 
     # dependency for profanity not available in debian
     if [ -d /repos/libmesode ]; then
-        mkdir $INSTALL_DIR/libmesode
-        cp -r -p /repos/libmesode/. $INSTALL_DIR/libmesode
-        cd $INSTALL_DIR/libmesode
+        mkdir "$INSTALL_DIR/libmesode"
+        cp -r -p /repos/libmesode/. "$INSTALL_DIR/libmesode"
+        cd "$INSTALL_DIR/libmesode" || exit 46287642846872
         git pull
     else
-        git_clone $LIBMESODE_REPO $INSTALL_DIR/libmesode
+        git_clone "$LIBMESODE_REPO" "$INSTALL_DIR/libmesode"
     fi
 
-    cd $INSTALL_DIR/libmesode
+    cd "$INSTALL_DIR/libmesode" || exit 2468246284
     git checkout $LIBMESODE_COMMIT -b $LIBMESODE_COMMIT
     ./bootstrap.sh
     ./configure
@@ -225,15 +226,15 @@ function install_profanity {
 
     # build profanity
     if [ -d /repos/profanity ]; then
-        mkdir $INSTALL_DIR/profanity
-        cp -r -p /repos/profanity/. $INSTALL_DIR/profanity
-        cd $INSTALL_DIR/profanity
+        mkdir "$INSTALL_DIR/profanity"
+        cp -r -p /repos/profanity/. "$INSTALL_DIR/profanity"
+        cd "$INSTALL_DIR/profanity" || exit 2468246824
         git pull
     else
-        git_clone $PROFANITY_REPO $INSTALL_DIR/profanity
+        git_clone "$PROFANITY_REPO" "$INSTALL_DIR/profanity"
     fi
 
-    cd $INSTALL_DIR/profanity
+    cd "$INSTALL_DIR/profanity" || exit 54287452858
     git checkout $PROFANITY_COMMIT -b $PROFANITY_COMMIT
     ./bootstrap.sh
     ./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver
@@ -249,116 +250,116 @@ function install_profanity {
     apt-get -yq install python-pip python-setuptools clang libffi-dev libssl-dev python-dev
 
     if [ -d /repos/profanity-omemo ]; then
-        mkdir $INSTALL_DIR/profanity-omemo-plugin
-        cp -r -p /repos/profanity-omemo/. $INSTALL_DIR/profanity-omemo-plugin
-        cd $INSTALL_DIR/profanity-omemo-plugin
+        mkdir "$INSTALL_DIR/profanity-omemo-plugin"
+        cp -r -p /repos/profanity-omemo/. "$INSTALL_DIR/profanity-omemo-plugin"
+        cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 24682462842
         git pull
     else
-        git_clone $PROFANITY_OMEMO_PLUGIN_REPO $INSTALL_DIR/profanity-omemo-plugin
+        git_clone "$PROFANITY_OMEMO_PLUGIN_REPO" "$INSTALL_DIR/profanity-omemo-plugin"
     fi
 
-    cd $INSTALL_DIR/profanity-omemo-plugin
+    cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 6428468248
     git checkout $PROFANITY_OMEMO_PLUGIN_COMMIT -b $PROFANITY_OMEMO_PLUGIN_COMMIT
-    if [ ! -f $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py ]; then
+    if [ ! -f "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" ]; then
         echo $'prof_omemo_plugin.py not found'
         exit 389225
     fi
-    sed -i 's|python setup.py|python2.7 setup.py|g' $INSTALL_DIR/profanity-omemo-plugin/install.sh
+    sed -i 's|python setup.py|python2.7 setup.py|g' "$INSTALL_DIR/profanity-omemo-plugin/install.sh"
     ./install.sh
 
     mkdir -p /etc/skel/.local/share/profanity/plugins
-    cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /etc/skel/.local/share/profanity/plugins
-    cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /home/$MY_USERNAME/.local/share/profanity/plugins
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
+    cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" /etc/skel/.local/share/profanity/plugins
+    cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" /home/$MY_USERNAME/.local/share/profanity/plugins
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.local"
 
     XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
     XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
-    if [ ! -d $XMPP_CLIENT_DIR ]; then
-        mkdir -p $XMPP_CLIENT_DIR
+    if [ ! -d "$XMPP_CLIENT_DIR" ]; then
+        mkdir -p "$XMPP_CLIENT_DIR"
     fi
 
     XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
-    MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$DEFAULT_DOMAIN_NAME")
+    #MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$DEFAULT_DOMAIN_NAME")
 
     if [[ $ONION_ONLY == 'no' ]]; then
-        echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS
-        echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
-        echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS
-        # There is a bug where profanity doesn't refresh the screen
-        # after gpg-agent has asked for a password, so for now
-        # don't set the gpg key by default
-        #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS
-        echo "pgp.keyid=" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.service=chat.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+        { echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]";
+          echo 'enabled=true';
+          echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}";
+          echo "server=$XMPP_ONION_HOSTNAME";
+          # There is a bug where profanity doesn't refresh the screen
+          # after gpg-agent has asked for a password, so for now
+          # don't set the gpg key by default
+          #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID";
+          echo "pgp.keyid=";
+          echo 'resource=profanity';
+          echo "muc.service=chat.${DEFAULT_DOMAIN_NAME}";
+          echo "muc.nick=${MY_USERNAME}";
+          echo 'presence.last=online';
+          echo 'presence.login=online';
+          echo 'priority.online=0';
+          echo 'priority.chat=0';
+          echo 'priority.away=0';
+          echo 'priority.xa=0';
+          echo 'priority.dnd=0'; } > "$XMPP_CLIENT_ACCOUNTS"
         if [ ${#XMPP_PASSWORD} -gt 2 ]; then
-            echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+            echo "password=$XMPP_PASSWORD" >> "$XMPP_CLIENT_ACCOUNTS"
         fi
     fi
 
     if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
-        echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS
+        echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> "$XMPP_CLIENT_ACCOUNTS"
         if [[ $ONION_ONLY == 'no' ]]; then
-            echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS
+            echo 'enabled=false' >> "$XMPP_CLIENT_ACCOUNTS"
         else
-            echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
+            echo 'enabled=true' >> "$XMPP_CLIENT_ACCOUNTS"
         fi
-        echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS
-        # There is a bug where profanity doesn't refresh the screen
-        # after gpg-agent has asked for a password, so for now
-        # don't set the gpg key by default
-        #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS
-        echo "pgp.keyid=" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.service=${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+        { echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}";
+          echo "server=$XMPP_ONION_HOSTNAME";
+          # There is a bug where profanity doesn't refresh the screen
+          # after gpg-agent has asked for a password, so for now
+          # don't set the gpg key by default
+          #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID";
+          echo "pgp.keyid=";
+          echo 'resource=profanity';
+          echo "muc.service=${XMPP_ONION_HOSTNAME}";
+          echo "muc.nick=${MY_USERNAME}";
+          echo 'presence.last=online';
+          echo 'presence.login=online';
+          echo 'priority.online=0';
+          echo 'priority.chat=0';
+          echo 'priority.away=0';
+          echo 'priority.xa=0';
+          echo 'priority.dnd=0'; } >> "$XMPP_CLIENT_ACCOUNTS"
         if [ ${#XMPP_PASSWORD} -gt 2 ]; then
-            echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+            echo "password=$XMPP_PASSWORD" >> "$XMPP_CLIENT_ACCOUNTS"
         fi
     fi
 
-    if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
-        mkdir -p /home/$MY_USERNAME/.config/profanity
+    if [ ! -d "/home/$MY_USERNAME/.config/profanity" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/profanity"
     fi
-    echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
+    echo '[connection]' > "/home/$MY_USERNAME/.config/profanity/profrc"
     if [[ $ONION_ONLY == 'no' ]]; then
-        echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
+        echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> "/home/$MY_USERNAME/.config/profanity/profrc"
     else
-        echo "account=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
+        echo "account=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> "/home/$MY_USERNAME/.config/profanity/profrc"
     fi
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[plugins]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'load=prof_omemo_plugin.py;' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[otr]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'policy=opportunistic' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'log=off' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[pgp]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'log=off' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[ui]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'enc.warn=true' >> /home/$MY_USERNAME/.config/profanity/profrc
-
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    { echo '';
+      echo '[plugins]';
+      echo 'load=prof_omemo_plugin.py;';
+      echo '';
+      echo '[otr]';
+      echo 'policy=opportunistic';
+      echo 'log=off';
+      echo '';
+      echo '[pgp]';
+      echo 'log=off';
+      echo '';
+      echo '[ui]';
+      echo 'enc.warn=true'; } >> "/home/$MY_USERNAME/.config/profanity/profrc"
+
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.local"
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
 
     chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_*
     APP_INSTALLED=1

src/freedombone-app-radicale

@@ -61,15 +61,15 @@ function logging_off_radicale {
 function remove_user_radicale {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp radicale
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp radicale
 
     if grep -q "${remove_username}:" ${RADICALE_USERS}; then
         sed -i "/${remove_username}:/d" ${RADICALE_USERS}
-        if [ -d /var/www/radicale/collections/${remove_username} ]; then
-            rm -rf /var/www/radicale/collections/${remove_username}
+        if [ -d "/var/www/radicale/collections/${remove_username}" ]; then
+            rm -rf "/var/www/radicale/collections/${remove_username}"
         fi
-        if [ -f /var/www/radicale/collections/${remove_username}.props ]; then
-            rm /var/www/radicale/collections/${remove_username}.props
+        if [ -f "/var/www/radicale/collections/${remove_username}.props" ]; then
+            rm "/var/www/radicale/collections/${remove_username}.props"
         fi
         systemctl restart radicale
     fi
@@ -79,7 +79,7 @@ function add_user_radicale {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a radicale -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a radicale -p "$new_user_password"
 
     if [ ! -f ${RADICALE_USERS} ]; then
         touch ${RADICALE_USERS}
@@ -88,13 +88,13 @@ function add_user_radicale {
     if ! grep -q "$new_username:" ${RADICALE_USERS}; then
         htpasswd -bd ${RADICALE_USERS} "$new_username" "$new_user_password"
 
-        echo '{"ICAL:calendar-color": "#9e50df"}' > /var/www/radicale/collections/${new_username}.props
-        mkdir /var/www/radicale/collections/${new_username}
-        echo '{"ICAL:calendar-color": "#de631a", "tag": "VCALENDAR"}' > /var/www/radicale/collections/${new_username}/calendar.props
-        echo 'BEGIN:VCALENDAR' > /var/www/radicale/collections/${new_username}/calendar
-        echo 'PRODID:-//Radicale//NONSGML Radicale Server//EN' >> /var/www/radicale/collections/${new_username}/calendar
-        echo 'VERSION:2.0' >> /var/www/radicale/collections/${new_username}/calendar
-        echo 'END:VCALENDAR' >> /var/www/radicale/collections/${new_username}/calendar
+        echo '{"ICAL:calendar-color": "#9e50df"}' > "/var/www/radicale/collections/${new_username}.props"
+        mkdir "/var/www/radicale/collections/${new_username}"
+        echo '{"ICAL:calendar-color": "#de631a", "tag": "VCALENDAR"}' > "/var/www/radicale/collections/${new_username}/calendar.props"
+        { echo 'BEGIN:VCALENDAR';
+          echo 'PRODID:-//Radicale//NONSGML Radicale Server//EN';
+          echo 'VERSION:2.0';
+          echo 'END:VCALENDAR'; } >> "/var/www/radicale/collections/${new_username}/calendar"
 
         chown -R www-data:www-data /var/www/radicale
         chmod -R 755 /var/www/radicale/*
@@ -107,7 +107,7 @@ function change_password_radicale {
     existing_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $existing_username -a radicale -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$existing_username" -a radicale -p "$new_user_password"
 
     if grep -q "${existing_username}:" ${RADICALE_USERS}; then
         sed -i "/${existing_username}:/d" ${RADICALE_USERS}
@@ -127,14 +127,14 @@ function reconfigure_radicale {
     rm -rf /var/log/radicale/*
 
     # create an admin password
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        RADICALE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        RADICALE_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
     add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a radicale -p "$RADICALE_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD"
 
     touch /var/log/radicale/radicale.log
     chown -R www-data:www-data /var/log/radicale
@@ -145,7 +145,7 @@ function upgrade_radicale {
         return
     fi
 
-    if ! grep -q "radicale version:" $COMPLETION_FILE; then
+    if ! grep -q "radicale version:" "$COMPLETION_FILE"; then
         return
     fi
 
@@ -155,7 +155,7 @@ function upgrade_radicale {
     fi
 
     # get the source
-    cd /var/www/radicale
+    cd /var/www/radicale || exit 62784628468
     wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz
 
     # check the hash
@@ -170,7 +170,7 @@ function upgrade_radicale {
         exit 73529
     fi
     rm Radicale-${RADICALE_VERSION}.tar.gz
-    cd Radicale-${RADICALE_VERSION}
+    cd "Radicale-${RADICALE_VERSION}" || exit 264824684
 
     # move the old command
     mv /usr/local/bin/radicale /usr/local/bin/radicale_previous
@@ -186,9 +186,9 @@ function upgrade_radicale {
     fi
 
     # remove the old source
-    rm -rf Radicale-${CURR_RADICALE_VERSION}
+    rm -rf "Radicale-${CURR_RADICALE_VERSION}" || exit 6842684282
 
-    sed -i "s|radicale version.*|radicale version:$RADICALE_VERSION|g" ${COMPLETION_FILE}
+    sed -i "s|radicale version.*|radicale version:$RADICALE_VERSION|g" "${COMPLETION_FILE}"
     chown -R www-data:www-data /var/www/radicale
     systemctl restart radicale
     systemctl restart nginx
@@ -219,6 +219,7 @@ function restore_local_radicale {
         else
             cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check backup_unmount_drive
             backup_unmount_drive
@@ -233,6 +234,7 @@ function restore_local_radicale {
         else
             cp -r $temp_restore_dir/* /var/www/radicale/*
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check backup_unmount_drive
             backup_unmount_drive
@@ -264,6 +266,7 @@ function restore_remote_radicale {
         else
             cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 236746
         fi
@@ -276,6 +279,7 @@ function restore_remote_radicale {
         else
             cp -r $temp_restore_dir/* /var/www/radicale
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 3674284
         fi
@@ -332,17 +336,17 @@ function remove_radicale {
     fi
 
     remove_completion_param install_radicale
-    sed -i '/radicale/d' $COMPLETION_FILE
-    sed -i '/# Start radicale/,/# End radicale/d' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+    sed -i '/radicale/d' "$COMPLETION_FILE"
+    sed -i '/# Start radicale/,/# End radicale/d' "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
     systemctl restart nginx
 }
 
 function install_radicale {
     if [[ $ONION_ONLY == 'no' ]]; then
         # obtain a cert for the default domain
-        if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
+        if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then
             echo $'Obtaining certificate for the main domain'
-            create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
+            create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
         fi
     fi
 
@@ -368,7 +372,7 @@ function install_radicale {
     fi
 
     # get the source
-    cd /var/www/radicale
+    cd /var/www/radicale || exit 462874628
     wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz
 
     # check the hash
@@ -383,7 +387,7 @@ function install_radicale {
         exit 623252
     fi
     rm Radicale-${RADICALE_VERSION}.tar.gz
-    cd Radicale-${RADICALE_VERSION}
+    cd "Radicale-${RADICALE_VERSION}" || exit 872462842
     python setup.py install
     if [ ! -f /usr/local/bin/radicale ]; then
         echo $'Radicale did not install'
@@ -398,52 +402,52 @@ function install_radicale {
     fi
 
     # create the configuration
-    echo '[server]' >  ${RADICALE_DIRECTORY}/config
-    echo 'hosts=localhost:52322' >> ${RADICALE_DIRECTORY}/config
-    echo 'ssl = False' >> ${RADICALE_DIRECTORY}/config
-    echo 'daemon = False' >> ${RADICALE_DIRECTORY}/config
-    echo 'base_prefix=/radicale/' >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '[storage]' >> ${RADICALE_DIRECTORY}/config
-    echo 'type = filesystem' >> ${RADICALE_DIRECTORY}/config
-    echo "filesystem_folder = /var/www/radicale/collections" >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '[well-known]' >> ${RADICALE_DIRECTORY}/config
-    echo "caldav = '/%(user)s/caldav/'" >> ${RADICALE_DIRECTORY}/config
-    echo "carddav = '/%(user)s/carddav/'" >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '#[auth]' >> ${RADICALE_DIRECTORY}/config
-    echo '#imap_hostname = localhost' >> ${RADICALE_DIRECTORY}/config
-    echo '#imap_port = 143' >> ${RADICALE_DIRECTORY}/config
-    echo '#imap_ssl = False' >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '[logging]' >> ${RADICALE_DIRECTORY}/config
-    echo 'debug = False' >> ${RADICALE_DIRECTORY}/config
+    { echo '[server]';
+      echo 'hosts=localhost:52322';
+      echo 'ssl = False';
+      echo 'daemon = False';
+      echo 'base_prefix=/radicale/';
+      echo '';
+      echo '[storage]';
+      echo 'type = filesystem';
+      echo "filesystem_folder = /var/www/radicale/collections";
+      echo '';
+      echo '[well-known]';
+      echo "caldav = '/%(user)s/caldav/'";
+      echo "carddav = '/%(user)s/carddav/'";
+      echo '';
+      echo '#[auth]';
+      echo '#imap_hostname = localhost';
+      echo '#imap_port = 143';
+      echo '#imap_ssl = False';
+      echo '';
+      echo '[logging]';
+      echo 'debug = False'; } > "${RADICALE_DIRECTORY}/config"
 
     # create an admin password
     if [ ${#RADICALE_PASSWORD} -lt 8 ]; then
-        if [ -f $IMAGE_PASSWORD_FILE ]; then
-            RADICALE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+        if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+            RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            RADICALE_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
     add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD"
 
-    echo '[Unit]' > /etc/systemd/system/radicale.service
-    echo 'Description=Radicale CalDAV Server' >> /etc/systemd/system/radicale.service
-    echo 'After=network.target' >> /etc/systemd/system/radicale.service
-    echo '' >> /etc/systemd/system/radicale.service
-    echo '[Service]' >> /etc/systemd/system/radicale.service
-    echo 'Type=simple' >> /etc/systemd/system/radicale.service
-    echo 'User=www-data' >> /etc/systemd/system/radicale.service
-    echo 'Group=www-data' >> /etc/systemd/system/radicale.service
-    echo "ExecStart=/usr/local/bin/radicale --config ${RADICALE_DIRECTORY}/config" >> /etc/systemd/system/radicale.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/radicale.service
-    echo 'RestartSec=10' >> /etc/systemd/system/radicale.service
-    echo '' >> /etc/systemd/system/radicale.service
-    echo '[Install]' >> /etc/systemd/system/radicale.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/radicale.service
+    { echo '[Unit]';
+      echo 'Description=Radicale CalDAV Server';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=www-data';
+      echo 'Group=www-data';
+      echo "ExecStart=/usr/local/bin/radicale --config ${RADICALE_DIRECTORY}/config";
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/radicale.service
 
     addresses_str=$"Addresses"
     echo "{\"tag\": \"VADDRESSBOOK\", \"D:displayname\": \"${addresses_str}\"}" > /var/www/radicale/collections/addresses.props
@@ -461,107 +465,107 @@ function install_radicale {
     systemctl enable radicale
     systemctl start radicale
 
-    if [ ! -f /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} ]; then
+    if [ ! -f "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" ]; then
         # create a new site config
         RADICALE_ONION_HOSTNAME=$(add_onion_service radicale 80 ${RADICALE_ONION_PORT})
 
         if [[ $ONION_ONLY == 'no' ]]; then
-            echo 'server {' > /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo "    listen 443 ssl;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo "    #listen [::]:443 ssl;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            { echo 'server {';
+              echo "    listen 443 ssl;";
+              echo "    #listen [::]:443 ssl;";
+              echo ''; } > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
             function_check nginx_ssl
-            nginx_ssl ${DEFAULT_DOMAIN_NAME} mobile
+            nginx_ssl "${DEFAULT_DOMAIN_NAME}" mobile
             function_check nginx_disable_sniffing
-            nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo "    server_name ${DEFAULT_DOMAIN_NAME};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}"
+            { echo '';
+              echo "    server_name ${DEFAULT_DOMAIN_NAME};";
+
+              echo '';
+              echo '    access_log /dev/null;';
+              echo '    error_log /dev/null;';
+              echo '';
+              echo '    # Start radicale';
+              echo '    location @radicale {';
+              echo '        auth_basic "Radicale";';
+              echo '        auth_basic_user_file /var/www/radicale/users;';
+              echo '        proxy_pass http://localhost:52322;';
+              echo '        proxy_buffering off;';
+              echo "        proxy_set_header Host \$host;";
+              echo "        proxy_set_header X-Real-IP \$remote_addr;";
+              echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+              echo "        proxy_set_header X-Forwarded-Proto \$scheme;";
+              echo '    }';
+              echo '';
+              echo '    location /radicale {';
+              echo "        try_files \$uri @radicale;";
+              echo '    }';
+              echo '';
+              echo '    location /.well-known/carddav {';
+              echo "        try_files \$uri @radicale;";
+              echo '    }';
+              echo '';
+              echo '    location /.well-known/caldav {';
+              echo "        try_files \$uri @radicale;";
+              echo '    }';
+              echo '    # End radicale';
+              echo '}';
+              echo ''; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
         else
-            echo -n '' > /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo -n '' > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
         fi
-        echo 'server {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo "    listen localhost:${RADICALE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo "    server_name ${RADICALE_ONION_HOSTNAME};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        { echo 'server {';
+          echo "    listen localhost:${RADICALE_ONION_PORT} default_server;";
+          echo '';
+          echo "    server_name ${RADICALE_ONION_HOSTNAME};";
+          echo '';
+          echo '    access_log /dev/null;';
+          echo '    error_log /dev/null;';
+          echo '';
+          echo '    # Start radicale';
+          echo '    location @radicale {';
+          echo '        auth_basic "Radicale";';
+          echo '        auth_basic_user_file /var/www/radicale/users;';
+          echo '        proxy_pass http://localhost:52322;';
+          echo '        proxy_buffering off;';
+          echo "        proxy_set_header Host \$host;";
+          echo "        proxy_set_header X-Real-IP \$remote_addr;";
+          echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo "        proxy_set_header X-Forwarded-Proto \$scheme;";
+          echo '    }';
+          echo '';
+          echo '    location /radicale {';
+          echo "        try_files \$uri @radicale;";
+          echo '    }';
+          echo '';
+          echo '    location /.well-known/carddav {';
+          echo "        try_files \$uri @radicale;";
+          echo '    }';
+          echo '';
+          echo '    location /.well-known/caldav {';
+          echo "        try_files \$uri @radicale;";
+          echo '    }';
+          echo '    # End radicale';
+          echo '}'; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
 
         set_completion_param "radicale onion domain" "${RADICALE_ONION_HOSTNAME}"
     else
         # alter the existing site config
-        if ! grep -q "# Start radicale" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}; then
-            sed -i '/]:443/a    # Start radicale\n  location @radicale {\n    auth_basic "Radicale";\n    auth_basic_user_file \/var\/www\/radicale\/users;\n    proxy_pass http:\/\/localhost:52322;\n    proxy_buffering off;\n    proxy_set_header Host $host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n  }\n\n  location \/radicale {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/carddav {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/caldav {\n      try_files $uri @radicale;\n  }\n  # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            sed -i '/listen localhost/a    # Start radicale\n  location @radicale {\n    auth_basic "Radicale";\n    auth_basic_user_file \/var\/www\/radicale\/users;\n    proxy_pass http:\/\/localhost:52322;\n    proxy_buffering off;\n    proxy_set_header Host $host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n  }\n\n  location \/radicale {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/carddav {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/caldav {\n      try_files $uri @radicale;\n  }\n  # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        if ! grep -q "# Start radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"; then
+            sed -i "/]:443/a    # Start radicale\\n  location @radicale {\\n    auth_basic \"Radicale\";\\n    auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n    proxy_pass http:\\/\\/localhost:52322;\\n    proxy_buffering off;\\n    proxy_set_header Host $host;\\n    proxy_set_header X-Real-IP $remote_addr;\\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\\n    proxy_set_header X-Forwarded-Proto $scheme;\\n  }\\n\\n  location \\/radicale {\\n      try_files $uri @radicale;\\n  }\n\n  location \\/.well-known\\/carddav {\\n      try_files $uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/caldav {\\n      try_files $uri @radicale;\\n  }\n  # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
+            sed -i "/listen localhost/a    # Start radicale\\n  location @radicale {\\n    auth_basic \"Radicale\";\\n    auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n    proxy_pass http:\\/\\/localhost:52322;\\n    proxy_buffering off;\\n    proxy_set_header Host $host;\\n    proxy_set_header X-Real-IP $remote_addr;\\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\\n    proxy_set_header X-Forwarded-Proto $scheme;\\n  }\\n\\n  location \/radicale {\\n      try_files $uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/carddav {\\n      try_files $uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/caldav {\\n      try_files $uri @radicale;\\n  }\\n  # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
         fi
     fi
 
     # create a certificate
-    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-        if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
-            ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --dhkey ${DH_KEYLENGTH}
-            check_certificates $DEFAULT_DOMAIN_NAME
+    if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
+        if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
+            "${PROJECT_NAME}-addcert" -h "$DEFAULT_DOMAIN_NAME" --dhkey "${DH_KEYLENGTH}"
+            check_certificates "$DEFAULT_DOMAIN_NAME"
         fi
     fi
 
-    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
         sed -i "s|radicale.crt|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale
         sed -i "s|radicale.pem|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale
     fi
@@ -572,13 +576,13 @@ function install_radicale {
 
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a radicale -p "$RADICALE_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD"
 
     # keep track of the version so we can check for upgrades
-    if ! grep -q "radicale version:" ${COMPLETION_FILE}; then
-        echo "radicale version:${RADICALE_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "radicale version:" "${COMPLETION_FILE}"; then
+        echo "radicale version:${RADICALE_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|radicale version.*|radicale version:${RADICALE_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|radicale version.*|radicale version:${RADICALE_VERSION}|g" "${COMPLETION_FILE}"
     fi
 
     APP_INSTALLED=1

src/freedombone-app-riot

@@ -76,39 +76,40 @@ function install_interactive_riot {
         RIOT_DETAILS_COMPLETE=
         while [ ! $RIOT_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Riot Web user interface for Matrix" \
-                       --form $"\nPlease enter your details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
+                       --form $"\\nPlease enter your details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
                        $"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
                        $"Code:" 2 1 "$(grep 'RIOT_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Riot Web user interface for Matrix" \
-                       --form $"\nPlease enter your details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
+                       --form $"\\nPlease enter your details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
                        $"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            RIOT_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $RIOT_DOMAIN_NAME ]; then
+            RIOT_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$RIOT_DOMAIN_NAME" ]; then
                 TEST_DOMAIN_NAME=$RIOT_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $RIOT_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$RIOT_DOMAIN_NAME" ]]; then
                     RIOT_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        RIOT_CODE=$(cat $data | sed -n 2p)
+                        RIOT_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$RIOT_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             RIOT_DOMAIN_NAME=
                         fi
                     fi
@@ -117,6 +118,7 @@ function install_interactive_riot {
             if [ $RIOT_DOMAIN_NAME ]; then
                 RIOT_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -132,14 +134,14 @@ function reconfigure_riot {
 
 function riot_download {
     # download
-    if [ ! -f $INSTALL_DIR/${RIOT_FILENAME}.tar.gz ]; then
-        wget ${RIOT_DOWNLOAD_URL}/${RIOT_FILENAME}.tar.gz -O $INSTALL_DIR/${RIOT_FILENAME}.tar.gz
+    if [ ! -f "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" ]; then
+        wget "${RIOT_DOWNLOAD_URL}/${RIOT_FILENAME}.tar.gz" -O "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz"
     fi
-    if [ ! -f $INSTALL_DIR/${RIOT_FILENAME}.tar.gz ]; then
+    if [ ! -f "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" ]; then
         echo $'Unable to download Riot Web from releases'
         exit 62836
     fi
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 2468724628
 
     # check the hash
     curr_hash=$(sha256sum ${RIOT_FILENAME}.tar.gz | awk -F ' ' '{print $1}')
@@ -149,17 +151,17 @@ function riot_download {
     fi
 
     tar -xzvf ${RIOT_FILENAME}.tar.gz
-    if [ ! -d $INSTALL_DIR/${RIOT_FILENAME} ]; then
+    if [ ! -d "$INSTALL_DIR/${RIOT_FILENAME}" ]; then
         echo $'Unable to extract Riot Web tarball'
         exit 542826
     fi
-    cp -r $INSTALL_DIR/${RIOT_FILENAME}/* /var/www/$RIOT_DOMAIN_NAME/htdocs
+    cp -r "$INSTALL_DIR/${RIOT_FILENAME}/*" "/var/www/$RIOT_DOMAIN_NAME/htdocs"
 
-    chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$RIOT_DOMAIN_NAME/htdocs"
 }
 
 function upgrade_riot {
-    if ! grep -q 'riot version:' $COMPLETION_FILE; then
+    if ! grep -q 'riot version:' "$COMPLETION_FILE"; then
         return
     fi
 
@@ -171,7 +173,7 @@ function upgrade_riot {
     fi
 
     riot_download
-    sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" ${COMPLETION_FILE}
+    sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" "${COMPLETION_FILE}"
     riot_remove_bad_links
 
     systemctl restart nginx
@@ -207,7 +209,7 @@ function remove_riot {
     fi
 
     remove_completion_param install_riot
-    sed -i '/riot /d' $COMPLETION_FILE
+    sed -i '/riot /d' "$COMPLETION_FILE"
 }
 
 function install_riot {
@@ -216,7 +218,7 @@ function install_riot {
     fi
 
     # check that matrix has been installed
-    if [ ! $MATRIX_DOMAIN_NAME ]; then
+    if [ ! "$MATRIX_DOMAIN_NAME" ]; then
         exit 687292
     fi
     if [[ "$MATRIX_DOMAIN_NAME" != *'.'* ]]; then
@@ -235,32 +237,32 @@ function install_riot {
         mkdir -p /var/www/$RIOT_DOMAIN_NAME/htdocs
     fi
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
     fi
 
     riot_download
 
-    cd /var/www/$RIOT_DOMAIN_NAME/htdocs
+    cd "/var/www/$RIOT_DOMAIN_NAME/htdocs" || exit 4628462876
 
-    if [[ $ONION_ONLY == 'no' ]]; then
+    if [[ "$ONION_ONLY" == 'no' ]]; then
         riot_config_file="config.${RIOT_DOMAIN_NAME}.json"
         cp config.sample.json $riot_config_file
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" $riot_config_file
-        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," $riot_config_file
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" "$riot_config_file"
+        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," "$riot_config_file"
     else
         riot_config_file="config.${MATRIX_ONION_DOMAIN_NAME}.json"
-        cp config.sample.json $riot_config_file
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" $riot_config_file
-        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," $riot_config_file
+        cp config.sample.json "$riot_config_file"
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" "$riot_config_file"
+        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," "$riot_config_file"
     fi
-    sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" $riot_config_file
-    sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" $riot_config_file
-    sed -i 's|https://piwik.riot.im/||g' $riot_config_file
+    sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" "$riot_config_file"
+    sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" "$riot_config_file"
+    sed -i 's|https://piwik.riot.im/||g' "$riot_config_file"
 
     RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})
 
@@ -268,68 +270,68 @@ function install_riot {
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
         nginx_http_redirect $RIOT_DOMAIN_NAME
-        echo 'server {' >> $riot_nginx_site
-        echo '  listen 443 ssl;' >> $riot_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $riot_nginx_site
-        echo "  server_name $RIOT_DOMAIN_NAME;" >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  # Security' >> $riot_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $RIOT_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> $riot_nginx_site
         function_check nginx_ssl
         nginx_ssl $RIOT_DOMAIN_NAME
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing $RIOT_DOMAIN_NAME
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  # Logs' >> $riot_nginx_site
-        echo '  access_log /dev/null;' >> $riot_nginx_site
-        echo '  error_log /dev/null;' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  # Root' >> $riot_nginx_site
-        echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;" >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  index index.html;' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  location / {' >> $riot_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.html;';
+          echo '';
+          echo '  location / {'; } >> $riot_nginx_site
         function_check nginx_limits
         nginx_limits $RIOT_DOMAIN_NAME '15m'
-        echo '  }' >> $riot_nginx_site
-        echo '}' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
+        { echo '  }';
+          echo '}';
+          echo ''; } >> $riot_nginx_site
     else
         echo -n '' > $riot_nginx_site
     fi
-    echo 'server {' >> $riot_nginx_site
-    echo "    listen 127.0.0.1:$RIOT_ONION_PORT default_server;" >> $riot_nginx_site
-    echo "    server_name $RIOT_ONION_HOSTNAME;" >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$RIOT_ONION_PORT default_server;";
+      echo "    server_name $RIOT_ONION_HOSTNAME;";
+      echo ''; } >> $riot_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $RIOT_DOMAIN_NAME
-    echo '' >> $riot_nginx_site
-    echo '  # Logs' >> $riot_nginx_site
-    echo '  access_log /dev/null;' >> $riot_nginx_site
-    echo '  error_log /dev/null;' >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
-    echo '  # Root' >> $riot_nginx_site
-    echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;" >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
-    echo '  index index.html;' >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
-    echo '  location / {' >> $riot_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.html;';
+      echo '';
+      echo '  location / {'; } >> $riot_nginx_site
     function_check nginx_limits
     nginx_limits $RIOT_DOMAIN_NAME '15m'
-    echo '  }' >> $riot_nginx_site
-    echo '}' >> $riot_nginx_site
+    echo '  }' >> "$riot_nginx_site"
+    echo '}' >> "$riot_nginx_site"
 
-    sed '/Content-Security-Policy/d' $riot_nginx_site
-    sed -i 's| DENY;| SAMEORIGIN;|g' $riot_nginx_site
-    sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' $riot_nginx_site
-    sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=20 nodelay;|g' $riot_nginx_site
+    sed '/Content-Security-Policy/d' "$riot_nginx_site"
+    sed -i 's| DENY;| SAMEORIGIN;|g' "$riot_nginx_site"
+    sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' "$riot_nginx_site"
+    sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=20 nodelay;|g' "$riot_nginx_site"
 
     function_check create_site_certificate
-    if [ ! -f /etc/ssl/certs/${RIOT_DOMAIN_NAME}.pem ]; then
-        create_site_certificate $RIOT_DOMAIN_NAME 'yes'
+    if [ ! -f "/etc/ssl/certs/${RIOT_DOMAIN_NAME}.pem" ]; then
+        create_site_certificate "$RIOT_DOMAIN_NAME" 'yes'
     fi
 
     function_check nginx_ensite
@@ -344,10 +346,10 @@ function install_riot {
     systemctl restart nginx
 
     set_completion_param "riot domain" "$RIOT_DOMAIN_NAME"
-    if ! grep -q "riot version:" ${COMPLETION_FILE}; then
-        echo "riot version:${RIOT_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "riot version:" "${COMPLETION_FILE}"; then
+        echo "riot version:${RIOT_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|riot version.*|riot version:${RIOT_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|riot version.*|riot version:${RIOT_VERSION}|g" "${COMPLETION_FILE}"
     fi
     APP_INSTALLED=1
 }

src/freedombone-app-rss

@@ -62,12 +62,13 @@ function logging_off_rss {
 }
 
 function remove_user_rss {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_rss {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
     echo '0'
 }
 
@@ -77,26 +78,27 @@ function install_interactive_rss {
 }
 
 function change_password_rss {
-    curr_username="$1"
-    new_user_password="$2"
+    echo -n ''
+#    curr_username="$1"
+#    new_user_password="$2"
 
     #${PROJECT_NAME}-pass -u "$curr_username" -a rss -p "$new_user_password"
 }
 
 function rss_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        RSS_READER_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
-            RSS_READER_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$RSS_READER_ADMIN_PASSWORD" ]; then
+            RSS_READER_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
+    if [ ! "$RSS_READER_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME
+    create_database ttrss "$RSS_READER_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_rss {
@@ -131,8 +133,8 @@ function upgrade_rss {
         # remove any previous install
         if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
             if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then
-                sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
-                sed -i '/rss mobile reader commit/d' $COMPLETION_FILE
+                sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE"
+                sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE"
                 rm -rf $RSS_READER_PATH/g2ttree-mobile
             fi
         fi
@@ -184,6 +186,7 @@ function restore_local_rss {
                 fi
                 cp -r $temp_restore_dir/* /etc/share/tt-rss/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 function_check set_user_permissions
                 set_user_permissions
@@ -207,14 +210,14 @@ function restore_local_rss {
     function_check rss_modifications
     rss_modifications
 
-    if [ -d $USB_MOUNT/backup/ttrss ]; then
+    if [ -d "$USB_MOUNT/backup/ttrss" ]; then
         chown -R www-data:www-data /etc/share/tt-rss
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
     fi
 
-    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+    MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
     sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
     MARIADB_PASSWORD=
 }
@@ -245,7 +248,7 @@ function backup_remote_rss {
 
 function restore_remote_rss {
     temp_restore_dir=/root/tempttrss
-    if grep -q "rss reader domain" $COMPLETION_FILE; then
+    if grep -q "rss reader domain" "$COMPLETION_FILE"; then
         echo $"Restoring ttrss"
         function_check get_mariadb_password
         get_mariadb_password
@@ -263,6 +266,7 @@ function restore_remote_rss {
                 fi
                 cp -r $temp_restore_dir/* /etc/share/tt-rss/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 6391
             fi
@@ -280,14 +284,14 @@ function restore_remote_rss {
         function_check rss_modifications
         rss_modifications
 
-        if [ -d $SERVER_DIRECTORY/backup/ttrss ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/ttrss" ]; then
             chown -R www-data:www-data /etc/share/tt-rss
         fi
         if [ -d /root/tempttrss ]; then
             rm -rf /root/tempttrss
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
         MARIADB_PASSWORD=
 
@@ -313,9 +317,9 @@ function remove_rss {
     function_check drop_database
     drop_database ttrss
     remove_completion_param install_rss
-    sed -i '/RSS /d' $COMPLETION_FILE
-    sed -i '/rss /d' $COMPLETION_FILE
-    sed -i '/rss_/d' $COMPLETION_FILE
+    sed -i '/RSS /d' "$COMPLETION_FILE"
+    sed -i '/rss /d' "$COMPLETION_FILE"
+    sed -i '/rss_/d' "$COMPLETION_FILE"
     remove_backup_database_local ttrss
 }
 
@@ -329,15 +333,15 @@ function rss_modifications {
 
     # ensure that socks5 proxy is used
     if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/plugins/af_unburn/init.php; then
-        sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/plugins/af_unburn/init.php
+        sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/plugins/af_unburn/init.php"
         rss_modified=1
     fi
     if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/include/functions.php; then
-        sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/include/functions.php
+        sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/include/functions.php"
         rss_modified=1
     fi
     if [ $rss_modified ]; then
-        cd $RSS_READER_PATH
+        cd $RSS_READER_PATH || exit 564286428
         git commit -a -m"Modify for Tor proxying"
     fi
     chown -R www-data:www-data $RSS_READER_PATH
@@ -358,12 +362,12 @@ function install_rss_main {
     if [ ! -d /etc/share ]; then
         mkdir /etc/share
     fi
-    cd /etc/share
+    cd /etc/share || exit 46284628
 
     if [ -d /repos/rss ]; then
         mkdir tt-rss
         cp -r -p /repos/rss/. tt-rss
-        cd tt-rss
+        cd tt-rss || exit 462846822
         git pull
     else
         function_check git_clone
@@ -374,7 +378,7 @@ function install_rss_main {
         echo $'Could not clone RSS reader repo'
         exit 52925
     fi
-    cd $RSS_READER_PATH
+    cd $RSS_READER_PATH || exit 42479825792593
     git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
     set_completion_param "rss reader commit" "$RSS_READER_COMMIT"
 
@@ -397,151 +401,151 @@ function install_rss_main {
     USE_V2_ONION_ADDRESS=1
     RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service mobilerss 80 ${RSS_MOBILE_READER_ONION_PORT})
 
-    echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  server_name $RSS_MOBILE_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  access_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  error_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  root /etc/share/ttrss-mobile;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  index index.html index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location /tt-rss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    try_files $uri $uri/ @ttrss_base;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    rewrite ^(.*)$ /index.html?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location @ttrss_base {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  server_name $RSS_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  access_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  error_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  root /etc/share/tt-rss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  if ($mobile_rewrite = perform) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "    rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    break;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;";
+      echo "  server_name $RSS_MOBILE_READER_ONION_HOSTNAME;";
+      echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /etc/share/ttrss-mobile;';
+      echo '  index index.html index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  location / {';
+      echo "    try_files \$uri \$uri/ @ttrss;";
+      echo '  }';
+      echo '  location /tt-rss {';
+      echo "    try_files \$uri \$uri/ @ttrss_base;";
+      echo '  }';
+      echo '';
+      echo '  location @ttrss {';
+      echo "    rewrite ^(.*)\$ /index.html?p=\$1 last;";
+      echo '  }';
+      echo '  location @ttrss_base {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  location ~ /\.(git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Robots-Tag none;';
+      echo '  add_header X-Download-Options noopen;';
+      echo '  add_header X-Permitted-Cross-Domain-Policies none;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  client_max_body_size 15m;';
+      echo '}';
+      echo '';
+      echo 'server {';
+      echo "  listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;";
+      echo "  server_name $RSS_READER_ONION_HOSTNAME;";
+      echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /etc/share/tt-rss;';
+      echo '  index index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo "  set \$mobile_rewrite do_not_perform;";
+      echo '';
+      echo '  ## chi http_user_agent for mobile / smart phones ##';
+      echo "  if (\$http_user_agent ~* \"(android|bb\\d+|meego).+mobile|avantgo|bada\\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino\") {";
+      echo "    set \$mobile_rewrite perform;";
+      echo '  }';
+      echo '';
+      echo "  if (\$http_user_agent ~* \"^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\\-(n|u)|c55\\/|capi|ccwa|cdm\\-|cell|chtm|cldc|cmd\\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\\-s|devi|dica|dmob|do(c|p)o|ds(12|\\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\\-|_)|g1 u|g560|gene|gf\\-5|g\\-mo|go(\\.w|od)|gr(ad|un)|haie|hcit|hd\\-(m|p|t)|hei\\-|hi(pt|ta)|hp( i|ip)|hs\\-c|ht(c(\\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\\-(20|go|ma)|i230|iac( |\\-|\\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\\/)|klon|kpt |kwc\\-|kyo(c|k)|le(no|xi)|lg( g|\\/(k|l|u)|50|54|\\-[a-w])|libw|lynx|m1\\-w|m3ga|m50\\/|ma(te|ui|xo)|mc(01|21|ca)|m\\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\\-2|po(ck|rt|se)|prox|psio|pt\\-g|qa\\-a|qc(07|12|21|32|60|\\-[2-7]|i\\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\\-|oo|p\\-)|sdk\\/|se(c(\\-|0|1)|47|mc|nd|ri)|sgh\\-|shar|sie(\\-|m)|sk\\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\\-|v\\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\\-|tdg\\-|tel(i|m)|tim\\-|t\-mo|to(pl|sh)|ts(70|m\\-|m3|m5)|tx\\-9|up(\\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\\-|your|zeto|zte\\-)\") {";
+      echo "    set \$mobile_rewrite perform;";
+      echo '  }';
+      echo '';
+      echo "  if (\$mobile_rewrite = perform) {";
+      echo "    rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;";
+      echo '    break;';
+      echo '  }';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '  }';
+      echo '';
+      echo '  location / {';
+      echo "    try_files \$uri \$uri/ @ttrss;";
+      echo '  }';
+      echo '';
+      echo '  location @ttrss {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  location ~ /\.(git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Robots-Tag none;';
+      echo '  add_header X-Download-Options noopen;';
+      echo '  add_header X-Permitted-Cross-Domain-Policies none;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  client_max_body_size 15m;';
+      echo '}'; } > "/etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME"
 
     if [ ! -f $RSS_READER_PATH/config.php ]; then
         # generate a config file
         RSS_FEED_CRYPT_KEY="$(create_password 24)"
-        echo '<?php' > $RSS_READER_PATH/config.php
-        echo "  define('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_NAME', 'ttrss');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_PASS', '${MARIADB_PASSWORD}');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_PORT', '3306');" >> $RSS_READER_PATH/config.php
-        echo "  define('MYSQL_CHARSET', 'UTF8');" >> $RSS_READER_PATH/config.php
-        echo "  define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');" >> $RSS_READER_PATH/config.php
-        echo "  define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');" >> $RSS_READER_PATH/config.php
-        echo "  define('SINGLE_USER_MODE', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('SIMPLE_UPDATE_MODE', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('PHP_EXECUTABLE', '/usr/bin/php');" >> $RSS_READER_PATH/config.php
-        echo "  define('LOCK_DIRECTORY', 'lock');" >> $RSS_READER_PATH/config.php
-        echo "  define('CACHE_DIR', 'cache');" >> $RSS_READER_PATH/config.php
-        echo "  define('ICONS_DIR', \"feed-icons\");" >> $RSS_READER_PATH/config.php
-        echo "  define('ICONS_URL', \"feed-icons\");" >> $RSS_READER_PATH/config.php
-        echo "  define('AUTH_AUTO_CREATE', true);" >> $RSS_READER_PATH/config.php
-        echo "  define('AUTH_AUTO_LOGIN', true);" >> $RSS_READER_PATH/config.php
-        echo "  define('FORCE_ARTICLE_PURGE', 0);" >> $RSS_READER_PATH/config.php
-        echo "  define('PUBSUBHUBBUB_HUB', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('PUBSUBHUBBUB_ENABLED', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('SPHINX_SERVER', 'localhost:9312');" >> $RSS_READER_PATH/config.php
-        echo "  define('SPHINX_INDEX', 'ttrss, delta');" >> $RSS_READER_PATH/config.php
-        echo "  define('ENABLE_REGISTRATION', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');" >> $RSS_READER_PATH/config.php
-        echo "  define('REG_MAX_USERS', 10);" >> $RSS_READER_PATH/config.php
-        echo "  define('SESSION_COOKIE_LIFETIME', 86400);" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_FROM_NAME', 'Tiny Tiny RSS');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');" >> $RSS_READER_PATH/config.php
-        echo "  define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_SERVER', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_LOGIN', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_PASSWORD', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_SECURE', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('CHECK_FOR_UPDATES', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('ENABLE_GZIP_OUTPUT', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('PLUGINS', 'auth_internal, note, gnusocial');" >> $RSS_READER_PATH/config.php
-        echo "  define('LOG_DESTINATION', 'sql');" >> $RSS_READER_PATH/config.php
-        echo "  define('CONFIG_VERSION', 26);" >> $RSS_READER_PATH/config.php
+        { echo '<?php';
+          echo "  define('_CURL_HTTP_PROXY', '127.0.0.1:9050');";
+          echo "  define('DB_TYPE', 'mysql');";
+          echo "  define('DB_HOST', 'localhost');";
+          echo "  define('DB_USER', 'root');";
+          echo "  define('DB_NAME', 'ttrss');";
+          echo "  define('DB_PASS', '${MARIADB_PASSWORD}');";
+          echo "  define('DB_PORT', '3306');";
+          echo "  define('MYSQL_CHARSET', 'UTF8');";
+          echo "  define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');";
+          echo "  define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');";
+          echo "  define('SINGLE_USER_MODE', false);";
+          echo "  define('SIMPLE_UPDATE_MODE', false);";
+          echo "  define('PHP_EXECUTABLE', '/usr/bin/php');";
+          echo "  define('LOCK_DIRECTORY', 'lock');";
+          echo "  define('CACHE_DIR', 'cache');";
+          echo "  define('ICONS_DIR', \"feed-icons\");";
+          echo "  define('ICONS_URL', \"feed-icons\");";
+          echo "  define('AUTH_AUTO_CREATE', true);";
+          echo "  define('AUTH_AUTO_LOGIN', true);";
+          echo "  define('FORCE_ARTICLE_PURGE', 0);";
+          echo "  define('PUBSUBHUBBUB_HUB', '');";
+          echo "  define('PUBSUBHUBBUB_ENABLED', false);";
+          echo "  define('SPHINX_SERVER', 'localhost:9312');";
+          echo "  define('SPHINX_INDEX', 'ttrss, delta');";
+          echo "  define('ENABLE_REGISTRATION', false);";
+          echo "  define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');";
+          echo "  define('REG_MAX_USERS', 10);";
+          echo "  define('SESSION_COOKIE_LIFETIME', 86400);";
+          echo "  define('SMTP_FROM_NAME', 'Tiny Tiny RSS');";
+          echo "  define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');";
+          echo "  define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');";
+          echo "  define('SMTP_SERVER', '');";
+          echo "  define('SMTP_LOGIN', '');";
+          echo "  define('SMTP_PASSWORD', '');";
+          echo "  define('SMTP_SECURE', '');";
+          echo "  define('CHECK_FOR_UPDATES', false);";
+          echo "  define('ENABLE_GZIP_OUTPUT', false);";
+          echo "  define('PLUGINS', 'auth_internal, note, gnusocial');";
+          echo "  define('LOG_DESTINATION', 'sql');";
+          echo "  define('CONFIG_VERSION', 26);"; } > $RSS_READER_PATH/config.php
     fi
 
     # initialize the database
@@ -569,28 +573,28 @@ function install_rss_main {
     systemctl restart nginx
 
     # daemon to update feeds
-    echo '[Unit]' > /etc/systemd/system/ttrss.service
-    echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service
-    echo 'After=network.target mariadb.service' >> /etc/systemd/system/ttrss.service
-    echo 'After=tor.service' >> /etc/systemd/system/ttrss.service
-    echo '' >> /etc/systemd/system/ttrss.service
-    echo '[Service]' >> /etc/systemd/system/ttrss.service
-    echo 'User=www-data' >> /etc/systemd/system/ttrss.service
-    echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon" >> /etc/systemd/system/ttrss.service
-    echo '' >> /etc/systemd/system/ttrss.service
-    echo '[Install]' >> /etc/systemd/system/ttrss.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ttrss.service
+    { echo '[Unit]';
+      echo 'Description=ttrss_backend';
+      echo 'After=network.target mariadb.service';
+      echo 'After=tor.service';
+      echo '';
+      echo '[Service]';
+      echo 'User=www-data';
+      echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ttrss.service
     systemctl enable ttrss
     systemctl daemon-reload
     systemctl start ttrss
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a rss -p "$RSS_READER_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a rss -p "$RSS_READER_ADMIN_PASSWORD"
 
     install_completed rss_main
 }
 
 function install_rss_gnusocial {
-    if [ ! $GNUSOCIAL_DOMAIN_NAME ]; then
+    if [ ! "$GNUSOCIAL_DOMAIN_NAME" ]; then
         return
     fi
 
@@ -608,19 +612,19 @@ function install_rss_gnusocial {
         return
     fi
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 7246284
     function_check git_clone
     git_clone $RSS_READER_GNUSOCIAL_REPO ttrss-gnusocial
-    if [ ! -d $INSTALL_DIR/ttrss-gnusocial ]; then
+    if [ ! -d "$INSTALL_DIR/ttrss-gnusocial" ]; then
         echo $'Could not clone repo for RSS reader gnusocial plugin'
         exit 52838
     fi
-    cp -r $INSTALL_DIR/ttrss-gnusocial $RSS_READER_GNUSOCIAL_PATH
-    cd $RSS_READER_GNUSOCIAL_PATH
+    cp -r "$INSTALL_DIR/ttrss-gnusocial" $RSS_READER_GNUSOCIAL_PATH
+    cd "$RSS_READER_GNUSOCIAL_PATH" || exit 782462424
     git checkout $RSS_READER_GNUSOCIAL_COMMIT -b $RSS_READER_GNUSOCIAL_COMMIT
     set_completion_param "rss reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT"
     chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
@@ -642,8 +646,8 @@ function install_rss_mobile_reader {
     # remove any previous install
     if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
         if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then
-            sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
-            sed -i '/rss mobile reader commit/d' $COMPLETION_FILE
+            sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE"
+            sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE"
             rm -rf $RSS_READER_PATH/g2ttree-mobile
         fi
     fi
@@ -652,12 +656,12 @@ function install_rss_mobile_reader {
         return
     fi
 
-    cd /etc/share
+    cd /etc/share || exit 7498264462
 
     if [ -d /repos/rss-mobile ]; then
         mkdir ttrss-mobile
         cp -r -p /repos/rss-mobile/. ttrss-mobile
-        cd ttrss-mobile
+        cd ttrss-mobile || exit 462846284682
         git pull
     else
         function_check git_clone
@@ -668,7 +672,7 @@ function install_rss_mobile_reader {
         echo $'Could not clone RSS mobile reader repo'
         exit 24816
     fi
-    cd $RSS_MOBILE_READER_PATH
+    cd "$RSS_MOBILE_READER_PATH" || exit 462846246824
     git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT
     set_completion_param "rss mobile reader commit" "$RSS_MOBILE_READER_COMMIT"
 

src/freedombone-app-scuttlebot

@@ -61,39 +61,44 @@ function scuttlebot_create_invite {
     invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g')
 
     clear
-    echo -e '\n\nYour Scuttlebot invite code is:\n\n'${invite_string}'\n\n'
+    echo -e "\\n\\nYour Scuttlebot invite code is:\\n\\n${invite_string}\\n\\n"
+    # shellcheck disable=SC2034
     read -n1 -r -p $"Press any key to continue..." key
 }
 
 function configure_interactive_scuttlebot {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Scuttlebot" \
                --radiolist $"Choose an operation:" 10 50 2 \
                1 $"Create an invite" off \
-               2 $"Exit" on 2> $data
+               2 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) scuttlebot_create_invite;;
-            2) break;;
+            2) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function remove_user_scuttlebot {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_scuttlebot {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
     echo '0'
 }
 
@@ -109,8 +114,8 @@ function install_interactive_scuttlebot {
 }
 
 function change_password_scuttlebot {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
     echo '0'
 }
 
@@ -123,7 +128,7 @@ function reconfigure_scuttlebot {
 }
 
 function upgrade_scuttlebot {
-    if ! grep -q 'scuttlebot version:' $COMPLETION_FILE; then
+    if ! grep -q 'scuttlebot version:' $"COMPLETION_FILE"; then
         return
     fi
 
@@ -134,11 +139,10 @@ function upgrade_scuttlebot {
         return
     fi
 
-    npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save
-    if [ ! "$?" = "0" ]; then
+    if ! npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save; then
         return
     fi
-    sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE}
+    sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
 }
 
 function backup_local_scuttlebot {
@@ -218,71 +222,72 @@ function remove_scuttlebot {
     fi
 
     remove_completion_param install_scuttlebot
-    sed -i '/scuttlebot /d' $COMPLETION_FILE
+    sed -i '/scuttlebot /d' "$COMPLETION_FILE"
 }
 
 function git_ssb_script {
     if [[ "$1" == "mesh" ]]; then
+        # shellcheck disable=SC2154
         git_ssb_script_name=$rootdir/usr/bin/git-ssb-create
         git_ssb_daemon_filename=$rootdir/etc/systemd/system/git_ssb.service
     else
         git_ssb_script_name=/usr/bin/git-ssb-create
         git_ssb_daemon_filename=/etc/systemd/system/git_ssb.service
     fi
-    echo '#!/bin/bash' > $git_ssb_script_name
-    echo 'reponame="$1"' >> $git_ssb_script_name
-    echo '' >> $git_ssb_script_name
-    echo 'if [[ "$reponame" != "" ]]; then' >> $git_ssb_script_name
-    echo '  mkdir $reponame' >> $git_ssb_script_name
-    echo '  cd $reponame' >> $git_ssb_script_name
-    echo '  git init' >> $git_ssb_script_name
-    echo '  git ssb create ssb $reponame' >> $git_ssb_script_name
-    echo '  git push --tags ssb master' >> $git_ssb_script_name
-    echo 'fi' >> $git_ssb_script_name
-    echo 'exit 0' >> $git_ssb_script_name
+    { echo '#!/bin/bash';
+      echo "reponame=\"\$1\"";
+      echo '';
+      echo "if [[ \"\$reponame\" != \"\" ]]; then";
+      echo "  mkdir \$reponame";
+      echo "  cd \$reponame";
+      echo '  git init';
+      echo "  git ssb create ssb \$reponame";
+      echo '  git push --tags ssb master';
+      echo 'fi';
+      echo 'exit 0'; } > $git_ssb_script_name
     chmod +x $git_ssb_script_name
 
-    echo '[Unit]' > $git_ssb_daemon_filename
-    echo 'Description=Git SSB (SSB git web interface)' >> $git_ssb_daemon_filename
-    echo 'After=syslog.target' >> $git_ssb_daemon_filename
-    echo 'After=network.target' >> $git_ssb_daemon_filename
-    echo 'After=scuttlebot.target' >> $git_ssb_daemon_filename
-    echo '' >> $git_ssb_daemon_filename
-    echo '[Service]' >> $git_ssb_daemon_filename
-    echo 'Type=simple' >> $git_ssb_daemon_filename
-    echo 'User=scuttlebot' >> $git_ssb_daemon_filename
-    echo 'Group=scuttlebot' >> $git_ssb_daemon_filename
-    echo "WorkingDirectory=/etc/scuttlebot" >> $git_ssb_daemon_filename
-    echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT" >> $git_ssb_daemon_filename
-    echo 'Restart=always' >> $git_ssb_daemon_filename
-    echo 'Environment="USER=scuttlebot"' >> $git_ssb_daemon_filename
-    echo '' >> $git_ssb_daemon_filename
-    echo '[Install]' >> $git_ssb_daemon_filename
-    echo 'WantedBy=multi-user.target' >> $git_ssb_daemon_filename
+    { echo '[Unit]';
+      echo 'Description=Git SSB (SSB git web interface)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo 'After=scuttlebot.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=scuttlebot';
+      echo 'Group=scuttlebot';
+      echo "WorkingDirectory=/etc/scuttlebot";
+      echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT";
+      echo 'Restart=always';
+      echo 'Environment="USER=scuttlebot"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > $git_ssb_daemon_filename
 }
 
 function scuttlebot_git_setup {
     if [[ "$1" == "mesh" ]]; then
-        if [ ! -d $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight ]; then
-            mkdir $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight
+        if [ ! -d "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight" ]; then
+            mkdir "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight"
         fi
-        if [ ! -f $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css ]; then
+        if [ ! -f "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" ]; then
             echo $'Could not find foundation.css'
             exit 347687245
         fi
-        cp $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css
+        cp "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css"
 
         git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb
-        echo 'server {' > $git_ssb_nginx_site
-        echo "  listen $NGINX_GIT_SSB_PORT default_server;" >> $git_ssb_nginx_site
-        echo "  server_name P${PEER_ID}.local;" >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
-        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
-        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
-        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
+        { echo 'server {';
+          echo "  listen $NGINX_GIT_SSB_PORT default_server;";
+          echo "  server_name P${PEER_ID}.local;";
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  add_header X-XSS-Protection "1; mode=block";';
+          echo '  add_header X-Content-Type-Options nosniff;';
+          echo '  add_header X-Frame-Options SAMEORIGIN;'; } > "$git_ssb_nginx_site"
     else
         if [ ! $SCUTTLEBOT_DOMAIN_NAME ]; then
             exit 7357225
@@ -300,15 +305,15 @@ function scuttlebot_git_setup {
         git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
         function_check nginx_http_redirect
         nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html"
-        echo 'server {' >> $git_ssb_nginx_site
-        echo '  listen 443 ssl;' >> $git_ssb_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $git_ssb_nginx_site
-        echo "  server_name $SCUTTLEBOT_DOMAIN_NAME;" >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $SCUTTLEBOT_DOMAIN_NAME;";
+          echo ''; } >> $git_ssb_nginx_site
         function_check nginx_compress
         nginx_compress $SCUTTLEBOT_DOMAIN_NAME
-        echo '' >> $git_ssb_nginx_site
-        echo '  # Security' >> $git_ssb_nginx_site
+        echo '' >> "$git_ssb_nginx_site"
+        echo '  # Security' >> "$git_ssb_nginx_site"
         function_check nginx_ssl
         nginx_ssl $SCUTTLEBOT_DOMAIN_NAME
 
@@ -316,45 +321,45 @@ function scuttlebot_git_setup {
         nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME
     fi
 
-    echo '' >> $git_ssb_nginx_site
-    echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;' >> $git_ssb_nginx_site
-    echo '' >> $git_ssb_nginx_site
-    echo '  location = / {' >> $git_ssb_nginx_site
-    echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
-    echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
-    echo '  }' >> $git_ssb_nginx_site
-    echo '}' >> $git_ssb_nginx_site
-
-    if [ $SCUTTLEBOT_ONION_HOSTNAME ]; then
-        echo '' >> $git_ssb_nginx_site
-        echo 'server {' >> $git_ssb_nginx_site
-        echo "  listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;" >> $git_ssb_nginx_site
-        echo "  server_name ${SCUTTLEBOT_ONION_HOSTNAME};" >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
-        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
-        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
-        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  location = / {' >> $git_ssb_nginx_site
-        echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
-        echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
-        echo '  }' >> $git_ssb_nginx_site
-        echo '}' >> $git_ssb_nginx_site
+    { echo '';
+      echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
+      echo '';
+      echo '  location = / {';
+      echo "    proxy_pass http://localhost:${GIT_SSB_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection upgrade;';
+      echo '  }';
+      echo '}'; } >> $git_ssb_nginx_site
+
+    if [ "$SCUTTLEBOT_ONION_HOSTNAME" ]; then
+        { echo '';
+          echo 'server {';
+          echo "  listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;";
+          echo "  server_name ${SCUTTLEBOT_ONION_HOSTNAME};";
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  add_header X-XSS-Protection "1; mode=block";';
+          echo '  add_header X-Content-Type-Options nosniff;';
+          echo '  add_header X-Frame-Options SAMEORIGIN;';
+          echo '';
+          echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
+          echo '';
+          echo '  location = / {';
+          echo "    proxy_pass http://localhost:${GIT_SSB_PORT};";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo '    proxy_set_header Connection upgrade;';
+          echo '  }';
+          echo '}'; } >> $git_ssb_nginx_site
     fi
     if [[ "$1" != "mesh" ]]; then
         nginx_ensite git_ssb
@@ -364,23 +369,23 @@ function scuttlebot_git_setup {
 function mesh_install_dat {
     get_npm_arch
 
-    cat <<EOF > $rootdir/usr/bin/install_dat
+    cat <<EOF > "$rootdir/usr/bin/install_dat"
 #!/bin/bash
 npm install --arch=$NPM_ARCH -g dat
 npm install --arch=$NPM_ARCH -g @garbados/dat-boi
 npm install --arch=$NPM_ARCH -g add-to-systemd
-add-to-systemd dat-boi --user $(whoami) `which dat-boi`
+add-to-systemd dat-boi --user "$(whoami)" "$(which dat-boi)"
 EOF
     chroot "$rootdir" /bin/chmod +x /usr/bin/install_dat
     chroot "$rootdir" /usr/bin/install_dat
-    rm $rootdir/usr/bin/install_dat
+    rm "$rootdir/usr/bin/install_dat"
 }
 
 function install_dat {
     npm install -g dat
     npm install -g @garbados/dat-boi
     npm install -g add-to-systemd
-    add-to-systemd dat-boi --user $(whoami) `which dat-boi`
+    add-to-systemd dat-boi --user "$(whoami)" "$(which dat-boi)"
 }
 
 function mesh_install_scuttlebot {
@@ -390,7 +395,7 @@ function mesh_install_scuttlebot {
 
     get_npm_arch
 
-    cat <<EOF > $rootdir/usr/bin/install_scuttlebot
+    cat <<EOF > "$rootdir/usr/bin/install_scuttlebot"
 #!/bin/bash
 npm install --arch=$NPM_ARCH -g scuttlebot@${SCUTTLEBOT_VERSION}
 npm install --arch=$NPM_ARCH -g git-ssb
@@ -398,37 +403,37 @@ npm install --arch=$NPM_ARCH -g git-remote-ssb
 EOF
     chroot "$rootdir" /bin/chmod +x /usr/bin/install_scuttlebot
     chroot "$rootdir" /usr/bin/install_scuttlebot
-    rm $rootdir/usr/bin/install_scuttlebot
+    rm "$rootdir/usr/bin/install_scuttlebot"
 
-    if [ ! -f $rootdir/usr/local/bin/sbot ]; then
+    if [ ! -f "$rootdir/usr/local/bin/sbot" ]; then
         echo $'Scuttlebot was not installed'
         exit 528253
     fi
 
-    if [ ! -d $rootdir/etc/scuttlebot ]; then
-        mkdir -p $rootdir/etc/scuttlebot
+    if [ ! -d "$rootdir/etc/scuttlebot" ]; then
+        mkdir -p "$rootdir/etc/scuttlebot"
     fi
 
     # an unprivileged user to run as
     chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot
 
     # daemon
-    echo '[Unit]' > $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Description=Scuttlebot (messaging system)' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Type=simple' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'User=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Group=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo "WorkingDirectory=/etc/scuttlebot" >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'ExecStart=/usr/local/bin/sbot server' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Restart=always' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Environment="USER=scuttlebot"' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/scuttlebot.service
+    { echo '[Unit]';
+      echo 'Description=Scuttlebot (messaging system)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=scuttlebot';
+      echo 'Group=scuttlebot';
+      echo "WorkingDirectory=/etc/scuttlebot";
+      echo 'ExecStart=/usr/local/bin/sbot server';
+      echo 'Restart=always';
+      echo 'Environment="USER=scuttlebot"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/scuttlebot.service"
 
     scuttlebot_git_setup mesh
     git_ssb_script mesh
@@ -455,22 +460,22 @@ function install_scuttlebot {
     useradd -d /etc/scuttlebot/ scuttlebot
 
     # daemon
-    echo '[Unit]' > /etc/systemd/system/scuttlebot.service
-    echo 'Description=Scuttlebot (messaging system)' >> /etc/systemd/system/scuttlebot.service
-    echo 'After=syslog.target' >> /etc/systemd/system/scuttlebot.service
-    echo 'After=network.target' >> /etc/systemd/system/scuttlebot.service
-    echo '' >> /etc/systemd/system/scuttlebot.service
-    echo '[Service]' >> /etc/systemd/system/scuttlebot.service
-    echo 'Type=simple' >> /etc/systemd/system/scuttlebot.service
-    echo 'User=scuttlebot' >> /etc/systemd/system/scuttlebot.service
-    echo 'Group=scuttlebot' >> /etc/systemd/system/scuttlebot.service
-    echo "WorkingDirectory=/etc/scuttlebot" >> /etc/systemd/system/scuttlebot.service
-    echo 'ExecStart=/usr/local/bin/sbot server' >> /etc/systemd/system/scuttlebot.service
-    echo 'Restart=always' >> /etc/systemd/system/scuttlebot.service
-    echo 'Environment="USER=scuttlebot"' >> /etc/systemd/system/scuttlebot.service
-    echo '' >> /etc/systemd/system/scuttlebot.service
-    echo '[Install]' >> /etc/systemd/system/scuttlebot.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/scuttlebot.service
+    { echo '[Unit]';
+      echo 'Description=Scuttlebot (messaging system)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=scuttlebot';
+      echo 'Group=scuttlebot';
+      echo "WorkingDirectory=/etc/scuttlebot";
+      echo 'ExecStart=/usr/local/bin/sbot server';
+      echo 'Restart=always';
+      echo 'Environment="USER=scuttlebot"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/scuttlebot.service
 
     chown -R scuttlebot:scuttlebot /etc/scuttlebot
 
@@ -489,24 +494,24 @@ function install_scuttlebot {
         exit 73528
     fi
 
-    echo '{' > /etc/scuttlebot/.ssb/config
-    echo "  \"host\": \"${DEFAULT_DOMAIN_NAME}\"," >> /etc/scuttlebot/.ssb/config
-    echo "  \"port\": ${SCUTTLEBOT_PORT}," >> /etc/scuttlebot/.ssb/config
-    echo '  "timeout": 30000,' >> /etc/scuttlebot/.ssb/config
-    echo '  "pub": true,' >> /etc/scuttlebot/.ssb/config
-    echo '  "local": true,' >> /etc/scuttlebot/.ssb/config
-    echo '  "friends": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "dunbar": 150,' >> /etc/scuttlebot/.ssb/config
-    echo '    "hops": 3' >> /etc/scuttlebot/.ssb/config
-    echo '  },' >> /etc/scuttlebot/.ssb/config
-    echo '  "gossip": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "connections": 2' >> /etc/scuttlebot/.ssb/config
-    echo '  },' >> /etc/scuttlebot/.ssb/config
-    echo '  "master": [],' >> /etc/scuttlebot/.ssb/config
-    echo '  "logging": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "level": "error"' >> /etc/scuttlebot/.ssb/config
-    echo '  }' >> /etc/scuttlebot/.ssb/config
-    echo '}' >> /etc/scuttlebot/.ssb/config
+    { echo '{';
+      echo "  \"host\": \"${DEFAULT_DOMAIN_NAME}\",";
+      echo "  \"port\": ${SCUTTLEBOT_PORT},";
+      echo '  "timeout": 30000,';
+      echo '  "pub": true,';
+      echo '  "local": true,';
+      echo '  "friends": {';
+      echo '    "dunbar": 150,';
+      echo '    "hops": 3';
+      echo '  },';
+      echo '  "gossip": {';
+      echo '    "connections": 2';
+      echo '  },';
+      echo '  "master": [],';
+      echo '  "logging": {';
+      echo '    "level": "error"';
+      echo '  }';
+      echo '}'; } > /etc/scuttlebot/.ssb/config
     chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config
     systemctl restart scuttlebot.service
 
@@ -527,10 +532,10 @@ function install_scuttlebot {
 
     systemctl restart nginx
 
-    if ! grep -q "scuttlebot version:" ${COMPLETION_FILE}; then
-        echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "scuttlebot version:" "${COMPLETION_FILE}"; then
+        echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
     fi
 
     APP_INSTALLED=1