freedombone/src/freedombone-image-mesh

#!/bin/bash
#  _____               _           _
# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
#                              Freedom in the Cloud
#
# This command is run on initial install in order to set up a mesh router
#
# License
# =======
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

PROJECT_NAME='freedombone'

export TEXTDOMAIN=${PROJECT_NAME}-image-mesh
export TEXTDOMAINDIR="/usr/share/locale"

# The browser application to use
BROWSER=firefox
BROWSER_OPTIONS='-private -url'

MY_USERNAME='fbone'
PEER_ID=
INSTALL_DIR=/root/build
INSTALL_LOG=/var/log/${PROJECT_NAME}.log

DEFAULT_USERNAME=fbone

TOX_NODES=
#TOX_NODES=(
#  '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US'
#  '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE'
#)

MESH_INSTALL_DIR=/var/lib
MESH_INSTALL_COMPLETED=/root/.mesh_setup_completed
MESH_INSTALL_SETUP=/root/.initial_mesh_setup
MESH_AMNESIC=/root/.amnesic
FIRST_BOOT=/home/$MY_USERNAME/.first_boot

# Tomb containing logs
TOMB_LOG_SIZE_MB=10

# tmp directory
TOMB_TMP_SIZE_MB=10

# size of the tomb used to store qtox settings
TOMB_TOX_SIZE_MB=10

# Tomb containing tox bootstrap
TOMB_TOX_BOOTSTRAP_SIZE_MB=10

MESH_INSTALL_DIR=/var/lib

IPFS_PORT=4001

CURRENT_BLOG_INDEX=/home/$MY_USERNAME/.blog-index

OPENVPN_SERVER_NAME="server"
OPENVPN_KEY_FILENAME='client.ovpn'
VPN_COUNTRY_CODE="US"
VPN_AREA="Apparent Free Speech Zone"
VPN_LOCATION="Freedomville"
VPN_ORGANISATION="Freedombone"
VPN_UNIT="Freedombone Unit"
STUNNEL_PORT=3439
VPN_TLS_PORT=553
VPN_MESH_TLS_PORT=653

SCUTTLEBOT_PORT=8010

CRYPTPAD_PORT=9003
CRYPTPAD_DIR=/etc/cryptpad

PEERTUBE_DIR=/etc/peertube

function run_system_query_postgresql {
    query=$1
    cd /etc/postgresql || exit 2648246824
    sudo -u postgres psql -c "$query"
}

function create_password {
    openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c "${1}" ; echo -n ''
}

function enable_peertube {
    if [ ! -d $PEERTUBE_DIR ]; then
        return
    fi

    PEERTUBE_ADMIN_PASSWORD="$(create_password 10)"

    if [ -d $PEERTUBE_DIR/videos ]; then
        rm -rf $PEERTUBE_DIR/videos/*
    fi
    if [ -d $PEERTUBE_DIR/thumbnails ]; then
        rm -rf $PEERTUBE_DIR/thumbnails/*
    fi

    systemctl restart postgresql
    run_system_query_postgresql "DROP DATABASE peertube;"
    run_system_query_postgresql "CREATE USER peertube WITH PASSWORD '$PEERTUBE_ADMIN_PASSWORD';"
    run_system_query_postgresql "CREATE DATABASE peertube OWNER peertube;"
    run_system_query_postgresql "GRANT ALL PRIVILEGES ON DATABASE peertube to peertube;"
    run_system_query_postgresql "set statement_timeout to 40000;"

    peertube_config_file=$PEERTUBE_DIR/config/production.yaml
    sed -i "s|hostname:.*|hostname: 'P$PEER_ID.local'|g" $peertube_config_file
    sed -i "s|password:.*|password: '$PEERTUBE_ADMIN_PASSWORD'|g" $peertube_config_file

    peertube_nginx_file=/etc/nginx/sites-available/peertube
    sed -i "s|server_name.*|server_name P$PEER_ID.local;|g" $peertube_nginx_file

    chown -R peertube:peertube $PEERTUBE_DIR

    # Set up the web server
    ln -s /etc/nginx/sites-available/peertube /etc/nginx/sites-enabled/peertube
    if [ -f /etc/nginx/sites-enabled/default ]; then
        rm /etc/nginx/sites-enabled/default
    fi

    systemctl enable peertube
    systemctl daemon-reload
    systemctl start peertube
}

function enable_cryptpad {
    if [ ! -d $CRYPTPAD_DIR ]; then
        return
    fi

    # Set up the web server
    ln -s /etc/nginx/sites-available/cryptpad /etc/nginx/sites-enabled/cryptpad
    if [ -f /etc/nginx/sites-enabled/default ]; then
        rm /etc/nginx/sites-enabled/default
    fi

    if [ ! -d $CRYPTPAD_DIR/customize/api ]; then
        mkdir -p $CRYPTPAD_DIR/customize/api
    fi
    if [ -f $CRYPTPAD_DIR/config.js ]; then
        sed -i "s|myDomain:.*|myDomain: 'http://P${PEER_ID}.local',|g" $CRYPTPAD_DIR/config.js
    fi
    wget 127.0.0.1:$CRYPTPAD_PORT/api/config -O $CRYPTPAD_DIR/customize/api/config
    if [ ! -f $CRYPTPAD_DIR/customize/api/config ]; then
        echo $'Unable to wget api/config'
        exit 89252
    fi
    chown -R cryptpad:cryptpad $CRYPTPAD_DIR
}

# Debian stretch has a problem where the formerly predictable wlan0 and eth0
# device names get assigned random names. This is a hacky workaround.
# Also adding net.ifnames=0 to kernel options on bootloader may work.
function enable_predictable_device_names {
    ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules
    update-initramfs -u
}

function create_avahi_mesh_service {
    service_name=$1
    service_type=$2
    service_protocol=$3
    service_port=$4
    service_description="$5"

    if [ ! -d /etc/avahi ]; then
        echo $'create_avahi_mesh_service: avahi was not installed'
        exit 52925
    fi

    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
      echo '<service-group>';
      echo "  <name replace-wildcards=\"yes\">%h ${service_type}</name>";
      echo '  <service>';
      echo "    <type>_${service_type}._${service_protocol}</type>";
      echo "    <port>${service_port}</port>";
      echo "    <txt-record>$service_description</txt-record>";
      echo '  </service>';
      echo '</service-group>'; } > "/etc/avahi/services/${service_name}.service"
}

function create_ram_disk {
    ramdisk_size_mb=$1
    if [ ! -d /mnt/ramdisk ]; then
        mkdir -p /mnt/ramdisk
    fi
    if ! grep -q "ramdisk" /etc/fstab; then
        mount -t tmpfs -o size="${ramdisk_size_mb}m" tmpfs /mnt/ramdisk
        echo "tmpfs       /mnt/ramdisk tmpfs   nodev,nosuid,noexec,nodiratime,size=${ramdisk_size_mb}M   0 0" >> /etc/fstab
        echo $"${ramdisk_size_mb}M ramdisk created for /tmp" >> $INSTALL_LOG
    fi
}

function make_root_read_only {
    if [ ! -d /home/$MY_USERNAME/Desktop ]; then
        if ! grep -q 'ro,subvol=@' /etc/fstab; then
            sed -i 's|subvol=@|ro,subvol=@|g' /etc/fstab
            echo $'Root filesystem set to read only' >> $INSTALL_LOG
        fi
    fi
}

function tmp_ram_disk {
    ramdisk_size_mb=$1
    if [ ! -d /tmp ]; then
        mkdir -p /tmp
    fi
    if ! grep -q '/tmp' /etc/fstab; then
        mount -t tmpfs -o size="${ramdisk_size_mb}m" tmpfs /tmp
        echo "tmpfs       /tmp tmpfs   nodev,nosuid,noexec,nodiratime,size=${ramdisk_size_mb}M   0 0" >> /etc/fstab
    fi
}

function set_hostname {
    DEFAULT_DOMAIN_NAME="$1"

    echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname
    echo "$DEFAULT_DOMAIN_NAME" > /etc/mailname
    hostname "$DEFAULT_DOMAIN_NAME"

    if grep -q "127.0.1.1" /etc/hosts; then
        sed -i "s/127.0.1.1.*/127.0.1.1       $DEFAULT_DOMAIN_NAME/g" /etc/hosts
    else
        echo "127.0.1.1  $DEFAULT_DOMAIN_NAME" >> /etc/hosts
    fi
}

function change_avahi_name {
    decarray=( 1 2 3 4 5 6 7 8 9 0 )
    PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
    sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
    sed -i "s|host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
    set_hostname "P$PEER_ID"
    systemctl restart avahi-daemon

    echo "New avahi name for this peer is P$PEER_ID"
    echo $"avahi name changed to P${PEER_ID}.local" >> $INSTALL_LOG
}

function configure_toxcore {
    echo $'Configuring toxcore' >> $INSTALL_LOG

    TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')

    if [ -f $MESH_AMNESIC ]; then
        # change to the amnesic mount
        sed -i 's|/var/lib/tox-bootstrapd|/media/tox-bootstrapd|g' /etc/tox-bootstrapd.conf
        systemctl stop tox-bootstrapd.service
        sed -i 's|WorkingDirectory=.*|WorkingDirectory=/media/tox-bootstrapd|g' /etc/systemd/system/tox-bootstrapd.service
        systemctl daemon-reload
        userdel -r tox-bootstrapd
        useradd --home-dir /media/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment "Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
        chmod 700 /media/tox-bootstrapd
    fi

    echo $'Enabling toxcore daemon' >> $INSTALL_LOG
    chmod +x /etc/systemd/system/tox-bootstrapd.service
    systemctl enable tox-bootstrapd.service

    echo $'Regenerating Tox bootstrap node keys' >> $INSTALL_LOG
    systemctl stop tox-bootstrapd.service
    if [ -f /var/lib/tox-bootstrapd/keys ]; then
        rm /var/lib/tox-bootstrapd/keys
    fi
    systemctl start tox-bootstrapd.service
    # sleep for a while so that the tox keys can be generated
    sleep 30
    TOX_BOOTSTRAP_ID_FILE=/var/lib/tox-bootstrapd/pubkey.txt
    if [ -f $MESH_AMNESIC ]; then
        TOX_BOOTSTRAP_ID_FILE=/media/tox-bootstrapd/pubkey.txt
    fi
    TOX_PUBLIC_KEY=$(grep tox /var/log/syslog | grep "Public Key" | awk -F ' ' '{print $8}' | tail -1)
    if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
        echo $'WARNING: Could not obtain the tox node public key' >> $INSTALL_LOG
        exit 46362
    fi

    # save the public key for later reference
    echo "$TOX_PUBLIC_KEY" > $TOX_BOOTSTRAP_ID_FILE
    echo $'Configured toxcore' >> $INSTALL_LOG
}

function create_tox_user {
    # remove any existing user
    if [ -f /home/${MY_USERNAME}/.config/tox/data.tox ]; then
        rm -f /home/${MY_USERNAME}/.config/tox/data*
    fi
    if [ -d /home/${MY_USERNAME}/.config/tox/avatars ]; then
        rm -rf /home/${MY_USERNAME}/.config/tox/avatars
    fi
    if [ ! -f /home/${MY_USERNAME}/.first_boot ]; then
        touch /home/${MY_USERNAME}/.first_boot
    fi

    if [ ! -d /home/$MY_USERNAME/Desktop ]; then
        return
    fi

    toxid -u $MY_USERNAME -n data
    chown -R ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/.config/tox

    chmod +x /home/$MY_USERNAME/Desktop/*.desktop
    chown ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/Desktop/*
    echo $'Created Tox user' >> $INSTALL_LOG
}

function show_desktop_icons {
    if [ ! -d /home/$MY_USERNAME/Desktop ]; then
        return
    fi

    echo '#!/bin/bash' > /home/$MY_USERNAME/.showhelp
    echo "pkill $BROWSER" >> /home/$MY_USERNAME/.showhelp
    echo "$BROWSER $BROWSER_OPTIONS /home/$MY_USERNAME/help/mesh.html" >> /home/$MY_USERNAME/.showhelp
    chmod +x /home/$MY_USERNAME/.showhelp
    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.showhelp

    { echo '[Desktop Entry]';
      echo 'Version=1.0';
      echo 'Name=Help';
      echo "Name[el]=";
      echo "Name[ar]=";
      echo "Name[ca]=Ajuda";
      echo "Name[hi]=";
      echo "Name[fr]=Aidez-moi";
      echo "Name[de]=Hilfe";
      echo "Name[es]=Ayuda";
      echo "Name[it]=Aiuto";
      echo "Name[ru]=";
      echo "Name[zh]=";
      echo 'Type=Application';
      echo 'Comment=Show help';
      echo "Comment[el]= ";
      echo "Comment[ar]= ";
      echo "Comment[ca]=Mostra ajuda";
      echo "Comment[hi]= ";
      echo "Comment[fr]=Afficher l'aide";
      echo "Comment[de]=Zeig Hilfe";
      echo "Comment[es]=Mostrar ayuda";
      echo "Comment[it]=Mostra aiuto";
      echo "Comment[ru]= ";
      echo "Comment[zh]=";
      echo "Exec=bash -c /home/$MY_USERNAME/.showhelp";
      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_help.png";
      echo 'Terminal=false';
      echo 'Categories=Application;'; } > "/home/$MY_USERNAME/Desktop/help.desktop"

    { echo '[Desktop Entry]';
      echo 'Version=1.0';
      echo 'Name=Wifi';
      echo "Name[el]=Wifi";
      echo "Name[ar]= ";
      echo "Name[ca]=Wifi";
      echo "Name[hi]= - ";
      echo "Name[fr]=Wifi";
      echo "Name[de]=W-lan";
      echo "Name[es]=Wifi";
      echo "Name[it]=Wi-Fi";
      echo "Name[ru]=-";
      echo "Name[zh]=";
      echo 'Type=Application';
      echo 'Comment=Check wifi status';
      echo "Comment[el]=   wifi";
      echo "Comment[ar]=    ";
      echo "Comment[ca]=Comprova l'estat de wifi";
      echo "Comment[hi]=    ";
      echo "Comment[fr]=Vrifier l'tat du wifi";
      echo "Comment[de]=WLAN-Status berprfen";
      echo "Comment[es]=Verificar el estado del wifi";
      echo "Comment[it]=Controllare lo stato wifi";
      echo "Comment[ru]=  wifi";
      echo "Comment[zh]=wifi";
      echo 'Exec=mate-terminal --full-screen -e "sudo batman monitor"';
      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_wifi.png";
      echo 'Terminal=false';
      echo 'Categories=Application;'; } > "/home/$MY_USERNAME/Desktop/wifi.desktop"

    { echo '[Desktop Entry]';
      echo 'Version=1.0';
      echo 'Name=Network Restart';
      echo "Name[el]= ";
      echo "Name[ar]=  ";
      echo "Name[ca]=Reinicia la xarxa";
      echo "Name[hi]=  ";
      echo "Name[fr]=Redmarrage du rseau";
      echo "Name[de]=Netzwerk Neustart";
      echo "Name[es]=Reinicio de red";
      echo "Name[it]=Riavvia rete";
      echo "Name[ru]= ";
      echo "Name[zh]=";
      echo 'Type=Application';
      echo 'Comment=Restart the mesh network daemon';
      echo "Comment[el]=      ";
      echo "Comment[ar]=    ";
      echo "Comment[ca]=Reinicia el dimoni de la xarxa de malla";
      echo "Comment[hi]=     ";
      echo "Comment[fr]=Redmarrez le dmon rseau maill";
      echo "Comment[de]=Starten Sie den Mesh-Netzwerk-Daemon neu.";
      echo "Comment[es]=Reinicie el daemon de red de malla";
      echo "Comment[it]=Riavviare il daemon della rete mesh";
      echo "Comment[ru]=   ";
      echo "Comment[zh]=";
      echo 'Exec=mate-terminal -e "sudo batman restart 2> /dev/null"';
      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_restart_network.png";
      echo 'Terminal=false';
      echo 'Categories=Application;'; } > "/home/$MY_USERNAME/Desktop/restart.desktop"

    { echo '[Desktop Entry]';
      echo 'Version=1.0';
      echo 'Name=New Identity';
      echo "Name[el]= ";
      echo "Name[ar]= ";
      echo "Name[ca]=Nova identitat";
      echo "Name[hi]= ";
      echo "Name[fr]=Nouvelle identit";
      echo "Name[de]=Neue Identitt";
      echo "Name[es]=Nueva identidad";
      echo "Name[it]=Nuova Identit";
      echo "Name[ru]= ";
      echo "Name[zh]=";
      echo 'Type=Application';
      echo 'Comment=Create a new identity';
      echo "Comment[el]=   ";
      echo "Comment[ar]=  ";
      echo "Comment[ca]=Crea una nova identitat";
      echo "Comment[hi]=   ";
      echo "Comment[fr]=Crer une nouvelle identit";
      echo "Comment[de]=Erstellen Sie eine neue Identitt";
      echo "Comment[es]=Crea una nueva identidad";
      echo "Comment[it]=Crea una nuova identit";
      echo "Comment[ru]=   ";
      echo "Comment[zh]=";
      echo "Exec=${PROJECT_NAME}-mesh-reset";
      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_new_identity.png";
      echo 'Terminal=false';
      echo 'Categories=Application;'; } > "/home/$MY_USERNAME/Desktop/new_identity.desktop"

    { echo '[Desktop Entry]';
      echo 'Name=Social';
      echo 'Name[el]=';
      echo 'Name[ar]=';
      echo 'Name[ca]=Social';
      echo 'Name[hi]=';
      echo 'Name[fr]=Social';
      echo 'Name[de]=Soziale';
      echo 'Name[es]=Social';
      echo 'Name[it]=Sociale';
      echo 'Name[ru]=';
      echo 'Name[zh]=';
      echo 'Type=Application';
      echo "Comment=A decentralized messaging and sharing app built on top of Secure Scuttlebutt";
      echo "Comment[el]=              Secure Scuttlebutt";
      echo "Comment[ar]=         ()";
      echo "Comment[ca]=Una aplicaci de missatgeria i distribuci descentralitzada integrada a Secure Scuttlebutt";
      echo "Comment[hi]=  ()          ";
      echo "Comment[fr]=Une application de messagerie et de partage dcentralise base sur Secure Scuttlebutt";
      echo "Comment[de]=Eine dezentralisierte Messaging- und Sharing-App, die auf Secure Scuttlebutt basiert";
      echo "Comment[es]=Una aplicacin de mensajera y uso compartido descentralizada construida sobre Secure Scuttlebutt";
      echo "Comment[it]=Un'applicazione decentralizzata di messaggistica e condivisione costruita sulla base di Secure Shuttlebutt";
      echo "Comment[ru]=       ,    Secure Scuttlebutt";
      echo "Comment[zh]=Scuttlebutt";
      echo 'Exec=bash /usr/bin/start_patchwork';
      echo "Icon=/usr/share/$PROJECT_NAME/avatars/icon_social.png";
      echo 'Terminal=false';
      echo 'Categories=Application;'; } > "/home/$MY_USERNAME/Desktop/social.desktop"

    cp "/root/${PROJECT_NAME}/img/icon_kdenlive.png" "/usr/share/${PROJECT_NAME}/avatars/icon_kdenlive.png"

    { echo '#!/usr/bin/env xdg-open';
      echo '# KDE Config File';
      echo '';
      echo '[Desktop Entry]';
      echo 'Name=Video Editor';
      echo 'Name[ast]=Kdenlive';
      echo 'Name[bs]=Kdenlive';
      echo 'Name[ca]=Kdenlive';
      echo 'Name[ca@valencia]=Kdenlive';
      echo 'Name[cs]=Kdenlive';
      echo 'Name[da]=Kdenlive';
      echo 'Name[de]=Kdenlive';
      echo 'Name[el]=Kdenlive';
      echo 'Name[en_GB]=Video Editor';
      echo 'Name[es]=Kdenlive';
      echo 'Name[et]=Kdenlive';
      echo 'Name[fi]=Kdenlive';
      echo 'Name[fr]=Kdenlive';
      echo 'Name[ga]=Kdenlive';
      echo 'Name[gl]=Kdenlive';
      echo 'Name[hu]=Kdenlive';
      echo 'Name[it]=Kdenlive';
      echo 'Name[ja]=Kdenlive';
      echo 'Name[km]=Kdenlive';
      echo 'Name[lt]=Kdenlive';
      echo 'Name[lv]=Kdenlive';
      echo 'Name[mr]=--';
      echo 'Name[nb]=Kdenlive';
      echo 'Name[nds]=Kdenlive';
      echo 'Name[nl]=Kdenlive';
      echo 'Name[nn]=Kdenlive';
      echo 'Name[pl]=Kdenlive';
      echo 'Name[pt]=Kdenlive';
      echo 'Name[pt_BR]=Kdenlive';
      echo 'Name[ro]=Kdenlive';
      echo 'Name[ru]=Kdenlive';
      echo 'Name[sk]=Kdenlive';
      echo 'Name[sl]=Kdenlive';
      echo 'Name[sv]=Kdenlive';
      echo 'Name[tr]=Kdenlive';
      echo 'Name[ug]=Kdenlive';
      echo 'Name[uk]=Kdenlive';
      echo 'Name[x-test]=xxKdenlivexx';
      echo 'Name[zh_CN]=Kdenlive';
      echo 'Name[zh_TW]=Kdenlive';
      echo 'GenericName=Video Editor';
      echo 'GenericName[ar]= ';
      echo 'GenericName[ast]=Editor de videu';
      echo 'GenericName[bs]=Video ureiva';
      echo 'GenericName[ca]=Editor de vdeo';
      echo 'GenericName[ca@valencia]=Editor de vdeo';
      echo 'GenericName[cs]=Editor vide';
      echo 'GenericName[da]=Videoredigering';
      echo 'GenericName[de]=Video-Editor';
      echo 'GenericName[el]= ';
      echo 'GenericName[en_GB]=Video Editor';
      echo 'GenericName[es]=Editor de video';
      echo 'GenericName[et]=Videoredaktor';
      echo 'GenericName[fi]=Videomuokkain';
      echo 'GenericName[fr]=diteur vido';
      echo 'GenericName[ga]=Eagarthir Fse';
      echo 'GenericName[gl]=Editor de vdeo';
      echo 'GenericName[hu]=Videoszerkeszt';
      echo 'GenericName[it]=Editor video';
      echo 'GenericName[ja]=';
      echo 'GenericName[km]=';
      echo 'GenericName[lt]=Video redaktorius';
      echo 'GenericName[lv]=Video redaktors';
      echo 'GenericName[mr]= ';
      echo 'GenericName[nb]=Videoredigeringsprogram';
      echo 'GenericName[nl]=Video-bewerker';
      echo 'GenericName[nn]=Videoredigering';
      echo 'GenericName[pl]=Edytor wideo';
      echo 'GenericName[pt]=Editor de Vde';
      echo 'GenericName[pt_BR]=Editor de Vdeo';
      echo 'GenericName[ro]=Redactor de imagini';
      echo 'GenericName[ru]=';
      echo 'GenericName[sk]=Editor videa';
      echo 'GenericName[sl]=Urejevalnik videa';
      echo 'GenericName[sv]=Videoeditor';
      echo 'GenericName[tr]=Video Dzenleyici';
      echo 'GenericName[uk]=';
      echo 'GenericName[x-test]=xxVideo Editorxx';
      echo 'GenericName[zh_CN]=';
      echo 'GenericName[zh_TW]=';
      echo 'Comment=Nonlinear video editor for KDE';
      echo 'Comment[ar]=    ';
      echo 'Comment[ast]=Editor de videu non llinial pa KDE';
      echo 'Comment[bs]=Nelinearni video ureiva za KDE';
      echo 'Comment[ca]=Editor de vdeo no lineal per al KDE';
      echo 'Comment[ca@valencia]=Editor de vdeo no lineal per al KDE';
      echo 'Comment[cs]=Nelinern editor vide pro KDE';
      echo 'Comment[da]=Ikke-liner videoredigering til KDE';
      echo 'Comment[de]=Nichtlinearer Video-Editor fr KDE';
      echo 'Comment[el]=      KDE';
      echo 'Comment[en_GB]=Nonlinear video editor for KDE';
      echo 'Comment[es]=Editor no lineal de video para KDE';
      echo 'Comment[et]=KDE mittelineaarne videoredaktor';
      echo 'Comment[fi]=Eplineaarinen videomuokkain KDE:lle';
      echo 'Comment[fr]=diteur vido non linaire pour KDE';
      echo 'Comment[gl]=Editor de vdeo non linear para KDE';
      echo 'Comment[hu]=Nemlineris videoszerkeszt a KDE-hez';
      echo 'Comment[it]=Editor di video non lineare per KDE';
      echo 'Comment[ja]=KDE ';
      echo 'Comment[km]= KDE';
      echo 'Comment[lt]=Nelinijinis veido redaktorius skirtas KDE';
      echo 'Comment[lv]=Nelinerais video redaktors KDE videi';
      echo 'Comment[mr]=    ';
      echo 'Comment[nb]=Videoredigeringsprogram for KDE med dataklipping';
      echo 'Comment[nl]=Niet-lineaire video-bewerker voor KDE';
      echo 'Comment[nn]=Program for ikkje-liner videoredigering';
      echo 'Comment[pl]=Nieliniowy edytor wideo dla KDE';
      echo 'Comment[pt]=Editor de vdeo no-linear para o KDE';
      echo 'Comment[pt_BR]=Editor de vdeo no-linear para o KDE';
      echo 'Comment[ro]=Redactor de imagini neliniar pentru KDE';
      echo 'Comment[ru]=   KDE';
      echo 'Comment[sk]=Nelinerny editor videa pre KDE';
      echo 'Comment[sl]=Ne-linearni urejevalnik videa za KDE';
      echo 'Comment[sv]=Icke-linjr videoeditor fr KDE';
      echo 'Comment[tr]=KDE iin dorusal olmayan video dzenleyici';
      echo 'Comment[ug]=KDE    ';
      echo 'Comment[uk]=    KDE';
      echo 'Comment[x-test]=xxNonlinear video editor for KDExx';
      echo 'Comment[zh_CN]=KDE ';
      echo 'Comment[zh_TW]=KDE ';
      echo 'Type=Application';
      echo 'Exec=kdenlive %U';
      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_kdenlive.png";
      echo 'X-DocPath=kdenlive/index.html';
      echo 'X-DocPath[cs]=http://cs.wikibooks.org/wiki/Kdenlive';
      echo 'Terminal=false';
      echo 'MimeType=application/x-kdenlive;';
      echo 'Categories=Qt;KDE;AudioVideo;AudioVideoEditing;';
      echo 'Keywords=editing;video;audio;mlt;kde;';
      echo 'Keywords[ca]=edici;vdeo;udio;mlt;kde;';
      echo 'Keywords[ca@valencia]=edici;vdeo;udio;mlt;kde;';
      echo 'Keywords[da]=redigering;video;lyd;mlt;kde;';
      echo 'Keywords[de]=Editing;Bearbeitung;Schnitt;Videoschnitt;Video;Audio;MLT;';
      echo 'Keywords[en_GB]=editing;video;audio;mlt;kde;';
      echo 'Keywords[es]=edicin;video;audio;mlt;kde;';
      echo 'Keywords[et]=redigeerimine;muutmine;video;audio;heli;mlt;kde;';
      echo 'Keywords[fi]=editing;video;audio;mlt;kde;editointi;ni;';
      echo 'Keywords[fr]=montage;vido;audio;mlt;kde;';
      echo 'Keywords[gl]=editing;edicin;video;vdeo;audio;son;mlt;kde;';
      echo 'Keywords[it]=editing;video;audio;mlt;kde;';
      echo 'Keywords[nl]=bewerken;video;audio;mlt;kde;';
      echo 'Keywords[nn]=redigering;video;lyd;mlt;kde;';
      echo 'Keywords[pl]=edytowanie;video;wideo;filmy;audio;dwik;mlt;kde;';
      echo 'Keywords[pt]=edio;vdeo;udio;MLT;kde;';
      echo 'Keywords[pt_BR]=edio;vdeo;udio;mlt;kde;';
      echo 'Keywords[sk]=editovanie;video;audio;mlt;kde;';
      echo 'Keywords[sl]=urejanje;video;zvok;mlt;kde;';
      echo 'Keywords[sv]=redigering;video;ljud;mlt;kde;';
      echo 'Keywords[uk]=editing;video;audio;mlt;kde;;;;;;;';
      echo 'Keywords[x-test]=xxeditingxx;xxvideoxx;xxaudioxx;xxmltxx;xxkdexx;';
      echo 'Keywords[zh_CN]=editing;video;audio;mlt;kde;;;;';
      echo 'Keywords[zh_TW]=editing;video;audio;mlt;kde;';
      echo 'X-DBUS-ServiceName=org.kde.kdenlive'; } > "/home/$MY_USERNAME/Desktop/kdenlive.desktop"

    cp "/root/${PROJECT_NAME}/img/icon_photos.png" "/usr/share/${PROJECT_NAME}/avatars/icon_photos.png"

    { echo '#!/usr/bin/env xdg-open';
      echo '[Desktop Entry]';
      echo 'Version=1.0';
      echo 'Name[ar]=';
      echo 'Name[as]=Photos';
      echo 'Name[bn_IN]=Shotwell';
      echo 'Name[bs]=Shotwell';
      echo 'Name[ca]=Shotwell';
      echo 'Name[cs]=Shotwell';
      echo 'Name[da]=Shotwell';
      echo 'Name[de]=Shotwell';
      echo 'Name[el]=Shotwell';
      echo 'Name[en_GB]=Photos';
      echo 'Name[es]=Shotwell';
      echo 'Name[et]=Shotwell';
      echo 'Name[eu]=Shotwell';
      echo 'Name[fi]=Shotwell';
      echo 'Name[fr]=Shotwell';
      echo 'Name[gd]=Shotwell';
      echo 'Name[gl]=Shotwell';
      echo 'Name[gu]=Shotwell';
      echo 'Name[he]=Shotwell';
      echo 'Name[hi]=';
      echo 'Name[hr]=Shotwell';
      echo 'Name[hu]=Shotwell';
      echo 'Name[id]=Shotwell';
      echo 'Name[it]=Shotwell';
      echo 'Name[ja]=Shotwell';
      echo 'Name[kk]=Shotwell';
      echo 'Name[kn]=Shotwell';
      echo 'Name[ko]=';
      echo 'Name[lt]=Shotwell';
      echo 'Name[lv]=Shotwell';
      echo 'Name[ml]=';
      echo 'Name[mr]=';
      echo 'Name[nb]=Shotwell';
      echo 'Name[nl]=Shotwell';
      echo 'Name[oc]=Shotwell';
      echo 'Name[or]=Shotwell';
      echo 'Name[pa]=';
      echo 'Name[pl]=Shotwell';
      echo 'Name[pt]=Shotwell';
      echo 'Name[pt_BR]=Shotwell';
      echo 'Name[ro]=Shotwell';
      echo 'Name[ru]=Shotwell';
      echo 'Name[sk]=Shotwell';
      echo 'Name[sl]=Shotwell';
      echo 'Name[sr]=-';
      echo 'Name[sr@latin]=Foto-bunar';
      echo 'Name[sv]=Shotwell';
      echo 'Name[ta]=';
      echo 'Name[te]=';
      echo 'Name[tr]=Shotwell';
      echo 'Name[uk]=Shotwell';
      echo 'Name[vi]=Shotwell';
      echo 'Name[zh_CN]=Shotwell';
      echo 'Name[zh_HK]=Shotwell';
      echo 'Name[zh_TW]=Shotwell';
      echo 'Name=Photos';
      echo 'GenericName[af]=Foto Organiseerder';
      echo 'GenericName[ar]= ';
      echo "GenericName[as]=' ";
      echo 'GenericName[ast]=Xestor de semeyes';
      echo 'GenericName[bg]=  ';
      echo 'GenericName[bn]= ';
      echo 'GenericName[bn_IN]=  ';
      echo 'GenericName[bs]=Organizator Slika';
      echo 'GenericName[ca]=Gestor fotogrfic';
      echo 'GenericName[cs]=Sprvce fotografi';
      echo 'GenericName[da]=Billedhndtering';
      echo 'GenericName[de]=Fotoverwaltung';
      echo 'GenericName[el]= ';
      echo 'GenericName[en_GB]=Photo Manager';
      echo 'GenericName[es]=Gestor de fotos';
      echo 'GenericName[et]=Fotohaldur';
      echo 'GenericName[eu]=Argazki-kudeatzailea';
      echo 'GenericName[fi]=Valokuvien hallinta';
      echo 'GenericName[fr]=Gestionnaire de photos';
      echo 'GenericName[gd]=Manaidsear dhealbhan';
      echo 'GenericName[gl]=Xestor de fotos';
      echo 'GenericName[gu]= ';
      echo 'GenericName[he]= ';
      echo 'GenericName[hi]= ';
      echo 'GenericName[hr]=Upravitelj fotografija';
      echo 'GenericName[hu]=Fnykpkezel';
      echo 'GenericName[ia]=Administrator de photos';
      echo 'GenericName[id]=Manajer Foto';
      echo 'GenericName[it]=Gestore di fotografie';
      echo 'GenericName[ja]=Shotwell ';
      echo 'GenericName[kk]=  ';
      echo 'GenericName[km]=';
      echo 'GenericName[kn]= ';
      echo 'GenericName[ko]= ';
      echo 'GenericName[ky]= ';
      echo 'GenericName[lt]=Nuotrauk tvarkytuv';
      echo 'GenericName[lv]=Fotogrfiju prvaldnieks';
      echo 'GenericName[mk]=  ';
      echo 'GenericName[ml]= ';
      echo 'GenericName[mr]= ';
      echo 'GenericName[nb]=Fotobehandler';
      echo 'GenericName[nl]=Fotobeheerder';
      echo 'GenericName[oc]=Gestionari de ftos';
      echo 'GenericName[or]= ';
      echo 'GenericName[pa]= ';
      echo 'GenericName[pl]=Meneder zdj';
      echo 'GenericName[pt]=Gestor de fotografias';
      echo 'GenericName[pt_BR]=Organizador de fotos';
      echo 'GenericName[ro]=Administrator de fotografii';
      echo 'GenericName[ru]= ';
      echo 'GenericName[sk]=Sprvca fotografi';
      echo 'GenericName[sl]=Upravljalnik fotografij';
      echo 'GenericName[sr]= ';
      echo 'GenericName[sr@latin]=Upravnik fotografija';
      echo 'GenericName[sv]=Bildhanterare';
      echo 'GenericName[ta]= ';
      echo 'GenericName[te]= ';
      echo 'GenericName[th]=';
      echo 'GenericName[tr]=Fotoraf Yneticisi';
      echo 'GenericName[uk]= ';
      echo 'GenericName[vi]=Trnh qun l nh';
      echo 'GenericName[zh_CN]=';
      echo 'GenericName[zh_HK]=';
      echo 'GenericName[zh_TW]=';
      echo 'GenericName=Photo Manager';
      echo 'Comment[cs]=Roztite si sv fotografie';
      echo 'Comment[da]=Organisr dine billeder';
      echo 'Comment[de]=Ihre Fotos organisieren';
      echo 'Comment[es]=Organice sus fotos';
      echo 'Comment[fi]=Hallitse kuviasi';
      echo 'Comment[gd]=Cuir rian air na dealbhan agad';
      echo 'Comment[he]=  ';
      echo 'Comment[hr]=Organizirajte svoje fotografije';
      echo 'Comment[hu]=Rendszerezze a fnykpeit';
      echo 'Comment[id]=Organisasikan foto Anda';
      echo 'Comment[kk]= ';
      echo 'Comment[kn]=   ';
      echo 'Comment[ko]= .';
      echo 'Comment[lv]=Organiz savas fotogrfijas';
      echo 'Comment[pl]=Organizowanie zdj';
      echo 'Comment[pt]=Organize as suas fotografias';
      echo 'Comment[pt_BR]=Organize suas fotos';
      echo 'Comment[sk]=Organizuje vae fotografie';
      echo 'Comment[sr]=  ';
      echo 'Comment[sr@latin]=Organizujte vae fotografije';
      echo 'Comment[sv]=Organisera dina bilder';
      echo 'Comment[uk]=  ';
      echo 'Comment=Organize your photos';
      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_photos.png";
      echo 'Exec=shotwell %U';
      echo 'Terminal=false';
      echo 'Type=Application';
      echo 'MimeType=x-content/image-dcf;';
      echo 'Categories=Graphics;Photography;GNOME;GTK;';
      echo 'X-GIO-NoFuse=true';
      echo 'X-GNOME-Gettext-Domain=shotwell';
      echo 'X-GNOME-FullName=Shotwell Photo Manager'; } > "/home/$MY_USERNAME/Desktop/photos.desktop"

    #{ echo '[Desktop Entry]';
    #echo 'Name=Audio/Music';
    #echo 'Type=Application';
    #echo 'Comment=Audio publishing and streaming';
    #echo 'Exec=bash /usr/bin/start_ferment';
    #echo "Icon=/etc/patchwork/icon_ferment.png";
    #echo 'Terminal=false';
    #echo 'Categories=Application;'; } > "/home/$MY_USERNAME/Desktop/audio.desktop"

    { echo '[Desktop Entry]';
      echo 'Type=Application';
      echo 'Name=Routing Protocol';
      echo 'Name[el]= ';
      echo 'Name[ar]= ';
      echo "Name[ca]=Protocol d'enrutament";
      echo 'Name[hi]= ';
      echo 'Name[fr]=Protocole de routage';
      echo 'Name[de]=Routingprotokoll';
      echo 'Name[es]=Protocolo de enrutamiento';
      echo 'Name[it]=Protocollo di routing';
      echo 'Name[ru]= ';
      echo 'Name[zh]=';
      echo 'Comment=Select the mesh routing protocol';
      echo 'Comment[el]=    ';
      echo 'Comment[ar]=   ';
      echo "Comment[ca]=Seleccioneu el protocol d'enrutament de malles";
      echo 'Comment[hi]=     ';
      echo 'Comment[fr]=Slectionnez le protocole de routage de maillage';
      echo 'Comment[de]=Whlen Sie das Mesh-Routing-Protokoll';
      echo 'Comment[es]=Seleccione el protocolo de enrutamiento de malla';
      echo "Comment[it]=Seleziona il protocollo di instradamento della mesh";
      echo 'Comment[ru]=   ';
      echo 'Comment[zh]=';
      echo "Exec=mate-terminal -e \"/usr/local/bin/${PROJECT_NAME}-mesh-routing\"";
      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_routing.png";
      echo 'Terminal=false';
      echo 'Categories=Application'; } > "/home/$MY_USERNAME/Desktop/routing.desktop"

    # set permissions
    chmod +x /home/$MY_USERNAME/Desktop/*.desktop
    chown "${MY_USERNAME}":"${MY_USERNAME}" "/home/$MY_USERNAME/Desktop/"*
    chown "${MY_USERNAME}":"${MY_USERNAME}" "/home/$MY_USERNAME/.config"
    chown -R "${MY_USERNAME}":"${MY_USERNAME}" "/home/$MY_USERNAME/.config/tox"
    chown -R "${MY_USERNAME}":"${MY_USERNAME}" "/home/$MY_USERNAME/.config/autostart"
    chown "${MY_USERNAME}":"${MY_USERNAME}" /home/$MY_USERNAME/*.sh

    # link to Tahoe-LAFS Magic folder
    #ln -s /home/${MY_USERNAME}/Desktop/${TAHOELAFS_SHARED_DIR} /home/${MY_USERNAME}/${TAHOELAFS_SHARED_DIR}

    # restart caja
    killall caja
    killall mate-panel
}

function enable_batman_daemon {
    systemctl enable batman
    systemctl daemon-reload
}

function mesh_amnesic {
    if [ ! -f $MESH_AMNESIC ]; then
        return
    fi

    { echo '#!/bin/bash';
      echo '';
      echo "MY_USERNAME=\$1";
      echo 'tomb slam all';
      echo "if [ -f /home/${MY_USERNAME}/.bash_history ]; then";
      echo "    shred -zu /home/${MY_USERNAME}/.bash_history";
      echo 'fi';
      echo "if [ -f /home/${MY_USERNAME}/.xsession-errors ]; then";
      echo "    shred -zu /home/${MY_USERNAME}/.xsession-errors";
      echo 'fi';
      echo '';
      echo 'exit 0'; } > /usr/bin/amnesic
    chmod +x /usr/bin/amnesic

    if [ ! -f /etc/systemd/system/amnesic.service ]; then
        { echo '[Unit]';
          echo 'Description=Amnesic Mesh';
          echo '';
          echo '[Service]';
          echo 'User=root';
          echo 'Group=root';
          echo 'Type=oneshot';
          echo 'RemainAfterExit=true';
          echo 'ExecStart=/bin/true';
          echo "ExecStop=/usr/bin/amnesic $MY_USERNAME";
          echo '';
          echo '[Install]';
          echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/amnesic.service

        chmod +x /etc/systemd/system/amnesic.service
        systemctl daemon-reload
    fi
    systemctl enable amnesic
    systemctl start amnesic
}

function mesh_restart_daemons {
    systemctl restart avahi-daemon
    systemctl restart tox-bootstrapd
    systemctl restart nginx
    echo $'Daemons restarted' >> $INSTALL_LOG
}

function create_tomb {
    tomb_name=$1
    tomb_size=$2

    if [ -f "/tmp/${tomb_name}.tomb" ]; then
        tomb slam "/tmp/${tomb_name}.tomb"
    fi

    # make a temporary password
    tomb dig -s "${tomb_size}" "/tmp/${tomb_name}.tomb"
    if [ ! -f "/tmp/${tomb_name}.tomb" ]; then
        echo "WARNING: ${tomb_name} tomb did not install properly" >> /var/log/${PROJECT_NAME}.log
        tomb >> /var/log/${PROJECT_NAME}.log
    fi
    TOMB_TEMP_PASSWORD=$(openssl rand -base64 64 | tr -dc A-Za-z0-9 | head -c 30)

    tomb forge "/mnt/ramdisk/${tomb_name}.tomb.key" --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
    tomb lock "/tmp/${tomb_name}.tomb" -k "/mnt/ramdisk/${tomb_name}.tomb.key" --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
    tomb open "/tmp/${tomb_name}.tomb" -k "/mnt/ramdisk/${tomb_name}.tomb.key" --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
    # stop stuff from popping up
    pkill caja

    # clear the temporary password
    TOMB_TEMP_PASSWORD=
}

function setup_amnesic_data {
    if [ ! -f $MESH_AMNESIC ]; then
        return
    fi
    if [ ! -d /mnt/ramdisk ]; then
        return
    fi

    # clear crypttab
    if [ -f /etc/crypttab ]; then
        shred -zu /etc/crypttab
        touch /etc/crypttab
    fi

    tomb_name=log
    create_tomb ${tomb_name} $TOMB_LOG_SIZE_MB
    if [ -d /media/${tomb_name} ]; then
        if [ -d /var/log ]; then
            if [ ! -d /var/log_base ]; then
                mv /var/log /var/log_base
            fi
        fi
        ln -s /media/${tomb_name} /var/log
        if [ -d /var/log_base ]; then
            cp -rp /var/log_base/* /media/${tomb_name}
        fi
        echo "${tomb_name} tomb created" >> $INSTALL_LOG
    else
        echo "WARNING: ${tomb_name} tomb not found" >> $INSTALL_LOG
    fi

    tomb_name=tox-bootstrapd
    if [ -f /etc/systemd/system/${tomb_name}.service ]; then
        systemctl stop ${tomb_name}
    fi
    create_tomb ${tomb_name} $TOMB_TOX_BOOTSTRAP_SIZE_MB
    if [ -d /media/${tomb_name} ]; then
        if [ -d /var/lib/tox-bootstrapd ]; then
            if [ ! -d /var/lib/tox-bootstrapd_base ]; then
                mv /var/lib/tox-bootstrapd /var/lib/tox-bootstrapd_base
            fi
        fi
        if [ -d /var/lib/tox-bootstrapd ]; then
            shred -zu /var/lib/tox-bootstrapd/*
            rm -rf /var/lib/tox-bootstrapd
        fi
        ln -s /media/${tomb_name} /var/lib/tox-bootstrapd
        if [ -d /var/lib/tox-bootstrapd_base ]; then
            cp -rp /var/lib/tox-bootstrapd_base/* /media/${tomb_name}
        fi
        echo "${tomb_name} tomb created" >> $INSTALL_LOG
    else
        echo "WARNING: ${tomb_name} tomb not found" >> $INSTALL_LOG
    fi

    tomb_name=tox
    create_tomb ${tomb_name} $TOMB_TOX_SIZE_MB
    if [ -d /media/${tomb_name} ]; then
        if [ ! -d /home/${MY_USERNAME}/.config ]; then
            mkdir -p /home/${MY_USERNAME}/.config
            chown ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/.config
        fi
        if [ -d /home/${MY_USERNAME}/.config/${tomb_name} ]; then
            rm -rf /home/${MY_USERNAME}/.config/${tomb_name}
        fi
        ln -s /media/${tomb_name} /home/${MY_USERNAME}/.config/${tomb_name}
        chown -R ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/.config/${tomb_name}
        chown -R ${MY_USERNAME}:${MY_USERNAME} /media/${tomb_name}
        echo "${tomb_name} tomb created" >> $INSTALL_LOG
    else
        echo "WARNING: ${tomb_name} tomb not found" >> $INSTALL_LOG
    fi
}

function setup_ipfs {
    IPFS_PATH=/usr/bin
    IPFS_KEY_LENGTH=2048
    IPFS_COMMAND=$IPFS_PATH/ipfs
    IPFS_PUBLIC=/home/$MY_USERNAME/.ipfs-public

    chmod 755 $IPFS_COMMAND
    su -c "systemctl --user enable ipfs" - $MY_USERNAME

    if [ -f $CURRENT_BLOG_INDEX ]; then
        shred -zu $CURRENT_BLOG_INDEX
    fi

    if [ -d /home/$MY_USERNAME/Public ]; then
        rm /home/$MY_USERNAME/Desktop/Public
        rm -rf /home/$MY_USERNAME/Public
    fi

    if [ -d /home/$MY_USERNAME/CreateBlog/content/images ]; then
        shred -zu /home/$MY_USERNAME/CreateBlog/content/images/*
    fi

    if [ -d /home/$MY_USERNAME/CreateBlog/content ]; then
        shred -zu /home/$MY_USERNAME/CreateBlog/content/*
        if grep -q "THEME=" /home/$MY_USERNAME/CreateBlog/pelicanconf.py; then
            sed -i "s|THEME=.*|THEME='themes/nice-blog'|g" /home/$MY_USERNAME/CreateBlog/pelicanconf.py
        else
            echo "THEME='themes/nice-blog'" >> /home/$MY_USERNAME/CreateBlog/pelicanconf.py
        fi
    fi

    if [ -d /home/$MY_USERNAME/.ipfs ]; then
        shred -zu /home/$MY_USERNAME/.ipfs/config
        rm -rf /home/$MY_USERNAME/.ipfs
        su -c "systemctl --user restart ipfs" - $MY_USERNAME
    else
        su -c "systemctl --user start ipfs" - $MY_USERNAME
    fi

    if [ -f /home/$MY_USERNAME/.blog-index ]; then
        shred -zu /home/$MY_USERNAME/.blog-index
    fi

    if [ -f /home/$MY_USERNAME/.blog-theme-index ]; then
        shred -zu /home/$MY_USERNAME/.blog-theme-index
    fi

    if [ -f /home/$MY_USERNAME/.ipfs-id ]; then
        shred -zu /home/$MY_USERNAME/.ipfs-id
    fi

    if [ -f /home/$MY_USERNAME/.ipfs-public ]; then
        shred -zu /home/$MY_USERNAME/.ipfs-public
    fi

    chmod 755 $IPFS_COMMAND
    su -c "$IPFS_COMMAND init -b $IPFS_KEY_LENGTH" - $MY_USERNAME
    if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
        echo "IPFS could not be initialised for user $MY_USERNAME" >> $INSTALL_LOG
        return
    fi

    MY_IPFS_ID=/home/$MY_USERNAME/.ipfs-id
    su -c "echo \$($IPFS_COMMAND id | grep '\"ID\":' | awk -F '\"' '{print \$4}') > $MY_IPFS_ID" - $MY_USERNAME
    if [ ! -f $MY_IPFS_ID ]; then
        echo 'No IPFS identity was created' >> $INSTALL_LOG
        return
    fi

    IPFS_PEER_ID=$(cat $MY_IPFS_ID)
    if [ ${#IPFS_PEER_ID} -lt 10 ]; then
        echo 'Invalid IPFS peer ID' >> $INSTALL_LOG
        echo "$IPFS_PEER_ID" >> $INSTALL_LOG
        return
    fi

    # make a public directory
    TOX_ID='none'
    if [ -d /home/$MY_USERNAME/Desktop ]; then
        if [ ! -d /home/$MY_USERNAME/Public ]; then
            mkdir -p /home/$MY_USERNAME/Public/Videos
            mkdir -p /home/$MY_USERNAME/Public/Music
            mkdir -p /home/$MY_USERNAME/Public/Podcasts
            mkdir -p /home/$MY_USERNAME/Public/Documents
            mkdir -p /home/$MY_USERNAME/Public/Pictures
            echo $'Files within this directory will be publicly visible on the network' > /home/$MY_USERNAME/Public/README.txt
            chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Public
            ln -s /home/$MY_USERNAME/Public /home/$MY_USERNAME/Desktop/Public
            su -c "echo \$($IPFS_COMMAND add -rq /home/$MY_USERNAME/Public | tail -n 1) > $IPFS_PUBLIC" - $MY_USERNAME
            if [ ! -f $IPFS_PUBLIC ]; then
                echo $'Unable to create public IPFS directory' >> $INSTALL_LOG
                exit 368225
            fi
        fi
        TOX_ID=$(su -c 'toxid' - $MY_USERNAME)
    fi

    create_avahi_mesh_service "ipfs_id" "ipfs_id" "udp" "$IPFS_PORT" "${IPFS_PEER_ID}:${TOX_ID}"

    echo "IPFS installed with ID ${IPFS_PEER_ID}" >> $INSTALL_LOG
}

function setup_tahoelafs {
    reconfigure_tahoelafs

    TAHOELAFS_CONFIG=/home/${MY_USERNAME}/.tahoe/tahoe.cfg
    if [ ! -f ${TAHOELAFS_CONFIG} ]; then
        exit 673923
    fi
    echo $'Configured Tahoe-LAFS' >> $INSTALL_LOG
}

function create_user_vpn_key {
    username=$1

    if [ ! -d "/home/$username" ]; then
        return
    fi

    echo $"Creating VPN key for $username" >> /var/log/${PROJECT_NAME}.log

    cd /etc/openvpn/easy-rsa || exit 824527645247

    if [ -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
        rm "/etc/openvpn/easy-rsa/keys/$username.crt"
    fi
    if [ -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
        rm "/etc/openvpn/easy-rsa/keys/$username.key"
    fi
    if [ -f "/etc/openvpn/easy-rsa/keys/$username.csr" ]; then
        rm "/etc/openvpn/easy-rsa/keys/$username.csr"
    fi

    sed -i 's| --interact||g' build-key
    ./build-key "$username"

    if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
        echo $'VPN user cert not generated' >> "/var/log/${PROJECT_NAME}.log"
        exit 783528
    fi
    user_cert=$(cat "/etc/openvpn/easy-rsa/keys/$username.crt")
    if [ ${#user_cert} -lt 10 ]; then
        cat "/etc/openvpn/easy-rsa/keys/$username.crt"
        echo $'User cert generation failed' >> /var/log/${PROJECT_NAME}.log
        exit 634659
    fi
    if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
        echo $'VPN user key not generated'
        exit 682523
    fi
    user_key=$(cat "/etc/openvpn/easy-rsa/keys/$username.key")
    if [ ${#user_key} -lt 10 ]; then
        cat "/etc/openvpn/easy-rsa/keys/$username.key"
        echo $'User key generation failed'
        exit 285838
    fi

    user_vpn_cert_file=/home/$username/$OPENVPN_KEY_FILENAME

    { echo 'client';
      echo 'dev tun';
      echo 'proto tcp';
      echo "remote localhost $STUNNEL_PORT";
      echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway";
      echo 'resolv-retry infinite';
      echo 'nobind';
      echo 'tun-mtu 1500';
      echo 'tun-mtu-extra 32';
      echo 'mssfix 1450';
      echo 'persist-key';
      echo 'persist-tun';
      echo 'auth-nocache';
      echo 'remote-cert-tls server';
      echo 'comp-lzo';
      echo 'verb 3';
      echo '';

      echo '<ca>';
      cat "/etc/openvpn/ca.crt";
      echo '</ca>';

      echo '<cert>';
      cat "/etc/openvpn/easy-rsa/keys/$username.crt";
      echo '</cert>';

      echo '<key>';
      cat "/etc/openvpn/easy-rsa/keys/$username.key";
      echo '</key>'; } > "$user_vpn_cert_file"

    chown "$username":"$username" "$user_vpn_cert_file"

    # keep a backup
    cp "$user_vpn_cert_file" "/etc/openvpn/easy-rsa/keys/$username.ovpn"

    #rm /etc/openvpn/easy-rsa/keys/$username.crt
    #rm /etc/openvpn/easy-rsa/keys/$username.csr
    shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"

    echo $"VPN key created at $user_vpn_cert_file" >> "/var/log/${PROJECT_NAME}.log"
}

function vpn_generate_keys {
    # generate host keys
    if [ ! -f /etc/openvpn/dh2048.pem ]; then
        ${PROJECT_NAME}-dhparam -o /etc/openvpn/dh2048.pem
    fi
    if [ ! -f /etc/openvpn/dh2048.pem ]; then
        echo $'vpn dhparams were not generated' >> /var/log/${PROJECT_NAME}.log
        exit 73724523
    fi
    cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem

    cd /etc/openvpn/easy-rsa || exit 2452486824
    # shellcheck disable=SC1091
    . ./vars
    ./clean-all
    vpn_openssl_version='1.0.0'
    if [ ! -f openssl-${vpn_openssl_version}.cnf ]; then
        echo $"openssl-${vpn_openssl_version}.cnf was not found" >> /var/log/${PROJECT_NAME}.log
        exit 7392353
    fi
    cp openssl-${vpn_openssl_version}.cnf openssl.cnf

    if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt ]; then
        rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt
    fi
    if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key ]; then
        rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key
    fi
    if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.csr ]; then
        rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.csr
    fi
    sed -i 's| --interact||g' build-key-server
    sed -i 's| --interact||g' build-ca
    ./build-ca
    ./build-key-server ${OPENVPN_SERVER_NAME}
    if [ ! -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt ]; then
        echo $'OpenVPN crt not found' >> /var/log/${PROJECT_NAME}.log
        exit 7823352
    fi
    server_cert=$(cat /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt)
    if [ ${#server_cert} -lt 10 ]; then
        cat /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt
        echo $'Server cert generation failed' >> /var/log/${PROJECT_NAME}.log
        exit 3284682
    fi

    if [ ! -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key ]; then
        echo $'OpenVPN key not found' >> /var/log/${PROJECT_NAME}.log
        exit 6839436
    fi
    if [ ! -f /etc/openvpn/easy-rsa/keys/ca.key ]; then
        echo $'OpenVPN ca not found' >> /var/log/${PROJECT_NAME}.log
        exit 7935203
    fi
    cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn

    create_user_vpn_key ${MY_USERNAME}
}

function generate_stunnel_keys {
    echo "Creating stunnel keys" >> /var/log/${PROJECT_NAME}.log
    openssl req -x509 -nodes -days 3650 -sha256 \
            -subj "/O=$VPN_ORGANISATION/OU=$VPN_UNIT/C=$VPN_COUNTRY_CODE/ST=$VPN_AREA/L=$VPN_LOCATION/CN=$HOSTNAME" \
            -newkey rsa:2048 -keyout /etc/stunnel/key.pem \
            -out /etc/stunnel/cert.pem
    if [ ! -f /etc/stunnel/key.pem ]; then
        echo $'stunnel key not created' >> /var/log/${PROJECT_NAME}.log
        exit 793530
    fi
    if [ ! -f /etc/stunnel/cert.pem ]; then
        echo $'stunnel cert not created' >> /var/log/${PROJECT_NAME}.log
        exit 204587
    fi
    chmod 400 /etc/stunnel/key.pem
    chmod 640 /etc/stunnel/cert.pem

    cat /etc/stunnel/key.pem /etc/stunnel/cert.pem >> /etc/stunnel/stunnel.pem
    chmod 640 /etc/stunnel/stunnel.pem

    openssl pkcs12 -export -out /etc/stunnel/stunnel.p12 -inkey /etc/stunnel/key.pem -in /etc/stunnel/cert.pem -passout pass:
    if [ ! -f /etc/stunnel/stunnel.p12 ]; then
        echo $'stunnel pkcs12 not created' >> /var/log/${PROJECT_NAME}.log
        exit 639353
    fi
    chmod 640 /etc/stunnel/stunnel.p12

    cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem
    cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12
    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
    echo "stunnel keys created" >> /var/log/${PROJECT_NAME}.log
}

function mesh_setup_vpn {
    vpn_generate_keys

    cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf
    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*

    generate_stunnel_keys

    sed -i 's|tun-mtu .*|tun-mtu 1532|g' /home/$MY_USERNAME/client.ovpn
    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/client.ovpn
    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*

    # create an archive of the vpn client files
    cd /home/$MY_USERNAME || exit 24682468242
    tar -czvf vpn.tar.gz stunnel* client.ovpn
    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/vpn.tar.gz

    systemctl restart openvpn
}

function initialise_scuttlebot_pub {
    chown -R scuttlebot:scuttlebot /etc/scuttlebot

    systemctl enable git_ssb.service
    systemctl daemon-reload
    systemctl start scuttlebot.service

    sleep 10

    if [ ! -d /etc/scuttlebot/.ssb ]; then
        echo $'Scuttlebot config not generated' >> /var/log/${PROJECT_NAME}.log
        systemctl status scuttlebot -l >> /var/log/${PROJECT_NAME}.log
        exit 73528
    fi

    { echo '{';
      echo "  \"host\": \"$P{PEER_ID}.local\",";
      echo "  \"port\": ${SCUTTLEBOT_PORT},";
      echo '  "allowPrivate": true,';
      echo '  "timeout": 30000,';
      echo '  "pub": true,';
      echo '  "local": true,';
      echo '  "friends": {';
      echo '    "dunbar": 150,';
      echo '    "hops": 3';
      echo '  },';
      echo '  "gossip": {';
      echo '    "connections": 2';
      echo '  },';
      echo '  "master": [],';
      echo '  "logging": {';
      echo '    "level": "error"';
      echo '  }';
      echo '}'; } > /etc/scuttlebot/.ssb/config
    chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config
    systemctl restart scuttlebot.service
    echo "scuttlebot pub started" >> /var/log/${PROJECT_NAME}.log

    # git ssb site
    if [ -f /etc/nginx/sites-available/git_ssb ]; then
        sed -i "s|server_name .*|server_name ${HOSTNAME}.local;|g" /etc/nginx/sites-available/git_ssb
        ln -s /etc/nginx/sites-available/git_ssb /etc/nginx/sites-enabled/git_ssb
        systemctl enable git_ssb.service
        systemctl start git_ssb.service

    fi
}

# whether to reset the identity
set_new_identity=
if [ "$2" ]; then
    if [[ "$2" == $"new"* ]]; then
        if [ ! -f $MESH_INSTALL_SETUP ]; then
            touch $MESH_INSTALL_SETUP
        fi
        set_new_identity=1
    fi
    if [[ "$2" == $"amnesic"* ]]; then
        if [ ! -f $MESH_AMNESIC ]; then
            touch $MESH_AMNESIC
        fi
        if [ ! -f $MESH_INSTALL_SETUP ]; then
            touch $MESH_INSTALL_SETUP
        fi
        set_new_identity=1
    fi
fi

if [ -f $MESH_INSTALL_SETUP ]; then
    if [ "$1" ]; then
        MY_USERNAME=$1
    fi

    if [ ! $set_new_identity ]; then
        # sleep in order to allow other daemons to start up
        sleep 5
    fi

    # clear the install log
    if [ -f $INSTALL_LOG ]; then
        rm $INSTALL_LOG
    fi

    # Remove SSB/Patchwork files
    if [ -d "/home/$MY_USERNAME/.ssb" ]; then
        rm -rf "/home/$MY_USERNAME/.ssb"
    fi

    # Remove vpn host keys
    if [ -d /etc/openvpn/easy-rsa/keys ]; then
        rm -rf /etc/openvpn/easy-rsa/keys/*
    fi

    # Remove hidden service
    if [ -d /var/lib/tor/hidden_service_mesh ]; then
        rm -rf /var/lib/tor/hidden_service_mesh
    fi

    # Remove any existing vpn client keys
    if [ -f "/home/$MY_USERNAME/vpn.tar.gz" ]; then
        rm "/home/$MY_USERNAME/vpn.tar.gz"
    fi
    if [ -f "/home/$MY_USERNAME/stunnel.pem" ]; then
        rm "/home/$MY_USERNAME/stunnel.pem"
    fi
    if [ -f "/home/$MY_USERNAME/stunnel.p12" ]; then
        rm "/home/$MY_USERNAME/stunnel.p12"
    fi

    # Remove cryptpad datastore
    if [ -d $CRYPTPAD_DIR/datastore ]; then
        rm -rf $CRYPTPAD_DIR/datastore
    fi

    echo $'Beginning mesh node setup' >> $INSTALL_LOG

    if [ -d "/home/$MY_USERNAME/.config" ]; then
        chown "${MY_USERNAME}":"${MY_USERNAME}" "/home/$MY_USERNAME/.config"
    fi

    systemctl stop tor
    systemctl disable tor
    echo $'TOR disabled' >> $INSTALL_LOG

    systemctl stop bmx6
    systemctl disable bmx6
    echo $'BMX6 disabled' >> $INSTALL_LOG

    if [ -d /etc/bmx7 ]; then
        systemctl stop bmx7
        systemctl disable bmx7
        echo $'BMX7 disabled' >> $INSTALL_LOG
    fi

    systemctl stop olsr2
    systemctl disable olsr2
    echo $'OLSR2 disabled' >> $INSTALL_LOG

    systemctl stop babel
    systemctl disable babel
    echo $'Babel disabled' >> $INSTALL_LOG

    #tomb slam all
    tmp_ram_disk 100
    enable_predictable_device_names
    enable_batman_daemon
    #create_ram_disk 1
    #setup_amnesic_data
    change_avahi_name
    if [ -d $CRYPTPAD_DIR ]; then
        systemctl start cryptpad
    fi
    configure_toxcore
    create_tox_user
    #setup_tahoelafs
    mesh_setup_vpn
    initialise_scuttlebot_pub
    setup_ipfs
    enable_cryptpad
    enable_peertube
    mesh_amnesic
    make_root_read_only

    if [ ! -f $MESH_AMNESIC ]; then
        rm $MESH_INSTALL_SETUP
        systemctl disable mesh-setup.service
    fi

    show_desktop_icons

    mesh_restart_daemons
    if [ ! -f $MESH_INSTALL_COMPLETED ]; then
        echo $'Mesh node setup complete' >> $INSTALL_LOG
        touch $MESH_INSTALL_COMPLETED
        if [ -d "/home/$MY_USERNAME/Desktop" ]; then
            touch $FIRST_BOOT
            chown "${MY_USERNAME}":"${MY_USERNAME}" "$FIRST_BOOT"
        fi

        # set the desktop background
        if [ -d "/home/$MY_USERNAME/Desktop" ]; then
            MESH_DESKTOP_BACKGROUND_IMAGE=/usr/local/share/${PROJECT_NAME}_mesh_background.png
            cp $MESH_DESKTOP_BACKGROUND_IMAGE /usr/share/images/desktop-base/${PROJECT_NAME}_mesh_background.png
            rm /usr/share/images/desktop-base/desktop-background
            ln -s /usr/share/images/desktop-base/${PROJECT_NAME}_mesh_background.png /usr/share/images/desktop-base/desktop-background
        fi
        if [ -f /etc/default/grub ]; then
            update-grub
        fi
        systemctl reboot -i
    fi
fi

exit 0