From 9e33044b77d178a1c6f5561fc49010a919154188 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 18 Jan 2018 18:12:28 +0000
Subject: [PATCH 01/53] Increase size of meshclient image

---
 src/freedombone-image | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-image b/src/freedombone-image
index 467ee87b..53a2535a 100755
--- a/src/freedombone-image
+++ b/src/freedombone-image
@@ -547,7 +547,7 @@ if [[ $VARIANT == 'meshclient' || $VARIANT == 'meshusb' ]]; then
     fi
 
     if [ ! $IMAGE_SIZE_SPECIFIED ]; then
-        IMAGE_SIZE=7.9G
+        IMAGE_SIZE=15.0G
     fi
 fi
 

From e29fe7b88b518bff57301d9a45a463012f7a9720 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 18 Jan 2018 18:16:23 +0000
Subject: [PATCH 02/53] Increase image size

---
 doc/EN/mesh_images.org      |  2 +-
 website/EN/mesh_images.html | 40 ++++++++++++++++++-------------------
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/doc/EN/mesh_images.org b/doc/EN/mesh_images.org
index c64c61e2..20534c8b 100644
--- a/doc/EN/mesh_images.org
+++ b/doc/EN/mesh_images.org
@@ -37,7 +37,7 @@ The MultiWriter tool is also available within mesh client images, so that you ca
 [[file:images/mesh_netbook.jpg]]
 #+END_CENTER
 
-"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 8GB in size.
+"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 16GB in size.
 
 #+begin_src bash
 sudo apt-get install xz-utils wget
diff --git a/website/EN/mesh_images.html b/website/EN/mesh_images.html
index 381f16bb..f4f8bf04 100644
--- a/website/EN/mesh_images.html
+++ b/website/EN/mesh_images.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-12-29 Fri 23:16 -->
+<!-- 2018-01-18 Thu 18:15 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -246,13 +246,13 @@ for the JavaScript code in this tag.
 
 <center><h1>Mesh Network: Images</h1></center>
 
-<div id="outline-container-org92a36a4" class="outline-2">
-<h2 id="org92a36a4">Pre-built Disk Images</h2>
-<div class="outline-text-2" id="text-org92a36a4">
+<div id="outline-container-orgff89f51" class="outline-2">
+<h2 id="orgff89f51">Pre-built Disk Images</h2>
+<div class="outline-text-2" id="text-orgff89f51">
 </div>
-<div id="outline-container-orgf74ea4c" class="outline-3">
-<h3 id="orgf74ea4c">Writing many images quickly</h3>
-<div class="outline-text-3" id="text-orgf74ea4c">
+<div id="outline-container-orgd2bd6dc" class="outline-3">
+<h3 id="orgd2bd6dc">Writing many images quickly</h3>
+<div class="outline-text-3" id="text-orgd2bd6dc">
 <p>
 There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the <b>dd</b> command is used for writing to the target drive, but to write to multiple drives you can use a tool such as <a href="https://wiki.gnome.org/Apps/MultiWriter">GNOME MultiWriter</a>.
 </p>
@@ -280,9 +280,9 @@ The MultiWriter tool is also available within mesh client images, so that you ca
 </p>
 </div>
 </div>
-<div id="outline-container-orgdd8f201" class="outline-3">
-<h3 id="orgdd8f201">Client images</h3>
-<div class="outline-text-3" id="text-orgdd8f201">
+<div id="outline-container-orgaa45ffa" class="outline-3">
+<h3 id="orgaa45ffa">Client images</h3>
+<div class="outline-text-3" id="text-orgaa45ffa">
 <div class="org-center">
 
 <div class="figure">
@@ -292,7 +292,7 @@ The MultiWriter tool is also available within mesh client images, so that you ca
 </div>
 
 <p>
-"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 8GB in size.
+"Client" isn't exactly the right term, but it's a mesh peer with a user interface. These images can be copied to a USB drive, then you can plug it into a laptop/netbook/desktop machine and boot from it. You will probably also need an Atheros USB wifi dongle (the black protruding object on the left side of the netbook in the picture above), because most built-in wifi usually requires proprietary firmware. In the commands below substitute /dev/sdX with the USB drive device, excluding any trailing numbers (eg. /dev/sdb). The USB drive you're copying to will need to be at least 16GB in size.
 </p>
 
 <div class="org-src-container">
@@ -331,16 +331,16 @@ sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-n
 </div>
 </div>
 
-<div id="outline-container-org231f975" class="outline-3">
-<h3 id="org231f975">Router images</h3>
-<div class="outline-text-3" id="text-org231f975">
+<div id="outline-container-org6ca93ec" class="outline-3">
+<h3 id="org6ca93ec">Router images</h3>
+<div class="outline-text-3" id="text-org6ca93ec">
 <p>
 Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do.
 </p>
 </div>
-<div id="outline-container-orgbe92b46" class="outline-4">
-<h4 id="orgbe92b46">Beaglebone Black</h4>
-<div class="outline-text-4" id="text-orgbe92b46">
+<div id="outline-container-org69b5cfa" class="outline-4">
+<h4 id="org69b5cfa">Beaglebone Black</h4>
+<div class="outline-text-4" id="text-org69b5cfa">
 <div class="org-center">
 
 <div class="figure">
@@ -377,9 +377,9 @@ There is still a software freedom issue with the Beaglebone Black, but it doesn'
 </div>
 </div>
 
-<div id="outline-container-orgd948176" class="outline-2">
-<h2 id="orgd948176">Building Disk Images</h2>
-<div class="outline-text-2" id="text-orgd948176">
+<div id="outline-container-org6b309a0" class="outline-2">
+<h2 id="org6b309a0">Building Disk Images</h2>
+<div class="outline-text-2" id="text-org6b309a0">
 <p>
 It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
 </p>

From 871a4f6cad659f02a86a5cc3a6aa9511684f44af Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 19 Jan 2018 12:36:04 +0000
Subject: [PATCH 03/53] Detect ipv6 addresses

---
 src/freedombone-utils-mesh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/freedombone-utils-mesh b/src/freedombone-utils-mesh
index 504bd52e..84742a41 100755
--- a/src/freedombone-utils-mesh
+++ b/src/freedombone-utils-mesh
@@ -107,12 +107,12 @@ function mesh_protocol_init {
     fi
 }
 
-function get_ipv4_wlan {
-    echo $(ip -o -f inet addr show dev "$IFACE" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
+function get_ipv6_wlan {
+    echo $(ifconfig ${IFACE} | grep inet6 | awk -F ' ' '{print $2}')
 }
 
 function mesh_hotspot_ip_address {
-    echo $(ip -o -f inet addr show dev "${BRIDGE}" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
+    echo $(ifconfig ${BRIDGE} | grep inet6 | awk -F ' ' '{print $2}')
 }
 
 function global_rate_limit {
@@ -368,7 +368,7 @@ function enable_mesh_scuttlebot {
     if [ -f /etc/scuttlebot/.ssb/config ]; then
         ethernet_connected=$(cat /sys/class/net/eth0/carrier)
         if [[ "$ethernet_connected" != "0" ]]; then
-            sed -i "s|\"host\": .*|\"host\": \"$(get_ipv4_wlan)\",|g" /etc/scuttlebot/.ssb/config
+            sed -i "s|\"host\": .*|\"host\": \"$(get_ipv6_wlan)\",|g" /etc/scuttlebot/.ssb/config
             systemctl restart scuttlebot
         else
             if [ ! -f /etc/nginx/sites-available/git_ssb ]; then

From 5814c386c186c32a650c981c6213b8965f1cf720 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 19 Jan 2018 14:23:24 +0000
Subject: [PATCH 04/53] Use atheros wifi package

---
 src/freedombone-image-customise | 18 ++-----------
 src/freedombone-utils-wifi      | 46 +--------------------------------
 2 files changed, 3 insertions(+), 61 deletions(-)

diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise
index fa399cd8..7595fec9 100755
--- a/src/freedombone-image-customise
+++ b/src/freedombone-image-customise
@@ -492,22 +492,7 @@ continue_installation() {
 }
 
 atheros_wifi() {
-    if [[ "$MACHINE" == "beaglebonewifi" ]]; then
-        return
-    fi
-
-    firmware_filename="open-ath9k-htc-firmware_1.3-1_all.deb"
-    firmware_hash='5fea58ffefdf0ef15b504db7fbe3bc078c03e0d927bba64085e4b6f2546102f5'
-
-    firmware_url="http://us.archive.trisquel.info/trisquel/pool/main/o/open-ath9k-htc-firmware/$firmware_filename"
-    firmware_tempfile="/tmp/$firmware_filename"
-    wget "$firmware_url" -O "$rootdir$firmware_tempfile"
-    downloaded_firmware_hash=$(sha256sum "$rootdir$firmware_tempfile" | awk -F ' ' '{print $1}')
-    if [[ "$downloaded_firmware_hash" == "$firmware_hash" ]]; then
-        chroot "$rootdir" dpkg -i "$firmware_tempfile"
-    else
-        echo 'WARNING: Atheros Wifi firmware hash does not match. The driver has not been installed.'
-    fi
+    chroot "$rootdir" apt-get -yq install open-ath9k-htc-firmware
 }
 
 configure_wifi() {
@@ -902,6 +887,7 @@ initialise_mesh() {
         # install proprietary wifi drivers
         # see https://wiki.debian.org/iwlwifi
         chroot "$rootdir" apt-get -yq install firmware-iwlwifi firmware-b43-installer firmware-brcm80211 firmware-realtek
+        chroot "$rootdir" apt-get -yq install firmware-atheros firmware-zd1211
     fi
 
     INSTALLING_MESH=1
diff --git a/src/freedombone-utils-wifi b/src/freedombone-utils-wifi
index ea71c609..9b71587f 100755
--- a/src/freedombone-utils-wifi
+++ b/src/freedombone-utils-wifi
@@ -36,9 +36,6 @@ WIFI_PASSPHRASE=
 WIFI_HOTSPOT='no'
 WIFI_NETWORKS_FILE=~/${PROJECT_NAME}-wifi.cfg
 
-# repo for atheros AR9271 wifi driver
-ATHEROS_WIFI_REPO="https://github.com/qca/open-ath9k-htc-firmware.git"
-
 function default_network_config {
     echo '# This file describes the network interfaces available on your system' > /etc/network/interfaces
     echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces
@@ -166,48 +163,7 @@ function install_atheros_wifi {
     if [[ $(is_completed $FUNCNAME) == "1" ]]; then
         return
     fi
-    if [ $INSTALLING_ON_BBB != "yes" ]; then
-        return
-    fi
-    if [[ $ENABLE_BATMAN != "yes" ]]; then
-        return
-    fi
-    if [ -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
-        return
-    fi
-    # have drivers already been installed ?
-    if [ -f /lib/firmware/htc_9271.fw ]; then
-        return
-    fi
-    apt-get -yq install build-essential cmake git m4 texinfo
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
-    fi
-    cd $INSTALL_DIR
-    if [ ! -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
-        function_check git_clone
-        git_clone $ATHEROS_WIFI_REPO $INSTALL_DIR/open-ath9k-htc-firmware
-        if [ ! "$?" = "0" ]; then
-            rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
-            exit 74283
-        fi
-    fi
-    cd $INSTALL_DIR/open-ath9k-htc-firmware
-    git checkout 1.4.0
-    make toolchain
-    if [ ! "$?" = "0" ]; then
-        rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
-        exit 24820
-    fi
-    make firmware
-    if [ ! "$?" = "0" ]; then
-        rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
-        exit 63412
-    fi
-    cp target_firmware/*.fw /lib/firmware/
-    if [ ! "$?" = "0" ]; then
-        exit 74681
-    fi
+    apt-get -yq install open-ath9k-htc-firmware
     mark_completed $FUNCNAME
 }
 

From b19479e7df534736efcc91b43dacb2219024cbe2 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 19 Jan 2018 14:33:39 +0000
Subject: [PATCH 05/53] Revert "Use atheros wifi package"

This reverts commit 5814c386c186c32a650c981c6213b8965f1cf720.
---
 src/freedombone-image-customise | 18 +++++++++++--
 src/freedombone-utils-wifi      | 46 ++++++++++++++++++++++++++++++++-
 2 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise
index 7595fec9..fa399cd8 100755
--- a/src/freedombone-image-customise
+++ b/src/freedombone-image-customise
@@ -492,7 +492,22 @@ continue_installation() {
 }
 
 atheros_wifi() {
-    chroot "$rootdir" apt-get -yq install open-ath9k-htc-firmware
+    if [[ "$MACHINE" == "beaglebonewifi" ]]; then
+        return
+    fi
+
+    firmware_filename="open-ath9k-htc-firmware_1.3-1_all.deb"
+    firmware_hash='5fea58ffefdf0ef15b504db7fbe3bc078c03e0d927bba64085e4b6f2546102f5'
+
+    firmware_url="http://us.archive.trisquel.info/trisquel/pool/main/o/open-ath9k-htc-firmware/$firmware_filename"
+    firmware_tempfile="/tmp/$firmware_filename"
+    wget "$firmware_url" -O "$rootdir$firmware_tempfile"
+    downloaded_firmware_hash=$(sha256sum "$rootdir$firmware_tempfile" | awk -F ' ' '{print $1}')
+    if [[ "$downloaded_firmware_hash" == "$firmware_hash" ]]; then
+        chroot "$rootdir" dpkg -i "$firmware_tempfile"
+    else
+        echo 'WARNING: Atheros Wifi firmware hash does not match. The driver has not been installed.'
+    fi
 }
 
 configure_wifi() {
@@ -887,7 +902,6 @@ initialise_mesh() {
         # install proprietary wifi drivers
         # see https://wiki.debian.org/iwlwifi
         chroot "$rootdir" apt-get -yq install firmware-iwlwifi firmware-b43-installer firmware-brcm80211 firmware-realtek
-        chroot "$rootdir" apt-get -yq install firmware-atheros firmware-zd1211
     fi
 
     INSTALLING_MESH=1
diff --git a/src/freedombone-utils-wifi b/src/freedombone-utils-wifi
index 9b71587f..ea71c609 100755
--- a/src/freedombone-utils-wifi
+++ b/src/freedombone-utils-wifi
@@ -36,6 +36,9 @@ WIFI_PASSPHRASE=
 WIFI_HOTSPOT='no'
 WIFI_NETWORKS_FILE=~/${PROJECT_NAME}-wifi.cfg
 
+# repo for atheros AR9271 wifi driver
+ATHEROS_WIFI_REPO="https://github.com/qca/open-ath9k-htc-firmware.git"
+
 function default_network_config {
     echo '# This file describes the network interfaces available on your system' > /etc/network/interfaces
     echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces
@@ -163,7 +166,48 @@ function install_atheros_wifi {
     if [[ $(is_completed $FUNCNAME) == "1" ]]; then
         return
     fi
-    apt-get -yq install open-ath9k-htc-firmware
+    if [ $INSTALLING_ON_BBB != "yes" ]; then
+        return
+    fi
+    if [[ $ENABLE_BATMAN != "yes" ]]; then
+        return
+    fi
+    if [ -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
+        return
+    fi
+    # have drivers already been installed ?
+    if [ -f /lib/firmware/htc_9271.fw ]; then
+        return
+    fi
+    apt-get -yq install build-essential cmake git m4 texinfo
+    if [ ! -d $INSTALL_DIR ]; then
+        mkdir -p $INSTALL_DIR
+    fi
+    cd $INSTALL_DIR
+    if [ ! -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
+        function_check git_clone
+        git_clone $ATHEROS_WIFI_REPO $INSTALL_DIR/open-ath9k-htc-firmware
+        if [ ! "$?" = "0" ]; then
+            rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
+            exit 74283
+        fi
+    fi
+    cd $INSTALL_DIR/open-ath9k-htc-firmware
+    git checkout 1.4.0
+    make toolchain
+    if [ ! "$?" = "0" ]; then
+        rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
+        exit 24820
+    fi
+    make firmware
+    if [ ! "$?" = "0" ]; then
+        rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
+        exit 63412
+    fi
+    cp target_firmware/*.fw /lib/firmware/
+    if [ ! "$?" = "0" ]; then
+        exit 74681
+    fi
     mark_completed $FUNCNAME
 }
 

From 23e52b615da4cad0f5f9f3819ebe0c861baf91ed Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 19 Jan 2018 17:22:22 +0000
Subject: [PATCH 06/53] Restoring user config

---
 src/freedombone-restore-local  | 3 +++
 src/freedombone-restore-remote | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/src/freedombone-restore-local b/src/freedombone-restore-local
index bceae807..1367854c 100755
--- a/src/freedombone-restore-local
+++ b/src/freedombone-restore-local
@@ -644,6 +644,9 @@ function restore_user_config {
                 if [ -d $temp_restore_dir/home/$USERNAME/.config ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.config ]; then
+                        mkdir /home/$USERNAME/.config
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.config/
                 fi
                 if [ ! "$?" = "0" ]; then
diff --git a/src/freedombone-restore-remote b/src/freedombone-restore-remote
index e6a448dc..2d2b0ddc 100755
--- a/src/freedombone-restore-remote
+++ b/src/freedombone-restore-remote
@@ -573,6 +573,9 @@ function restore_user_config {
                 if [ -d $temp_restore_dir/home/$USERNAME ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.config ]; then
+                        mkdir /home/$USERNAME/.config
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.config/
                 fi
                 if [ ! "$?" = "0" ]; then

From 940101b74c83fb73df87eda24395348b83004c73 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 19 Jan 2018 17:31:16 +0000
Subject: [PATCH 07/53] More directory creations on restore

---
 src/freedombone-restore-local  | 23 ++++++++++++++++++++++-
 src/freedombone-restore-remote | 23 ++++++++++++++++++++++-
 2 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-restore-local b/src/freedombone-restore-local
index 1367854c..62e1e3a9 100755
--- a/src/freedombone-restore-local
+++ b/src/freedombone-restore-local
@@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -464,6 +464,9 @@ function restore_gpg {
                 if [ -d $temp_restore_dir/home/$USERNAME/.gnupg ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.gnupg /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.gnupg ]; then
+                        mkdir /home/$USERNAME/.gnupg
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.gnupg/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -543,6 +546,9 @@ function restore_spamassassin {
                     if [ -d $temp_restore_dir/home/$USERNAME ]; then
                         cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
                     else
+                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
+                        mkdir /home/$USERNAME/.spamassassin
+                    fi
                         cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
                     fi
                     if [ ! "$?" = "0" ]; then
@@ -611,6 +617,9 @@ function restore_user_ssh_keys {
                 if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.ssh ]; then
+                        mkdir /home/$USERNAME/.ssh
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -680,6 +689,9 @@ function restore_user_monkeysphere {
                 if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
+                        mkdir /home/$USERNAME/.monkeysphere
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -721,6 +733,9 @@ function restore_user_fin {
                 if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.fin ]; then
+                        mkdir /home/$USERNAME/.fin
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -754,6 +769,9 @@ function restore_user_local {
                 if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.local ]; then
+                        mkdir /home/$USERNAME/.local
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.local/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -840,6 +858,9 @@ function restore_personal_settings {
                     if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
                         mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
                     else
+                        if [ ! -d /home/$USERNAME/personal ]; then
+                            mkdir /home/$USERNAME/personal
+                        fi
                         cp -r $temp_restore_dir/* /home/$USERNAME/personal/
                     fi
                     if [ ! "$?" = "0" ]; then
diff --git a/src/freedombone-restore-remote b/src/freedombone-restore-remote
index 2d2b0ddc..b7d55782 100755
--- a/src/freedombone-restore-remote
+++ b/src/freedombone-restore-remote
@@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -419,6 +419,9 @@ function restore_gpg {
                 if [ -d ${temp_restore_dir}/home/$USERNAME/.gnupg ]; then
                     cp -r ${temp_restore_dir}/home/$USERNAME/.gnupg /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.gnupg ]; then
+                        mkdir /home/$USERNAME/.gnupg
+                    fi
                     cp -r ${temp_restore_dir}/* /home/$USERNAME/.gnupg/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -488,6 +491,9 @@ function restore_spamassassin {
                 if [ -d $temp_restore_dir/home/$USERNAME ]; then
                     cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
+                        mkdir /home/$USERNAME/.spamassassin
+                    fi
                     cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -542,6 +548,9 @@ function restore_ssh_keys {
                 if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.ssh ]; then
+                        mkdir /home/$USERNAME/.ssh
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -607,6 +616,9 @@ function restore_user_monkeysphere {
                 if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
+                        mkdir /home/$USERNAME/.monkeysphere
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -646,6 +658,9 @@ function restore_user_fin {
                 if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.fin ]; then
+                        mkdir /home/$USERNAME/.fin
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -677,6 +692,9 @@ function restore_user_local {
                 if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/.local ]; then
+                        mkdir /home/$USERNAME/.local
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/.local/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -757,6 +775,9 @@ function restore_personal_settings {
                     fi
                     mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
                 else
+                    if [ ! -d /home/$USERNAME/personal ]; then
+                        mkdir /home/$USERNAME/personal
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/personal/
                 fi
                 if [ ! "$?" = "0" ]; then

From 43516f1144edbdbaae204bd60df6d4422c70acfd Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 19 Jan 2018 21:41:51 +0000
Subject: [PATCH 08/53] Restoring ghost

---
 src/freedombone-app-ghost | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/freedombone-app-ghost b/src/freedombone-app-ghost
index 5dc44b27..0f05db0f 100755
--- a/src/freedombone-app-ghost
+++ b/src/freedombone-app-ghost
@@ -254,6 +254,9 @@ function restore_local_ghost {
             if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
                 cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
             else
+                if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
+                    mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
+                fi
                 cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
             fi
             chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/content
@@ -298,6 +301,9 @@ function restore_remote_ghost {
         if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
             cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
         else
+            if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
+                mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
+            fi
             cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
         fi
         chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs

From 544385a60c62cf1d3446b29655e183e050afe304 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 19 Jan 2018 22:04:27 +0000
Subject: [PATCH 09/53] Ghost backup and restore when database is in the
 current subdirectory

---
 src/freedombone-app-ghost | 63 +++++++++++++++++++++++++++++++++++----
 1 file changed, 57 insertions(+), 6 deletions(-)

diff --git a/src/freedombone-app-ghost b/src/freedombone-app-ghost
index 0f05db0f..a885b496 100755
--- a/src/freedombone-app-ghost
+++ b/src/freedombone-app-ghost
@@ -228,14 +228,21 @@ function backup_local_ghost {
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
 
+    suspend_site ${GHOST_DOMAIN_NAME}
+    systemctl stop ghost
+
     ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
     if [ -d $ghost_path ]; then
-        suspend_site ${GHOST_DOMAIN_NAME}
-        systemctl stop ghost
         backup_directory_to_usb $ghost_path ghostcontent
-        systemctl start ghost
-        restart_site
     fi
+
+    ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
+    if [ -d $ghost_path ]; then
+        backup_directory_to_usb $ghost_path ghostcurrent
+    fi
+
+    systemctl start ghost
+    restart_site
 }
 
 function restore_local_ghost {
@@ -263,6 +270,22 @@ function restore_local_ghost {
             rm -rf $temp_restore_dir
         fi
 
+        temp_restore_dir=/root/tempghostcurrent
+        function_check restore_directory_from_usb
+        restore_directory_from_usb $temp_restore_dir ghostcurrent
+        if [ -d $temp_restore_dir ]; then
+            if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
+                cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+            else
+                if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
+                    mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+                fi
+                cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+            fi
+            chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+            rm -rf $temp_restore_dir
+        fi
+
         systemctl start ghost
         restart_site
     fi
@@ -274,15 +297,27 @@ function backup_remote_ghost {
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
 
+    suspend_site ${GHOST_DOMAIN_NAME}
+
     temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
     if [ -d $temp_backup_dir ]; then
-        suspend_site ${GHOST_DOMAIN_NAME}
         backup_directory_to_friend $temp_backup_dir ghostcontent
-        restart_site
     else
+        restart_site
         echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}"
         exit 2578
     fi
+
+    temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
+    if [ -d $temp_backup_dir ]; then
+        backup_directory_to_friend $temp_backup_dir ghostcurrent
+    else
+        restart_site
+        echo $"Ghost domain specified but not found in $temp_backup_dir"
+        exit 78353
+    fi
+
+    restart_site
 }
 
 function restore_remote_ghost {
@@ -310,6 +345,22 @@ function restore_remote_ghost {
         rm -rf $temp_restore_dir
     fi
 
+    temp_restore_dir=/root/tempghostcurrent
+    function_check restore_directory_from_friend
+    restore_directory_from_friend $temp_restore_dir ghostcurrent
+    if [ -d $temp_restore_dir ]; then
+        if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
+            cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+        else
+            if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
+                mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+            fi
+            cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+        fi
+        chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
+        rm -rf $temp_restore_dir
+    fi
+
     systemctl start ghost
     restart_site
 }

From a4e25d5dc08a2ef9be92224a4fff79f6c87c1be1 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 09:58:43 +0000
Subject: [PATCH 10/53] Avoid stig failures when installing xmpp

---
 src/freedombone-app-xmpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index b644af42..62223377 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -1051,6 +1051,17 @@ function install_xmpp {
     chmod -R 700 /etc/prosody/conf.d
     usermod -a -G www-data prosody
 
+    # Avoid STIG failures
+    if [ -f /usr/lib/ssl/private/xmpp.key ]; then
+        chown root:root /usr/lib/ssl/private/xmpp.key
+    fi
+    if [ -f /usr/lib/ssl/certs/xmpp.crt ]; then
+        chown root:root /usr/lib/ssl/certs/xmpp.crt
+    fi
+    if [ -f /usr/lib/ssl/certs/xmpp.dhparam ]; then
+        chown root:root /usr/lib/ssl/certs/xmpp.dhparam
+    fi
+
     if [ -d /etc/letsencrypt ]; then
         usermod -a -G ssl-cert prosody
     fi

From 4bfd1527724c7f66270922135459ee2e4cb23bee Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 10:10:07 +0000
Subject: [PATCH 11/53] Missing modifiers

---
 src/freedombone-utils-ssh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-utils-ssh b/src/freedombone-utils-ssh
index 67367b7b..8fed11f8 100755
--- a/src/freedombone-utils-ssh
+++ b/src/freedombone-utils-ssh
@@ -59,8 +59,8 @@ function configure_ssh {
     if ! grep -q 'HostbasedAuthentication' /etc/ssh/sshd_config; then
         echo 'HostbasedAuthentication no' >> /etc/ssh/sshd_config
     fi
-    sed 's|#HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
-    sed 's|HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
+    sed -i 's|#HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
+    sed -i 's|HostbasedAuthentication.*|HostbasedAuthentication no|g' /etc/ssh/sshd_config
     sed -i 's|#PrintLastLog.*|PrintLastLog yes|g' /etc/ssh/sshd_config
     sed -i 's|PrintLastLog.*|PrintLastLog yes|g' /etc/ssh/sshd_config
     sed -i 's|#IgnoreRhosts.*|IgnoreRhosts yes|g' /etc/ssh/sshd_config

From 7ab85b55d2785d7d58fe2ac40998da5c857b9262 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 10:21:38 +0000
Subject: [PATCH 12/53] Sometimes there is no shared data to restore

---
 src/freedombone-app-syncthing | 28 ++++++++++------------------
 1 file changed, 10 insertions(+), 18 deletions(-)

diff --git a/src/freedombone-app-syncthing b/src/freedombone-app-syncthing
index 9fe808a5..f1947ce6 100755
--- a/src/freedombone-app-syncthing
+++ b/src/freedombone-app-syncthing
@@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -318,14 +318,6 @@ function restore_local_syncthing {
             mkdir -p $SYNCTHING_SHARED_DATA
         fi
         cp -r ${temp_restore_dir}shared/* $SYNCTHING_SHARED_DATA/
-
-        if [ ! "$?" = "0" ]; then
-            set_user_permissions
-            backup_unmount_drive
-            systemctl start syncthing
-            systemctl start cron
-            exit 37904
-        fi
         rm -rf ${temp_restore_dir}shared
     fi
 
@@ -341,6 +333,9 @@ function restore_local_syncthing {
                 if [ -d ${temp_restore_dir}/home/$USERNAME/Sync ]; then
                     cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/Sync ]; then
+                        mkdir /home/$USERNAME/Sync
+                    fi
                     cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
                 fi
                 if [ ! "$?" = "0" ]; then
@@ -425,7 +420,7 @@ function restore_remote_syncthing {
         if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
             mkdir -p $SYNCTHING_CONFIG_PATH
         fi
-        cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/
+        cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/
         if [ ! "$?" = "0" ]; then
             systemctl start syncthing
             systemctl start cron
@@ -439,17 +434,11 @@ function restore_remote_syncthing {
         temp_restore_dir=/root/tempsyncthingshared
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir syncthingshared
-        #cp -r $temp_restore_dir/* /
         if [ ! -d $SYNCTHING_SHARED_DATA ]; then
             mkdir -p $SYNCTHING_SHARED_DATA
         fi
-        cp -r ${temp_restore_dir}shared/* $SYNCTHING_SHARED_DATA/
-        if [ ! "$?" = "0" ]; then
-            systemctl start syncthing
-            systemctl start cron
-            exit 37904
-        fi
-        rm -rf $temp_restore_dir
+        cp -r ${temp_restore_dir}/* $SYNCTHING_SHARED_DATA/
+        rm -rf ${temp_restore_dir}
     fi
 
     if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then
@@ -466,6 +455,9 @@ function restore_remote_syncthing {
                 if [ -d $temp_restore_dir/home/$USERNAME/Sync ]; then
                     cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/
                 else
+                    if [ ! -d /home/$USERNAME/Sync ]; then
+                        mkdir /home/$USERNAME/Sync
+                    fi
                     cp -r $temp_restore_dir/* /home/$USERNAME/Sync/
                 fi
                 if [ ! "$?" = "0" ]; then

From b72da11f6c080dfa844d9b506ad5aa3453c5c7a0 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 10:34:08 +0000
Subject: [PATCH 13/53] Restore of syncthing users

---
 src/freedombone-app-syncthing | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-app-syncthing b/src/freedombone-app-syncthing
index f1947ce6..509fae0f 100755
--- a/src/freedombone-app-syncthing
+++ b/src/freedombone-app-syncthing
@@ -336,7 +336,12 @@ function restore_local_syncthing {
                     if [ ! -d /home/$USERNAME/Sync ]; then
                         mkdir /home/$USERNAME/Sync
                     fi
-                    cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+                    if [ -d /root/Sync ]; then
+                        cp -r /root/Sync/* /home/$USERNAME/Sync/
+                        rm -rf /root/Sync
+                    else
+                        cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+                    fi
                 fi
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
@@ -458,7 +463,12 @@ function restore_remote_syncthing {
                     if [ ! -d /home/$USERNAME/Sync ]; then
                         mkdir /home/$USERNAME/Sync
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/Sync/
+                    if [ -d /root/Sync ]; then
+                        cp -r /root/Sync/* /home/$USERNAME/Sync/
+                        rm -rf /root/Sync
+                    else
+                        cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+                    fi
                 fi
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir

From 7b1e6b2df8d7762c48d2007dc7f6fae3d11c9b5a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 13:13:31 +0000
Subject: [PATCH 14/53] Remove bad links from riot

---
 src/freedombone-app-riot | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/freedombone-app-riot b/src/freedombone-app-riot
index 2ed55775..65df8747 100755
--- a/src/freedombone-app-riot
+++ b/src/freedombone-app-riot
@@ -65,6 +65,12 @@ function add_user_riot {
     echo '0'
 }
 
+function riot_remove_bad_links {
+    # We should not need to be depending on sites that we don't control
+    sed -i 's|https://piwik.riot.im/||g' /var/www/$RIOT_DOMAIN_NAME/htdocs/config.json
+    sed -i '/riot.im/d' /var/www/$RIOT_DOMAIN_NAME/htdocs/home.html
+}
+
 function install_interactive_riot {
     if [[ $ONION_ONLY != "no" ]]; then
         RIOT_DOMAIN_NAME='riot.local'
@@ -177,6 +183,7 @@ function upgrade_riot {
 
     riot_download
     sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" ${COMPLETION_FILE}
+    riot_remove_bad_links
 
     systemctl restart nginx
 }
@@ -342,6 +349,7 @@ function install_riot {
 
     chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs
 
+    riot_remove_bad_links
     systemctl restart nginx
 
     set_completion_param "riot domain" "$RIOT_DOMAIN_NAME"

From 22198a7f5f5856a9d4ee5741405ae2cc3dbc2458 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 13:36:18 +0000
Subject: [PATCH 15/53] riot config filename

---
 src/freedombone-app-riot | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/freedombone-app-riot b/src/freedombone-app-riot
index 65df8747..bd17550f 100755
--- a/src/freedombone-app-riot
+++ b/src/freedombone-app-riot
@@ -66,8 +66,6 @@ function add_user_riot {
 }
 
 function riot_remove_bad_links {
-    # We should not need to be depending on sites that we don't control
-    sed -i 's|https://piwik.riot.im/||g' /var/www/$RIOT_DOMAIN_NAME/htdocs/config.json
     sed -i '/riot.im/d' /var/www/$RIOT_DOMAIN_NAME/htdocs/home.html
 }
 
@@ -253,23 +251,25 @@ function install_riot {
     riot_download
 
     cd /var/www/$RIOT_DOMAIN_NAME/htdocs
-    cp config.sample.json config.json
 
     if [[ $ONION_ONLY == 'no' ]]; then
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
-        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" config.json
-        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" config.json
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" config.json
-        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," config.json
+        riot_config_file="config.${RIOT_DOMAIN_NAME}.json"
+        cp config.sample.json $riot_config_file
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" $riot_config_file
+        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," $riot_config_file
     else
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
-        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" config.json
-        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" config.json
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" config.json
-        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," config.json
+        riot_config_file="config.${MATRIX_ONION_DOMAIN_NAME}.json"
+        cp config.sample.json $riot_config_file
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" $riot_config_file
+        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," $riot_config_file
     fi
+    sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" $riot_config_file
+    sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" $riot_config_file
+    sed -i 's|https://piwik.riot.im/||g' $riot_config_file
 
     RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})
 
@@ -347,9 +347,9 @@ function install_riot {
     function_check add_ddns_domain
     add_ddns_domain $RIOT_DOMAIN_NAME
 
+    riot_remove_bad_links
     chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs
 
-    riot_remove_bad_links
     systemctl restart nginx
 
     set_completion_param "riot domain" "$RIOT_DOMAIN_NAME"

From ff55d42e29a733ce3edb2b96b8bae1c15bdcb6ca Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 18:25:29 +0000
Subject: [PATCH 16/53] Use project name

---
 src/freedombone-controlpanel | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel
index dcc71f06..2ce18b1c 100755
--- a/src/freedombone-controlpanel
+++ b/src/freedombone-controlpanel
@@ -154,7 +154,7 @@ function any_key_verify {
                     dialog --title $"Check tripwire" \
                            --msgbox $"\nThe hash should not contain any spaces" 10 40
                 else
-                    DBHASH=$(sha512sum  /var/lib/tripwire/${HOSTNAME}.twd | awk -F ' ' '{print $1}')
+                    DBHASH=$(sha512sum  /var/lib/tripwire/${PROJECT_NAME}.twd | awk -F ' ' '{print $1}')
                     if [[ "$DBHASH" == "$GIVEN_HASH" ]]; then
                         dialog --title $"Check tripwire" \
                                --msgbox $"\nSuccess\n\nThe hash you gave matches the current tripwire database" 10 40
@@ -1305,14 +1305,14 @@ function security_settings {
 }
 
 function show_tripwire_verification_code {
-    if [ ! -f /var/lib/tripwire/${HOSTNAME}.twd ]; then
+    if [ ! -f /var/lib/tripwire/${PROJECT_NAME}.twd ]; then
         return
     fi
     clear
     echo ''
     echo $'Tripwire Verification Code'
     echo ''
-    DBHASH=$(sha512sum  /var/lib/tripwire/${HOSTNAME}.twd)
+    DBHASH=$(sha512sum  /var/lib/tripwire/${PROJECT_NAME}.twd)
     echo -n "$DBHASH" | qrencode -t UTF8
     echo ''
     echo "$DBHASH"
@@ -1325,7 +1325,7 @@ function reset_tripwire {
         any_key
         return
     fi
-    if [ ! -f /etc/tripwire/${HOSTNAME}-local.key ]; then
+    if [ ! -f /etc/tripwire/${PROJECT_NAME}-local.key ]; then
         echo $'Error: missing local key'
         any_key
         return
@@ -1338,15 +1338,15 @@ function reset_tripwire {
     echo $'Creating configuration...'
     echo '
 
-       ' | twadmin --create-cfgfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twcfg.txt
+       ' | twadmin --create-cfgfile -S /etc/tripwire/${PROJECT_NAME}-site.key /etc/tripwire/twcfg.txt
     echo $'Resetting policy...'
     echo '
 
-       ' | twadmin --create-polfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twpol.txt
+       ' | twadmin --create-polfile -S /etc/tripwire/${PROJECT_NAME}-site.key /etc/tripwire/twpol.txt
     echo $'Creating tripwire database'
     echo '
 
-' | tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --dbfile /var/lib/tripwire/${HOSTNAME}.twd
+' | tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --dbfile /var/lib/tripwire/${PROJECT_NAME}.twd
     echo $'Resetting the Tripwire...'
     echo ''
     echo '
@@ -1361,7 +1361,7 @@ function reset_tripwire {
         systemctl restart nginx
     fi
 
-    if [ -f /var/lib/tripwire/${HOSTNAME}.twd ]; then
+    if [ -f /var/lib/tripwire/${PROJECT_NAME}.twd ]; then
         show_tripwire_verification_code
         echo $'Tripwire is now reset. Take a note of the above hash, or record'
         echo $'the QR code using a mobile device. This will enable you to independently'

From c9ee0534946192b1b23ba1715d563d8c4b57576e Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 18:30:26 +0000
Subject: [PATCH 17/53] Back to hostname

---
 src/freedombone-controlpanel | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel
index 2ce18b1c..66e6c343 100755
--- a/src/freedombone-controlpanel
+++ b/src/freedombone-controlpanel
@@ -154,7 +154,7 @@ function any_key_verify {
                     dialog --title $"Check tripwire" \
                            --msgbox $"\nThe hash should not contain any spaces" 10 40
                 else
-                    DBHASH=$(sha512sum  /var/lib/tripwire/${PROJECT_NAME}.twd | awk -F ' ' '{print $1}')
+                    DBHASH=$(sha512sum  /var/lib/tripwire/${HOSTNAME}.twd | awk -F ' ' '{print $1}')
                     if [[ "$DBHASH" == "$GIVEN_HASH" ]]; then
                         dialog --title $"Check tripwire" \
                                --msgbox $"\nSuccess\n\nThe hash you gave matches the current tripwire database" 10 40
@@ -1305,7 +1305,7 @@ function security_settings {
 }
 
 function show_tripwire_verification_code {
-    if [ ! -f /var/lib/tripwire/${PROJECT_NAME}.twd ]; then
+    if [ ! -f /var/lib/tripwire/${HOSTNAME}.twd ]; then
         return
     fi
     clear
@@ -1346,7 +1346,7 @@ function reset_tripwire {
     echo $'Creating tripwire database'
     echo '
 
-' | tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --dbfile /var/lib/tripwire/${PROJECT_NAME}.twd
+' | tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --dbfile /var/lib/tripwire/${HOSTNAME}.twd
     echo $'Resetting the Tripwire...'
     echo ''
     echo '
@@ -1361,7 +1361,7 @@ function reset_tripwire {
         systemctl restart nginx
     fi
 
-    if [ -f /var/lib/tripwire/${PROJECT_NAME}.twd ]; then
+    if [ -f /var/lib/tripwire/${HOSTNAME}.twd ]; then
         show_tripwire_verification_code
         echo $'Tripwire is now reset. Take a note of the above hash, or record'
         echo $'the QR code using a mobile device. This will enable you to independently'

From 61aef304fef960eca419c712f7c819e5193c44cf Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 18:34:09 +0000
Subject: [PATCH 18/53] Convert tripwire key filenames

---
 src/freedombone-controlpanel | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel
index 66e6c343..956969ff 100755
--- a/src/freedombone-controlpanel
+++ b/src/freedombone-controlpanel
@@ -1325,10 +1325,15 @@ function reset_tripwire {
         any_key
         return
     fi
-    if [ ! -f /etc/tripwire/${PROJECT_NAME}-local.key ]; then
-        echo $'Error: missing local key'
-        any_key
-        return
+    if [ ! -f /etc/tripwire/${HOSTNAME}-local.key ]; then
+        if [ -f /etc/tripwire/${PROJECT_NAME}-local.key ]; then
+            mv /etc/tripwire/${PROJECT_NAME}-local.key /etc/tripwire/${HOSTNAME}-local.key
+            mv /etc/tripwire/${PROJECT_NAME}-site.key /etc/tripwire/${HOSTNAME}-site.key
+        else
+            echo $'Error: missing local key'
+            any_key
+            return
+        fi
     fi
     clear
     echo $'Turing off logging...'
@@ -1338,11 +1343,11 @@ function reset_tripwire {
     echo $'Creating configuration...'
     echo '
 
-       ' | twadmin --create-cfgfile -S /etc/tripwire/${PROJECT_NAME}-site.key /etc/tripwire/twcfg.txt
+       ' | twadmin --create-cfgfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twcfg.txt
     echo $'Resetting policy...'
     echo '
 
-       ' | twadmin --create-polfile -S /etc/tripwire/${PROJECT_NAME}-site.key /etc/tripwire/twpol.txt
+       ' | twadmin --create-polfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twpol.txt
     echo $'Creating tripwire database'
     echo '
 

From 1adc1264f3b095d1c930623c335761bf5608a44f Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 18:36:58 +0000
Subject: [PATCH 19/53] hostname

---
 src/freedombone-controlpanel | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel
index 956969ff..ce594b13 100755
--- a/src/freedombone-controlpanel
+++ b/src/freedombone-controlpanel
@@ -1312,7 +1312,7 @@ function show_tripwire_verification_code {
     echo ''
     echo $'Tripwire Verification Code'
     echo ''
-    DBHASH=$(sha512sum  /var/lib/tripwire/${PROJECT_NAME}.twd)
+    DBHASH=$(sha512sum  /var/lib/tripwire/${HOSTNAME}.twd)
     echo -n "$DBHASH" | qrencode -t UTF8
     echo ''
     echo "$DBHASH"

From 05f195ac994ddcc4ca506ca96c65cdc6e4212475 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 21:09:25 +0000
Subject: [PATCH 20/53] Expiry of pleroma posts

---
 src/freedombone-app-pleroma | 75 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 74 insertions(+), 1 deletion(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index ff11f828..e38a768c 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -58,6 +58,7 @@ PLEROMA_TITLE='Pleroma Server'
 
 # Number of months after which posts expire
 PLEROMA_EXPIRE_MONTHS=3
+pleroma_expire_posts_script=/usr/bin/pleroma-expire-posts
 
 pleroma_variables=(ONION_ONLY
                    PLEROMA_DOMAIN_NAME
@@ -70,6 +71,69 @@ pleroma_variables=(ONION_ONLY
                    MY_EMAIL_ADDRESS
                    MY_USERNAME)
 
+function expire_pleroma_posts {
+    domain_name=$1
+    expire_months=$3
+
+    if [ ! $expire_months ]; then
+        expire_months=3
+    fi
+
+    expire_days=$((expire_months * 30))
+
+    # files are what take up most of the backup time, so don't keep them for very long
+    expire_days_files=7
+
+    # To prevent the database size from growing endlessly this script expires posts
+    # after a number of months
+    if [ ! -d /etc/pleroma ]; then
+        return
+    fi
+
+    echo '<?php' > $pleroma_expire_posts_script
+    echo '' >> $pleroma_expire_posts_script
+    echo "\$oldate=date((\"Y-m-d\"), strtotime(\"-${expire_months} months\"));" >> $pleroma_expire_posts_script
+    echo '$username="root";' >> $pleroma_expire_posts_script
+    echo "\$password=shell_exec('${PROJECT_NAME}-pass -u root -a postgresql');" >> $pleroma_expire_posts_script
+    echo "\$database=\"pleroma\";" >> $pleroma_expire_posts_script
+    echo '' >> $pleroma_expire_posts_script
+    echo 'if (!$link = pg_connect("host=localhost dbname=pleroma user=$username password=$password")) {' >> $pleroma_expire_posts_script
+    echo '    echo "Could not connect to postgresql";' >> $pleroma_expire_posts_script
+    echo '    exit;' >> $pleroma_expire_posts_script
+    echo '}' >> $pleroma_expire_posts_script
+    echo '' >> $pleroma_expire_posts_script
+    echo "\$notice_query=\"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\";" >> $pleroma_expire_posts_script
+    echo 'pg_exec($link, $notice_query);' >> $pleroma_expire_posts_script
+    echo '$rowaff1=pg_affected_rows($link);' >> $pleroma_expire_posts_script
+    echo 'pg_close($link);' >> $pleroma_expire_posts_script
+    echo '' >> $pleroma_expire_posts_script
+    echo "\$objects_query=\"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\";" >> $pleroma_expire_posts_script
+    echo 'pg_exec($link, $objects_query);' >> $pleroma_expire_posts_script
+    echo '$rowaff2=pg_affected_rows($link);' >> $pleroma_expire_posts_script
+    echo 'pg_close($link);' >> $pleroma_expire_posts_script
+    echo '' >> $pleroma_expire_posts_script
+    echo -n "echo \"Expire pleroma posts: " >> $pleroma_expire_posts_script
+    echo '$rowaff1 notifications and $rowaff2 objects deleted from database.\n";' >> $pleroma_expire_posts_script
+    chmod +x $pleroma_expire_posts_script
+
+    pleroma_expire_script=/etc/cron.daily/pleroma-expire
+    echo '#!/bin/bash' > $pleroma_expire_script
+    echo "find /etc/pleroma/uploads/* -mtime +${expire_days_files} -exec rm -rf {} +" >> $pleroma_expire_script
+    echo "/usr/bin/php $pleroma_expire_posts_script" >> $pleroma_expire_script
+    chmod +x $pleroma_expire_script
+
+    # remove any old cron job
+    if grep -q "pleroma-expire" /etc/crontab; then
+        sed -i "/pleroma-expire/d" /etc/crontab
+        rm /usr/bin/pleroma-expire
+    fi
+
+    # remove old expire script
+    if [ -f /etc/cron.weekly/clear-pleroma-database ]; then
+        rm /etc/cron.weekly/clear-pleroma-database
+    fi
+}
+
 function pleroma_recompile {
     # necessary after parameter changes
     chown -R pleroma:pleroma $PLEROMA_DIR
@@ -353,6 +417,7 @@ function pleroma_set_title {
 
 function pleroma_set_expire_months {
     PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
+    read_config_param "PLEROMA_DOMAIN_NAME"
     read_config_param "PLEROMA_EXPIRE_MONTHS"
 
     data=$(tempfile 2>/dev/null)
@@ -378,7 +443,7 @@ function pleroma_set_expire_months {
                 PLEROMA_EXPIRE_MONTHS=$new_expiry_months
                 write_config_param "PLEROMA_EXPIRE_MONTHS" "$PLEROMA_EXPIRE_MONTHS"
 
-                # TODO
+                expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
 
                 dialog --title $"Set Pleroma post expiry period" \
                        --msgbox $"Expiry period set to $PLEROMA_EXPIRE_MONTHS months" 6 60
@@ -499,6 +564,7 @@ function pleroma_add_emoji {
 }
 
 function configure_interactive_pleroma {
+    read_config_param PLEROMA_DOMAIN_NAME
     read_config_param PLEROMA_EXPIRE_MONTHS
     while true
     do
@@ -531,6 +597,11 @@ function configure_interactive_pleroma {
 }
 
 function upgrade_pleroma {
+    read_config_param PLEROMA_DOMAIN_NAME
+    if [ ! -f $pleroma_expire_posts_script ]; then
+        expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
+    fi
+
     CURR_PLEROMA_COMMIT=$(get_completion_param "pleroma commit")
     if [[ "$CURR_PLEROMA_COMMIT" == "$PLEROMA_COMMIT" ]]; then
         return
@@ -542,6 +613,8 @@ function upgrade_pleroma {
 
     sudo -u pleroma mix deps.get
     pleroma_recompile
+
+    expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
 }
 
 function backup_local_pleroma {

From 3e9a62703ee9743393382db67b0b53a05bd47964 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 21:11:45 +0000
Subject: [PATCH 21/53] Also read months

---
 src/freedombone-app-pleroma | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index e38a768c..425b37f4 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -598,6 +598,8 @@ function configure_interactive_pleroma {
 
 function upgrade_pleroma {
     read_config_param PLEROMA_DOMAIN_NAME
+    read_config_param PLEROMA_EXPIRE_MONTHS
+
     if [ ! -f $pleroma_expire_posts_script ]; then
         expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
     fi

From 9136a7a2f9ea1ef6c510b1f576f968aa6158582b Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 21:27:50 +0000
Subject: [PATCH 22/53] Add php postgres module

---
 src/freedombone-app-pleroma | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 425b37f4..e3917e51 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -797,7 +797,7 @@ function install_pleroma {
         ONION_ONLY='no'
     fi
 
-    apt-get -yq install wget imagemagick
+    apt-get -yq install wget imagemagick php-pgsql
 
     # We need elixir 1.4+ here, so the debian repo package won't do
     install_elixir

From 0fff1bd21bac5fb0ab2d7dbf686e9b1d8e6be59b Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 21:44:36 +0000
Subject: [PATCH 23/53] Don't close twice

---
 src/freedombone-app-pleroma | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index e3917e51..d8646118 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -105,7 +105,6 @@ function expire_pleroma_posts {
     echo "\$notice_query=\"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\";" >> $pleroma_expire_posts_script
     echo 'pg_exec($link, $notice_query);' >> $pleroma_expire_posts_script
     echo '$rowaff1=pg_affected_rows($link);' >> $pleroma_expire_posts_script
-    echo 'pg_close($link);' >> $pleroma_expire_posts_script
     echo '' >> $pleroma_expire_posts_script
     echo "\$objects_query=\"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\";" >> $pleroma_expire_posts_script
     echo 'pg_exec($link, $objects_query);' >> $pleroma_expire_posts_script
@@ -144,6 +143,7 @@ function pleroma_recompile {
     if [ -f /etc/systemd/system/pleroma.service ]; then
         systemctl restart pleroma
     fi
+
 }
 
 function logging_on_pleroma {

From 58de604cb4db2d9530a545179dbc1d2346a64fe2 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 22:14:00 +0000
Subject: [PATCH 24/53] Simpler pleroma expire script

---
 src/freedombone-app-pleroma | 31 ++++++-------------------------
 1 file changed, 6 insertions(+), 25 deletions(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index d8646118..2150f017 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -90,35 +90,16 @@ function expire_pleroma_posts {
         return
     fi
 
-    echo '<?php' > $pleroma_expire_posts_script
-    echo '' >> $pleroma_expire_posts_script
-    echo "\$oldate=date((\"Y-m-d\"), strtotime(\"-${expire_months} months\"));" >> $pleroma_expire_posts_script
-    echo '$username="root";' >> $pleroma_expire_posts_script
-    echo "\$password=shell_exec('${PROJECT_NAME}-pass -u root -a postgresql');" >> $pleroma_expire_posts_script
-    echo "\$database=\"pleroma\";" >> $pleroma_expire_posts_script
-    echo '' >> $pleroma_expire_posts_script
-    echo 'if (!$link = pg_connect("host=localhost dbname=pleroma user=$username password=$password")) {' >> $pleroma_expire_posts_script
-    echo '    echo "Could not connect to postgresql";' >> $pleroma_expire_posts_script
-    echo '    exit;' >> $pleroma_expire_posts_script
-    echo '}' >> $pleroma_expire_posts_script
-    echo '' >> $pleroma_expire_posts_script
-    echo "\$notice_query=\"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\";" >> $pleroma_expire_posts_script
-    echo 'pg_exec($link, $notice_query);' >> $pleroma_expire_posts_script
-    echo '$rowaff1=pg_affected_rows($link);' >> $pleroma_expire_posts_script
-    echo '' >> $pleroma_expire_posts_script
-    echo "\$objects_query=\"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\";" >> $pleroma_expire_posts_script
-    echo 'pg_exec($link, $objects_query);' >> $pleroma_expire_posts_script
-    echo '$rowaff2=pg_affected_rows($link);' >> $pleroma_expire_posts_script
-    echo 'pg_close($link);' >> $pleroma_expire_posts_script
-    echo '' >> $pleroma_expire_posts_script
-    echo -n "echo \"Expire pleroma posts: " >> $pleroma_expire_posts_script
-    echo '$rowaff1 notifications and $rowaff2 objects deleted from database.\n";' >> $pleroma_expire_posts_script
+    echo '#!/bin/bash' > $pleroma_expire_posts_script
+    echo 'oldate=$(date +%Y-%m-%d --date="3 months ago")' >> $pleroma_expire_posts_script
+    echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
+    echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
     chmod +x $pleroma_expire_posts_script
 
     pleroma_expire_script=/etc/cron.daily/pleroma-expire
     echo '#!/bin/bash' > $pleroma_expire_script
     echo "find /etc/pleroma/uploads/* -mtime +${expire_days_files} -exec rm -rf {} +" >> $pleroma_expire_script
-    echo "/usr/bin/php $pleroma_expire_posts_script" >> $pleroma_expire_script
+    echo "$pleroma_expire_posts_script" >> $pleroma_expire_script
     chmod +x $pleroma_expire_script
 
     # remove any old cron job
@@ -797,7 +778,7 @@ function install_pleroma {
         ONION_ONLY='no'
     fi
 
-    apt-get -yq install wget imagemagick php-pgsql
+    apt-get -yq install wget imagemagick
 
     # We need elixir 1.4+ here, so the debian repo package won't do
     install_elixir

From 4044e18f222d2148ef2dad6a00953d1f76f2e7ec Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 22:20:30 +0000
Subject: [PATCH 25/53] Checking of months on pleroma expiry script

---
 src/freedombone-app-pleroma | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 2150f017..39d45a3a 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -91,7 +91,16 @@ function expire_pleroma_posts {
     fi
 
     echo '#!/bin/bash' > $pleroma_expire_posts_script
-    echo 'oldate=$(date +%Y-%m-%d --date="3 months ago")' >> $pleroma_expire_posts_script
+    echo "plmonths=\"$PLEROMA_EXPIRE_MONTHS\"" >> $pleroma_expire_posts_script
+    echo 'if [ ! ${#plmonths} -eq 0 ]; then' >> $pleroma_expire_posts_script
+    echo '    exit 1' >> $pleroma_expire_posts_script
+    echo 'fi' >> $pleroma_expire_posts_script
+    echo 'if [[ "$plmonths" == "0" ]]; then' >> $pleroma_expire_posts_script
+    echo '    exit 2' >> $pleroma_expire_posts_script
+    echo 'fi' >> $pleroma_expire_posts_script
+    echo -n 'oldate=$(date +%Y-%m-%d --date="' >> $pleroma_expire_posts_script
+    echo -n "$PLEROMA_EXPIRE_MONTHS" >> $pleroma_expire_posts_script
+    echo ' months ago")' >> $pleroma_expire_posts_script
     echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
     echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
     chmod +x $pleroma_expire_posts_script

From 9275a6ab8421deee4cba2ea906e5eb3cf484f7f4 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 22:23:37 +0000
Subject: [PATCH 26/53] typo

---
 src/freedombone-app-pleroma | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 39d45a3a..e9b2f531 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -92,7 +92,7 @@ function expire_pleroma_posts {
 
     echo '#!/bin/bash' > $pleroma_expire_posts_script
     echo "plmonths=\"$PLEROMA_EXPIRE_MONTHS\"" >> $pleroma_expire_posts_script
-    echo 'if [ ! ${#plmonths} -eq 0 ]; then' >> $pleroma_expire_posts_script
+    echo 'if [ ${#plmonths} -eq 0 ]; then' >> $pleroma_expire_posts_script
     echo '    exit 1' >> $pleroma_expire_posts_script
     echo 'fi' >> $pleroma_expire_posts_script
     echo 'if [[ "$plmonths" == "0" ]]; then' >> $pleroma_expire_posts_script

From 1197ace0c93048f1ff2b2d6a308ec6994f3a173b Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 20 Jan 2018 22:27:35 +0000
Subject: [PATCH 27/53] Simplify expire script

---
 src/freedombone-app-pleroma | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index e9b2f531..51e6f93f 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -98,9 +98,8 @@ function expire_pleroma_posts {
     echo 'if [[ "$plmonths" == "0" ]]; then' >> $pleroma_expire_posts_script
     echo '    exit 2' >> $pleroma_expire_posts_script
     echo 'fi' >> $pleroma_expire_posts_script
-    echo -n 'oldate=$(date +%Y-%m-%d --date="' >> $pleroma_expire_posts_script
-    echo -n "$PLEROMA_EXPIRE_MONTHS" >> $pleroma_expire_posts_script
-    echo ' months ago")' >> $pleroma_expire_posts_script
+    echo 'oldate=$(date +%Y-%m-%d --date="$plmonths months ago")' >> $pleroma_expire_posts_script
+    echo 'cd /etc/postgresql' >> $pleroma_expire_posts_script
     echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
     echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
     chmod +x $pleroma_expire_posts_script
@@ -108,7 +107,7 @@ function expire_pleroma_posts {
     pleroma_expire_script=/etc/cron.daily/pleroma-expire
     echo '#!/bin/bash' > $pleroma_expire_script
     echo "find /etc/pleroma/uploads/* -mtime +${expire_days_files} -exec rm -rf {} +" >> $pleroma_expire_script
-    echo "$pleroma_expire_posts_script" >> $pleroma_expire_script
+    echo "$pleroma_expire_posts_script 2> /dev/null" >> $pleroma_expire_script
     chmod +x $pleroma_expire_script
 
     # remove any old cron job

From e42c276dd7340a91418ccaa07bda6ed0b88dbf01 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 00:09:20 +0000
Subject: [PATCH 28/53] Upgrade prosody certs when possible

---
 src/freedombone-app-xmpp | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index 62223377..cf1eddc0 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -407,6 +407,25 @@ function upgrade_xmpp {
     update_prosody_modules
     xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
 
+    if grep -q "/etc/ssl/certs/xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
+        cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam
+        chown prosody:prosody /etc/prosody/xmpp.dhparam
+        sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+
+    if grep -q "/etc/ssl/private/xmpp.key" /etc/prosody/prosody.cfg.lua; then
+        if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem ]; then
+            sed -i "s|/etc/ssl/private/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
+        fi
+    fi
+
+    if grep -q "/etc/ssl/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
+        if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+            sed -i "s|/etc/ssl/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
+        fi
+    fi
+
     curr_prosody_filename=$(cat $COMPLETION_FILE | grep "prosody_filename" | awk -F ':' '{print $2}')
     if [[ "$curr_prosody_filename" != "$prosody_filename" ]]; then
         if [ -d ${INSTALL_DIR}/${prosody_filename} ]; then
@@ -1065,6 +1084,14 @@ function install_xmpp {
     if [ -d /etc/letsencrypt ]; then
         usermod -a -G ssl-cert prosody
     fi
+
+    if [ -f /etc/ssl/certs/xmpp.dhparam ]; then
+        cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam
+        chown prosody:prosody /etc/prosody/xmpp.dhparam
+        sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+
     apt-mark -q hold prosody
     systemctl restart prosody
 

From a5eb051bbf6a5829d2b9d7271894f30561f19f75 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 09:58:16 +0000
Subject: [PATCH 29/53] Ensure letsencrypt certs are used where appropriate

---
 src/freedombone-utils-web | 39 ++++++++++++++++++++-------------------
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index c47ff87f..ce80fe6c 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -758,17 +758,17 @@ function update_default_domain {
     if [[ $ONION_ONLY == 'no' ]]; then
         if [ -d /etc/prosody ]; then
             if [ -f /etc/mumble-server.ini ]; then
-                if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+                if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
                     if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
                         sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
                         sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
                         systemctl restart mumble
                     fi
                 else
-                    if ! grep -q "${DEFAULT_DOMAIN_NAME}.pem" /etc/mumble-server.ini; then
+                    if ! grep -q "${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/mumble-server.ini; then
                         usermod -a -G ssl-cert mumble-server
-                        sed -i "s|sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini
-                        sed -i "s|sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini
+                        sed -i "s|sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
+                        sed -i "s|sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
                         systemctl restart mumble
                     fi
                 fi
@@ -779,37 +779,37 @@ function update_default_domain {
             fi
             cp /etc/ssl/private/xmpp* /etc/prosody/certs
             cp /etc/ssl/certs/xmpp* /etc/prosody/certs
-            if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+            if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
                 usermod -a -G ssl-cert prosody
                 if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-                    sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+                    sed -i "s|/etc/prosody/certs/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
                 fi
                 if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-                    sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+                    sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
                 fi
 
                 if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/prosody.cfg.lua; then
-                    sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
+                    sed -i "s|/etc/prosody/certs/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
                 fi
                 if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
-                    sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
+                    sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
                 fi
             fi
 
             if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
             fi
 
             if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
             fi
 
             if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/prosody.cfg.lua; then
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
+                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
             fi
 
             if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/prosody.cfg.lua; then
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
+                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
             fi
 
             chown -R prosody:default /etc/prosody
@@ -822,15 +822,15 @@ function update_default_domain {
 
         if [ -d /home/znc/.znc ]; then
             echo $'znc found'
-            if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
+            if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
                 pkill znc
                 cat /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key > /home/znc/.znc/znc.pem
                 chown znc:znc /home/znc/.znc/znc.pem
                 chmod 700 /home/znc/.znc/znc.pem
 
-                sed -i "s|CertFile =.*|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/ngircd/ngircd.conf
+                sed -i "s|CertFile =.*|CertFile = /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/ngircd/ngircd.conf
                 sed -i "s|DHFile =.*|DHFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" /etc/ngircd/ngircd.conf
-                sed -i "s|KeyFile =.*|KeyFile = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" /etc/ngircd/ngircd.conf
+                sed -i "s|KeyFile =.*|KeyFile = /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem" /etc/ngircd/ngircd.conf
                 echo $'irc certificates updated'
 
                 systemctl restart ngircd
@@ -841,14 +841,15 @@ function update_default_domain {
         if [ ${#DEFAULT_DOMAIN_NAME} -gt 0 ]; then
             if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
                 if [ -d /etc/dovecot ]; then
-                    if ! grep -q "ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then
-                        sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
-                        sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
+                    if ! grep -q "ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/dovecot/conf.d/10-ssl.conf; then
+                        sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
+                        sed -i "s|ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
                         systemctl restart dovecot
                     fi
                 fi
 
                 if [ -d /etc/exim4 ]; then
+                    # Unfortunately there doesn't appear to be any other way than copying certs here
                     cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/{fullchain,privkey}.pem /etc/exim4/
                     chown root:Debian-exim /etc/exim4/*.pem
                     chmod 640 /etc/exim4/*.pem

From d22c6e760871c8fc127cebf61760e5b65746007f Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 10:07:21 +0000
Subject: [PATCH 30/53] Scope

---
 src/freedombone-utils-web | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index ce80fe6c..bbf057c6 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -794,22 +794,22 @@ function update_default_domain {
                 if grep -q "/etc/prosody/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
                     sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
                 fi
-            fi
 
-            if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
-            fi
+                if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+                    sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+                fi
 
-            if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
-            fi
+                if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/conf.avail/xmpp.cfg.lua; then
+                    sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+                fi
 
-            if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/prosody.cfg.lua; then
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
-            fi
+                if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key" /etc/prosody/prosody.cfg.lua; then
+                    sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
+                fi
 
-            if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/prosody.cfg.lua; then
-                sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
+                if grep -q "/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/prosody/prosody.cfg.lua; then
+                    sed -i "s|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
+                fi
             fi
 
             chown -R prosody:default /etc/prosody

From 980320f9e5bbac44147aecf9eef07a3e115aa97d Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 10:10:43 +0000
Subject: [PATCH 31/53] Only copy prosody modules if the directory exists

---
 src/freedombone-utils-web | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index bbf057c6..697f0853 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -815,7 +815,9 @@ function update_default_domain {
             chown -R prosody:default /etc/prosody
             chmod -R 700 /etc/prosody/certs/*
             chmod 600 /etc/prosody/prosody.cfg.lua
-            cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
+            if [ -d $INSTALL_DIR/prosody-modules ]; then
+                cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
+            fi
             chown -R prosody:prosody /var/lib/prosody/prosody-modules
             systemctl reload prosody
         fi

From fa493156d43092dbd0904c556f640a36f9de4ac7 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 10:12:32 +0000
Subject: [PATCH 32/53] prosody modules in two directories

---
 src/freedombone-utils-web | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index 697f0853..353d1d68 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -817,8 +817,10 @@ function update_default_domain {
             chmod 600 /etc/prosody/prosody.cfg.lua
             if [ -d $INSTALL_DIR/prosody-modules ]; then
                 cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
+                cp -r $INSTALL_DIR/prosody-modules/* /usr/lib/prosody/modules/
             fi
             chown -R prosody:prosody /var/lib/prosody/prosody-modules
+            chown -R prosody:prosody /usr/lib/prosody/modules
             systemctl reload prosody
         fi
 

From 0ddebf4dc35ca96e961ca6c8d6cf4b75e39dc56d Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 10:15:20 +0000
Subject: [PATCH 33/53] Separate out mumble. It doesn't need to depend on
 prosody being installed

---
 src/freedombone-utils-web | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index 353d1d68..b8809191 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -756,24 +756,24 @@ function configure_firewall_for_web_access {
 function update_default_domain {
     echo $'Updating default domain'
     if [[ $ONION_ONLY == 'no' ]]; then
-        if [ -d /etc/prosody ]; then
-            if [ -f /etc/mumble-server.ini ]; then
-                if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
-                    if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
-                        sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
-                        sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
-                        systemctl restart mumble
-                    fi
-                else
-                    if ! grep -q "${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/mumble-server.ini; then
-                        usermod -a -G ssl-cert mumble-server
-                        sed -i "s|sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
-                        sed -i "s|sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
-                        systemctl restart mumble
-                    fi
+        if [ -f /etc/mumble-server.ini ]; then
+            if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+                if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
+                    sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
+                    sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
+                    systemctl restart mumble
+                fi
+            else
+                if ! grep -q "${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/mumble-server.ini; then
+                    usermod -a -G ssl-cert mumble-server
+                    sed -i "s|sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
+                    sed -i "s|sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
+                    systemctl restart mumble
                 fi
             fi
+        fi
 
+        if [ -d /etc/prosody ]; then
             if [ ! -d /etc/prosody/certs ]; then
                 mkdir /etc/prosody/certs
             fi

From 541639cc9ed7ba12c76abcaffca5b77d9bdbbdbd Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 10:18:25 +0000
Subject: [PATCH 34/53] Update mumble certs during upgrades

---
 src/freedombone-app-mumble | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/freedombone-app-mumble b/src/freedombone-app-mumble
index 6dc411ff..8a785f3c 100755
--- a/src/freedombone-app-mumble
+++ b/src/freedombone-app-mumble
@@ -84,6 +84,21 @@ function upgrade_mumble {
     if [ -d /etc/letsencrypt ]; then
         usermod -a -G ssl-cert mumble-server
     fi
+
+    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+        if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
+            sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
+            sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
+            systemctl restart mumble
+        fi
+    else
+        if ! grep -q "${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/mumble-server.ini; then
+            usermod -a -G ssl-cert mumble-server
+            sed -i "s|sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
+            sed -i "s|sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
+            systemctl restart mumble
+        fi
+    fi
 }
 
 function backup_local_mumble {

From 173bdebbfad33b7a3d237076be63257d8000f751 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 10:19:28 +0000
Subject: [PATCH 35/53] domain name variable for mumble

---
 src/freedombone-app-mumble | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/freedombone-app-mumble b/src/freedombone-app-mumble
index 8a785f3c..7530c9af 100755
--- a/src/freedombone-app-mumble
+++ b/src/freedombone-app-mumble
@@ -43,6 +43,7 @@ MUMBLE_DATABASE="mumble-server.sqlite"
 MUMBLE_CONFIG_FILE="mumble-server.ini"
 
 mumble_variables=(MY_USERNAME
+                  DEFAULT_DOMAIN_NAME
                   MUMBLE_PORT
                   ONION_ONLY
                   ADMIN_USERNAME)

From 88548b1a5621a78be7d81a09e815a605090a06ba Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 10:28:17 +0000
Subject: [PATCH 36/53] mumble certs on install

---
 src/freedombone-app-mumble | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/freedombone-app-mumble b/src/freedombone-app-mumble
index 7530c9af..71a1b5fd 100755
--- a/src/freedombone-app-mumble
+++ b/src/freedombone-app-mumble
@@ -258,7 +258,7 @@ function install_mumble {
         if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then
             mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
         fi
-        if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
             if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
                 rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt
             fi
@@ -281,7 +281,7 @@ function install_mumble {
 
 
     # Make an ssl cert for the server
-    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
         if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
             ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
             function_check check_certificates
@@ -323,12 +323,12 @@ function install_mumble {
         echo 'allowping=False' >> /etc/mumble-server.ini
     fi
     sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
-    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
         sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
         sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
     else
-        sed -i "s|#sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini
-        sed -i "s|#sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini
+        sed -i "s|#sslCert=.*|sslCert=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/mumble-server.ini
+        sed -i "s|#sslKey=.*|sslKey=/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/mumble-server.ini
     fi
     sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
     sed -i 's|users=100|users=10|g' /etc/mumble-server.ini

From e05dfbb27c509b9ada9ef9735cab25239873ac51 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 10:32:55 +0000
Subject: [PATCH 37/53] Check for fullchain

---
 src/freedombone-utils-web | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index b8809191..77abec99 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -843,7 +843,7 @@ function update_default_domain {
         fi
 
         if [ ${#DEFAULT_DOMAIN_NAME} -gt 0 ]; then
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+            if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
                 if [ -d /etc/dovecot ]; then
                     if ! grep -q "ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/dovecot/conf.d/10-ssl.conf; then
                         sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf

From 50e0022753c18b48bfa107d06a3ba665d60c7339 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 11:02:03 +0000
Subject: [PATCH 38/53] Mumble advice

---
 doc/EN/app_mumble.org      |  4 ++--
 website/EN/app_mumble.html | 29 +++++++++++++++--------------
 2 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/doc/EN/app_mumble.org b/doc/EN/app_mumble.org
index ce0058a7..2e046792 100644
--- a/doc/EN/app_mumble.org
+++ b/doc/EN/app_mumble.org
@@ -49,8 +49,8 @@ Search for and install Plumble.
 
 Press the plus button to add a Mumble server.
 
-Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the *About* screen of the *Administrator control panel*, your username (which can also be anything) and the mumble password which can be found in the *Passwords* section of the *Administrator control panel*.
+Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the *About* screen of the *Administrator control panel*, your username (which can also be anything) and the mumble password which can be found in the *Passwords* section of the *Administrator control panel*. Leave the port number unchanged.
 
-Open the settings. Select General, then Connect via Tor. This will provide better protection, making it more difficult for adversaries to know who is talking to who.
+Open the settings. Select *General*, then *Connect via Tor*. This will provide better protection, making it more difficult for adversaries to know who is talking to who. If connecting through Tor is unreliable and causes crashes then unselect *Connect via Tor* on the *General settings* and then just use your ordinary domain name.
 
 Selecting the server by pressing on it then connects you to the server so that you can chat with other connected users.
diff --git a/website/EN/app_mumble.html b/website/EN/app_mumble.html
index f1a8e59c..2c3723af 100644
--- a/website/EN/app_mumble.html
+++ b/website/EN/app_mumble.html
@@ -3,10 +3,10 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2016-12-10 Sat 15:19 -->
+<!-- 2018-01-21 Sun 11:01 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
-<title></title>
+<title>&lrm;</title>
 <meta name="generator" content="Org mode" />
 <meta name="author" content="Bob Mottram" />
 <meta name="description" content="How to use Mumble"
@@ -71,6 +71,7 @@
   pre.src-fortran:before { content: 'Fortran'; }
   pre.src-gnuplot:before { content: 'gnuplot'; }
   pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
   pre.src-java:before { content: 'Java'; }
   pre.src-js:before { content: 'Javascript'; }
   pre.src-latex:before { content: 'LaTeX'; }
@@ -188,7 +189,7 @@
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
@@ -251,18 +252,18 @@ for the JavaScript code in this tag.
 Mumble is a well known VoIP system originally used for gaming, but which works just as well for any general conference calls or meetings.
 </p>
 
-<div id="outline-container-orgb69e7cf" class="outline-2">
-<h2 id="orgb69e7cf">Text chat</h2>
-<div class="outline-text-2" id="text-orgb69e7cf">
+<div id="outline-container-org208d455" class="outline-2">
+<h2 id="org208d455">Text chat</h2>
+<div class="outline-text-2" id="text-org208d455">
 <p>
 In addition to voice it is also possible to do text chat via mumble. The security of this is pretty good provided that you do it via Plumble and Orbot on mobile, but compared to other options such as XMPP/Conversations or Tox the security is not as good, since the mumble server currently doesn't support forward secrecy.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgd3559d7" class="outline-2">
-<h2 id="orgd3559d7">Using with Ubuntu</h2>
-<div class="outline-text-2" id="text-orgd3559d7">
+<div id="outline-container-orge57116e" class="outline-2">
+<h2 id="orge57116e">Using with Ubuntu</h2>
+<div class="outline-text-2" id="text-orge57116e">
 <p>
 First ensure that tor is installed. Within a terminal:
 </p>
@@ -298,9 +299,9 @@ Click on "add new" to add a new server and enter the <b>default domain name</b>
 </div>
 </div>
 
-<div id="outline-container-org0e1c0da" class="outline-2">
-<h2 id="org0e1c0da">Using with Android</h2>
-<div class="outline-text-2" id="text-org0e1c0da">
+<div id="outline-container-orgb9f0d9d" class="outline-2">
+<h2 id="orgb9f0d9d">Using with Android</h2>
+<div class="outline-text-2" id="text-orgb9f0d9d">
 <p>
 Install <a href="https://f-droid.org/">F-Droid</a>
 </p>
@@ -318,11 +319,11 @@ Press the plus button to add a Mumble server.
 </p>
 
 <p>
-Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the <b>About</b> screen of the <b>Administrator control panel</b>, your username (which can also be anything) and the mumble password which can be found in the <b>Passwords</b> section of the <b>Administrator control panel</b>.
+Enter a label (which can be any name you choose for the server), the default domain name of the Freedombone or preferably the mumble onion address as shown on the <b>About</b> screen of the <b>Administrator control panel</b>, your username (which can also be anything) and the mumble password which can be found in the <b>Passwords</b> section of the <b>Administrator control panel</b>. Leave the port number unchanged.
 </p>
 
 <p>
-Open the settings. Select General, then Connect via Tor. This will provide better protection, making it more difficult for adversaries to know who is talking to who.
+Open the settings. Select <b>General</b>, then <b>Connect via Tor</b>. This will provide better protection, making it more difficult for adversaries to know who is talking to who. If connecting through Tor is unreliable and causes crashes then unselect <b>Connect via Tor</b> on the <b>General settings</b> and then just use your ordinary domain name.
 </p>
 
 <p>

From 523d16ca1d78993ae8d63de30443d98b61eb446d Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 11:16:43 +0000
Subject: [PATCH 39/53] Change site onion address

---
 doc/EN/fediverse.org       |  2 +-
 doc/EN/homeserver.org      |  2 +-
 doc/EN/index.org           |  2 +-
 doc/EN/mesh.org            |  2 +-
 doc/EN/support.org         |  6 ++--
 website/EN/fediverse.html  | 42 ++++++++++++------------
 website/EN/homeserver.html |  4 +--
 website/EN/index.html      |  4 +--
 website/EN/mesh.html       |  4 +--
 website/EN/support.html    | 66 ++++++++++++++++++--------------------
 10 files changed, 64 insertions(+), 70 deletions(-)

diff --git a/doc/EN/fediverse.org b/doc/EN/fediverse.org
index 88566d0d..6a8a6277 100644
--- a/doc/EN/fediverse.org
+++ b/doc/EN/fediverse.org
@@ -39,5 +39,5 @@ It may seem like a good idea and it may seem like you're doing a service to the
 
 
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
+This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
 #+END_CENTER
diff --git a/doc/EN/homeserver.org b/doc/EN/homeserver.org
index c327bf46..05e1efaa 100644
--- a/doc/EN/homeserver.org
+++ b/doc/EN/homeserver.org
@@ -153,5 +153,5 @@ man freedombone-image
 #+end_src
 
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
+This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion
 #+END_CENTER
diff --git a/doc/EN/index.org b/doc/EN/index.org
index 79f88909..05677b60 100644
--- a/doc/EN/index.org
+++ b/doc/EN/index.org
@@ -42,5 +42,5 @@ If you find bugs, or want to add a new app to this system see the [[./devguide.h
 Ready made disk images which can be copied onto USB or microSD drives are [[./downloads/current][available here]].
 
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
+This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
 #+END_CENTER
diff --git a/doc/EN/mesh.org b/doc/EN/mesh.org
index f910f4d9..c90fdd1f 100644
--- a/doc/EN/mesh.org
+++ b/doc/EN/mesh.org
@@ -35,5 +35,5 @@ Systems only need to be within wifi range of each other for the mesh to be creat
 Like [[https://libremesh.org][LibreMesh]], this system uses a combination of [[https://en.wikipedia.org/wiki/B.A.T.M.A.N.][batman-adv]] on network layer 2 and [[http://bmx6.net][BMX]] on layer 3. Routing protocols [[http://www.olsr.org][OLSR2]] and [[https://www.irif.fr/~jch/software/babel][Babel]] are also selectable.
 
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
+This site can also be accessed via a Tor browser at http://7ec7btgr6m7c5r3h.onion
 #+END_CENTER
diff --git a/doc/EN/support.org b/doc/EN/support.org
index 4bd5d9bf..98c4c099 100644
--- a/doc/EN/support.org
+++ b/doc/EN/support.org
@@ -18,13 +18,11 @@
 
 * Contact details
 
-This site can also be accessed via a Tor browser at *http://pazyv7nkllp76hqr.onion*
+This site can also be accessed via a Tor browser at *http://7ec7btgr6m7c5r3h.onion*
 
 *Email:* bob@freedombone.net
 
-*PGP/GPG Key ID:* EA982E38
-
-*PGP/GPG Fingerprint:* D538 1159 CD7A 2F80 2F06 ABA0 0452 CC7C EA98 2E38
+*PGP/GPG Fingerprint:* 9ABB82C00ABF39F82680487DCC2536191FA7C33F
 
 *XMPP:* bob@freedombone.net with OMEMO or OTR
 
diff --git a/website/EN/fediverse.html b/website/EN/fediverse.html
index e11db16d..4245fcd9 100644
--- a/website/EN/fediverse.html
+++ b/website/EN/fediverse.html
@@ -3,10 +3,10 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-06-27 Tue 13:17 -->
+<!-- 2018-01-21 Sun 11:13 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
-<title></title>
+<title>&lrm;</title>
 <meta name="generator" content="Org mode" />
 <meta name="author" content="Bob Mottram" />
 <meta name="description" content="Homesteading the Fediverse"
@@ -252,54 +252,54 @@ for the JavaScript code in this tag.
 Some things you might want to know about the Fediverse:
 </p>
 
-<div id="outline-container-orgdcdb846" class="outline-2">
-<h2 id="orgdcdb846">Keep the number of users on each server small</h2>
-<div class="outline-text-2" id="text-orgdcdb846">
+<div id="outline-container-org7ef0ae3" class="outline-2">
+<h2 id="org7ef0ae3">Keep the number of users on each server small</h2>
+<div class="outline-text-2" id="text-org7ef0ae3">
 <p>
 The importance of this can't be overstated. Servers with lots of users always eventually have problems where the interests of the users are not the same as the interests of the server administrator. If you are the server administrator, or if there are only a small squad-size group of people on the server, then it's a lot easier to resolve differences and everyone's interests are likely to be similar.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org51ce16d" class="outline-2">
-<h2 id="org51ce16d">Drama will happen</h2>
-<div class="outline-text-2" id="text-org51ce16d">
+<div id="outline-container-orgb78d10c" class="outline-2">
+<h2 id="orgb78d10c">Drama will happen</h2>
+<div class="outline-text-2" id="text-orgb78d10c">
 <p>
 It's inevitable in any social network, but fortunately your options for dealing with it are better than they are in the giant proprietary monoliths. In the proprietary world Google or Facebook don't give a damn about the fate of individual users. On a server with a small number of users if you're getting griefed then the administrator is likely to care and be able to do something about it.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org449c739" class="outline-2">
-<h2 id="org449c739">Don't be afraid to block</h2>
-<div class="outline-text-2" id="text-org449c739">
+<div id="outline-container-orgac5dc10" class="outline-2">
+<h2 id="orgac5dc10">Don't be afraid to block</h2>
+<div class="outline-text-2" id="text-orgac5dc10">
 <p>
 Especially if other servers are publishing content which may not be legal in your jurisdiction then don't be afraid to use domain or user blocking from the <b>Administrator control panel</b>. The same applies if users on other servers are trying to harass you. Blocking creates politics and drama but <span class="underline">this is a feature not a bug</span>. It allows you to craft your own distinct community and user experience while also existing in the wider federation. It's hard to do this on sites like Twitter or Facebook. Try to keep blocking to a minimum though and avoid doing it for insubstantial reasons. If you have other users on your server then publish the blocked domains list somewhere they can see. That avoids disappointment and enables you to have a discussion about the validity of blocking decisions.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org3692a0e" class="outline-2">
-<h2 id="org3692a0e">Network structure maps on to social structure</h2>
-<div class="outline-text-2" id="text-org3692a0e">
+<div id="outline-container-orgec4f5cf" class="outline-2">
+<h2 id="orgec4f5cf">Network structure maps on to social structure</h2>
+<div class="outline-text-2" id="text-orgec4f5cf">
 <p>
 Over time follows and blocking rules come to match the underlying social geography of affinity groups. Blocking will happen and users will move around or start new servers. Drama related to blocking will dissipate.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org05184eb" class="outline-2">
-<h2 id="org05184eb">Keep your follows under the Dunbar number</h2>
-<div class="outline-text-2" id="text-org05184eb">
+<div id="outline-container-org07b0224" class="outline-2">
+<h2 id="org07b0224">Keep your follows under the Dunbar number</h2>
+<div class="outline-text-2" id="text-org07b0224">
 <p>
 Keep the number of other users you're following and who are also active to under a couple of hundred. Any more than that and you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will dissolve in a sea of entropy. There are no algorithmic timelines, and even if they're introduced then they create their own problems as an opaque form of censorship. <span class="underline">Real community happens at tribal scale</span>. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgfbf8e98" class="outline-2">
-<h2 id="orgfbf8e98">Avoid big public servers</h2>
-<div class="outline-text-2" id="text-orgfbf8e98">
+<div id="outline-container-org07a661a" class="outline-2">
+<h2 id="org07a661a">Avoid big public servers</h2>
+<div class="outline-text-2" id="text-org07a661a">
 <p>
 It may seem like a good idea and it may seem like you're doing a service to the community by allowing random strangers to register, but servers with thousands of users only cause problems - social, administrative, financial and possibly also legal. The financial strain of running a powerful server with high reliability may be enough to encourage the administrator to begin pushing advertising onto the system, or sell user content, and then before you know it you have identical problems to Twitter. Instead try to encourage people to set up their own servers. Follow this principle and a lot of arguments and stress will be more easily avoided.
 </p>
@@ -308,7 +308,7 @@ It may seem like a good idea and it may seem like you're doing a service to the
 
 <div class="org-center">
 <p>
-This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
+This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
 </p>
 </div>
 </div>
diff --git a/website/EN/homeserver.html b/website/EN/homeserver.html
index 830e21e3..c23e21ca 100644
--- a/website/EN/homeserver.html
+++ b/website/EN/homeserver.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-12-28 Thu 21:15 -->
+<!-- 2018-01-21 Sun 11:15 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -478,7 +478,7 @@ Of course, this is just one way in which you can install the Freedombone system.
 
 <div class="org-center">
 <p>
-This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>
+This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>
 </p>
 </div>
 </div>
diff --git a/website/EN/index.html b/website/EN/index.html
index 7f318fc3..0ccd9e0a 100644
--- a/website/EN/index.html
+++ b/website/EN/index.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-12-20 Wed 13:53 -->
+<!-- 2018-01-21 Sun 11:15 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -299,7 +299,7 @@ Ready made disk images which can be copied onto USB or microSD drives are <a hre
 
 <div class="org-center">
 <p>
-This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
+This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>. This documentation is under the <a href="https://www.gnu.org/licenses/fdl-1.3.txt">GNU Free Documentation License version 1.3</a>
 </p>
 </div>
 </div>
diff --git a/website/EN/mesh.html b/website/EN/mesh.html
index 58f38425..d285f24e 100644
--- a/website/EN/mesh.html
+++ b/website/EN/mesh.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-01-17 Wed 23:49 -->
+<!-- 2018-01-21 Sun 11:15 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -284,7 +284,7 @@ Like <a href="https://libremesh.org">LibreMesh</a>, this system uses a combinati
 
 <div class="org-center">
 <p>
-This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>
+This site can also be accessed via a Tor browser at <a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a>
 </p>
 </div>
 </div>
diff --git a/website/EN/support.html b/website/EN/support.html
index 3a8439d1..3f6f385a 100644
--- a/website/EN/support.html
+++ b/website/EN/support.html
@@ -3,10 +3,10 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-06-27 Tue 13:16 -->
+<!-- 2018-01-21 Sun 11:14 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
-<title></title>
+<title>&lrm;</title>
 <meta name="generator" content="Org mode" />
 <meta name="author" content="Bob Mottram" />
 <meta name="description" content="Turn the Beaglebone Black into a personal communications server"
@@ -248,11 +248,11 @@ for the JavaScript code in this tag.
 <h1>Support</h1>
 </center>
 
-<div id="outline-container-orgb1a7204" class="outline-2">
-<h2 id="orgb1a7204">Contact details</h2>
-<div class="outline-text-2" id="text-orgb1a7204">
+<div id="outline-container-org3dddbf5" class="outline-2">
+<h2 id="org3dddbf5">Contact details</h2>
+<div class="outline-text-2" id="text-org3dddbf5">
 <p>
-This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a></b>
+This site can also be accessed via a Tor browser at <b><a href="http://7ec7btgr6m7c5r3h.onion">http://7ec7btgr6m7c5r3h.onion</a></b>
 </p>
 
 <p>
@@ -260,11 +260,7 @@ This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkl
 </p>
 
 <p>
-<b>PGP/GPG Key ID:</b> EA982E38
-</p>
-
-<p>
-<b>PGP/GPG Fingerprint:</b> D538 1159 CD7A 2F80 2F06 ABA0 0452 CC7C EA98 2E38
+<b>PGP/GPG Fingerprint:</b> 9ABB82C00ABF39F82680487DCC2536191FA7C33F
 </p>
 
 <p>
@@ -277,22 +273,22 @@ This site can also be accessed via a Tor browser at <b><a href="http://pazyv7nkl
 </div>
 </div>
 
-<div id="outline-container-orga7a8570" class="outline-2">
-<h2 id="orga7a8570">Things which would be nice to have</h2>
-<div class="outline-text-2" id="text-orga7a8570">
+<div id="outline-container-org654de23" class="outline-2">
+<h2 id="org654de23">Things which would be nice to have</h2>
+<div class="outline-text-2" id="text-org654de23">
 </div>
-<div id="outline-container-orgce3bc4d" class="outline-3">
-<h3 id="orgce3bc4d">Ideas</h3>
-<div class="outline-text-3" id="text-orgce3bc4d">
+<div id="outline-container-org9171145" class="outline-3">
+<h3 id="org9171145">Ideas</h3>
+<div class="outline-text-3" id="text-org9171145">
 <p>
 Know of some fabulous web system which could run on Freedombone, but currently doesn't? Contact the above, and be prepared to make a compelling argument for why it should be included.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org1104d91" class="outline-3">
-<h3 id="org1104d91">Money</h3>
-<div class="outline-text-3" id="text-org1104d91">
+<div id="outline-container-org71c7a97" class="outline-3">
+<h3 id="org71c7a97">Money</h3>
+<div class="outline-text-3" id="text-org71c7a97">
 <p>
 At the present time this project is not seeking any funding. There is no crowdfunding campaign and no slick marketing video. Those aren't ruled out as future possibilities, but for now they're just not needed.
 </p>
@@ -303,27 +299,27 @@ If you find this project useful then you may wish to consider donating to <a hre
 </div>
 </div>
 
-<div id="outline-container-orge4c8d46" class="outline-3">
-<h3 id="orge4c8d46">Testing and reporting bugs</h3>
-<div class="outline-text-3" id="text-orge4c8d46">
+<div id="outline-container-org012655b" class="outline-3">
+<h3 id="org012655b">Testing and reporting bugs</h3>
+<div class="outline-text-3" id="text-org012655b">
 <p>
 Testing of the install on different hardware. Also pentesting on test installations to find vulnerabilities.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org3ea4978" class="outline-3">
-<h3 id="org3ea4978">Web design and artwork</h3>
-<div class="outline-text-3" id="text-org3ea4978">
+<div id="outline-container-org2ec5168" class="outline-3">
+<h3 id="org2ec5168">Web design and artwork</h3>
+<div class="outline-text-3" id="text-org2ec5168">
 <p>
 A better design for this website would be nice to have. Photos, icons or other artwork are all welcome. I've always liked the cartoon artwork of the <a href="https://www.mediagoblin.org/">Mediagoblin</a> project, and attractive graphics can help to get people initially interested.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgac92852" class="outline-3">
-<h3 id="orgac92852">More education and promotion</h3>
-<div class="outline-text-3" id="text-orgac92852">
+<div id="outline-container-org76b8351" class="outline-3">
+<h3 id="org76b8351">More education and promotion</h3>
+<div class="outline-text-3" id="text-org76b8351">
 <div class="org-center">
 
 <div class="figure">
@@ -341,18 +337,18 @@ Raising awareness beyond the near zero current level, overcoming fear and parano
 </div>
 </div>
 
-<div id="outline-container-orgf1745de" class="outline-3">
-<h3 id="orgf1745de">Translations</h3>
-<div class="outline-text-3" id="text-orgf1745de">
+<div id="outline-container-org5332549" class="outline-3">
+<h3 id="org5332549">Translations</h3>
+<div class="outline-text-3" id="text-org5332549">
 <p>
 To add translations modify the json files within the <b>locale</b> subdirectory. Then make a pull request on the <a href="https://github.com/bashrc/freedombone">Github site</a>.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org6cc7753" class="outline-3">
-<h3 id="org6cc7753">Packaging</h3>
-<div class="outline-text-3" id="text-org6cc7753">
+<div id="outline-container-orgd4e3504" class="outline-3">
+<h3 id="orgd4e3504">Packaging</h3>
+<div class="outline-text-3" id="text-orgd4e3504">
 <p>
 Helping to package GNU Social and Hubzilla for Debian would be beneficial.
 </p>

From 5d0e497c100010534245e03beacd23844eae5044 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 11:50:49 +0000
Subject: [PATCH 40/53] Bump koel commit

---
 src/freedombone-app-koel | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-koel b/src/freedombone-app-koel
index 9a21b07c..f38a2ca3 100755
--- a/src/freedombone-app-koel
+++ b/src/freedombone-app-koel
@@ -39,7 +39,7 @@ KOEL_CODE=
 KOEL_ONION_PORT=8118
 KOEL_PORT=9002
 KOEL_REPO="https://github.com/phanan/koel"
-KOEL_COMMIT='70464a'
+KOEL_COMMIT='8e9b021aa09f2b1460977bdd52fff14ea2bc1607'
 KOEL_ADMIN_PASSWORD=
 
 koel_variables=(ONION_ONLY

From 4cbd1cce34d69d1fb06b1f136d5db79a2262641d Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 12:02:13 +0000
Subject: [PATCH 41/53] Restoring lychee from backup

---
 src/freedombone-app-lychee | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/freedombone-app-lychee b/src/freedombone-app-lychee
index 6c970b98..727072bf 100755
--- a/src/freedombone-app-lychee
+++ b/src/freedombone-app-lychee
@@ -163,11 +163,22 @@ function restore_local_lychee {
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
     if [ $LYCHEE_DOMAIN_NAME ]; then
+        suspend_site ${LYCHEE_DOMAIN_NAME}
+
         function_check lychee_create_database
         lychee_create_database
 
         function_check restore_database
         restore_database lychee ${LYCHEE_DOMAIN_NAME}
+
+        if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
+            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
+            MARIADB_PASSWORD=
+        fi
+
+        restart_site
+        chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
     fi
 }
 
@@ -195,12 +206,21 @@ function restore_remote_lychee {
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
 
+    suspend_site ${LYCHEE_DOMAIN_NAME}
+
     function_check restore_database_from_friend
 
     function_check lychee_create_database
     lychee_create_database
 
     restore_database_from_friend lychee ${LYCHEE_DOMAIN_NAME}
+
+    if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
+        MARIADB_PASSWORD=
+    fi
+
     restart_site
     chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
 }

From ab2cba8075140ad4e39474bb693f1f69414bc00a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 17:56:39 +0000
Subject: [PATCH 42/53] pleroma blocking script

---
 src/freedombone-app-pleroma | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 51e6f93f..1de91a16 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -59,6 +59,7 @@ PLEROMA_TITLE='Pleroma Server'
 # Number of months after which posts expire
 PLEROMA_EXPIRE_MONTHS=3
 pleroma_expire_posts_script=/usr/bin/pleroma-expire-posts
+blocking_script_file=/usr/bin/pleroma-blocking
 
 pleroma_variables=(ONION_ONLY
                    PLEROMA_DOMAIN_NAME
@@ -71,6 +72,26 @@ pleroma_variables=(ONION_ONLY
                    MY_EMAIL_ADDRESS
                    MY_USERNAME)
 
+function create_pleroma_blocklist {
+    echo '#!/bin/bash' > $blocking_script_file
+    echo "if [ ! -f ${PROJECT_NAME}-firewall-domains.cfg ]; then" >> $blocking_script_file
+    echo '    exit 0' >> $blocking_script_file
+    echo 'fi' >> $blocking_script_file
+    echo 'cd /etc/postgresql' >> $blocking_script_file
+    echo 'while read blocked; do' >> $blocking_script_file
+    echo '    if [[ "$blocked" == *"."* || "$blocked" == *"@"* ]]; then' >> $blocking_script_file
+    echo '        if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file
+    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%'\"" >> $blocking_script_file
+    echo '        fi' >> $blocking_script_file
+    echo '    fi' >> $blocking_script_file
+    echo "done <${PROJECT_NAME}-firewall-domains.cfg" >> $blocking_script_file
+    chmod +x $blocking_script_file
+
+    if ! grep -q "$blocking_script_file" /etc/crontab; then
+        echo "#*/1            * *   *   *   root $blocking_script_file > /dev/null" >> /etc/crontab
+    fi
+}
+
 function expire_pleroma_posts {
     domain_name=$1
     expire_months=$3
@@ -433,6 +454,7 @@ function pleroma_set_expire_months {
                 write_config_param "PLEROMA_EXPIRE_MONTHS" "$PLEROMA_EXPIRE_MONTHS"
 
                 expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
+                create_pleroma_blocklist
 
                 dialog --title $"Set Pleroma post expiry period" \
                        --msgbox $"Expiry period set to $PLEROMA_EXPIRE_MONTHS months" 6 60
@@ -592,6 +614,9 @@ function upgrade_pleroma {
     if [ ! -f $pleroma_expire_posts_script ]; then
         expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
     fi
+    if [ ! -f $blocking_script_file ]; then
+        create_pleroma_blocklist
+    fi
 
     CURR_PLEROMA_COMMIT=$(get_completion_param "pleroma commit")
     if [[ "$CURR_PLEROMA_COMMIT" == "$PLEROMA_COMMIT" ]]; then
@@ -606,6 +631,7 @@ function upgrade_pleroma {
     pleroma_recompile
 
     expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
+    create_pleroma_blocklist
 }
 
 function backup_local_pleroma {
@@ -752,6 +778,7 @@ function remove_pleroma {
     remove_completion_param install_pleroma
     sed -i '/pleroma domain/d' $COMPLETION_FILE
     sed -i '/pleroma commit/d' $COMPLETION_FILE
+    sed -i "/$blocking_script_file/d" /etc/crontab
 
     function_check remove_ddns_domain
     remove_ddns_domain $PLEROMA_DOMAIN_NAME
@@ -964,6 +991,8 @@ function install_pleroma {
         fi
     fi
 
+    create_pleroma_blocklist
+
     # daemon
     echo '[Unit]' > /etc/systemd/system/pleroma.service
     echo 'Description=Pleroma social network' >> /etc/systemd/system/pleroma.service

From 1702ba5a4a0eb3986ec46acedbab3875cfcd45a1 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 18:01:21 +0000
Subject: [PATCH 43/53] Run pleroma blocking script after firewall entry

---
 src/freedombone-controlpanel   | 4 ++--
 src/freedombone-utils-firewall | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel
index ce594b13..501d4de1 100755
--- a/src/freedombone-controlpanel
+++ b/src/freedombone-controlpanel
@@ -1926,7 +1926,7 @@ function domain_blocking_add {
     trap "rm -f $data" 0 1 2 5 15
     dialog --title $"Block a domain or user" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the domain name or GNU Social/postActiv nick@domain that you wish to block" 8 60 "" 2>$data
+           --inputbox $"Enter the domain name or GNU Social/postActiv/Pleroma nick@domain that you wish to block" 8 60 "" 2>$data
     sel=$?
     case $sel in
         0)
@@ -1938,7 +1938,7 @@ function domain_blocking_add {
                         dialog --title $"Block a domain" \
                                --msgbox $"The domain $blocked_domain has been blocked" 6 40
                     else
-                        dialog --title $"Block a GNU Social/postActiv nickname" \
+                        dialog --title $"Block a GNU Social/postActiv/Pleroma nickname" \
                                --msgbox $"$blocked_domain has been blocked" 6 40
                     fi
                 fi
diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index eee348c0..733278fd 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -547,6 +547,9 @@ function firewall_block_domain {
         if [ -f /usr/bin/postactiv-firewall ]; then
             /usr/bin/postactiv-firewall
         fi
+        if [ -f /usr/bin/pleroma-blocking ]; then
+            /usr/bin/pleroma-blocking
+        fi
     fi
 }
 

From 999b506fe2f4ac6118d16a0a8e840f319c128ea3 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 21 Jan 2018 18:34:08 +0000
Subject: [PATCH 44/53] root directory

---
 src/freedombone-app-pleroma | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 1de91a16..60d7ffd7 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -74,7 +74,7 @@ pleroma_variables=(ONION_ONLY
 
 function create_pleroma_blocklist {
     echo '#!/bin/bash' > $blocking_script_file
-    echo "if [ ! -f ${PROJECT_NAME}-firewall-domains.cfg ]; then" >> $blocking_script_file
+    echo "if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then" >> $blocking_script_file
     echo '    exit 0' >> $blocking_script_file
     echo 'fi' >> $blocking_script_file
     echo 'cd /etc/postgresql' >> $blocking_script_file
@@ -84,11 +84,11 @@ function create_pleroma_blocklist {
     echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%'\"" >> $blocking_script_file
     echo '        fi' >> $blocking_script_file
     echo '    fi' >> $blocking_script_file
-    echo "done <${PROJECT_NAME}-firewall-domains.cfg" >> $blocking_script_file
+    echo "done </root/${PROJECT_NAME}-firewall-domains.cfg" >> $blocking_script_file
     chmod +x $blocking_script_file
 
     if ! grep -q "$blocking_script_file" /etc/crontab; then
-        echo "#*/1            * *   *   *   root $blocking_script_file > /dev/null" >> /etc/crontab
+        echo "*/1            * *   *   *   root $blocking_script_file > /dev/null" >> /etc/crontab
     fi
 }
 

From 8afe110663d3c46e8d798ab57669b289245e1483 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 22 Jan 2018 09:43:17 +0000
Subject: [PATCH 45/53] Include to field in pleroma blocking

---
 src/freedombone-app-pleroma | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 60d7ffd7..f494a55f 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -81,7 +81,7 @@ function create_pleroma_blocklist {
     echo 'while read blocked; do' >> $blocking_script_file
     echo '    if [[ "$blocked" == *"."* || "$blocked" == *"@"* ]]; then' >> $blocking_script_file
     echo '        if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file
-    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%'\"" >> $blocking_script_file
+    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%'\"" >> $blocking_script_file
     echo '        fi' >> $blocking_script_file
     echo '    fi' >> $blocking_script_file
     echo "done </root/${PROJECT_NAME}-firewall-domains.cfg" >> $blocking_script_file

From 1575cd58132d403639ae10a21cd8adfa50a4c5f6 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 22 Jan 2018 09:53:17 +0000
Subject: [PATCH 46/53] Block on more fields

---
 src/freedombone-app-pleroma | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index f494a55f..ec2b5b0a 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -81,7 +81,7 @@ function create_pleroma_blocklist {
     echo 'while read blocked; do' >> $blocking_script_file
     echo '    if [[ "$blocked" == *"."* || "$blocked" == *"@"* ]]; then' >> $blocking_script_file
     echo '        if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file
-    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%'\"" >> $blocking_script_file
+    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\"" >> $blocking_script_file
     echo '        fi' >> $blocking_script_file
     echo '    fi' >> $blocking_script_file
     echo "done </root/${PROJECT_NAME}-firewall-domains.cfg" >> $blocking_script_file

From 1f7ed83d09b0030fa69c8ec37cb8f8e204c58c8f Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 22 Jan 2018 10:12:14 +0000
Subject: [PATCH 47/53] Block within users table

---
 src/freedombone-app-pleroma | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index ec2b5b0a..18a28d03 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -82,6 +82,7 @@ function create_pleroma_blocklist {
     echo '    if [[ "$blocked" == *"."* || "$blocked" == *"@"* ]]; then' >> $blocking_script_file
     echo '        if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file
     echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\"" >> $blocking_script_file
+    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM users WHERE nickname ilike '%\${blocked}%'\"" >> $blocking_script_file
     echo '        fi' >> $blocking_script_file
     echo '    fi' >> $blocking_script_file
     echo "done </root/${PROJECT_NAME}-firewall-domains.cfg" >> $blocking_script_file

From de8bacd3c21546929e37f0e752b7947352dd8a2e Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 22 Jan 2018 10:41:30 +0000
Subject: [PATCH 48/53] Remove notifications for blocked users

---
 src/freedombone-app-pleroma | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 18a28d03..61a6962c 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -82,6 +82,7 @@ function create_pleroma_blocklist {
     echo '    if [[ "$blocked" == *"."* || "$blocked" == *"@"* ]]; then' >> $blocking_script_file
     echo '        if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file
     echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\"" >> $blocking_script_file
+    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications INNER JOIN users ON users.id = notifications.user_id WHERE users.nickname ilike '%${blocked}%';\"" >> $blocking_script_file
     echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM users WHERE nickname ilike '%\${blocked}%'\"" >> $blocking_script_file
     echo '        fi' >> $blocking_script_file
     echo '    fi' >> $blocking_script_file
@@ -89,7 +90,7 @@ function create_pleroma_blocklist {
     chmod +x $blocking_script_file
 
     if ! grep -q "$blocking_script_file" /etc/crontab; then
-        echo "*/1            * *   *   *   root $blocking_script_file > /dev/null" >> /etc/crontab
+        echo "*/2            * *   *   *   root $blocking_script_file > /dev/null" >> /etc/crontab
     fi
 }
 

From af2b59377768b5e51cf5f191dfd87c9a69aa4a3a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 22 Jan 2018 10:43:57 +0000
Subject: [PATCH 49/53] backslash

---
 src/freedombone-app-pleroma | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 61a6962c..88621203 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -82,7 +82,7 @@ function create_pleroma_blocklist {
     echo '    if [[ "$blocked" == *"."* || "$blocked" == *"@"* ]]; then' >> $blocking_script_file
     echo '        if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file
     echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\"" >> $blocking_script_file
-    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications INNER JOIN users ON users.id = notifications.user_id WHERE users.nickname ilike '%${blocked}%';\"" >> $blocking_script_file
+    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications INNER JOIN users ON users.id = notifications.user_id WHERE users.nickname ilike '%\${blocked}%';\"" >> $blocking_script_file
     echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM users WHERE nickname ilike '%\${blocked}%'\"" >> $blocking_script_file
     echo '        fi' >> $blocking_script_file
     echo '    fi' >> $blocking_script_file

From 77c21beb58ec137af8ec41b2cea5c629fea4a9d2 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 22 Jan 2018 10:50:12 +0000
Subject: [PATCH 50/53] Leave notifications alone, they will expire anyway

---
 src/freedombone-app-pleroma | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 88621203..41bf7451 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -82,7 +82,6 @@ function create_pleroma_blocklist {
     echo '    if [[ "$blocked" == *"."* || "$blocked" == *"@"* ]]; then' >> $blocking_script_file
     echo '        if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file
     echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\"" >> $blocking_script_file
-    echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications INNER JOIN users ON users.id = notifications.user_id WHERE users.nickname ilike '%\${blocked}%';\"" >> $blocking_script_file
     echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM users WHERE nickname ilike '%\${blocked}%'\"" >> $blocking_script_file
     echo '        fi' >> $blocking_script_file
     echo '    fi' >> $blocking_script_file

From 164d7ae98db033ac45f7ce4fa90d38f1fe8f215b Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 22 Jan 2018 10:52:23 +0000
Subject: [PATCH 51/53] Back to i min blocking updates

---
 src/freedombone-app-pleroma | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 41bf7451..18a28d03 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -89,7 +89,7 @@ function create_pleroma_blocklist {
     chmod +x $blocking_script_file
 
     if ! grep -q "$blocking_script_file" /etc/crontab; then
-        echo "*/2            * *   *   *   root $blocking_script_file > /dev/null" >> /etc/crontab
+        echo "*/1            * *   *   *   root $blocking_script_file > /dev/null" >> /etc/crontab
     fi
 }
 

From b6f010e491a4d8af57e282509263ca3254cfa697 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 22 Jan 2018 18:38:37 +0000
Subject: [PATCH 52/53] Don't send pleroma posts to blocked instances

---
 src/freedombone-app-pleroma | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 18a28d03..99be5805 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -83,6 +83,9 @@ function create_pleroma_blocklist {
     echo '        if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file
     echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\"" >> $blocking_script_file
     echo "            sudo -u postgres psql -d pleroma -c \"DELETE FROM users WHERE nickname ilike '%\${blocked}%'\"" >> $blocking_script_file
+    echo '            if [[ "$blocked" != *"@"* ]]; then' >> $blocking_script_file
+    echo "                sudo -u postgres psql -d pleroma -c \"DELETE FROM websub_server_subscriptions WHERE callback like '%\${blocked}%'\"" >> $blocking_script_file
+    echo '            fi' >> $blocking_script_file
     echo '        fi' >> $blocking_script_file
     echo '    fi' >> $blocking_script_file
     echo "done </root/${PROJECT_NAME}-firewall-domains.cfg" >> $blocking_script_file

From f724959e98eee881a49913aa270a0475cba60c48 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 22 Jan 2018 18:50:27 +0000
Subject: [PATCH 53/53] Run at a lower frequency to avoid occupying the
 database too much

---
 src/freedombone-app-pleroma | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 99be5805..4e3f76c5 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -92,7 +92,7 @@ function create_pleroma_blocklist {
     chmod +x $blocking_script_file
 
     if ! grep -q "$blocking_script_file" /etc/crontab; then
-        echo "*/1            * *   *   *   root $blocking_script_file > /dev/null" >> /etc/crontab
+        echo "*/2            * *   *   *   root $blocking_script_file > /dev/null" >> /etc/crontab
     fi
 }